package rbac
import "k8s.io/kubernetes/pkg/registry/rbac"
Index ¶
- func BindingAuthorized(ctx context.Context, roleRef rbac.RoleRef, bindingNamespace string, a authorizer.Authorizer) bool
- func EscalationAllowed(ctx context.Context) bool
- func IsOnlyMutatingGCFields(obj, old runtime.Object, equalities conversion.Equalities) bool
- func RoleEscalationAuthorized(ctx context.Context, a authorizer.Authorizer) bool
Functions ¶
func BindingAuthorized ¶
func BindingAuthorized(ctx context.Context, roleRef rbac.RoleRef, bindingNamespace string, a authorizer.Authorizer) bool
BindingAuthorized returns true if the user associated with the context is explicitly authorized to bind the specified roleRef
func EscalationAllowed ¶
EscalationAllowed checks if the user associated with the context is a superuser
func IsOnlyMutatingGCFields ¶
func IsOnlyMutatingGCFields(obj, old runtime.Object, equalities conversion.Equalities) bool
IsOnlyMutatingGCFields checks finalizers and ownerrefs which GC manipulates and indicates that only those fields are changing
func RoleEscalationAuthorized ¶
func RoleEscalationAuthorized(ctx context.Context, a authorizer.Authorizer) bool
RoleEscalationAuthorized checks if the user associated with the context is explicitly authorized to escalate the role resource associated with the context
Source Files ¶
escalation_check.go helpers.go
Directories ¶
| Path | Synopsis |
|---|---|
| pkg/registry/rbac/clusterrole | Package clusterrole provides Registry interface and its RESTStorage implementation for storing ClusterRole objects. |
| pkg/registry/rbac/clusterrolebinding | Package certificates provides Registry interface and its RESTStorage implementation for storing ClusterRoleBinding objects. |
| pkg/registry/rbac/clusterrolebinding/policybased | Package policybased implements a standard storage for ClusterRoleBinding that prevents privilege escalation. |
| pkg/registry/rbac/clusterrolebinding/storage | |
| pkg/registry/rbac/clusterrole/policybased | Package policybased implements a standard storage for ClusterRole that prevents privilege escalation. |
| pkg/registry/rbac/clusterrole/storage | |
| pkg/registry/rbac/rest | |
| pkg/registry/rbac/role | Package role provides Registry interface and its RESTStorage implementation for storing Role objects. |
| pkg/registry/rbac/rolebinding | Package certificates provides Registry interface and its RESTStorage implementation for storing RoleBinding objects. |
| pkg/registry/rbac/rolebinding/policybased | Package policybased implements a standard storage for RoleBinding that prevents privilege escalation. |
| pkg/registry/rbac/rolebinding/storage | |
| pkg/registry/rbac/role/policybased | Package policybased implements a standard storage for Role that prevents privilege escalation. |
| pkg/registry/rbac/role/storage | |
| pkg/registry/rbac/validation |
- Version
- v1.33.0 (latest)
- Published
- Apr 23, 2025
- Platform
- linux/amd64
- Imports
- 12 packages
- Last checked
- 5 hours ago –
Tools for package owners.