mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 07:57:07 +00:00
7a838de4f1
* feat: add auth checker interface Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
34 lines
855 B
Go
34 lines
855 B
Go
package checker
|
|
|
|
import (
|
|
"context"
|
|
|
|
authorizationv1client "k8s.io/client-go/kubernetes/typed/authorization/v1"
|
|
)
|
|
|
|
// AuthResult contains authorization check result
|
|
type AuthResult struct {
|
|
Allowed bool
|
|
Reason string
|
|
EvaluationError string
|
|
}
|
|
|
|
// AuthChecker provides utility to check authorization
|
|
type AuthChecker interface {
|
|
// Check checks if the caller can perform an operation
|
|
Check(ctx context.Context, group, version, resource, subresource, namespace, verb string) (*AuthResult, error)
|
|
}
|
|
|
|
func NewSelfChecker(client authorizationv1client.SelfSubjectAccessReviewInterface) AuthChecker {
|
|
return self{
|
|
client: client,
|
|
}
|
|
}
|
|
|
|
func NewSubjectChecker(client authorizationv1client.SubjectAccessReviewInterface, user string, groups []string) AuthChecker {
|
|
return subject{
|
|
client: client,
|
|
user: user,
|
|
groups: groups,
|
|
}
|
|
}
|