mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-07 00:17:13 +00:00
4d1f040e49
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
34 lines
861 B
Go
34 lines
861 B
Go
package checker
|
|
|
|
import (
|
|
"context"
|
|
|
|
authorizationv1client "k8s.io/client-go/kubernetes/typed/authorization/v1"
|
|
)
|
|
|
|
// AuthResult contains authorization check result
|
|
type AuthResult struct {
|
|
Allowed bool
|
|
Reason string
|
|
EvaluationError string
|
|
}
|
|
|
|
// AuthChecker provides utility to check authorization
|
|
type AuthChecker interface {
|
|
// Check checks if the caller can perform an operation
|
|
Check(ctx context.Context, group, version, resource, subresource, namespace, name, verb string) (*AuthResult, error)
|
|
}
|
|
|
|
func NewSelfChecker(client authorizationv1client.SelfSubjectAccessReviewInterface) AuthChecker {
|
|
return self{
|
|
client: client,
|
|
}
|
|
}
|
|
|
|
func NewSubjectChecker(client authorizationv1client.SubjectAccessReviewInterface, user string, groups []string) AuthChecker {
|
|
return subject{
|
|
client: client,
|
|
user: user,
|
|
groups: groups,
|
|
}
|
|
}
|