forked from kubernetes/dashboard
/
types.go
53 lines (48 loc) · 2.07 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
// Copyright 2017 The Kubernetes Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package api
import (
restful "github.com/emicklei/go-restful"
authApi "github.com/kubernetes/dashboard/src/app/backend/auth/api"
"k8s.io/api/authorization/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/tools/clientcmd/api"
)
// ClientManager is responsible for initializing and creating clients to communicate with
// kubernetes apiserver on demand.
type ClientManager interface {
Client(req *restful.Request) (kubernetes.Interface, error)
InsecureClient() kubernetes.Interface
CanI(req *restful.Request, ssar *v1.SelfSubjectAccessReview) bool
Config(req *restful.Request) (*rest.Config, error)
ClientCmdConfig(req *restful.Request) (clientcmd.ClientConfig, error)
CSRFKey() string
HasAccess(authInfo api.AuthInfo) error
VerberClient(req *restful.Request) (ResourceVerber, error)
SetTokenManager(manager authApi.TokenManager)
}
// ResourceVerber is responsible for performing generic CRUD operations on all supported resources.
type ResourceVerber interface {
Put(kind string, namespaceSet bool, namespace string, name string,
object *runtime.Unknown) error
Get(kind string, namespaceSet bool, namespace string, name string) (runtime.Object, error)
Delete(kind string, namespaceSet bool, namespace string, name string) error
}
// CanIResponse is used to as response to check whether or not user is allowed to access given endpoint.
type CanIResponse struct {
Allowed bool `json:"allowed"`
}