Beispiel #1
0
func (c DelegatingAuthorizerConfig) New() (authorizer.Authorizer, error) {
	return webhooksar.NewFromInterface(
		c.SubjectAccessReviewClient,
		c.AllowCacheTTL,
		c.DenyCacheTTL,
	)
}
Beispiel #2
0
func buildAuthz(client authorizationclient.SubjectAccessReviewInterface, authz componentconfig.KubeletAuthorization) (authorizer.Authorizer, error) {
	switch authz.Mode {
	case componentconfig.KubeletAuthorizationModeAlwaysAllow:
		return alwaysallowauthorizer.NewAlwaysAllowAuthorizer(), nil

	case componentconfig.KubeletAuthorizationModeWebhook:
		if client == nil {
			return nil, errors.New("no client provided, cannot use webhook authorization")
		}
		return webhooksar.NewFromInterface(
			client,
			authz.Webhook.CacheAuthorizedTTL.Duration,
			authz.Webhook.CacheUnauthorizedTTL.Duration,
		)

	case "":
		return nil, fmt.Errorf("No authorization mode specified")

	default:
		return nil, fmt.Errorf("Unknown authorization mode %s", authz.Mode)

	}
}