Package acl

import "github.com/fluxcd/pkg/apis/acl"

Overview ▹

Overview ▾

Package acl contains the API types for defining access control lists for use by GitOps Toolkit components. +kubebuilder:object:generate=true

Index ▹

Index ▾

Constants

type AccessFrom

func (in *AccessFrom) DeepCopy() *AccessFrom

func (in *AccessFrom) DeepCopyInto(out *AccessFrom)

type NamespaceSelector

func (in *NamespaceSelector) DeepCopy() *NamespaceSelector

func (in *NamespaceSelector) DeepCopyInto(out *NamespaceSelector)

Package files

acl_types.go conditions.go doc.go zz_generated.deepcopy.go

Constants

These constants define the Condition types for when the GitOps Toolkit components perform ACL assertions.

const (
    // AccessDeniedCondition indicates that access to a resource has been denied by an ACL assertion.
    // The Condition adheres to an "abnormal-true" polarity pattern, and MUST only be present on the resource if the
    // Condition is True.
    AccessDeniedCondition string = "AccessDenied"
)

These constants define the Condition reasons for when the GitOps Toolkit components perform ACL assertions.

const (
    // AccessDeniedReason indicates that access to a resource has been denied by an ACL assertion.
    AccessDeniedReason string = "AccessDenied"
)

type AccessFrom ¶

AccessFrom defines an ACL for allowing cross-namespace references to a source object based on the caller's namespace labels.

type AccessFrom struct {
    // NamespaceSelectors is the list of namespace selectors to which this ACL applies.
    // Items in this list are evaluated using a logical OR operation.
    // +required
    NamespaceSelectors []NamespaceSelector `json:"namespaceSelectors"`
}

func (*AccessFrom) DeepCopy ¶

func (in *AccessFrom) DeepCopy() *AccessFrom

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessFrom.

func (*AccessFrom) DeepCopyInto ¶

func (in *AccessFrom) DeepCopyInto(out *AccessFrom)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NamespaceSelector ¶

NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.

type NamespaceSelector struct {
    // MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
    // map is equivalent to an element of matchExpressions, whose key field is "key", the
    // operator is "In", and the values array contains only "value". The requirements are ANDed.
    // +optional
    MatchLabels map[string]string `json:"matchLabels,omitempty"`
}

func (*NamespaceSelector) DeepCopy ¶

func (in *NamespaceSelector) DeepCopy() *NamespaceSelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceSelector.

func (*NamespaceSelector) DeepCopyInto ¶

func (in *NamespaceSelector) DeepCopyInto(out *NamespaceSelector)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.