mirror of
https://github.com/lensapp/lens.git
synced 2025-05-20 05:10:56 +00:00
48 lines
1.2 KiB
TypeScript
48 lines
1.2 KiB
TypeScript
// Get resource access review
|
|
// Docs: https://kubernetes.io/docs/reference/access-authn-authz/authorization/
|
|
import { IKubeRequestParams, kubeRequest } from "./kube-request";
|
|
|
|
interface IResourceAccess {
|
|
apiVersion: string;
|
|
kind: string;
|
|
status: IResourceAccessStatus;
|
|
}
|
|
|
|
export interface IResourceAccessStatus {
|
|
allowed: boolean;
|
|
denied?: boolean;
|
|
reason?: string;
|
|
evaluationError?: string;
|
|
}
|
|
|
|
interface IResourceAccessAttributes {
|
|
group?: string | "*";
|
|
resource?: string | "*";
|
|
verb?: "get" | "list" | "create" | "update" | "patch" | "watch" | "proxy" | "redirect" | "delete" | "deletecollection" | "*";
|
|
namespace?: string | "*";
|
|
}
|
|
|
|
export async function reviewResourceAccess(
|
|
params: Partial<IKubeRequestParams> = {},
|
|
attrs: IResourceAccessAttributes
|
|
): Promise<IResourceAccessStatus> {
|
|
try {
|
|
const accessReview = await kubeRequest<IResourceAccess>({
|
|
...params,
|
|
method: "POST",
|
|
path: "/apis/authorization.k8s.io/v1/selfsubjectaccessreviews",
|
|
data: {
|
|
spec: {
|
|
resourceAttributes: attrs
|
|
}
|
|
}
|
|
});
|
|
return accessReview.status;
|
|
} catch (err) {
|
|
return {
|
|
allowed: false,
|
|
reason: err.toString(),
|
|
}
|
|
}
|
|
}
|