├── .dockerignore ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.yml │ ├── config.yml │ └── feature_request.yml ├── PULL_REQUEST_TEMPLATE.md └── workflows │ ├── cedar-validation.yaml │ ├── golangci-lint.yaml │ └── unit-tests.yaml ├── .gitignore ├── .golangci.yml ├── CODE_OF_CONDUCT.md ├── Dockerfile ├── LICENSE ├── Makefile ├── NOTICE ├── PROJECT ├── README.md ├── api └── v1alpha1 │ ├── config_types.go │ ├── config_types_test.go │ ├── groupversion_info.go │ ├── policy_types.go │ └── zz_generated.deepcopy.go ├── cedarschema ├── k8s-authorization.cedarschema ├── k8s-authorization.cedarschema.json ├── k8s-full.cedarschema └── k8s-full.cedarschema.json ├── cmd ├── cedar-webhook │ └── main.go ├── converter │ └── main.go ├── schema-formatter │ └── main.go └── schema-generator │ └── main.go ├── config ├── certmanager │ ├── certificate.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── crd │ ├── bases │ │ └── cedar.k8s.aws_policies.yaml │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── patches │ │ ├── cainjection_in_policies.yaml │ │ └── webhook_in_policies.yaml ├── default │ ├── kustomization.yaml │ ├── manager_auth_proxy_patch.yaml │ ├── manager_config_patch.yaml │ ├── manager_webhook_patch.yaml │ └── webhookcainjection_patch.yaml ├── manager │ ├── kustomization.yaml │ └── manager.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── rbac │ ├── auth_proxy_client_clusterrole.yaml │ ├── auth_proxy_role.yaml │ ├── auth_proxy_role_binding.yaml │ ├── auth_proxy_service.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── policy_editor_role.yaml │ ├── policy_viewer_role.yaml │ ├── role.yaml │ ├── role_binding.yaml │ └── service_account.yaml ├── samples │ ├── cedar_v1alpha1_policy.yaml │ └── kustomization.yaml └── webhook │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ ├── manifests.yaml │ └── service.yaml ├── demo ├── admission-policy.yaml └── authorization-policy.yaml ├── docs ├── CedarIntroduction.md ├── CedarSchemas.md ├── ConvertRBAC.md ├── Demo.md ├── Development.md ├── FutureFeatures.md ├── Limitations.md ├── Operations.md ├── RejectedFeatures.md ├── Setup.md └── img │ ├── cedar-for-k8s-dark.png │ └── cedar-for-k8s.png ├── go.mod ├── go.sum ├── hack └── boilerplate.go.txt ├── internal ├── convert │ ├── clusterrole_test.go │ ├── converter.go │ ├── interface.go │ ├── role_test.go │ └── testdata │ │ ├── cluster-admin.cedar │ │ ├── cluster-admin.yaml │ │ ├── crazy-policy.cedar │ │ ├── crazy-policy.yaml │ │ ├── impersonate-mixed-types.cedar │ │ ├── impersonate-mixed-types.yaml │ │ ├── impersonate.cedar │ │ ├── impersonate.yaml │ │ ├── invalid-service-account.cedar │ │ ├── invalid-service-account.yaml │ │ ├── kubeadm:get-nodes.cedar │ │ ├── kubeadm:get-nodes.yaml │ │ ├── non-resource-url.cedar │ │ ├── non-resource-url.yaml │ │ ├── system:controller:horizontal-pod-autoscaler.cedar │ │ ├── system:controller:horizontal-pod-autoscaler.yaml │ │ ├── system:controller:token-cleaner.cedar │ │ ├── system:controller:token-cleaner.yaml │ │ ├── system:coredns.cedar │ │ ├── system:coredns.yaml │ │ ├── system:kube-controller-manager.cedar │ │ ├── system:kube-controller-manager.yaml │ │ ├── system:node-proxier.cedar │ │ ├── system:node-proxier.yaml │ │ ├── system:public-info-viewer.cedar │ │ └── system:public-info-viewer.yaml ├── schema │ ├── admission.go │ ├── admission_actions.go │ ├── authorization.go │ ├── cedar_schema_types.go │ ├── cedar_schema_types_test.go │ ├── connect_entities.go │ ├── convert │ │ ├── docstring.go │ │ ├── docstring_test.go │ │ ├── name_transform.go │ │ ├── name_transform_test.go │ │ ├── openapi.go │ │ ├── openapi_test.go │ │ └── testdata │ │ │ ├── api.v1.resourcelist.json │ │ │ ├── api.v1.schema.json │ │ │ ├── apis.apps.v1.resourcelist.json │ │ │ ├── apis.apps.v1.schema.json │ │ │ ├── apis.authentication.k8s.io.v1.resourcelist.json │ │ │ ├── apis.authentication.k8s.io.v1.schema.json │ │ │ ├── apis.rbac.authorization.k8s.io.v1.resourcelist.json │ │ │ └── apis.rbac.authorization.k8s.io.v1.schema.json │ └── user_entities.go └── server │ ├── admission │ ├── admit_all_policy.go │ └── handler.go │ ├── authorizer │ ├── authorizer.go │ ├── authorizer_test.go │ └── entitiy_builders.go │ ├── config │ └── config.go │ ├── context.go │ ├── entities │ ├── admission.go │ ├── admission_test.go │ ├── authorization.go │ ├── authorization_test.go │ ├── entities.go │ └── user.go │ ├── error_injector.go │ ├── health.go │ ├── metrics │ └── metrics.go │ ├── options │ └── options.go │ ├── recorder.go │ ├── server.go │ └── store │ ├── config.go │ ├── config_test.go │ ├── crd.go │ ├── directory.go │ ├── memory.go │ ├── store.go │ ├── store_test.go │ ├── testdata │ ├── all.json │ ├── all.yaml │ └── invalid_type.yaml │ └── verified_permissions.go ├── kind.yaml ├── manifests ├── admission-webhook.yaml └── cedar-authorization-webhook.yaml ├── mount ├── audit-policy.yaml ├── authorization-config.yaml ├── authorization-webhook.yaml ├── cedar-config.yaml ├── certs │ └── .gitkeep ├── logs │ └── .gitkeep └── policies │ ├── .gitkeep │ └── policies.cedar └── scratch ├── .gitkeep └── Dockerfile /.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/.dockerignore -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/.github/ISSUE_TEMPLATE/bug_report.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/.github/ISSUE_TEMPLATE/config.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/.github/ISSUE_TEMPLATE/feature_request.yml -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/.github/PULL_REQUEST_TEMPLATE.md -------------------------------------------------------------------------------- /.github/workflows/cedar-validation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/.github/workflows/cedar-validation.yaml -------------------------------------------------------------------------------- /.github/workflows/golangci-lint.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/.github/workflows/golangci-lint.yaml -------------------------------------------------------------------------------- /.github/workflows/unit-tests.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/.github/workflows/unit-tests.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/.gitignore -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/.golangci.yml -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/Makefile -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | -------------------------------------------------------------------------------- /PROJECT: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/PROJECT -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/README.md -------------------------------------------------------------------------------- /api/v1alpha1/config_types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/api/v1alpha1/config_types.go -------------------------------------------------------------------------------- /api/v1alpha1/config_types_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/api/v1alpha1/config_types_test.go -------------------------------------------------------------------------------- /api/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/api/v1alpha1/groupversion_info.go -------------------------------------------------------------------------------- /api/v1alpha1/policy_types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/api/v1alpha1/policy_types.go -------------------------------------------------------------------------------- /api/v1alpha1/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/api/v1alpha1/zz_generated.deepcopy.go -------------------------------------------------------------------------------- /cedarschema/k8s-authorization.cedarschema: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/cedarschema/k8s-authorization.cedarschema -------------------------------------------------------------------------------- /cedarschema/k8s-authorization.cedarschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/cedarschema/k8s-authorization.cedarschema.json -------------------------------------------------------------------------------- /cedarschema/k8s-full.cedarschema: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/cedarschema/k8s-full.cedarschema -------------------------------------------------------------------------------- /cedarschema/k8s-full.cedarschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/cedarschema/k8s-full.cedarschema.json -------------------------------------------------------------------------------- /cmd/cedar-webhook/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/cmd/cedar-webhook/main.go -------------------------------------------------------------------------------- /cmd/converter/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/cmd/converter/main.go -------------------------------------------------------------------------------- /cmd/schema-formatter/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/cmd/schema-formatter/main.go -------------------------------------------------------------------------------- /cmd/schema-generator/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/cmd/schema-generator/main.go -------------------------------------------------------------------------------- /config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/certmanager/certificate.yaml -------------------------------------------------------------------------------- /config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/certmanager/kustomization.yaml -------------------------------------------------------------------------------- /config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/certmanager/kustomizeconfig.yaml -------------------------------------------------------------------------------- /config/crd/bases/cedar.k8s.aws_policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/crd/bases/cedar.k8s.aws_policies.yaml -------------------------------------------------------------------------------- /config/crd/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/crd/kustomization.yaml -------------------------------------------------------------------------------- /config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/crd/kustomizeconfig.yaml -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/crd/patches/cainjection_in_policies.yaml -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/crd/patches/webhook_in_policies.yaml -------------------------------------------------------------------------------- /config/default/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/default/kustomization.yaml -------------------------------------------------------------------------------- /config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/default/manager_auth_proxy_patch.yaml -------------------------------------------------------------------------------- /config/default/manager_config_patch.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/default/manager_config_patch.yaml -------------------------------------------------------------------------------- /config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/default/manager_webhook_patch.yaml -------------------------------------------------------------------------------- /config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/default/webhookcainjection_patch.yaml -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /config/manager/manager.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/manager/manager.yaml -------------------------------------------------------------------------------- /config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/prometheus/monitor.yaml -------------------------------------------------------------------------------- /config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/auth_proxy_client_clusterrole.yaml -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/auth_proxy_role.yaml -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/auth_proxy_role_binding.yaml -------------------------------------------------------------------------------- /config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/auth_proxy_service.yaml -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/kustomization.yaml -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/leader_election_role.yaml -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/leader_election_role_binding.yaml -------------------------------------------------------------------------------- /config/rbac/policy_editor_role.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/policy_editor_role.yaml -------------------------------------------------------------------------------- /config/rbac/policy_viewer_role.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/policy_viewer_role.yaml -------------------------------------------------------------------------------- /config/rbac/role.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/role.yaml -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/role_binding.yaml -------------------------------------------------------------------------------- /config/rbac/service_account.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/rbac/service_account.yaml -------------------------------------------------------------------------------- /config/samples/cedar_v1alpha1_policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/samples/cedar_v1alpha1_policy.yaml -------------------------------------------------------------------------------- /config/samples/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/samples/kustomization.yaml -------------------------------------------------------------------------------- /config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/webhook/kustomization.yaml -------------------------------------------------------------------------------- /config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/webhook/kustomizeconfig.yaml -------------------------------------------------------------------------------- /config/webhook/manifests.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/webhook/manifests.yaml -------------------------------------------------------------------------------- /config/webhook/service.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/config/webhook/service.yaml -------------------------------------------------------------------------------- /demo/admission-policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/demo/admission-policy.yaml -------------------------------------------------------------------------------- /demo/authorization-policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/demo/authorization-policy.yaml -------------------------------------------------------------------------------- /docs/CedarIntroduction.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/CedarIntroduction.md -------------------------------------------------------------------------------- /docs/CedarSchemas.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/CedarSchemas.md -------------------------------------------------------------------------------- /docs/ConvertRBAC.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/ConvertRBAC.md -------------------------------------------------------------------------------- /docs/Demo.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/Demo.md -------------------------------------------------------------------------------- /docs/Development.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/Development.md -------------------------------------------------------------------------------- /docs/FutureFeatures.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/FutureFeatures.md -------------------------------------------------------------------------------- /docs/Limitations.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/Limitations.md -------------------------------------------------------------------------------- /docs/Operations.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/Operations.md -------------------------------------------------------------------------------- /docs/RejectedFeatures.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/RejectedFeatures.md -------------------------------------------------------------------------------- /docs/Setup.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/Setup.md -------------------------------------------------------------------------------- /docs/img/cedar-for-k8s-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/img/cedar-for-k8s-dark.png -------------------------------------------------------------------------------- /docs/img/cedar-for-k8s.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/docs/img/cedar-for-k8s.png -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/go.sum -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/hack/boilerplate.go.txt -------------------------------------------------------------------------------- /internal/convert/clusterrole_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/clusterrole_test.go -------------------------------------------------------------------------------- /internal/convert/converter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/converter.go -------------------------------------------------------------------------------- /internal/convert/interface.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/interface.go -------------------------------------------------------------------------------- /internal/convert/role_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/role_test.go -------------------------------------------------------------------------------- /internal/convert/testdata/cluster-admin.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/cluster-admin.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/cluster-admin.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/cluster-admin.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/crazy-policy.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/crazy-policy.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/crazy-policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/crazy-policy.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/impersonate-mixed-types.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/impersonate-mixed-types.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/impersonate-mixed-types.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/impersonate-mixed-types.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/impersonate.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/impersonate.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/impersonate.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/impersonate.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/invalid-service-account.cedar: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /internal/convert/testdata/invalid-service-account.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/invalid-service-account.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/kubeadm:get-nodes.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/kubeadm:get-nodes.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/kubeadm:get-nodes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/kubeadm:get-nodes.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/non-resource-url.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/non-resource-url.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/non-resource-url.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/non-resource-url.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/system:controller:horizontal-pod-autoscaler.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:controller:horizontal-pod-autoscaler.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/system:controller:horizontal-pod-autoscaler.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:controller:horizontal-pod-autoscaler.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/system:controller:token-cleaner.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:controller:token-cleaner.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/system:controller:token-cleaner.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:controller:token-cleaner.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/system:coredns.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:coredns.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/system:coredns.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:coredns.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/system:kube-controller-manager.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:kube-controller-manager.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/system:kube-controller-manager.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:kube-controller-manager.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/system:node-proxier.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:node-proxier.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/system:node-proxier.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:node-proxier.yaml -------------------------------------------------------------------------------- /internal/convert/testdata/system:public-info-viewer.cedar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:public-info-viewer.cedar -------------------------------------------------------------------------------- /internal/convert/testdata/system:public-info-viewer.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/convert/testdata/system:public-info-viewer.yaml -------------------------------------------------------------------------------- /internal/schema/admission.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/admission.go -------------------------------------------------------------------------------- /internal/schema/admission_actions.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/admission_actions.go -------------------------------------------------------------------------------- /internal/schema/authorization.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/authorization.go -------------------------------------------------------------------------------- /internal/schema/cedar_schema_types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/cedar_schema_types.go -------------------------------------------------------------------------------- /internal/schema/cedar_schema_types_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/cedar_schema_types_test.go -------------------------------------------------------------------------------- /internal/schema/connect_entities.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/connect_entities.go -------------------------------------------------------------------------------- /internal/schema/convert/docstring.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/docstring.go -------------------------------------------------------------------------------- /internal/schema/convert/docstring_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/docstring_test.go -------------------------------------------------------------------------------- /internal/schema/convert/name_transform.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/name_transform.go -------------------------------------------------------------------------------- /internal/schema/convert/name_transform_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/name_transform_test.go -------------------------------------------------------------------------------- /internal/schema/convert/openapi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/openapi.go -------------------------------------------------------------------------------- /internal/schema/convert/openapi_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/openapi_test.go -------------------------------------------------------------------------------- /internal/schema/convert/testdata/api.v1.resourcelist.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/testdata/api.v1.resourcelist.json -------------------------------------------------------------------------------- /internal/schema/convert/testdata/api.v1.schema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/testdata/api.v1.schema.json -------------------------------------------------------------------------------- /internal/schema/convert/testdata/apis.apps.v1.resourcelist.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/testdata/apis.apps.v1.resourcelist.json -------------------------------------------------------------------------------- /internal/schema/convert/testdata/apis.apps.v1.schema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/testdata/apis.apps.v1.schema.json -------------------------------------------------------------------------------- /internal/schema/convert/testdata/apis.authentication.k8s.io.v1.resourcelist.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/testdata/apis.authentication.k8s.io.v1.resourcelist.json -------------------------------------------------------------------------------- /internal/schema/convert/testdata/apis.authentication.k8s.io.v1.schema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/testdata/apis.authentication.k8s.io.v1.schema.json -------------------------------------------------------------------------------- /internal/schema/convert/testdata/apis.rbac.authorization.k8s.io.v1.resourcelist.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/testdata/apis.rbac.authorization.k8s.io.v1.resourcelist.json -------------------------------------------------------------------------------- /internal/schema/convert/testdata/apis.rbac.authorization.k8s.io.v1.schema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/convert/testdata/apis.rbac.authorization.k8s.io.v1.schema.json -------------------------------------------------------------------------------- /internal/schema/user_entities.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/schema/user_entities.go -------------------------------------------------------------------------------- /internal/server/admission/admit_all_policy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/admission/admit_all_policy.go -------------------------------------------------------------------------------- /internal/server/admission/handler.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/admission/handler.go -------------------------------------------------------------------------------- /internal/server/authorizer/authorizer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/authorizer/authorizer.go -------------------------------------------------------------------------------- /internal/server/authorizer/authorizer_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/authorizer/authorizer_test.go -------------------------------------------------------------------------------- /internal/server/authorizer/entitiy_builders.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/authorizer/entitiy_builders.go -------------------------------------------------------------------------------- /internal/server/config/config.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/config/config.go -------------------------------------------------------------------------------- /internal/server/context.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/context.go -------------------------------------------------------------------------------- /internal/server/entities/admission.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/entities/admission.go -------------------------------------------------------------------------------- /internal/server/entities/admission_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/entities/admission_test.go -------------------------------------------------------------------------------- /internal/server/entities/authorization.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/entities/authorization.go -------------------------------------------------------------------------------- /internal/server/entities/authorization_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/entities/authorization_test.go -------------------------------------------------------------------------------- /internal/server/entities/entities.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/entities/entities.go -------------------------------------------------------------------------------- /internal/server/entities/user.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/entities/user.go -------------------------------------------------------------------------------- /internal/server/error_injector.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/error_injector.go -------------------------------------------------------------------------------- /internal/server/health.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/health.go -------------------------------------------------------------------------------- /internal/server/metrics/metrics.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/metrics/metrics.go -------------------------------------------------------------------------------- /internal/server/options/options.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/options/options.go -------------------------------------------------------------------------------- /internal/server/recorder.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/recorder.go -------------------------------------------------------------------------------- /internal/server/server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/server.go -------------------------------------------------------------------------------- /internal/server/store/config.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/store/config.go -------------------------------------------------------------------------------- /internal/server/store/config_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/store/config_test.go -------------------------------------------------------------------------------- /internal/server/store/crd.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/store/crd.go -------------------------------------------------------------------------------- /internal/server/store/directory.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/store/directory.go -------------------------------------------------------------------------------- /internal/server/store/memory.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/store/memory.go -------------------------------------------------------------------------------- /internal/server/store/store.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/store/store.go -------------------------------------------------------------------------------- /internal/server/store/store_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/store/store_test.go -------------------------------------------------------------------------------- /internal/server/store/testdata/all.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/store/testdata/all.json -------------------------------------------------------------------------------- /internal/server/store/testdata/all.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/store/testdata/all.yaml -------------------------------------------------------------------------------- /internal/server/store/testdata/invalid_type.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/store/testdata/invalid_type.yaml -------------------------------------------------------------------------------- /internal/server/store/verified_permissions.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/internal/server/store/verified_permissions.go -------------------------------------------------------------------------------- /kind.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/kind.yaml -------------------------------------------------------------------------------- /manifests/admission-webhook.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/manifests/admission-webhook.yaml -------------------------------------------------------------------------------- /manifests/cedar-authorization-webhook.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/manifests/cedar-authorization-webhook.yaml -------------------------------------------------------------------------------- /mount/audit-policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/mount/audit-policy.yaml -------------------------------------------------------------------------------- /mount/authorization-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/mount/authorization-config.yaml -------------------------------------------------------------------------------- /mount/authorization-webhook.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/mount/authorization-webhook.yaml -------------------------------------------------------------------------------- /mount/cedar-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/mount/cedar-config.yaml -------------------------------------------------------------------------------- /mount/certs/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /mount/logs/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /mount/policies/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /mount/policies/policies.cedar: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /scratch/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /scratch/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cedar-policy/cedar-access-control-for-k8s/HEAD/scratch/Dockerfile --------------------------------------------------------------------------------