Documentation
¶
Overview ¶
+groupName=authorization.k8s.io
Index ¶
- Constants
- Variables
- func DeepCopy_authorization_LocalSubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_authorization_NonResourceAttributes(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_authorization_ResourceAttributes(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_authorization_SelfSubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_authorization_SelfSubjectAccessReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_authorization_SubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_authorization_SubjectAccessReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_authorization_SubjectAccessReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error
- func Kind(kind string) unversioned.GroupKind
- func RegisterDeepCopies(scheme *runtime.Scheme) error
- func Resource(resource string) unversioned.GroupResource
- type ExtraValue
- type LocalSubjectAccessReview
- type NonResourceAttributes
- type ResourceAttributes
- type SelfSubjectAccessReview
- type SelfSubjectAccessReviewSpec
- type SubjectAccessReview
- type SubjectAccessReviewSpec
- type SubjectAccessReviewStatus
Constants ¶
View Source
const GroupName = "authorization.k8s.io"
GroupName is the group name use in this package
Variables ¶
View Source
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
View Source
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func DeepCopy_authorization_LocalSubjectAccessReview ¶ added in v1.3.0
func DeepCopy_authorization_LocalSubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_authorization_NonResourceAttributes ¶ added in v1.3.0
func DeepCopy_authorization_NonResourceAttributes(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_authorization_ResourceAttributes ¶ added in v1.3.0
func DeepCopy_authorization_ResourceAttributes(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_authorization_SelfSubjectAccessReview ¶ added in v1.3.0
func DeepCopy_authorization_SelfSubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_authorization_SelfSubjectAccessReviewSpec ¶ added in v1.3.0
func DeepCopy_authorization_SelfSubjectAccessReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_authorization_SubjectAccessReview ¶ added in v1.3.0
func DeepCopy_authorization_SubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_authorization_SubjectAccessReviewSpec ¶ added in v1.3.0
func DeepCopy_authorization_SubjectAccessReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_authorization_SubjectAccessReviewStatus ¶ added in v1.3.0
func DeepCopy_authorization_SubjectAccessReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error
func Kind ¶
func Kind(kind string) unversioned.GroupKind
Kind takes an unqualified kind and returns back a Group qualified GroupKind
func RegisterDeepCopies ¶ added in v1.4.0
RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.
func Resource ¶
func Resource(resource string) unversioned.GroupResource
Resource takes an unqualified resource and returns back a Group qualified GroupResource
Types ¶
type ExtraValue ¶ added in v1.4.0
type ExtraValue []string
ExtraValue masks the value so protobuf can generate +protobuf.nullable=true
func (*ExtraValue) CodecDecodeSelf ¶ added in v1.4.0
func (x *ExtraValue) CodecDecodeSelf(d *codec1978.Decoder)
func (ExtraValue) CodecEncodeSelf ¶ added in v1.4.0
func (x ExtraValue) CodecEncodeSelf(e *codec1978.Encoder)
type LocalSubjectAccessReview ¶
type LocalSubjectAccessReview struct {
unversioned.TypeMeta
api.ObjectMeta
// Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace
// you made the request against. If empty, it is defaulted.
Spec SubjectAccessReviewSpec
// Status is filled in by the server and indicates whether the request is allowed or not
Status SubjectAccessReviewStatus
}
LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.
func (*LocalSubjectAccessReview) CodecDecodeSelf ¶
func (x *LocalSubjectAccessReview) CodecDecodeSelf(d *codec1978.Decoder)
func (*LocalSubjectAccessReview) CodecEncodeSelf ¶
func (x *LocalSubjectAccessReview) CodecEncodeSelf(e *codec1978.Encoder)
type NonResourceAttributes ¶
type NonResourceAttributes struct {
// Path is the URL path of the request
Path string
// Verb is the standard HTTP verb
Verb string
}
NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
func (*NonResourceAttributes) CodecDecodeSelf ¶
func (x *NonResourceAttributes) CodecDecodeSelf(d *codec1978.Decoder)
func (*NonResourceAttributes) CodecEncodeSelf ¶
func (x *NonResourceAttributes) CodecEncodeSelf(e *codec1978.Encoder)
type ResourceAttributes ¶
type ResourceAttributes struct {
// Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces
// "" (empty) is defaulted for LocalSubjectAccessReviews
// "" (empty) is empty for cluster-scoped resources
// "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
Namespace string
// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.
Verb string
// Group is the API Group of the Resource. "*" means all.
Group string
// Version is the API Version of the Resource. "*" means all.
Version string
// Resource is one of the existing resource types. "*" means all.
Resource string
// Subresource is one of the existing resource types. "" means none.
Subresource string
// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
Name string
}
ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
func (*ResourceAttributes) CodecDecodeSelf ¶
func (x *ResourceAttributes) CodecDecodeSelf(d *codec1978.Decoder)
func (*ResourceAttributes) CodecEncodeSelf ¶
func (x *ResourceAttributes) CodecEncodeSelf(e *codec1978.Encoder)
type SelfSubjectAccessReview ¶
type SelfSubjectAccessReview struct {
unversioned.TypeMeta
api.ObjectMeta
// Spec holds information about the request being evaluated.
Spec SelfSubjectAccessReviewSpec
// Status is filled in by the server and indicates whether the request is allowed or not
Status SubjectAccessReviewStatus
}
SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action
func (*SelfSubjectAccessReview) CodecDecodeSelf ¶
func (x *SelfSubjectAccessReview) CodecDecodeSelf(d *codec1978.Decoder)
func (*SelfSubjectAccessReview) CodecEncodeSelf ¶
func (x *SelfSubjectAccessReview) CodecEncodeSelf(e *codec1978.Encoder)
type SelfSubjectAccessReviewSpec ¶
type SelfSubjectAccessReviewSpec struct {
// ResourceAttributes describes information for a resource access request
ResourceAttributes *ResourceAttributes
// NonResourceAttributes describes information for a non-resource access request
NonResourceAttributes *NonResourceAttributes
}
SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAttributes and NonResourceAttributes must be set
func (*SelfSubjectAccessReviewSpec) CodecDecodeSelf ¶
func (x *SelfSubjectAccessReviewSpec) CodecDecodeSelf(d *codec1978.Decoder)
func (*SelfSubjectAccessReviewSpec) CodecEncodeSelf ¶
func (x *SelfSubjectAccessReviewSpec) CodecEncodeSelf(e *codec1978.Encoder)
type SubjectAccessReview ¶
type SubjectAccessReview struct {
unversioned.TypeMeta
api.ObjectMeta
// Spec holds information about the request being evaluated
Spec SubjectAccessReviewSpec
// Status is filled in by the server and indicates whether the request is allowed or not
Status SubjectAccessReviewStatus
}
SubjectAccessReview checks whether or not a user or group can perform an action. Not filling in a spec.namespace means "in all namespaces".
func (*SubjectAccessReview) CodecDecodeSelf ¶
func (x *SubjectAccessReview) CodecDecodeSelf(d *codec1978.Decoder)
func (*SubjectAccessReview) CodecEncodeSelf ¶
func (x *SubjectAccessReview) CodecEncodeSelf(e *codec1978.Encoder)
type SubjectAccessReviewSpec ¶
type SubjectAccessReviewSpec struct {
// ResourceAttributes describes information for a resource access request
ResourceAttributes *ResourceAttributes
// NonResourceAttributes describes information for a non-resource access request
NonResourceAttributes *NonResourceAttributes
// User is the user you're testing for.
// If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups
User string
// Groups is the groups you're testing for.
Groups []string
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
// it needs a reflection here.
Extra map[string]ExtraValue
}
SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAttributes and NonResourceAttributes must be set
func (*SubjectAccessReviewSpec) CodecDecodeSelf ¶
func (x *SubjectAccessReviewSpec) CodecDecodeSelf(d *codec1978.Decoder)
func (*SubjectAccessReviewSpec) CodecEncodeSelf ¶
func (x *SubjectAccessReviewSpec) CodecEncodeSelf(e *codec1978.Encoder)
type SubjectAccessReviewStatus ¶
type SubjectAccessReviewStatus struct {
// Allowed is required. True if the action would be allowed, false otherwise.
Allowed bool
// Reason is optional. It indicates why a request was allowed or denied.
Reason string
// EvaluationError is an indication that some error occurred during the authorization check.
// It is entirely possible to get an error and be able to continue determine authorization status in spite of it.
// For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
EvaluationError string
}
SubjectAccessReviewStatus
func (*SubjectAccessReviewStatus) CodecDecodeSelf ¶
func (x *SubjectAccessReviewStatus) CodecDecodeSelf(d *codec1978.Decoder)
func (*SubjectAccessReviewStatus) CodecEncodeSelf ¶
func (x *SubjectAccessReviewStatus) CodecEncodeSelf(e *codec1978.Encoder)
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
|
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery. |
|
+groupName=authorization.k8s.io Package v1beta1 is a generated protocol buffer package.
|
+groupName=authorization.k8s.io Package v1beta1 is a generated protocol buffer package. |
Click to show internal directories.
Click to hide internal directories.