v1beta1

package
v1.2.0-origin Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 12, 2016 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

View Source
const GroupName = "authorization.k8s.io"

GroupName is the group name use in this package

Variables

View Source
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: "v1beta1"}

SchemeGroupVersion is group version used to register these objects

Functions

func AddToScheme

func AddToScheme(scheme *runtime.Scheme)

Types

type LocalSubjectAccessReview

type LocalSubjectAccessReview struct {
	unversioned.TypeMeta `json:",inline"`

	// Spec holds information about the request being evaluated.  spec.namespace must be equal to the namespace
	// you made the request against.  If empty, it is defaulted.
	Spec SubjectAccessReviewSpec `json:"spec"`

	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatus `json:"status,omitempty"`
}

LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.

func (*LocalSubjectAccessReview) GetObjectKind

func (obj *LocalSubjectAccessReview) GetObjectKind() unversioned.ObjectKind

func (LocalSubjectAccessReview) SwaggerDoc

func (LocalSubjectAccessReview) SwaggerDoc() map[string]string

type NonResourceAttributes

type NonResourceAttributes struct {
	// Path is the URL path of the request
	Path string `json:"path,omitempty"`
	// Verb is the standard HTTP verb
	Verb string `json:"verb,omitempty"`
}

NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface

func (NonResourceAttributes) SwaggerDoc

func (NonResourceAttributes) SwaggerDoc() map[string]string

type ResourceAttributes

type ResourceAttributes struct {
	// Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces
	// "" (empty) is defaulted for LocalSubjectAccessReviews
	// "" (empty) is empty for cluster-scoped resources
	// "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
	Namespace string `json:"namespace,omitempty"`
	// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy.  "*" means all.
	Verb string `json:"verb,omitempty"`
	// Group is the API Group of the Resource.  "*" means all.
	Group string `json:"group,omitempty"`
	// Version is the API Version of the Resource.  "*" means all.
	Version string `json:"version,omitempty"`
	// Resource is one of the existing resource types.  "*" means all.
	Resource string `json:"resource,omitempty"`
	// Subresource is one of the existing resource types.  "" means none.
	Subresource string `json:"subresource,omitempty"`
	// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
	Name string `json:"name,omitempty"`
}

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

func (ResourceAttributes) SwaggerDoc

func (ResourceAttributes) SwaggerDoc() map[string]string

type SelfSubjectAccessReview

type SelfSubjectAccessReview struct {
	unversioned.TypeMeta `json:",inline"`

	// Spec holds information about the request being evaluated.  user and groups must be empty
	Spec SelfSubjectAccessReviewSpec `json:"spec"`

	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatus `json:"status,omitempty"`
}

SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action

func (*SelfSubjectAccessReview) GetObjectKind

func (obj *SelfSubjectAccessReview) GetObjectKind() unversioned.ObjectKind

func (SelfSubjectAccessReview) SwaggerDoc

func (SelfSubjectAccessReview) SwaggerDoc() map[string]string

type SelfSubjectAccessReviewSpec

type SelfSubjectAccessReviewSpec struct {
	// ResourceAuthorizationAttributes describes information for a resource access request
	ResourceAttributes *ResourceAttributes `json:"resourceAttributes,omitempty"`
	// NonResourceAttributes describes information for a non-resource access request
	NonResourceAttributes *NonResourceAttributes `json:"nonResourceAttributes,omitempty"`
}

SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set

func (SelfSubjectAccessReviewSpec) SwaggerDoc

func (SelfSubjectAccessReviewSpec) SwaggerDoc() map[string]string

type SubjectAccessReview

type SubjectAccessReview struct {
	unversioned.TypeMeta `json:",inline"`

	// Spec holds information about the request being evaluated
	Spec SubjectAccessReviewSpec `json:"spec"`

	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatus `json:"status,omitempty"`
}

SubjectAccessReview checks whether or not a user or group can perform an action.

func (*SubjectAccessReview) GetObjectKind

func (obj *SubjectAccessReview) GetObjectKind() unversioned.ObjectKind

func (SubjectAccessReview) SwaggerDoc

func (SubjectAccessReview) SwaggerDoc() map[string]string

type SubjectAccessReviewSpec

type SubjectAccessReviewSpec struct {
	// ResourceAuthorizationAttributes describes information for a resource access request
	ResourceAttributes *ResourceAttributes `json:"resourceAttributes,omitempty"`
	// NonResourceAttributes describes information for a non-resource access request
	NonResourceAttributes *NonResourceAttributes `json:"nonResourceAttributes,omitempty"`

	// User is the user you're testing for.
	// If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups
	User string `json:"user,omitempty"`
	// Groups is the groups you're testing for.
	Groups []string `json:"group,omitempty"`
}

SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set

func (SubjectAccessReviewSpec) SwaggerDoc

func (SubjectAccessReviewSpec) SwaggerDoc() map[string]string

type SubjectAccessReviewStatus

type SubjectAccessReviewStatus struct {
	// Allowed is required.  True if the action would be allowed, false otherwise.
	Allowed bool `json:"allowed"`
	// Reason is optional.  It indicates why a request was allowed or denied.
	Reason string `json:"reason,omitempty"`
}

SubjectAccessReviewStatus

func (SubjectAccessReviewStatus) SwaggerDoc

func (SubjectAccessReviewStatus) SwaggerDoc() map[string]string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL