Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var Codec = runtime.CodecFor(api.Scheme, GroupVersion)
Codec encodes internal objects to the v1beta1 version for the abac group
View Source
var GroupVersion = unversioned.GroupVersion{Group: api.Group, Version: "v1beta1"}
GroupVersion is the API group and version for abac v1beta1
Functions ¶
This section is empty.
Types ¶
type Policy ¶
type Policy struct { unversioned.TypeMeta `json:",inline"` // Spec describes the policy rule Spec PolicySpec `json:"spec"` }
Policy contains a single ABAC policy rule
func (*Policy) GetObjectKind ¶
func (obj *Policy) GetObjectKind() unversioned.ObjectKind
type PolicySpec ¶
type PolicySpec struct { // User is the username this rule applies to. // Either user or group is required to match the request. // "*" matches all users. User string `json:"user,omitempty"` // Group is the group this rule applies to. // Either user or group is required to match the request. // "*" matches all groups. Group string `json:"group,omitempty"` // Readonly matches readonly requests when true, and all requests when false Readonly bool `json:"readonly,omitempty"` // APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests. // "*" matches all API groups APIGroup string `json:"apiGroup,omitempty"` // Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests. // "*" matches all resources Resource string `json:"resource,omitempty"` // Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests. // "*" matches all namespaces (including unnamespaced requests) Namespace string `json:"namespace,omitempty"` // NonResourcePath matches non-resource request paths. // "*" matches all paths // "/foo/*" matches all subpaths of foo NonResourcePath string `json:"nonResourcePath,omitempty"` }
PolicySpec contains the attributes for a policy rule
Click to show internal directories.
Click to hide internal directories.