Documentation ¶
Overview ¶
+groupName=rbac.authorization.k8s.io
Index ¶
- Constants
- Variables
- func APIGroupMatches(rule PolicyRule, requestedGroup string) bool
- func DeepCopy_rbac_ClusterRole(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_rbac_ClusterRoleBinding(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_rbac_ClusterRoleBindingList(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_rbac_ClusterRoleList(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_rbac_PolicyRule(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_rbac_Role(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_rbac_RoleBinding(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_rbac_RoleBindingList(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_rbac_RoleList(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_rbac_RoleRef(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_rbac_Subject(in interface{}, out interface{}, c *conversion.Cloner) error
- func Kind(kind string) unversioned.GroupKind
- func NonResourceURLMatches(rule PolicyRule, requestedURL string) bool
- func RegisterDeepCopies(scheme *runtime.Scheme) error
- func Resource(resource string) unversioned.GroupResource
- func ResourceMatches(rule PolicyRule, requestedResource string) bool
- func ResourceNameMatches(rule PolicyRule, requestedName string) bool
- func RoleRefGroupKind(roleRef RoleRef) unversioned.GroupKind
- func VerbMatches(rule PolicyRule, requestedVerb string) bool
- type ClusterRole
- type ClusterRoleBinding
- type ClusterRoleBindingList
- type ClusterRoleList
- type PolicyRule
- type PolicyRuleBuilder
- func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder
- func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder
- func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder
- func (r *PolicyRuleBuilder) Rule() (PolicyRule, error)
- func (r *PolicyRuleBuilder) RuleOrDie() PolicyRule
- func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder
- type Role
- type RoleBinding
- type RoleBindingList
- type RoleList
- type RoleRef
- type Subject
Constants ¶
const ( APIGroupAll = "*" ResourceAll = "*" VerbAll = "*" NonResourceAll = "*" GroupKind = "Group" ServiceAccountKind = "ServiceAccount" UserKind = "User" UserAll = "*" )
const GroupName = "rbac.authorization.k8s.io"
Variables ¶
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func APIGroupMatches ¶
func APIGroupMatches(rule PolicyRule, requestedGroup string) bool
func DeepCopy_rbac_ClusterRole ¶
func DeepCopy_rbac_ClusterRole(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_ClusterRoleBinding ¶
func DeepCopy_rbac_ClusterRoleBinding(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_ClusterRoleBindingList ¶
func DeepCopy_rbac_ClusterRoleBindingList(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_ClusterRoleList ¶
func DeepCopy_rbac_ClusterRoleList(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_PolicyRule ¶
func DeepCopy_rbac_PolicyRule(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_Role ¶
func DeepCopy_rbac_Role(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_RoleBinding ¶
func DeepCopy_rbac_RoleBinding(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_RoleBindingList ¶
func DeepCopy_rbac_RoleBindingList(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_RoleList ¶
func DeepCopy_rbac_RoleList(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_RoleRef ¶
func DeepCopy_rbac_RoleRef(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_Subject ¶
func DeepCopy_rbac_Subject(in interface{}, out interface{}, c *conversion.Cloner) error
func Kind ¶
func Kind(kind string) unversioned.GroupKind
Kind takes an unqualified kind and returns a Group qualified GroupKind
func NonResourceURLMatches ¶
func NonResourceURLMatches(rule PolicyRule, requestedURL string) bool
func RegisterDeepCopies ¶
RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.
func Resource ¶
func Resource(resource string) unversioned.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
func ResourceMatches ¶
func ResourceMatches(rule PolicyRule, requestedResource string) bool
func ResourceNameMatches ¶
func ResourceNameMatches(rule PolicyRule, requestedName string) bool
func RoleRefGroupKind ¶
func RoleRefGroupKind(roleRef RoleRef) unversioned.GroupKind
func VerbMatches ¶
func VerbMatches(rule PolicyRule, requestedVerb string) bool
Types ¶
type ClusterRole ¶
type ClusterRole struct { unversioned.TypeMeta // Standard object's metadata. api.ObjectMeta // Rules holds all the PolicyRules for this ClusterRole Rules []PolicyRule }
ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
type ClusterRoleBinding ¶
type ClusterRoleBinding struct { unversioned.TypeMeta // Standard object's metadata. api.ObjectMeta // Subjects holds references to the objects the role applies to. Subjects []Subject // RoleRef can only reference a ClusterRole in the global namespace. // If the RoleRef cannot be resolved, the Authorizer must return an error. RoleRef RoleRef }
ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.
type ClusterRoleBindingList ¶
type ClusterRoleBindingList struct { unversioned.TypeMeta // Standard object's metadata. unversioned.ListMeta // Items is a list of ClusterRoleBindings Items []ClusterRoleBinding }
ClusterRoleBindingList is a collection of ClusterRoleBindings
type ClusterRoleList ¶
type ClusterRoleList struct { unversioned.TypeMeta // Standard object's metadata. unversioned.ListMeta // Items is a list of ClusterRoles Items []ClusterRole }
ClusterRoleList is a collection of ClusterRoles
type PolicyRule ¶
type PolicyRule struct { // Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. Verbs []string // AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. // If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error. AttributeRestrictions runtime.Object APIGroups []string // Resources is a list of resources this rule applies to. ResourceAll represents all resources. Resources []string // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. ResourceNames []string // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path // If an action is not a resource API request, then the URL is split on '/' and is checked against the NonResourceURLs to look for a match. // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. NonResourceURLs []string }
PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
type PolicyRuleBuilder ¶
type PolicyRuleBuilder struct {
PolicyRule PolicyRule
}
+k8s:deepcopy-gen=false PolicyRuleBuilder let's us attach methods. A no-no for API types. We use it to construct rules in code. It's more compact than trying to write them out in a literal and allows us to perform some basic checking during construction
func NewRule ¶
func NewRule(verbs ...string) *PolicyRuleBuilder
func (*PolicyRuleBuilder) Groups ¶
func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder
func (*PolicyRuleBuilder) Names ¶
func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder
func (*PolicyRuleBuilder) Resources ¶
func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder
func (*PolicyRuleBuilder) Rule ¶
func (r *PolicyRuleBuilder) Rule() (PolicyRule, error)
func (*PolicyRuleBuilder) RuleOrDie ¶
func (r *PolicyRuleBuilder) RuleOrDie() PolicyRule
func (*PolicyRuleBuilder) URLs ¶
func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder
type Role ¶
type Role struct { unversioned.TypeMeta // Standard object's metadata. api.ObjectMeta // Rules holds all the PolicyRules for this Role Rules []PolicyRule }
Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
type RoleBinding ¶
type RoleBinding struct { unversioned.TypeMeta api.ObjectMeta // Subjects holds references to the objects the role applies to. Subjects []Subject // RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. // If the RoleRef cannot be resolved, the Authorizer must return an error. RoleRef RoleRef }
RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.
type RoleBindingList ¶
type RoleBindingList struct { unversioned.TypeMeta // Standard object's metadata. unversioned.ListMeta // Items is a list of roleBindings Items []RoleBinding }
RoleBindingList is a collection of RoleBindings
type RoleList ¶
type RoleList struct { unversioned.TypeMeta // Standard object's metadata. unversioned.ListMeta // Items is a list of roles Items []Role }
RoleList is a collection of Roles
type RoleRef ¶
type RoleRef struct { // APIGroup is the group for the resource being referenced APIGroup string // Kind is the type of resource being referenced Kind string // Name is the name of resource being referenced Name string }
RoleRef contains information that points to the role being used
type Subject ¶
type Subject struct { // Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". // If the Authorizer does not recognized the kind value, the Authorizer should report an error. Kind string // APIVersion holds the API group and version of the referenced object. For non-object references such as "Group" and "User" this is // expected to be API version of this API group. For example, "rbac/v1alpha1". APIVersion string // Name of the object being referenced. Name string // Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty // the Authorizer should report an error. Namespace string }
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery.
|
Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery. |
+groupName=rbac.authorization.k8s.io
|
+groupName=rbac.authorization.k8s.io |