Documentation ¶
Index ¶
- Constants
- Variables
- func AddToScheme(scheme *runtime.Scheme)
- func DeepCopy_authorization_LocalSubjectAccessReview(in LocalSubjectAccessReview, out *LocalSubjectAccessReview, ...) error
- func DeepCopy_authorization_NonResourceAttributes(in NonResourceAttributes, out *NonResourceAttributes, c *conversion.Cloner) error
- func DeepCopy_authorization_ResourceAttributes(in ResourceAttributes, out *ResourceAttributes, c *conversion.Cloner) error
- func DeepCopy_authorization_SelfSubjectAccessReview(in SelfSubjectAccessReview, out *SelfSubjectAccessReview, c *conversion.Cloner) error
- func DeepCopy_authorization_SelfSubjectAccessReviewSpec(in SelfSubjectAccessReviewSpec, out *SelfSubjectAccessReviewSpec, ...) error
- func DeepCopy_authorization_SubjectAccessReview(in SubjectAccessReview, out *SubjectAccessReview, c *conversion.Cloner) error
- func DeepCopy_authorization_SubjectAccessReviewSpec(in SubjectAccessReviewSpec, out *SubjectAccessReviewSpec, c *conversion.Cloner) error
- func DeepCopy_authorization_SubjectAccessReviewStatus(in SubjectAccessReviewStatus, out *SubjectAccessReviewStatus, ...) error
- func Kind(kind string) unversioned.GroupKind
- func Resource(resource string) unversioned.GroupResource
- type LocalSubjectAccessReview
- type NonResourceAttributes
- type ResourceAttributes
- type SelfSubjectAccessReview
- type SelfSubjectAccessReviewSpec
- type SubjectAccessReview
- type SubjectAccessReviewSpec
- type SubjectAccessReviewStatus
Constants ¶
const GroupName = "authorization.k8s.io"
GroupName is the group name use in this package
Variables ¶
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func AddToScheme ¶
func DeepCopy_authorization_LocalSubjectAccessReview ¶ added in v1.3.0
func DeepCopy_authorization_LocalSubjectAccessReview(in LocalSubjectAccessReview, out *LocalSubjectAccessReview, c *conversion.Cloner) error
func DeepCopy_authorization_NonResourceAttributes ¶ added in v1.3.0
func DeepCopy_authorization_NonResourceAttributes(in NonResourceAttributes, out *NonResourceAttributes, c *conversion.Cloner) error
func DeepCopy_authorization_ResourceAttributes ¶ added in v1.3.0
func DeepCopy_authorization_ResourceAttributes(in ResourceAttributes, out *ResourceAttributes, c *conversion.Cloner) error
func DeepCopy_authorization_SelfSubjectAccessReview ¶ added in v1.3.0
func DeepCopy_authorization_SelfSubjectAccessReview(in SelfSubjectAccessReview, out *SelfSubjectAccessReview, c *conversion.Cloner) error
func DeepCopy_authorization_SelfSubjectAccessReviewSpec ¶ added in v1.3.0
func DeepCopy_authorization_SelfSubjectAccessReviewSpec(in SelfSubjectAccessReviewSpec, out *SelfSubjectAccessReviewSpec, c *conversion.Cloner) error
func DeepCopy_authorization_SubjectAccessReview ¶ added in v1.3.0
func DeepCopy_authorization_SubjectAccessReview(in SubjectAccessReview, out *SubjectAccessReview, c *conversion.Cloner) error
func DeepCopy_authorization_SubjectAccessReviewSpec ¶ added in v1.3.0
func DeepCopy_authorization_SubjectAccessReviewSpec(in SubjectAccessReviewSpec, out *SubjectAccessReviewSpec, c *conversion.Cloner) error
func DeepCopy_authorization_SubjectAccessReviewStatus ¶ added in v1.3.0
func DeepCopy_authorization_SubjectAccessReviewStatus(in SubjectAccessReviewStatus, out *SubjectAccessReviewStatus, c *conversion.Cloner) error
func Kind ¶
func Kind(kind string) unversioned.GroupKind
Kind takes an unqualified kind and returns back a Group qualified GroupKind
func Resource ¶
func Resource(resource string) unversioned.GroupResource
Resource takes an unqualified resource and returns back a Group qualified GroupResource
Types ¶
type LocalSubjectAccessReview ¶
type LocalSubjectAccessReview struct { unversioned.TypeMeta // Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace // you made the request against. If empty, it is defaulted. Spec SubjectAccessReviewSpec // Status is filled in by the server and indicates whether the request is allowed or not Status SubjectAccessReviewStatus }
LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.
type NonResourceAttributes ¶
type NonResourceAttributes struct { // Path is the URL path of the request Path string // Verb is the standard HTTP verb Verb string }
NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
type ResourceAttributes ¶
type ResourceAttributes struct { // Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces // "" (empty) is defaulted for LocalSubjectAccessReviews // "" (empty) is empty for cluster-scoped resources // "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview Namespace string // Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. Verb string // Group is the API Group of the Resource. "*" means all. Group string // Version is the API Version of the Resource. "*" means all. Version string // Resource is one of the existing resource types. "*" means all. Resource string // Subresource is one of the existing resource types. "" means none. Subresource string // Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. Name string }
ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
type SelfSubjectAccessReview ¶
type SelfSubjectAccessReview struct { unversioned.TypeMeta // Spec holds information about the request being evaluated. Spec SelfSubjectAccessReviewSpec // Status is filled in by the server and indicates whether the request is allowed or not Status SubjectAccessReviewStatus }
SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action
type SelfSubjectAccessReviewSpec ¶
type SelfSubjectAccessReviewSpec struct { // ResourceAttributes describes information for a resource access request ResourceAttributes *ResourceAttributes // NonResourceAttributes describes information for a non-resource access request NonResourceAttributes *NonResourceAttributes }
SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAttributes and NonResourceAttributes must be set
type SubjectAccessReview ¶
type SubjectAccessReview struct { unversioned.TypeMeta // Spec holds information about the request being evaluated Spec SubjectAccessReviewSpec // Status is filled in by the server and indicates whether the request is allowed or not Status SubjectAccessReviewStatus }
SubjectAccessReview checks whether or not a user or group can perform an action. Not filling in a spec.namespace means "in all namespaces".
type SubjectAccessReviewSpec ¶
type SubjectAccessReviewSpec struct { // ResourceAttributes describes information for a resource access request ResourceAttributes *ResourceAttributes // NonResourceAttributes describes information for a non-resource access request NonResourceAttributes *NonResourceAttributes // User is the user you're testing for. // If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups User string // Groups is the groups you're testing for. Groups []string // Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer // it needs a reflection here. Extra map[string][]string }
SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAttributes and NonResourceAttributes must be set
type SubjectAccessReviewStatus ¶
type SubjectAccessReviewStatus struct { // Allowed is required. True if the action would be allowed, false otherwise. Allowed bool // Reason is optional. It indicates why a request was allowed or denied. Reason string }
SubjectAccessReviewStatus
Directories ¶
Path | Synopsis |
---|---|
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
|
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery. |
+genconversion=true
|
+genconversion=true |