v1

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 16, 2017 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package v1 is a generated protocol buffer package.

It is generated from these files:

k8s.io/kubernetes/pkg/apis/authorization/v1/generated.proto

It has these top-level messages:

ExtraValue
LocalSubjectAccessReview
NonResourceAttributes
ResourceAttributes
SelfSubjectAccessReview
SelfSubjectAccessReviewSpec
SubjectAccessReview
SubjectAccessReviewSpec
SubjectAccessReviewStatus

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowGenerated   = fmt.Errorf("proto: integer overflow")
)

Functions

This section is empty.

Types

type ExtraValue

type ExtraValue struct {
	Items            []string `protobuf:"bytes,1,rep,name=items" json:"items,omitempty"`
	XXX_unrecognized []byte   `json:"-"`
}

ExtraValue masks the value so protobuf can generate +protobuf.nullable=true +protobuf.options.(gogoproto.goproto_stringer)=false

func (*ExtraValue) Descriptor

func (*ExtraValue) Descriptor() ([]byte, []int)

func (*ExtraValue) GetItems

func (m *ExtraValue) GetItems() []string

func (*ExtraValue) Marshal

func (m *ExtraValue) Marshal() (dAtA []byte, err error)

func (*ExtraValue) MarshalTo

func (m *ExtraValue) MarshalTo(dAtA []byte) (int, error)

func (*ExtraValue) ProtoMessage

func (*ExtraValue) ProtoMessage()

func (*ExtraValue) Reset

func (m *ExtraValue) Reset()

func (*ExtraValue) Size

func (m *ExtraValue) Size() (n int)

func (*ExtraValue) String

func (m *ExtraValue) String() string

func (*ExtraValue) Unmarshal

func (m *ExtraValue) Unmarshal(dAtA []byte) error

type LocalSubjectAccessReview

type LocalSubjectAccessReview struct {
	// +optional
	Metadata *k8s_io_kubernetes_pkg_apis_meta_v1.ObjectMeta `protobuf:"bytes,1,opt,name=metadata" json:"metadata,omitempty"`
	// Spec holds information about the request being evaluated.  spec.namespace must be equal to the namespace
	// you made the request against.  If empty, it is defaulted.
	Spec *SubjectAccessReviewSpec `protobuf:"bytes,2,opt,name=spec" json:"spec,omitempty"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	// +optional
	Status           *SubjectAccessReviewStatus `protobuf:"bytes,3,opt,name=status" json:"status,omitempty"`
	XXX_unrecognized []byte                     `json:"-"`
}

LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.

func (*LocalSubjectAccessReview) Descriptor

func (*LocalSubjectAccessReview) Descriptor() ([]byte, []int)

func (*LocalSubjectAccessReview) GetMetadata

func (*LocalSubjectAccessReview) GetSpec

func (*LocalSubjectAccessReview) GetStatus

func (*LocalSubjectAccessReview) Marshal

func (m *LocalSubjectAccessReview) Marshal() (dAtA []byte, err error)

func (*LocalSubjectAccessReview) MarshalTo

func (m *LocalSubjectAccessReview) MarshalTo(dAtA []byte) (int, error)

func (*LocalSubjectAccessReview) ProtoMessage

func (*LocalSubjectAccessReview) ProtoMessage()

func (*LocalSubjectAccessReview) Reset

func (m *LocalSubjectAccessReview) Reset()

func (*LocalSubjectAccessReview) Size

func (m *LocalSubjectAccessReview) Size() (n int)

func (*LocalSubjectAccessReview) String

func (m *LocalSubjectAccessReview) String() string

func (*LocalSubjectAccessReview) Unmarshal

func (m *LocalSubjectAccessReview) Unmarshal(dAtA []byte) error

type NonResourceAttributes

type NonResourceAttributes struct {
	// Path is the URL path of the request
	// +optional
	Path *string `protobuf:"bytes,1,opt,name=path" json:"path,omitempty"`
	// Verb is the standard HTTP verb
	// +optional
	Verb             *string `protobuf:"bytes,2,opt,name=verb" json:"verb,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface

func (*NonResourceAttributes) Descriptor

func (*NonResourceAttributes) Descriptor() ([]byte, []int)

func (*NonResourceAttributes) GetPath

func (m *NonResourceAttributes) GetPath() string

func (*NonResourceAttributes) GetVerb

func (m *NonResourceAttributes) GetVerb() string

func (*NonResourceAttributes) Marshal

func (m *NonResourceAttributes) Marshal() (dAtA []byte, err error)

func (*NonResourceAttributes) MarshalTo

func (m *NonResourceAttributes) MarshalTo(dAtA []byte) (int, error)

func (*NonResourceAttributes) ProtoMessage

func (*NonResourceAttributes) ProtoMessage()

func (*NonResourceAttributes) Reset

func (m *NonResourceAttributes) Reset()

func (*NonResourceAttributes) Size

func (m *NonResourceAttributes) Size() (n int)

func (*NonResourceAttributes) String

func (m *NonResourceAttributes) String() string

func (*NonResourceAttributes) Unmarshal

func (m *NonResourceAttributes) Unmarshal(dAtA []byte) error

type ResourceAttributes

type ResourceAttributes struct {
	// Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces
	// "" (empty) is defaulted for LocalSubjectAccessReviews
	// "" (empty) is empty for cluster-scoped resources
	// "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
	// +optional
	Namespace *string `protobuf:"bytes,1,opt,name=namespace" json:"namespace,omitempty"`
	// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy.  "*" means all.
	// +optional
	Verb *string `protobuf:"bytes,2,opt,name=verb" json:"verb,omitempty"`
	// Group is the API Group of the Resource.  "*" means all.
	// +optional
	Group *string `protobuf:"bytes,3,opt,name=group" json:"group,omitempty"`
	// Version is the API Version of the Resource.  "*" means all.
	// +optional
	Version *string `protobuf:"bytes,4,opt,name=version" json:"version,omitempty"`
	// Resource is one of the existing resource types.  "*" means all.
	// +optional
	Resource *string `protobuf:"bytes,5,opt,name=resource" json:"resource,omitempty"`
	// Subresource is one of the existing resource types.  "" means none.
	// +optional
	Subresource *string `protobuf:"bytes,6,opt,name=subresource" json:"subresource,omitempty"`
	// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
	// +optional
	Name             *string `protobuf:"bytes,7,opt,name=name" json:"name,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

func (*ResourceAttributes) Descriptor

func (*ResourceAttributes) Descriptor() ([]byte, []int)

func (*ResourceAttributes) GetGroup

func (m *ResourceAttributes) GetGroup() string

func (*ResourceAttributes) GetName

func (m *ResourceAttributes) GetName() string

func (*ResourceAttributes) GetNamespace

func (m *ResourceAttributes) GetNamespace() string

func (*ResourceAttributes) GetResource

func (m *ResourceAttributes) GetResource() string

func (*ResourceAttributes) GetSubresource

func (m *ResourceAttributes) GetSubresource() string

func (*ResourceAttributes) GetVerb

func (m *ResourceAttributes) GetVerb() string

func (*ResourceAttributes) GetVersion

func (m *ResourceAttributes) GetVersion() string

func (*ResourceAttributes) Marshal

func (m *ResourceAttributes) Marshal() (dAtA []byte, err error)

func (*ResourceAttributes) MarshalTo

func (m *ResourceAttributes) MarshalTo(dAtA []byte) (int, error)

func (*ResourceAttributes) ProtoMessage

func (*ResourceAttributes) ProtoMessage()

func (*ResourceAttributes) Reset

func (m *ResourceAttributes) Reset()

func (*ResourceAttributes) Size

func (m *ResourceAttributes) Size() (n int)

func (*ResourceAttributes) String

func (m *ResourceAttributes) String() string

func (*ResourceAttributes) Unmarshal

func (m *ResourceAttributes) Unmarshal(dAtA []byte) error

type SelfSubjectAccessReview

type SelfSubjectAccessReview struct {
	// +optional
	Metadata *k8s_io_kubernetes_pkg_apis_meta_v1.ObjectMeta `protobuf:"bytes,1,opt,name=metadata" json:"metadata,omitempty"`
	// Spec holds information about the request being evaluated.  user and groups must be empty
	Spec *SelfSubjectAccessReviewSpec `protobuf:"bytes,2,opt,name=spec" json:"spec,omitempty"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	// +optional
	Status           *SubjectAccessReviewStatus `protobuf:"bytes,3,opt,name=status" json:"status,omitempty"`
	XXX_unrecognized []byte                     `json:"-"`
}

SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action

func (*SelfSubjectAccessReview) Descriptor

func (*SelfSubjectAccessReview) Descriptor() ([]byte, []int)

func (*SelfSubjectAccessReview) GetMetadata

func (*SelfSubjectAccessReview) GetSpec

func (*SelfSubjectAccessReview) GetStatus

func (*SelfSubjectAccessReview) Marshal

func (m *SelfSubjectAccessReview) Marshal() (dAtA []byte, err error)

func (*SelfSubjectAccessReview) MarshalTo

func (m *SelfSubjectAccessReview) MarshalTo(dAtA []byte) (int, error)

func (*SelfSubjectAccessReview) ProtoMessage

func (*SelfSubjectAccessReview) ProtoMessage()

func (*SelfSubjectAccessReview) Reset

func (m *SelfSubjectAccessReview) Reset()

func (*SelfSubjectAccessReview) Size

func (m *SelfSubjectAccessReview) Size() (n int)

func (*SelfSubjectAccessReview) String

func (m *SelfSubjectAccessReview) String() string

func (*SelfSubjectAccessReview) Unmarshal

func (m *SelfSubjectAccessReview) Unmarshal(dAtA []byte) error

type SelfSubjectAccessReviewSpec

type SelfSubjectAccessReviewSpec struct {
	// ResourceAuthorizationAttributes describes information for a resource access request
	// +optional
	ResourceAttributes *ResourceAttributes `protobuf:"bytes,1,opt,name=resourceAttributes" json:"resourceAttributes,omitempty"`
	// NonResourceAttributes describes information for a non-resource access request
	// +optional
	NonResourceAttributes *NonResourceAttributes `protobuf:"bytes,2,opt,name=nonResourceAttributes" json:"nonResourceAttributes,omitempty"`
	XXX_unrecognized      []byte                 `json:"-"`
}

SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set

func (*SelfSubjectAccessReviewSpec) Descriptor

func (*SelfSubjectAccessReviewSpec) Descriptor() ([]byte, []int)

func (*SelfSubjectAccessReviewSpec) GetNonResourceAttributes

func (m *SelfSubjectAccessReviewSpec) GetNonResourceAttributes() *NonResourceAttributes

func (*SelfSubjectAccessReviewSpec) GetResourceAttributes

func (m *SelfSubjectAccessReviewSpec) GetResourceAttributes() *ResourceAttributes

func (*SelfSubjectAccessReviewSpec) Marshal

func (m *SelfSubjectAccessReviewSpec) Marshal() (dAtA []byte, err error)

func (*SelfSubjectAccessReviewSpec) MarshalTo

func (m *SelfSubjectAccessReviewSpec) MarshalTo(dAtA []byte) (int, error)

func (*SelfSubjectAccessReviewSpec) ProtoMessage

func (*SelfSubjectAccessReviewSpec) ProtoMessage()

func (*SelfSubjectAccessReviewSpec) Reset

func (m *SelfSubjectAccessReviewSpec) Reset()

func (*SelfSubjectAccessReviewSpec) Size

func (m *SelfSubjectAccessReviewSpec) Size() (n int)

func (*SelfSubjectAccessReviewSpec) String

func (m *SelfSubjectAccessReviewSpec) String() string

func (*SelfSubjectAccessReviewSpec) Unmarshal

func (m *SelfSubjectAccessReviewSpec) Unmarshal(dAtA []byte) error

type SubjectAccessReview

type SubjectAccessReview struct {
	// +optional
	Metadata *k8s_io_kubernetes_pkg_apis_meta_v1.ObjectMeta `protobuf:"bytes,1,opt,name=metadata" json:"metadata,omitempty"`
	// Spec holds information about the request being evaluated
	Spec *SubjectAccessReviewSpec `protobuf:"bytes,2,opt,name=spec" json:"spec,omitempty"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	// +optional
	Status           *SubjectAccessReviewStatus `protobuf:"bytes,3,opt,name=status" json:"status,omitempty"`
	XXX_unrecognized []byte                     `json:"-"`
}

SubjectAccessReview checks whether or not a user or group can perform an action.

func (*SubjectAccessReview) Descriptor

func (*SubjectAccessReview) Descriptor() ([]byte, []int)

func (*SubjectAccessReview) GetMetadata

func (*SubjectAccessReview) GetSpec

func (*SubjectAccessReview) GetStatus

func (*SubjectAccessReview) Marshal

func (m *SubjectAccessReview) Marshal() (dAtA []byte, err error)

func (*SubjectAccessReview) MarshalTo

func (m *SubjectAccessReview) MarshalTo(dAtA []byte) (int, error)

func (*SubjectAccessReview) ProtoMessage

func (*SubjectAccessReview) ProtoMessage()

func (*SubjectAccessReview) Reset

func (m *SubjectAccessReview) Reset()

func (*SubjectAccessReview) Size

func (m *SubjectAccessReview) Size() (n int)

func (*SubjectAccessReview) String

func (m *SubjectAccessReview) String() string

func (*SubjectAccessReview) Unmarshal

func (m *SubjectAccessReview) Unmarshal(dAtA []byte) error

type SubjectAccessReviewSpec

type SubjectAccessReviewSpec struct {
	// ResourceAuthorizationAttributes describes information for a resource access request
	// +optional
	ResourceAttributes *ResourceAttributes `protobuf:"bytes,1,opt,name=resourceAttributes" json:"resourceAttributes,omitempty"`
	// NonResourceAttributes describes information for a non-resource access request
	// +optional
	NonResourceAttributes *NonResourceAttributes `protobuf:"bytes,2,opt,name=nonResourceAttributes" json:"nonResourceAttributes,omitempty"`
	// User is the user you're testing for.
	// If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups
	// +optional
	Verb *string `protobuf:"bytes,3,opt,name=verb" json:"verb,omitempty"`
	// Groups is the groups you're testing for.
	// +optional
	Groups []string `protobuf:"bytes,4,rep,name=groups" json:"groups,omitempty"`
	// Extra corresponds to the user.Info.GetExtra() method from the authenticator.  Since that is input to the authorizer
	// it needs a reflection here.
	// +optional
	Extra            map[string]*ExtraValue `` /* 130-byte string literal not displayed */
	XXX_unrecognized []byte                 `json:"-"`
}

SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set

func (*SubjectAccessReviewSpec) Descriptor

func (*SubjectAccessReviewSpec) Descriptor() ([]byte, []int)

func (*SubjectAccessReviewSpec) GetExtra

func (m *SubjectAccessReviewSpec) GetExtra() map[string]*ExtraValue

func (*SubjectAccessReviewSpec) GetGroups

func (m *SubjectAccessReviewSpec) GetGroups() []string

func (*SubjectAccessReviewSpec) GetNonResourceAttributes

func (m *SubjectAccessReviewSpec) GetNonResourceAttributes() *NonResourceAttributes

func (*SubjectAccessReviewSpec) GetResourceAttributes

func (m *SubjectAccessReviewSpec) GetResourceAttributes() *ResourceAttributes

func (*SubjectAccessReviewSpec) GetVerb

func (m *SubjectAccessReviewSpec) GetVerb() string

func (*SubjectAccessReviewSpec) Marshal

func (m *SubjectAccessReviewSpec) Marshal() (dAtA []byte, err error)

func (*SubjectAccessReviewSpec) MarshalTo

func (m *SubjectAccessReviewSpec) MarshalTo(dAtA []byte) (int, error)

func (*SubjectAccessReviewSpec) ProtoMessage

func (*SubjectAccessReviewSpec) ProtoMessage()

func (*SubjectAccessReviewSpec) Reset

func (m *SubjectAccessReviewSpec) Reset()

func (*SubjectAccessReviewSpec) Size

func (m *SubjectAccessReviewSpec) Size() (n int)

func (*SubjectAccessReviewSpec) String

func (m *SubjectAccessReviewSpec) String() string

func (*SubjectAccessReviewSpec) Unmarshal

func (m *SubjectAccessReviewSpec) Unmarshal(dAtA []byte) error

type SubjectAccessReviewStatus

type SubjectAccessReviewStatus struct {
	// Allowed is required.  True if the action would be allowed, false otherwise.
	Allowed *bool `protobuf:"varint,1,opt,name=allowed" json:"allowed,omitempty"`
	// Reason is optional.  It indicates why a request was allowed or denied.
	// +optional
	Reason *string `protobuf:"bytes,2,opt,name=reason" json:"reason,omitempty"`
	// EvaluationError is an indication that some error occurred during the authorization check.
	// It is entirely possible to get an error and be able to continue determine authorization status in spite of it.
	// For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
	// +optional
	EvaluationError  *string `protobuf:"bytes,3,opt,name=evaluationError" json:"evaluationError,omitempty"`
	XXX_unrecognized []byte  `json:"-"`
}

SubjectAccessReviewStatus

func (*SubjectAccessReviewStatus) Descriptor

func (*SubjectAccessReviewStatus) Descriptor() ([]byte, []int)

func (*SubjectAccessReviewStatus) GetAllowed

func (m *SubjectAccessReviewStatus) GetAllowed() bool

func (*SubjectAccessReviewStatus) GetEvaluationError

func (m *SubjectAccessReviewStatus) GetEvaluationError() string

func (*SubjectAccessReviewStatus) GetReason

func (m *SubjectAccessReviewStatus) GetReason() string

func (*SubjectAccessReviewStatus) Marshal

func (m *SubjectAccessReviewStatus) Marshal() (dAtA []byte, err error)

func (*SubjectAccessReviewStatus) MarshalTo

func (m *SubjectAccessReviewStatus) MarshalTo(dAtA []byte) (int, error)

func (*SubjectAccessReviewStatus) ProtoMessage

func (*SubjectAccessReviewStatus) ProtoMessage()

func (*SubjectAccessReviewStatus) Reset

func (m *SubjectAccessReviewStatus) Reset()

func (*SubjectAccessReviewStatus) Size

func (m *SubjectAccessReviewStatus) Size() (n int)

func (*SubjectAccessReviewStatus) String

func (m *SubjectAccessReviewStatus) String() string

func (*SubjectAccessReviewStatus) Unmarshal

func (m *SubjectAccessReviewStatus) Unmarshal(dAtA []byte) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL