Documentation ¶
Overview ¶
+groupName=abac.authorization.kubernetes.io
+k8s:openapi-gen=true
Index ¶
- Constants
- Variables
- func Convert_abac_PolicySpec_To_v1beta1_PolicySpec(in *abac.PolicySpec, out *PolicySpec, s conversion.Scope) error
- func Convert_abac_Policy_To_v1beta1_Policy(in *abac.Policy, out *Policy, s conversion.Scope) error
- func Convert_v1beta1_PolicySpec_To_abac_PolicySpec(in *PolicySpec, out *abac.PolicySpec, s conversion.Scope) error
- func Convert_v1beta1_Policy_To_abac_Policy(in *Policy, out *abac.Policy, s conversion.Scope) error
- func DeepCopy_v1beta1_Policy(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1beta1_PolicySpec(in interface{}, out interface{}, c *conversion.Cloner) error
- func RegisterConversions(scheme *runtime.Scheme) error
- func RegisterDeepCopies(scheme *runtime.Scheme) error
- func RegisterDefaults(scheme *runtime.Scheme) error
- type Policy
- type PolicySpec
Constants ¶
const GroupName = "abac.authorization.kubernetes.io"
Variables ¶
var ( // TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}
SchemeGroupVersion is the API group and version for abac v1beta1
Functions ¶
func Convert_abac_PolicySpec_To_v1beta1_PolicySpec ¶
func Convert_abac_PolicySpec_To_v1beta1_PolicySpec(in *abac.PolicySpec, out *PolicySpec, s conversion.Scope) error
Convert_abac_PolicySpec_To_v1beta1_PolicySpec is an autogenerated conversion function.
func Convert_abac_Policy_To_v1beta1_Policy ¶
Convert_abac_Policy_To_v1beta1_Policy is an autogenerated conversion function.
func Convert_v1beta1_PolicySpec_To_abac_PolicySpec ¶
func Convert_v1beta1_PolicySpec_To_abac_PolicySpec(in *PolicySpec, out *abac.PolicySpec, s conversion.Scope) error
Convert_v1beta1_PolicySpec_To_abac_PolicySpec is an autogenerated conversion function.
func Convert_v1beta1_Policy_To_abac_Policy ¶
Convert_v1beta1_Policy_To_abac_Policy is an autogenerated conversion function.
func DeepCopy_v1beta1_Policy ¶
func DeepCopy_v1beta1_Policy(in interface{}, out interface{}, c *conversion.Cloner) error
DeepCopy_v1beta1_Policy is an autogenerated deepcopy function.
func DeepCopy_v1beta1_PolicySpec ¶
func DeepCopy_v1beta1_PolicySpec(in interface{}, out interface{}, c *conversion.Cloner) error
DeepCopy_v1beta1_PolicySpec is an autogenerated deepcopy function.
func RegisterConversions ¶
RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.
func RegisterDeepCopies ¶
RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.
func RegisterDefaults ¶
RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.
Types ¶
type Policy ¶
type Policy struct { metav1.TypeMeta `json:",inline"` // Spec describes the policy rule Spec PolicySpec `json:"spec"` }
Policy contains a single ABAC policy rule
type PolicySpec ¶
type PolicySpec struct { // User is the username this rule applies to. // Either user or group is required to match the request. // "*" matches all users. // +optional User string `json:"user,omitempty"` // Group is the group this rule applies to. // Either user or group is required to match the request. // "*" matches all groups. // +optional Group string `json:"group,omitempty"` // Readonly matches readonly requests when true, and all requests when false // +optional Readonly bool `json:"readonly,omitempty"` // APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests. // "*" matches all API groups // +optional APIGroup string `json:"apiGroup,omitempty"` // Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests. // "*" matches all resources // +optional Resource string `json:"resource,omitempty"` // Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests. // "*" matches all namespaces (including unnamespaced requests) // +optional Namespace string `json:"namespace,omitempty"` // NonResourcePath matches non-resource request paths. // "*" matches all paths // "/foo/*" matches all subpaths of foo // +optional NonResourcePath string `json:"nonResourcePath,omitempty"` }
PolicySpec contains the attributes for a policy rule