Documentation
¶
Index ¶
Constants ¶
View Source
const ( // SystemKcpClusterWorkspaceAccessGroup is a group that gives a user basic access to a workspace. // It does not give them any permissions in the workspace. SystemKcpClusterWorkspaceAccessGroup = "system:kcp:clusterworkspace:access" // SystemKcpClusterWorkspaceAdminGroup is an admin group per cluster workspace. Members of this group have all permissions // in the referenced cluster workspace (capped by maximal permission policy). SystemKcpClusterWorkspaceAdminGroup = "system:kcp:clusterworkspace:admin" // SystemKcpAdminGroup is global admin group. Members of this group have all permissions across all cluster workspaces. SystemKcpAdminGroup = "system:kcp:admin" // SystemKcpWorkspaceBootstrapper is the group used to bootstrap resources, both during the root setup, as well // as when the default APIBinding initializing controller performs its bootstrapping for initializing workspaces. // We need a separate group (not system:masters) for this because system-owned workspaces (e.g. root:users) need // a workspace owner annotation set, and the owner annotation is skipped/not set for system:masters. SystemKcpWorkspaceBootstrapper = "system:kcp:tenancy:workspace-bootstrapper" )
Variables ¶
This section is empty.
Functions ¶
func Policy ¶
func Policy() *rbacrest.PolicyData
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.