Documentation ¶
Index ¶
Constants ¶
const GroupName = "abac.authorization.kubernetes.io"
Group is the API group for abac
Variables ¶
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
var Codecs = serializer.NewCodecFactory(Scheme)
Codecs provides access to encoding and decoding for the scheme
var Scheme = runtime.NewScheme()
Scheme is the default instance of runtime.Scheme to which types in the abac API group are api.Registry. TODO: remove this, abac should not have its own scheme.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
Functions ¶
This section is empty.
Types ¶
type Policy ¶
type Policy struct { metav1.TypeMeta // Spec describes the policy rule Spec PolicySpec }
Policy contains a single ABAC policy rule
func (*Policy) DeepCopy ¶ added in v1.8.1
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
func (*Policy) DeepCopyInto ¶ added in v1.8.1
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Policy) DeepCopyObject ¶ added in v1.8.1
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PolicySpec ¶
type PolicySpec struct { // User is the username this rule applies to. // Either user or group is required to match the request. // "*" matches all users. User string // Group is the group this rule applies to. // Either user or group is required to match the request. // "*" matches all groups. Group string // Readonly matches readonly requests when true, and all requests when false Readonly bool // APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests. // "*" matches all API groups APIGroup string // Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests. // "*" matches all resources Resource string // Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests. // "*" matches all namespaces (including unnamespaced requests) Namespace string // NonResourcePath matches non-resource request paths. // "*" matches all paths // "/foo/*" matches all subpaths of foo NonResourcePath string }
PolicySpec contains the attributes for a policy rule
func (*PolicySpec) DeepCopy ¶ added in v1.8.1
func (in *PolicySpec) DeepCopy() *PolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec.
func (*PolicySpec) DeepCopyInto ¶ added in v1.8.1
func (in *PolicySpec) DeepCopyInto(out *PolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Directories ¶
Path | Synopsis |
---|---|
+groupName=abac.authorization.kubernetes.io +k8s:openapi-gen=true
|
+groupName=abac.authorization.kubernetes.io +k8s:openapi-gen=true |
+groupName=abac.authorization.kubernetes.io +k8s:openapi-gen=true
|
+groupName=abac.authorization.kubernetes.io +k8s:openapi-gen=true |