Documentation ¶
Index ¶
- Constants
- Variables
- func AddToScheme(scheme *runtime.Scheme)
- func Kind(kind string) unversioned.GroupKind
- func Resource(resource string) unversioned.GroupResource
- type LocalSubjectAccessReview
- type NonResourceAttributes
- type ResourceAttributes
- type SelfSubjectAccessReview
- type SelfSubjectAccessReviewSpec
- type SubjectAccessReview
- type SubjectAccessReviewSpec
- type SubjectAccessReviewStatus
Constants ¶
const GroupName = "authorization.k8s.io"
GroupName is the group name use in this package
Variables ¶
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func AddToScheme ¶
func Kind ¶
func Kind(kind string) unversioned.GroupKind
Kind takes an unqualified kind and returns back a Group qualified GroupKind
func Resource ¶
func Resource(resource string) unversioned.GroupResource
Resource takes an unqualified resource and returns back a Group qualified GroupResource
Types ¶
type LocalSubjectAccessReview ¶
type LocalSubjectAccessReview struct { unversioned.TypeMeta // Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace // you made the request against. If empty, it is defaulted. Spec SubjectAccessReviewSpec // Status is filled in by the server and indicates whether the request is allowed or not Status SubjectAccessReviewStatus }
LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.
func (*LocalSubjectAccessReview) GetObjectKind ¶
func (obj *LocalSubjectAccessReview) GetObjectKind() unversioned.ObjectKind
type NonResourceAttributes ¶
type NonResourceAttributes struct { // Path is the URL path of the request Path string // Verb is the standard HTTP verb Verb string }
NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
type ResourceAttributes ¶
type ResourceAttributes struct { // Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces // "" (empty) is defaulted for LocalSubjectAccessReviews // "" (empty) is empty for cluster-scoped resources // "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview Namespace string // Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. Verb string // Group is the API Group of the Resource. "*" means all. Group string // Version is the API Version of the Resource. "*" means all. Version string // Resource is one of the existing resource types. "*" means all. Resource string // Subresource is one of the existing resource types. "" means none. Subresource string // Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. Name string }
ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
type SelfSubjectAccessReview ¶
type SelfSubjectAccessReview struct { unversioned.TypeMeta // Spec holds information about the request being evaluated. Spec SelfSubjectAccessReviewSpec // Status is filled in by the server and indicates whether the request is allowed or not Status SubjectAccessReviewStatus }
SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action
func (*SelfSubjectAccessReview) GetObjectKind ¶
func (obj *SelfSubjectAccessReview) GetObjectKind() unversioned.ObjectKind
type SelfSubjectAccessReviewSpec ¶
type SelfSubjectAccessReviewSpec struct { // ResourceAttributes describes information for a resource access request ResourceAttributes *ResourceAttributes // NonResourceAttributes describes information for a non-resource access request NonResourceAttributes *NonResourceAttributes }
SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAttributes and NonResourceAttributes must be set
type SubjectAccessReview ¶
type SubjectAccessReview struct { unversioned.TypeMeta // Spec holds information about the request being evaluated Spec SubjectAccessReviewSpec // Status is filled in by the server and indicates whether the request is allowed or not Status SubjectAccessReviewStatus }
SubjectAccessReview checks whether or not a user or group can perform an action. Not filling in a spec.namespace means "in all namespaces".
func (*SubjectAccessReview) GetObjectKind ¶
func (obj *SubjectAccessReview) GetObjectKind() unversioned.ObjectKind
type SubjectAccessReviewSpec ¶
type SubjectAccessReviewSpec struct { // ResourceAttributes describes information for a resource access request ResourceAttributes *ResourceAttributes // NonResourceAttributes describes information for a non-resource access request NonResourceAttributes *NonResourceAttributes // User is the user you're testing for. // If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups User string // Groups is the groups you're testing for. Groups []string }
SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAttributes and NonResourceAttributes must be set
type SubjectAccessReviewStatus ¶
type SubjectAccessReviewStatus struct { // Allowed is required. True if the action would be allowed, false otherwise. Allowed bool // Reason is optional. It indicates why a request was allowed or denied. Reason string }
SubjectAccessReviewStatus
Directories ¶
Path | Synopsis |
---|---|
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
|
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery. |