Documentation ¶
Index ¶
- Constants
- Variables
- func AddToScheme(scheme *runtime.Scheme)
- func Convert_authorization_LocalSubjectAccessReview_To_v1beta1_LocalSubjectAccessReview(in *authorization.LocalSubjectAccessReview, out *LocalSubjectAccessReview, ...) error
- func Convert_authorization_NonResourceAttributes_To_v1beta1_NonResourceAttributes(in *authorization.NonResourceAttributes, out *NonResourceAttributes, ...) error
- func Convert_authorization_ResourceAttributes_To_v1beta1_ResourceAttributes(in *authorization.ResourceAttributes, out *ResourceAttributes, ...) error
- func Convert_authorization_SelfSubjectAccessReviewSpec_To_v1beta1_SelfSubjectAccessReviewSpec(in *authorization.SelfSubjectAccessReviewSpec, ...) error
- func Convert_authorization_SelfSubjectAccessReview_To_v1beta1_SelfSubjectAccessReview(in *authorization.SelfSubjectAccessReview, out *SelfSubjectAccessReview, ...) error
- func Convert_authorization_SubjectAccessReviewSpec_To_v1beta1_SubjectAccessReviewSpec(in *authorization.SubjectAccessReviewSpec, out *SubjectAccessReviewSpec, ...) error
- func Convert_authorization_SubjectAccessReviewStatus_To_v1beta1_SubjectAccessReviewStatus(in *authorization.SubjectAccessReviewStatus, out *SubjectAccessReviewStatus, ...) error
- func Convert_authorization_SubjectAccessReview_To_v1beta1_SubjectAccessReview(in *authorization.SubjectAccessReview, out *SubjectAccessReview, ...) error
- func Convert_v1beta1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview(in *LocalSubjectAccessReview, out *authorization.LocalSubjectAccessReview, ...) error
- func Convert_v1beta1_NonResourceAttributes_To_authorization_NonResourceAttributes(in *NonResourceAttributes, out *authorization.NonResourceAttributes, ...) error
- func Convert_v1beta1_ResourceAttributes_To_authorization_ResourceAttributes(in *ResourceAttributes, out *authorization.ResourceAttributes, ...) error
- func Convert_v1beta1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(in *SelfSubjectAccessReviewSpec, ...) error
- func Convert_v1beta1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview(in *SelfSubjectAccessReview, out *authorization.SelfSubjectAccessReview, ...) error
- func Convert_v1beta1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(in *SubjectAccessReviewSpec, out *authorization.SubjectAccessReviewSpec, ...) error
- func Convert_v1beta1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(in *SubjectAccessReviewStatus, out *authorization.SubjectAccessReviewStatus, ...) error
- func Convert_v1beta1_SubjectAccessReview_To_authorization_SubjectAccessReview(in *SubjectAccessReview, out *authorization.SubjectAccessReview, ...) error
- func DeepCopy_v1beta1_LocalSubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1beta1_NonResourceAttributes(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1beta1_ResourceAttributes(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1beta1_SelfSubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1beta1_SelfSubjectAccessReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1beta1_SubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1beta1_SubjectAccessReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
- func DeepCopy_v1beta1_SubjectAccessReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error
- type LocalSubjectAccessReview
- type NonResourceAttributes
- type ResourceAttributes
- type SelfSubjectAccessReview
- type SelfSubjectAccessReviewSpec
- type SubjectAccessReview
- type SubjectAccessReviewSpec
- type SubjectAccessReviewStatus
Constants ¶
const GroupName = "authorization.k8s.io"
GroupName is the group name use in this package
Variables ¶
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: "v1beta1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func AddToScheme ¶
func Convert_authorization_LocalSubjectAccessReview_To_v1beta1_LocalSubjectAccessReview ¶
func Convert_authorization_LocalSubjectAccessReview_To_v1beta1_LocalSubjectAccessReview(in *authorization.LocalSubjectAccessReview, out *LocalSubjectAccessReview, s conversion.Scope) error
func Convert_authorization_NonResourceAttributes_To_v1beta1_NonResourceAttributes ¶
func Convert_authorization_NonResourceAttributes_To_v1beta1_NonResourceAttributes(in *authorization.NonResourceAttributes, out *NonResourceAttributes, s conversion.Scope) error
func Convert_authorization_ResourceAttributes_To_v1beta1_ResourceAttributes ¶
func Convert_authorization_ResourceAttributes_To_v1beta1_ResourceAttributes(in *authorization.ResourceAttributes, out *ResourceAttributes, s conversion.Scope) error
func Convert_authorization_SelfSubjectAccessReviewSpec_To_v1beta1_SelfSubjectAccessReviewSpec ¶
func Convert_authorization_SelfSubjectAccessReviewSpec_To_v1beta1_SelfSubjectAccessReviewSpec(in *authorization.SelfSubjectAccessReviewSpec, out *SelfSubjectAccessReviewSpec, s conversion.Scope) error
func Convert_authorization_SelfSubjectAccessReview_To_v1beta1_SelfSubjectAccessReview ¶
func Convert_authorization_SelfSubjectAccessReview_To_v1beta1_SelfSubjectAccessReview(in *authorization.SelfSubjectAccessReview, out *SelfSubjectAccessReview, s conversion.Scope) error
func Convert_authorization_SubjectAccessReviewSpec_To_v1beta1_SubjectAccessReviewSpec ¶
func Convert_authorization_SubjectAccessReviewSpec_To_v1beta1_SubjectAccessReviewSpec(in *authorization.SubjectAccessReviewSpec, out *SubjectAccessReviewSpec, s conversion.Scope) error
func Convert_authorization_SubjectAccessReviewStatus_To_v1beta1_SubjectAccessReviewStatus ¶
func Convert_authorization_SubjectAccessReviewStatus_To_v1beta1_SubjectAccessReviewStatus(in *authorization.SubjectAccessReviewStatus, out *SubjectAccessReviewStatus, s conversion.Scope) error
func Convert_authorization_SubjectAccessReview_To_v1beta1_SubjectAccessReview ¶
func Convert_authorization_SubjectAccessReview_To_v1beta1_SubjectAccessReview(in *authorization.SubjectAccessReview, out *SubjectAccessReview, s conversion.Scope) error
func Convert_v1beta1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview ¶
func Convert_v1beta1_LocalSubjectAccessReview_To_authorization_LocalSubjectAccessReview(in *LocalSubjectAccessReview, out *authorization.LocalSubjectAccessReview, s conversion.Scope) error
func Convert_v1beta1_NonResourceAttributes_To_authorization_NonResourceAttributes ¶
func Convert_v1beta1_NonResourceAttributes_To_authorization_NonResourceAttributes(in *NonResourceAttributes, out *authorization.NonResourceAttributes, s conversion.Scope) error
func Convert_v1beta1_ResourceAttributes_To_authorization_ResourceAttributes ¶
func Convert_v1beta1_ResourceAttributes_To_authorization_ResourceAttributes(in *ResourceAttributes, out *authorization.ResourceAttributes, s conversion.Scope) error
func Convert_v1beta1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec ¶
func Convert_v1beta1_SelfSubjectAccessReviewSpec_To_authorization_SelfSubjectAccessReviewSpec(in *SelfSubjectAccessReviewSpec, out *authorization.SelfSubjectAccessReviewSpec, s conversion.Scope) error
func Convert_v1beta1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview ¶
func Convert_v1beta1_SelfSubjectAccessReview_To_authorization_SelfSubjectAccessReview(in *SelfSubjectAccessReview, out *authorization.SelfSubjectAccessReview, s conversion.Scope) error
func Convert_v1beta1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec ¶
func Convert_v1beta1_SubjectAccessReviewSpec_To_authorization_SubjectAccessReviewSpec(in *SubjectAccessReviewSpec, out *authorization.SubjectAccessReviewSpec, s conversion.Scope) error
func Convert_v1beta1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus ¶
func Convert_v1beta1_SubjectAccessReviewStatus_To_authorization_SubjectAccessReviewStatus(in *SubjectAccessReviewStatus, out *authorization.SubjectAccessReviewStatus, s conversion.Scope) error
func Convert_v1beta1_SubjectAccessReview_To_authorization_SubjectAccessReview ¶
func Convert_v1beta1_SubjectAccessReview_To_authorization_SubjectAccessReview(in *SubjectAccessReview, out *authorization.SubjectAccessReview, s conversion.Scope) error
func DeepCopy_v1beta1_LocalSubjectAccessReview ¶
func DeepCopy_v1beta1_LocalSubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1beta1_NonResourceAttributes ¶
func DeepCopy_v1beta1_NonResourceAttributes(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1beta1_ResourceAttributes ¶
func DeepCopy_v1beta1_ResourceAttributes(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1beta1_SelfSubjectAccessReview ¶
func DeepCopy_v1beta1_SelfSubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1beta1_SelfSubjectAccessReviewSpec ¶
func DeepCopy_v1beta1_SelfSubjectAccessReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1beta1_SubjectAccessReview ¶
func DeepCopy_v1beta1_SubjectAccessReview(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1beta1_SubjectAccessReviewSpec ¶
func DeepCopy_v1beta1_SubjectAccessReviewSpec(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_v1beta1_SubjectAccessReviewStatus ¶
func DeepCopy_v1beta1_SubjectAccessReviewStatus(in interface{}, out interface{}, c *conversion.Cloner) error
Types ¶
type LocalSubjectAccessReview ¶
type LocalSubjectAccessReview struct { unversioned.TypeMeta `json:",inline"` // Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace // you made the request against. If empty, it is defaulted. Spec SubjectAccessReviewSpec `json:"spec"` // Status is filled in by the server and indicates whether the request is allowed or not Status SubjectAccessReviewStatus `json:"status,omitempty"` }
LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.
func (*LocalSubjectAccessReview) CodecDecodeSelf ¶
func (x *LocalSubjectAccessReview) CodecDecodeSelf(d *codec1978.Decoder)
func (*LocalSubjectAccessReview) CodecEncodeSelf ¶
func (x *LocalSubjectAccessReview) CodecEncodeSelf(e *codec1978.Encoder)
func (*LocalSubjectAccessReview) GetObjectKind ¶
func (obj *LocalSubjectAccessReview) GetObjectKind() unversioned.ObjectKind
func (LocalSubjectAccessReview) SwaggerDoc ¶
func (LocalSubjectAccessReview) SwaggerDoc() map[string]string
type NonResourceAttributes ¶
type NonResourceAttributes struct { // Path is the URL path of the request Path string `json:"path,omitempty"` // Verb is the standard HTTP verb Verb string `json:"verb,omitempty"` }
NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
func (*NonResourceAttributes) CodecDecodeSelf ¶
func (x *NonResourceAttributes) CodecDecodeSelf(d *codec1978.Decoder)
func (*NonResourceAttributes) CodecEncodeSelf ¶
func (x *NonResourceAttributes) CodecEncodeSelf(e *codec1978.Encoder)
func (NonResourceAttributes) SwaggerDoc ¶
func (NonResourceAttributes) SwaggerDoc() map[string]string
type ResourceAttributes ¶
type ResourceAttributes struct { // Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces // "" (empty) is defaulted for LocalSubjectAccessReviews // "" (empty) is empty for cluster-scoped resources // "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview Namespace string `json:"namespace,omitempty"` // Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. Verb string `json:"verb,omitempty"` // Group is the API Group of the Resource. "*" means all. Group string `json:"group,omitempty"` // Version is the API Version of the Resource. "*" means all. Version string `json:"version,omitempty"` // Resource is one of the existing resource types. "*" means all. Resource string `json:"resource,omitempty"` // Subresource is one of the existing resource types. "" means none. Subresource string `json:"subresource,omitempty"` // Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. Name string `json:"name,omitempty"` }
ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
func (*ResourceAttributes) CodecDecodeSelf ¶
func (x *ResourceAttributes) CodecDecodeSelf(d *codec1978.Decoder)
func (*ResourceAttributes) CodecEncodeSelf ¶
func (x *ResourceAttributes) CodecEncodeSelf(e *codec1978.Encoder)
func (ResourceAttributes) SwaggerDoc ¶
func (ResourceAttributes) SwaggerDoc() map[string]string
type SelfSubjectAccessReview ¶
type SelfSubjectAccessReview struct { unversioned.TypeMeta `json:",inline"` // Spec holds information about the request being evaluated. user and groups must be empty Spec SelfSubjectAccessReviewSpec `json:"spec"` // Status is filled in by the server and indicates whether the request is allowed or not Status SubjectAccessReviewStatus `json:"status,omitempty"` }
SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action
func (*SelfSubjectAccessReview) CodecDecodeSelf ¶
func (x *SelfSubjectAccessReview) CodecDecodeSelf(d *codec1978.Decoder)
func (*SelfSubjectAccessReview) CodecEncodeSelf ¶
func (x *SelfSubjectAccessReview) CodecEncodeSelf(e *codec1978.Encoder)
func (*SelfSubjectAccessReview) GetObjectKind ¶
func (obj *SelfSubjectAccessReview) GetObjectKind() unversioned.ObjectKind
func (SelfSubjectAccessReview) SwaggerDoc ¶
func (SelfSubjectAccessReview) SwaggerDoc() map[string]string
type SelfSubjectAccessReviewSpec ¶
type SelfSubjectAccessReviewSpec struct { // ResourceAuthorizationAttributes describes information for a resource access request ResourceAttributes *ResourceAttributes `json:"resourceAttributes,omitempty"` // NonResourceAttributes describes information for a non-resource access request NonResourceAttributes *NonResourceAttributes `json:"nonResourceAttributes,omitempty"` }
SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set
func (*SelfSubjectAccessReviewSpec) CodecDecodeSelf ¶
func (x *SelfSubjectAccessReviewSpec) CodecDecodeSelf(d *codec1978.Decoder)
func (*SelfSubjectAccessReviewSpec) CodecEncodeSelf ¶
func (x *SelfSubjectAccessReviewSpec) CodecEncodeSelf(e *codec1978.Encoder)
func (SelfSubjectAccessReviewSpec) SwaggerDoc ¶
func (SelfSubjectAccessReviewSpec) SwaggerDoc() map[string]string
type SubjectAccessReview ¶
type SubjectAccessReview struct { unversioned.TypeMeta `json:",inline"` // Spec holds information about the request being evaluated Spec SubjectAccessReviewSpec `json:"spec"` // Status is filled in by the server and indicates whether the request is allowed or not Status SubjectAccessReviewStatus `json:"status,omitempty"` }
SubjectAccessReview checks whether or not a user or group can perform an action.
func (*SubjectAccessReview) CodecDecodeSelf ¶
func (x *SubjectAccessReview) CodecDecodeSelf(d *codec1978.Decoder)
func (*SubjectAccessReview) CodecEncodeSelf ¶
func (x *SubjectAccessReview) CodecEncodeSelf(e *codec1978.Encoder)
func (*SubjectAccessReview) GetObjectKind ¶
func (obj *SubjectAccessReview) GetObjectKind() unversioned.ObjectKind
func (SubjectAccessReview) SwaggerDoc ¶
func (SubjectAccessReview) SwaggerDoc() map[string]string
type SubjectAccessReviewSpec ¶
type SubjectAccessReviewSpec struct { // ResourceAuthorizationAttributes describes information for a resource access request ResourceAttributes *ResourceAttributes `json:"resourceAttributes,omitempty"` // NonResourceAttributes describes information for a non-resource access request NonResourceAttributes *NonResourceAttributes `json:"nonResourceAttributes,omitempty"` // User is the user you're testing for. // If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups User string `json:"user,omitempty"` // Groups is the groups you're testing for. Groups []string `json:"group,omitempty"` // Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer // it needs a reflection here. Extra map[string][]string `json:"extra,omitempty"` }
SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set
func (*SubjectAccessReviewSpec) CodecDecodeSelf ¶
func (x *SubjectAccessReviewSpec) CodecDecodeSelf(d *codec1978.Decoder)
func (*SubjectAccessReviewSpec) CodecEncodeSelf ¶
func (x *SubjectAccessReviewSpec) CodecEncodeSelf(e *codec1978.Encoder)
func (SubjectAccessReviewSpec) SwaggerDoc ¶
func (SubjectAccessReviewSpec) SwaggerDoc() map[string]string
type SubjectAccessReviewStatus ¶
type SubjectAccessReviewStatus struct { // Allowed is required. True if the action would be allowed, false otherwise. Allowed bool `json:"allowed"` // Reason is optional. It indicates why a request was allowed or denied. Reason string `json:"reason,omitempty"` }
SubjectAccessReviewStatus
func (*SubjectAccessReviewStatus) CodecDecodeSelf ¶
func (x *SubjectAccessReviewStatus) CodecDecodeSelf(d *codec1978.Decoder)
func (*SubjectAccessReviewStatus) CodecEncodeSelf ¶
func (x *SubjectAccessReviewStatus) CodecEncodeSelf(e *codec1978.Encoder)
func (SubjectAccessReviewStatus) SwaggerDoc ¶
func (SubjectAccessReviewStatus) SwaggerDoc() map[string]string