v1beta1

package
v3.18.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 25, 2022 License: Apache-2.0 Imports: 8 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type LocalSubjectAccessReview

type LocalSubjectAccessReview struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrOutput     `pulumi:"kind"`
	Metadata metav1.ObjectMetaPtrOutput `pulumi:"metadata"`
	// Spec holds information about the request being evaluated.  spec.namespace must be equal to the namespace you made the request against.  If empty, it is defaulted.
	Spec SubjectAccessReviewSpecOutput `pulumi:"spec"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatusPtrOutput `pulumi:"status"`
}

LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.

func GetLocalSubjectAccessReview

func GetLocalSubjectAccessReview(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *LocalSubjectAccessReviewState, opts ...pulumi.ResourceOption) (*LocalSubjectAccessReview, error)

GetLocalSubjectAccessReview gets an existing LocalSubjectAccessReview resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewLocalSubjectAccessReview

func NewLocalSubjectAccessReview(ctx *pulumi.Context,
	name string, args *LocalSubjectAccessReviewArgs, opts ...pulumi.ResourceOption) (*LocalSubjectAccessReview, error)

NewLocalSubjectAccessReview registers a new resource with the given unique name, arguments, and options.

func (*LocalSubjectAccessReview) ElementType

func (*LocalSubjectAccessReview) ElementType() reflect.Type

func (*LocalSubjectAccessReview) ToLocalSubjectAccessReviewOutput

func (i *LocalSubjectAccessReview) ToLocalSubjectAccessReviewOutput() LocalSubjectAccessReviewOutput

func (*LocalSubjectAccessReview) ToLocalSubjectAccessReviewOutputWithContext

func (i *LocalSubjectAccessReview) ToLocalSubjectAccessReviewOutputWithContext(ctx context.Context) LocalSubjectAccessReviewOutput

type LocalSubjectAccessReviewArgs

type LocalSubjectAccessReviewArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrInput
	Metadata metav1.ObjectMetaPtrInput
	// Spec holds information about the request being evaluated.  spec.namespace must be equal to the namespace you made the request against.  If empty, it is defaulted.
	Spec SubjectAccessReviewSpecInput
}

The set of arguments for constructing a LocalSubjectAccessReview resource.

func (LocalSubjectAccessReviewArgs) ElementType

type LocalSubjectAccessReviewArray

type LocalSubjectAccessReviewArray []LocalSubjectAccessReviewInput

func (LocalSubjectAccessReviewArray) ElementType

func (LocalSubjectAccessReviewArray) ToLocalSubjectAccessReviewArrayOutput

func (i LocalSubjectAccessReviewArray) ToLocalSubjectAccessReviewArrayOutput() LocalSubjectAccessReviewArrayOutput

func (LocalSubjectAccessReviewArray) ToLocalSubjectAccessReviewArrayOutputWithContext

func (i LocalSubjectAccessReviewArray) ToLocalSubjectAccessReviewArrayOutputWithContext(ctx context.Context) LocalSubjectAccessReviewArrayOutput

type LocalSubjectAccessReviewArrayInput

type LocalSubjectAccessReviewArrayInput interface {
	pulumi.Input

	ToLocalSubjectAccessReviewArrayOutput() LocalSubjectAccessReviewArrayOutput
	ToLocalSubjectAccessReviewArrayOutputWithContext(context.Context) LocalSubjectAccessReviewArrayOutput
}

LocalSubjectAccessReviewArrayInput is an input type that accepts LocalSubjectAccessReviewArray and LocalSubjectAccessReviewArrayOutput values. You can construct a concrete instance of `LocalSubjectAccessReviewArrayInput` via:

LocalSubjectAccessReviewArray{ LocalSubjectAccessReviewArgs{...} }

type LocalSubjectAccessReviewArrayOutput

type LocalSubjectAccessReviewArrayOutput struct{ *pulumi.OutputState }

func (LocalSubjectAccessReviewArrayOutput) ElementType

func (LocalSubjectAccessReviewArrayOutput) Index

func (LocalSubjectAccessReviewArrayOutput) ToLocalSubjectAccessReviewArrayOutput

func (o LocalSubjectAccessReviewArrayOutput) ToLocalSubjectAccessReviewArrayOutput() LocalSubjectAccessReviewArrayOutput

func (LocalSubjectAccessReviewArrayOutput) ToLocalSubjectAccessReviewArrayOutputWithContext

func (o LocalSubjectAccessReviewArrayOutput) ToLocalSubjectAccessReviewArrayOutputWithContext(ctx context.Context) LocalSubjectAccessReviewArrayOutput

type LocalSubjectAccessReviewInput

type LocalSubjectAccessReviewInput interface {
	pulumi.Input

	ToLocalSubjectAccessReviewOutput() LocalSubjectAccessReviewOutput
	ToLocalSubjectAccessReviewOutputWithContext(ctx context.Context) LocalSubjectAccessReviewOutput
}

type LocalSubjectAccessReviewMap

type LocalSubjectAccessReviewMap map[string]LocalSubjectAccessReviewInput

func (LocalSubjectAccessReviewMap) ElementType

func (LocalSubjectAccessReviewMap) ToLocalSubjectAccessReviewMapOutput

func (i LocalSubjectAccessReviewMap) ToLocalSubjectAccessReviewMapOutput() LocalSubjectAccessReviewMapOutput

func (LocalSubjectAccessReviewMap) ToLocalSubjectAccessReviewMapOutputWithContext

func (i LocalSubjectAccessReviewMap) ToLocalSubjectAccessReviewMapOutputWithContext(ctx context.Context) LocalSubjectAccessReviewMapOutput

type LocalSubjectAccessReviewMapInput

type LocalSubjectAccessReviewMapInput interface {
	pulumi.Input

	ToLocalSubjectAccessReviewMapOutput() LocalSubjectAccessReviewMapOutput
	ToLocalSubjectAccessReviewMapOutputWithContext(context.Context) LocalSubjectAccessReviewMapOutput
}

LocalSubjectAccessReviewMapInput is an input type that accepts LocalSubjectAccessReviewMap and LocalSubjectAccessReviewMapOutput values. You can construct a concrete instance of `LocalSubjectAccessReviewMapInput` via:

LocalSubjectAccessReviewMap{ "key": LocalSubjectAccessReviewArgs{...} }

type LocalSubjectAccessReviewMapOutput

type LocalSubjectAccessReviewMapOutput struct{ *pulumi.OutputState }

func (LocalSubjectAccessReviewMapOutput) ElementType

func (LocalSubjectAccessReviewMapOutput) MapIndex

func (LocalSubjectAccessReviewMapOutput) ToLocalSubjectAccessReviewMapOutput

func (o LocalSubjectAccessReviewMapOutput) ToLocalSubjectAccessReviewMapOutput() LocalSubjectAccessReviewMapOutput

func (LocalSubjectAccessReviewMapOutput) ToLocalSubjectAccessReviewMapOutputWithContext

func (o LocalSubjectAccessReviewMapOutput) ToLocalSubjectAccessReviewMapOutputWithContext(ctx context.Context) LocalSubjectAccessReviewMapOutput

type LocalSubjectAccessReviewOutput

type LocalSubjectAccessReviewOutput struct{ *pulumi.OutputState }

func (LocalSubjectAccessReviewOutput) ElementType

func (LocalSubjectAccessReviewOutput) ToLocalSubjectAccessReviewOutput

func (o LocalSubjectAccessReviewOutput) ToLocalSubjectAccessReviewOutput() LocalSubjectAccessReviewOutput

func (LocalSubjectAccessReviewOutput) ToLocalSubjectAccessReviewOutputWithContext

func (o LocalSubjectAccessReviewOutput) ToLocalSubjectAccessReviewOutputWithContext(ctx context.Context) LocalSubjectAccessReviewOutput

type LocalSubjectAccessReviewState

type LocalSubjectAccessReviewState struct {
}

func (LocalSubjectAccessReviewState) ElementType

type LocalSubjectAccessReviewType

type LocalSubjectAccessReviewType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     *string            `pulumi:"kind"`
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Spec holds information about the request being evaluated.  spec.namespace must be equal to the namespace you made the request against.  If empty, it is defaulted.
	Spec SubjectAccessReviewSpec `pulumi:"spec"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	Status *SubjectAccessReviewStatus `pulumi:"status"`
}

LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.

type LocalSubjectAccessReviewTypeArgs

type LocalSubjectAccessReviewTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrInput     `pulumi:"kind"`
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Spec holds information about the request being evaluated.  spec.namespace must be equal to the namespace you made the request against.  If empty, it is defaulted.
	Spec SubjectAccessReviewSpecInput `pulumi:"spec"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatusPtrInput `pulumi:"status"`
}

LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.

func (LocalSubjectAccessReviewTypeArgs) ElementType

func (LocalSubjectAccessReviewTypeArgs) ToLocalSubjectAccessReviewTypeOutput

func (i LocalSubjectAccessReviewTypeArgs) ToLocalSubjectAccessReviewTypeOutput() LocalSubjectAccessReviewTypeOutput

func (LocalSubjectAccessReviewTypeArgs) ToLocalSubjectAccessReviewTypeOutputWithContext

func (i LocalSubjectAccessReviewTypeArgs) ToLocalSubjectAccessReviewTypeOutputWithContext(ctx context.Context) LocalSubjectAccessReviewTypeOutput

type LocalSubjectAccessReviewTypeInput

type LocalSubjectAccessReviewTypeInput interface {
	pulumi.Input

	ToLocalSubjectAccessReviewTypeOutput() LocalSubjectAccessReviewTypeOutput
	ToLocalSubjectAccessReviewTypeOutputWithContext(context.Context) LocalSubjectAccessReviewTypeOutput
}

LocalSubjectAccessReviewTypeInput is an input type that accepts LocalSubjectAccessReviewTypeArgs and LocalSubjectAccessReviewTypeOutput values. You can construct a concrete instance of `LocalSubjectAccessReviewTypeInput` via:

LocalSubjectAccessReviewTypeArgs{...}

type LocalSubjectAccessReviewTypeOutput

type LocalSubjectAccessReviewTypeOutput struct{ *pulumi.OutputState }

LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.

func (LocalSubjectAccessReviewTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (LocalSubjectAccessReviewTypeOutput) ElementType

func (LocalSubjectAccessReviewTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (LocalSubjectAccessReviewTypeOutput) Metadata

func (LocalSubjectAccessReviewTypeOutput) Spec

Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.

func (LocalSubjectAccessReviewTypeOutput) Status

Status is filled in by the server and indicates whether the request is allowed or not

func (LocalSubjectAccessReviewTypeOutput) ToLocalSubjectAccessReviewTypeOutput

func (o LocalSubjectAccessReviewTypeOutput) ToLocalSubjectAccessReviewTypeOutput() LocalSubjectAccessReviewTypeOutput

func (LocalSubjectAccessReviewTypeOutput) ToLocalSubjectAccessReviewTypeOutputWithContext

func (o LocalSubjectAccessReviewTypeOutput) ToLocalSubjectAccessReviewTypeOutputWithContext(ctx context.Context) LocalSubjectAccessReviewTypeOutput

type NonResourceAttributes

type NonResourceAttributes struct {
	// Path is the URL path of the request
	Path *string `pulumi:"path"`
	// Verb is the standard HTTP verb
	Verb *string `pulumi:"verb"`
}

NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface

type NonResourceAttributesArgs

type NonResourceAttributesArgs struct {
	// Path is the URL path of the request
	Path pulumi.StringPtrInput `pulumi:"path"`
	// Verb is the standard HTTP verb
	Verb pulumi.StringPtrInput `pulumi:"verb"`
}

NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface

func (NonResourceAttributesArgs) ElementType

func (NonResourceAttributesArgs) ElementType() reflect.Type

func (NonResourceAttributesArgs) ToNonResourceAttributesOutput

func (i NonResourceAttributesArgs) ToNonResourceAttributesOutput() NonResourceAttributesOutput

func (NonResourceAttributesArgs) ToNonResourceAttributesOutputWithContext

func (i NonResourceAttributesArgs) ToNonResourceAttributesOutputWithContext(ctx context.Context) NonResourceAttributesOutput

func (NonResourceAttributesArgs) ToNonResourceAttributesPtrOutput

func (i NonResourceAttributesArgs) ToNonResourceAttributesPtrOutput() NonResourceAttributesPtrOutput

func (NonResourceAttributesArgs) ToNonResourceAttributesPtrOutputWithContext

func (i NonResourceAttributesArgs) ToNonResourceAttributesPtrOutputWithContext(ctx context.Context) NonResourceAttributesPtrOutput

type NonResourceAttributesInput

type NonResourceAttributesInput interface {
	pulumi.Input

	ToNonResourceAttributesOutput() NonResourceAttributesOutput
	ToNonResourceAttributesOutputWithContext(context.Context) NonResourceAttributesOutput
}

NonResourceAttributesInput is an input type that accepts NonResourceAttributesArgs and NonResourceAttributesOutput values. You can construct a concrete instance of `NonResourceAttributesInput` via:

NonResourceAttributesArgs{...}

type NonResourceAttributesOutput

type NonResourceAttributesOutput struct{ *pulumi.OutputState }

NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface

func (NonResourceAttributesOutput) ElementType

func (NonResourceAttributesOutput) Path

Path is the URL path of the request

func (NonResourceAttributesOutput) ToNonResourceAttributesOutput

func (o NonResourceAttributesOutput) ToNonResourceAttributesOutput() NonResourceAttributesOutput

func (NonResourceAttributesOutput) ToNonResourceAttributesOutputWithContext

func (o NonResourceAttributesOutput) ToNonResourceAttributesOutputWithContext(ctx context.Context) NonResourceAttributesOutput

func (NonResourceAttributesOutput) ToNonResourceAttributesPtrOutput

func (o NonResourceAttributesOutput) ToNonResourceAttributesPtrOutput() NonResourceAttributesPtrOutput

func (NonResourceAttributesOutput) ToNonResourceAttributesPtrOutputWithContext

func (o NonResourceAttributesOutput) ToNonResourceAttributesPtrOutputWithContext(ctx context.Context) NonResourceAttributesPtrOutput

func (NonResourceAttributesOutput) Verb

Verb is the standard HTTP verb

type NonResourceAttributesPtrInput

type NonResourceAttributesPtrInput interface {
	pulumi.Input

	ToNonResourceAttributesPtrOutput() NonResourceAttributesPtrOutput
	ToNonResourceAttributesPtrOutputWithContext(context.Context) NonResourceAttributesPtrOutput
}

NonResourceAttributesPtrInput is an input type that accepts NonResourceAttributesArgs, NonResourceAttributesPtr and NonResourceAttributesPtrOutput values. You can construct a concrete instance of `NonResourceAttributesPtrInput` via:

        NonResourceAttributesArgs{...}

or:

        nil

type NonResourceAttributesPtrOutput

type NonResourceAttributesPtrOutput struct{ *pulumi.OutputState }

func (NonResourceAttributesPtrOutput) Elem

func (NonResourceAttributesPtrOutput) ElementType

func (NonResourceAttributesPtrOutput) Path

Path is the URL path of the request

func (NonResourceAttributesPtrOutput) ToNonResourceAttributesPtrOutput

func (o NonResourceAttributesPtrOutput) ToNonResourceAttributesPtrOutput() NonResourceAttributesPtrOutput

func (NonResourceAttributesPtrOutput) ToNonResourceAttributesPtrOutputWithContext

func (o NonResourceAttributesPtrOutput) ToNonResourceAttributesPtrOutputWithContext(ctx context.Context) NonResourceAttributesPtrOutput

func (NonResourceAttributesPtrOutput) Verb

Verb is the standard HTTP verb

type NonResourceRule

type NonResourceRule struct {
	// NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path.  "*" means all.
	NonResourceURLs []string `pulumi:"nonResourceURLs"`
	// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options.  "*" means all.
	Verbs []string `pulumi:"verbs"`
}

NonResourceRule holds information that describes a rule for the non-resource

type NonResourceRuleArgs

type NonResourceRuleArgs struct {
	// NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path.  "*" means all.
	NonResourceURLs pulumi.StringArrayInput `pulumi:"nonResourceURLs"`
	// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options.  "*" means all.
	Verbs pulumi.StringArrayInput `pulumi:"verbs"`
}

NonResourceRule holds information that describes a rule for the non-resource

func (NonResourceRuleArgs) ElementType

func (NonResourceRuleArgs) ElementType() reflect.Type

func (NonResourceRuleArgs) ToNonResourceRuleOutput

func (i NonResourceRuleArgs) ToNonResourceRuleOutput() NonResourceRuleOutput

func (NonResourceRuleArgs) ToNonResourceRuleOutputWithContext

func (i NonResourceRuleArgs) ToNonResourceRuleOutputWithContext(ctx context.Context) NonResourceRuleOutput

type NonResourceRuleArray

type NonResourceRuleArray []NonResourceRuleInput

func (NonResourceRuleArray) ElementType

func (NonResourceRuleArray) ElementType() reflect.Type

func (NonResourceRuleArray) ToNonResourceRuleArrayOutput

func (i NonResourceRuleArray) ToNonResourceRuleArrayOutput() NonResourceRuleArrayOutput

func (NonResourceRuleArray) ToNonResourceRuleArrayOutputWithContext

func (i NonResourceRuleArray) ToNonResourceRuleArrayOutputWithContext(ctx context.Context) NonResourceRuleArrayOutput

type NonResourceRuleArrayInput

type NonResourceRuleArrayInput interface {
	pulumi.Input

	ToNonResourceRuleArrayOutput() NonResourceRuleArrayOutput
	ToNonResourceRuleArrayOutputWithContext(context.Context) NonResourceRuleArrayOutput
}

NonResourceRuleArrayInput is an input type that accepts NonResourceRuleArray and NonResourceRuleArrayOutput values. You can construct a concrete instance of `NonResourceRuleArrayInput` via:

NonResourceRuleArray{ NonResourceRuleArgs{...} }

type NonResourceRuleArrayOutput

type NonResourceRuleArrayOutput struct{ *pulumi.OutputState }

func (NonResourceRuleArrayOutput) ElementType

func (NonResourceRuleArrayOutput) ElementType() reflect.Type

func (NonResourceRuleArrayOutput) Index

func (NonResourceRuleArrayOutput) ToNonResourceRuleArrayOutput

func (o NonResourceRuleArrayOutput) ToNonResourceRuleArrayOutput() NonResourceRuleArrayOutput

func (NonResourceRuleArrayOutput) ToNonResourceRuleArrayOutputWithContext

func (o NonResourceRuleArrayOutput) ToNonResourceRuleArrayOutputWithContext(ctx context.Context) NonResourceRuleArrayOutput

type NonResourceRuleInput

type NonResourceRuleInput interface {
	pulumi.Input

	ToNonResourceRuleOutput() NonResourceRuleOutput
	ToNonResourceRuleOutputWithContext(context.Context) NonResourceRuleOutput
}

NonResourceRuleInput is an input type that accepts NonResourceRuleArgs and NonResourceRuleOutput values. You can construct a concrete instance of `NonResourceRuleInput` via:

NonResourceRuleArgs{...}

type NonResourceRuleOutput

type NonResourceRuleOutput struct{ *pulumi.OutputState }

NonResourceRule holds information that describes a rule for the non-resource

func (NonResourceRuleOutput) ElementType

func (NonResourceRuleOutput) ElementType() reflect.Type

func (NonResourceRuleOutput) NonResourceURLs

func (o NonResourceRuleOutput) NonResourceURLs() pulumi.StringArrayOutput

NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path. "*" means all.

func (NonResourceRuleOutput) ToNonResourceRuleOutput

func (o NonResourceRuleOutput) ToNonResourceRuleOutput() NonResourceRuleOutput

func (NonResourceRuleOutput) ToNonResourceRuleOutputWithContext

func (o NonResourceRuleOutput) ToNonResourceRuleOutputWithContext(ctx context.Context) NonResourceRuleOutput

func (NonResourceRuleOutput) Verbs

Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.

type ResourceAttributes

type ResourceAttributes struct {
	// Group is the API Group of the Resource.  "*" means all.
	Group *string `pulumi:"group"`
	// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
	Name *string `pulumi:"name"`
	// Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
	Namespace *string `pulumi:"namespace"`
	// Resource is one of the existing resource types.  "*" means all.
	Resource *string `pulumi:"resource"`
	// Subresource is one of the existing resource types.  "" means none.
	Subresource *string `pulumi:"subresource"`
	// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy.  "*" means all.
	Verb *string `pulumi:"verb"`
	// Version is the API Version of the Resource.  "*" means all.
	Version *string `pulumi:"version"`
}

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

type ResourceAttributesArgs

type ResourceAttributesArgs struct {
	// Group is the API Group of the Resource.  "*" means all.
	Group pulumi.StringPtrInput `pulumi:"group"`
	// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// Resource is one of the existing resource types.  "*" means all.
	Resource pulumi.StringPtrInput `pulumi:"resource"`
	// Subresource is one of the existing resource types.  "" means none.
	Subresource pulumi.StringPtrInput `pulumi:"subresource"`
	// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy.  "*" means all.
	Verb pulumi.StringPtrInput `pulumi:"verb"`
	// Version is the API Version of the Resource.  "*" means all.
	Version pulumi.StringPtrInput `pulumi:"version"`
}

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

func (ResourceAttributesArgs) ElementType

func (ResourceAttributesArgs) ElementType() reflect.Type

func (ResourceAttributesArgs) ToResourceAttributesOutput

func (i ResourceAttributesArgs) ToResourceAttributesOutput() ResourceAttributesOutput

func (ResourceAttributesArgs) ToResourceAttributesOutputWithContext

func (i ResourceAttributesArgs) ToResourceAttributesOutputWithContext(ctx context.Context) ResourceAttributesOutput

func (ResourceAttributesArgs) ToResourceAttributesPtrOutput

func (i ResourceAttributesArgs) ToResourceAttributesPtrOutput() ResourceAttributesPtrOutput

func (ResourceAttributesArgs) ToResourceAttributesPtrOutputWithContext

func (i ResourceAttributesArgs) ToResourceAttributesPtrOutputWithContext(ctx context.Context) ResourceAttributesPtrOutput

type ResourceAttributesInput

type ResourceAttributesInput interface {
	pulumi.Input

	ToResourceAttributesOutput() ResourceAttributesOutput
	ToResourceAttributesOutputWithContext(context.Context) ResourceAttributesOutput
}

ResourceAttributesInput is an input type that accepts ResourceAttributesArgs and ResourceAttributesOutput values. You can construct a concrete instance of `ResourceAttributesInput` via:

ResourceAttributesArgs{...}

type ResourceAttributesOutput

type ResourceAttributesOutput struct{ *pulumi.OutputState }

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

func (ResourceAttributesOutput) ElementType

func (ResourceAttributesOutput) ElementType() reflect.Type

func (ResourceAttributesOutput) Group

Group is the API Group of the Resource. "*" means all.

func (ResourceAttributesOutput) Name

Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.

func (ResourceAttributesOutput) Namespace

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview

func (ResourceAttributesOutput) Resource

Resource is one of the existing resource types. "*" means all.

func (ResourceAttributesOutput) Subresource

Subresource is one of the existing resource types. "" means none.

func (ResourceAttributesOutput) ToResourceAttributesOutput

func (o ResourceAttributesOutput) ToResourceAttributesOutput() ResourceAttributesOutput

func (ResourceAttributesOutput) ToResourceAttributesOutputWithContext

func (o ResourceAttributesOutput) ToResourceAttributesOutputWithContext(ctx context.Context) ResourceAttributesOutput

func (ResourceAttributesOutput) ToResourceAttributesPtrOutput

func (o ResourceAttributesOutput) ToResourceAttributesPtrOutput() ResourceAttributesPtrOutput

func (ResourceAttributesOutput) ToResourceAttributesPtrOutputWithContext

func (o ResourceAttributesOutput) ToResourceAttributesPtrOutputWithContext(ctx context.Context) ResourceAttributesPtrOutput

func (ResourceAttributesOutput) Verb

Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.

func (ResourceAttributesOutput) Version

Version is the API Version of the Resource. "*" means all.

type ResourceAttributesPtrInput

type ResourceAttributesPtrInput interface {
	pulumi.Input

	ToResourceAttributesPtrOutput() ResourceAttributesPtrOutput
	ToResourceAttributesPtrOutputWithContext(context.Context) ResourceAttributesPtrOutput
}

ResourceAttributesPtrInput is an input type that accepts ResourceAttributesArgs, ResourceAttributesPtr and ResourceAttributesPtrOutput values. You can construct a concrete instance of `ResourceAttributesPtrInput` via:

        ResourceAttributesArgs{...}

or:

        nil

type ResourceAttributesPtrOutput

type ResourceAttributesPtrOutput struct{ *pulumi.OutputState }

func (ResourceAttributesPtrOutput) Elem

func (ResourceAttributesPtrOutput) ElementType

func (ResourceAttributesPtrOutput) Group

Group is the API Group of the Resource. "*" means all.

func (ResourceAttributesPtrOutput) Name

Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.

func (ResourceAttributesPtrOutput) Namespace

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview

func (ResourceAttributesPtrOutput) Resource

Resource is one of the existing resource types. "*" means all.

func (ResourceAttributesPtrOutput) Subresource

Subresource is one of the existing resource types. "" means none.

func (ResourceAttributesPtrOutput) ToResourceAttributesPtrOutput

func (o ResourceAttributesPtrOutput) ToResourceAttributesPtrOutput() ResourceAttributesPtrOutput

func (ResourceAttributesPtrOutput) ToResourceAttributesPtrOutputWithContext

func (o ResourceAttributesPtrOutput) ToResourceAttributesPtrOutputWithContext(ctx context.Context) ResourceAttributesPtrOutput

func (ResourceAttributesPtrOutput) Verb

Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.

func (ResourceAttributesPtrOutput) Version

Version is the API Version of the Resource. "*" means all.

type ResourceRule

type ResourceRule struct {
	// APIGroups is the name of the APIGroup that contains the resources.  If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.  "*" means all.
	ApiGroups []string `pulumi:"apiGroups"`
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.  "*" means all.
	ResourceNames []string `pulumi:"resourceNames"`
	// Resources is a list of resources this rule applies to.  "*" means all in the specified apiGroups.
	//  "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
	Resources []string `pulumi:"resources"`
	// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy.  "*" means all.
	Verbs []string `pulumi:"verbs"`
}

ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.

type ResourceRuleArgs

type ResourceRuleArgs struct {
	// APIGroups is the name of the APIGroup that contains the resources.  If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.  "*" means all.
	ApiGroups pulumi.StringArrayInput `pulumi:"apiGroups"`
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.  "*" means all.
	ResourceNames pulumi.StringArrayInput `pulumi:"resourceNames"`
	// Resources is a list of resources this rule applies to.  "*" means all in the specified apiGroups.
	//  "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
	Resources pulumi.StringArrayInput `pulumi:"resources"`
	// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy.  "*" means all.
	Verbs pulumi.StringArrayInput `pulumi:"verbs"`
}

ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.

func (ResourceRuleArgs) ElementType

func (ResourceRuleArgs) ElementType() reflect.Type

func (ResourceRuleArgs) ToResourceRuleOutput

func (i ResourceRuleArgs) ToResourceRuleOutput() ResourceRuleOutput

func (ResourceRuleArgs) ToResourceRuleOutputWithContext

func (i ResourceRuleArgs) ToResourceRuleOutputWithContext(ctx context.Context) ResourceRuleOutput

type ResourceRuleArray

type ResourceRuleArray []ResourceRuleInput

func (ResourceRuleArray) ElementType

func (ResourceRuleArray) ElementType() reflect.Type

func (ResourceRuleArray) ToResourceRuleArrayOutput

func (i ResourceRuleArray) ToResourceRuleArrayOutput() ResourceRuleArrayOutput

func (ResourceRuleArray) ToResourceRuleArrayOutputWithContext

func (i ResourceRuleArray) ToResourceRuleArrayOutputWithContext(ctx context.Context) ResourceRuleArrayOutput

type ResourceRuleArrayInput

type ResourceRuleArrayInput interface {
	pulumi.Input

	ToResourceRuleArrayOutput() ResourceRuleArrayOutput
	ToResourceRuleArrayOutputWithContext(context.Context) ResourceRuleArrayOutput
}

ResourceRuleArrayInput is an input type that accepts ResourceRuleArray and ResourceRuleArrayOutput values. You can construct a concrete instance of `ResourceRuleArrayInput` via:

ResourceRuleArray{ ResourceRuleArgs{...} }

type ResourceRuleArrayOutput

type ResourceRuleArrayOutput struct{ *pulumi.OutputState }

func (ResourceRuleArrayOutput) ElementType

func (ResourceRuleArrayOutput) ElementType() reflect.Type

func (ResourceRuleArrayOutput) Index

func (ResourceRuleArrayOutput) ToResourceRuleArrayOutput

func (o ResourceRuleArrayOutput) ToResourceRuleArrayOutput() ResourceRuleArrayOutput

func (ResourceRuleArrayOutput) ToResourceRuleArrayOutputWithContext

func (o ResourceRuleArrayOutput) ToResourceRuleArrayOutputWithContext(ctx context.Context) ResourceRuleArrayOutput

type ResourceRuleInput

type ResourceRuleInput interface {
	pulumi.Input

	ToResourceRuleOutput() ResourceRuleOutput
	ToResourceRuleOutputWithContext(context.Context) ResourceRuleOutput
}

ResourceRuleInput is an input type that accepts ResourceRuleArgs and ResourceRuleOutput values. You can construct a concrete instance of `ResourceRuleInput` via:

ResourceRuleArgs{...}

type ResourceRuleOutput

type ResourceRuleOutput struct{ *pulumi.OutputState }

ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.

func (ResourceRuleOutput) ApiGroups

APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "*" means all.

func (ResourceRuleOutput) ElementType

func (ResourceRuleOutput) ElementType() reflect.Type

func (ResourceRuleOutput) ResourceNames

func (o ResourceRuleOutput) ResourceNames() pulumi.StringArrayOutput

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.

func (ResourceRuleOutput) Resources

Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.

"*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.

func (ResourceRuleOutput) ToResourceRuleOutput

func (o ResourceRuleOutput) ToResourceRuleOutput() ResourceRuleOutput

func (ResourceRuleOutput) ToResourceRuleOutputWithContext

func (o ResourceRuleOutput) ToResourceRuleOutputWithContext(ctx context.Context) ResourceRuleOutput

func (ResourceRuleOutput) Verbs

Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.

type SelfSubjectAccessReview

type SelfSubjectAccessReview struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrOutput     `pulumi:"kind"`
	Metadata metav1.ObjectMetaPtrOutput `pulumi:"metadata"`
	// Spec holds information about the request being evaluated.  user and groups must be empty
	Spec SelfSubjectAccessReviewSpecOutput `pulumi:"spec"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatusPtrOutput `pulumi:"status"`
}

SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action

func GetSelfSubjectAccessReview

func GetSelfSubjectAccessReview(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SelfSubjectAccessReviewState, opts ...pulumi.ResourceOption) (*SelfSubjectAccessReview, error)

GetSelfSubjectAccessReview gets an existing SelfSubjectAccessReview resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSelfSubjectAccessReview

func NewSelfSubjectAccessReview(ctx *pulumi.Context,
	name string, args *SelfSubjectAccessReviewArgs, opts ...pulumi.ResourceOption) (*SelfSubjectAccessReview, error)

NewSelfSubjectAccessReview registers a new resource with the given unique name, arguments, and options.

func (*SelfSubjectAccessReview) ElementType

func (*SelfSubjectAccessReview) ElementType() reflect.Type

func (*SelfSubjectAccessReview) ToSelfSubjectAccessReviewOutput

func (i *SelfSubjectAccessReview) ToSelfSubjectAccessReviewOutput() SelfSubjectAccessReviewOutput

func (*SelfSubjectAccessReview) ToSelfSubjectAccessReviewOutputWithContext

func (i *SelfSubjectAccessReview) ToSelfSubjectAccessReviewOutputWithContext(ctx context.Context) SelfSubjectAccessReviewOutput

type SelfSubjectAccessReviewArgs

type SelfSubjectAccessReviewArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrInput
	Metadata metav1.ObjectMetaPtrInput
	// Spec holds information about the request being evaluated.  user and groups must be empty
	Spec SelfSubjectAccessReviewSpecInput
}

The set of arguments for constructing a SelfSubjectAccessReview resource.

func (SelfSubjectAccessReviewArgs) ElementType

type SelfSubjectAccessReviewArray

type SelfSubjectAccessReviewArray []SelfSubjectAccessReviewInput

func (SelfSubjectAccessReviewArray) ElementType

func (SelfSubjectAccessReviewArray) ToSelfSubjectAccessReviewArrayOutput

func (i SelfSubjectAccessReviewArray) ToSelfSubjectAccessReviewArrayOutput() SelfSubjectAccessReviewArrayOutput

func (SelfSubjectAccessReviewArray) ToSelfSubjectAccessReviewArrayOutputWithContext

func (i SelfSubjectAccessReviewArray) ToSelfSubjectAccessReviewArrayOutputWithContext(ctx context.Context) SelfSubjectAccessReviewArrayOutput

type SelfSubjectAccessReviewArrayInput

type SelfSubjectAccessReviewArrayInput interface {
	pulumi.Input

	ToSelfSubjectAccessReviewArrayOutput() SelfSubjectAccessReviewArrayOutput
	ToSelfSubjectAccessReviewArrayOutputWithContext(context.Context) SelfSubjectAccessReviewArrayOutput
}

SelfSubjectAccessReviewArrayInput is an input type that accepts SelfSubjectAccessReviewArray and SelfSubjectAccessReviewArrayOutput values. You can construct a concrete instance of `SelfSubjectAccessReviewArrayInput` via:

SelfSubjectAccessReviewArray{ SelfSubjectAccessReviewArgs{...} }

type SelfSubjectAccessReviewArrayOutput

type SelfSubjectAccessReviewArrayOutput struct{ *pulumi.OutputState }

func (SelfSubjectAccessReviewArrayOutput) ElementType

func (SelfSubjectAccessReviewArrayOutput) Index

func (SelfSubjectAccessReviewArrayOutput) ToSelfSubjectAccessReviewArrayOutput

func (o SelfSubjectAccessReviewArrayOutput) ToSelfSubjectAccessReviewArrayOutput() SelfSubjectAccessReviewArrayOutput

func (SelfSubjectAccessReviewArrayOutput) ToSelfSubjectAccessReviewArrayOutputWithContext

func (o SelfSubjectAccessReviewArrayOutput) ToSelfSubjectAccessReviewArrayOutputWithContext(ctx context.Context) SelfSubjectAccessReviewArrayOutput

type SelfSubjectAccessReviewInput

type SelfSubjectAccessReviewInput interface {
	pulumi.Input

	ToSelfSubjectAccessReviewOutput() SelfSubjectAccessReviewOutput
	ToSelfSubjectAccessReviewOutputWithContext(ctx context.Context) SelfSubjectAccessReviewOutput
}

type SelfSubjectAccessReviewMap

type SelfSubjectAccessReviewMap map[string]SelfSubjectAccessReviewInput

func (SelfSubjectAccessReviewMap) ElementType

func (SelfSubjectAccessReviewMap) ElementType() reflect.Type

func (SelfSubjectAccessReviewMap) ToSelfSubjectAccessReviewMapOutput

func (i SelfSubjectAccessReviewMap) ToSelfSubjectAccessReviewMapOutput() SelfSubjectAccessReviewMapOutput

func (SelfSubjectAccessReviewMap) ToSelfSubjectAccessReviewMapOutputWithContext

func (i SelfSubjectAccessReviewMap) ToSelfSubjectAccessReviewMapOutputWithContext(ctx context.Context) SelfSubjectAccessReviewMapOutput

type SelfSubjectAccessReviewMapInput

type SelfSubjectAccessReviewMapInput interface {
	pulumi.Input

	ToSelfSubjectAccessReviewMapOutput() SelfSubjectAccessReviewMapOutput
	ToSelfSubjectAccessReviewMapOutputWithContext(context.Context) SelfSubjectAccessReviewMapOutput
}

SelfSubjectAccessReviewMapInput is an input type that accepts SelfSubjectAccessReviewMap and SelfSubjectAccessReviewMapOutput values. You can construct a concrete instance of `SelfSubjectAccessReviewMapInput` via:

SelfSubjectAccessReviewMap{ "key": SelfSubjectAccessReviewArgs{...} }

type SelfSubjectAccessReviewMapOutput

type SelfSubjectAccessReviewMapOutput struct{ *pulumi.OutputState }

func (SelfSubjectAccessReviewMapOutput) ElementType

func (SelfSubjectAccessReviewMapOutput) MapIndex

func (SelfSubjectAccessReviewMapOutput) ToSelfSubjectAccessReviewMapOutput

func (o SelfSubjectAccessReviewMapOutput) ToSelfSubjectAccessReviewMapOutput() SelfSubjectAccessReviewMapOutput

func (SelfSubjectAccessReviewMapOutput) ToSelfSubjectAccessReviewMapOutputWithContext

func (o SelfSubjectAccessReviewMapOutput) ToSelfSubjectAccessReviewMapOutputWithContext(ctx context.Context) SelfSubjectAccessReviewMapOutput

type SelfSubjectAccessReviewOutput

type SelfSubjectAccessReviewOutput struct{ *pulumi.OutputState }

func (SelfSubjectAccessReviewOutput) ElementType

func (SelfSubjectAccessReviewOutput) ToSelfSubjectAccessReviewOutput

func (o SelfSubjectAccessReviewOutput) ToSelfSubjectAccessReviewOutput() SelfSubjectAccessReviewOutput

func (SelfSubjectAccessReviewOutput) ToSelfSubjectAccessReviewOutputWithContext

func (o SelfSubjectAccessReviewOutput) ToSelfSubjectAccessReviewOutputWithContext(ctx context.Context) SelfSubjectAccessReviewOutput

type SelfSubjectAccessReviewSpec

type SelfSubjectAccessReviewSpec struct {
	// NonResourceAttributes describes information for a non-resource access request
	NonResourceAttributes *NonResourceAttributes `pulumi:"nonResourceAttributes"`
	// ResourceAuthorizationAttributes describes information for a resource access request
	ResourceAttributes *ResourceAttributes `pulumi:"resourceAttributes"`
}

SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set

type SelfSubjectAccessReviewSpecArgs

type SelfSubjectAccessReviewSpecArgs struct {
	// NonResourceAttributes describes information for a non-resource access request
	NonResourceAttributes NonResourceAttributesPtrInput `pulumi:"nonResourceAttributes"`
	// ResourceAuthorizationAttributes describes information for a resource access request
	ResourceAttributes ResourceAttributesPtrInput `pulumi:"resourceAttributes"`
}

SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set

func (SelfSubjectAccessReviewSpecArgs) ElementType

func (SelfSubjectAccessReviewSpecArgs) ToSelfSubjectAccessReviewSpecOutput

func (i SelfSubjectAccessReviewSpecArgs) ToSelfSubjectAccessReviewSpecOutput() SelfSubjectAccessReviewSpecOutput

func (SelfSubjectAccessReviewSpecArgs) ToSelfSubjectAccessReviewSpecOutputWithContext

func (i SelfSubjectAccessReviewSpecArgs) ToSelfSubjectAccessReviewSpecOutputWithContext(ctx context.Context) SelfSubjectAccessReviewSpecOutput

type SelfSubjectAccessReviewSpecInput

type SelfSubjectAccessReviewSpecInput interface {
	pulumi.Input

	ToSelfSubjectAccessReviewSpecOutput() SelfSubjectAccessReviewSpecOutput
	ToSelfSubjectAccessReviewSpecOutputWithContext(context.Context) SelfSubjectAccessReviewSpecOutput
}

SelfSubjectAccessReviewSpecInput is an input type that accepts SelfSubjectAccessReviewSpecArgs and SelfSubjectAccessReviewSpecOutput values. You can construct a concrete instance of `SelfSubjectAccessReviewSpecInput` via:

SelfSubjectAccessReviewSpecArgs{...}

type SelfSubjectAccessReviewSpecOutput

type SelfSubjectAccessReviewSpecOutput struct{ *pulumi.OutputState }

SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set

func (SelfSubjectAccessReviewSpecOutput) ElementType

func (SelfSubjectAccessReviewSpecOutput) NonResourceAttributes

NonResourceAttributes describes information for a non-resource access request

func (SelfSubjectAccessReviewSpecOutput) ResourceAttributes

ResourceAuthorizationAttributes describes information for a resource access request

func (SelfSubjectAccessReviewSpecOutput) ToSelfSubjectAccessReviewSpecOutput

func (o SelfSubjectAccessReviewSpecOutput) ToSelfSubjectAccessReviewSpecOutput() SelfSubjectAccessReviewSpecOutput

func (SelfSubjectAccessReviewSpecOutput) ToSelfSubjectAccessReviewSpecOutputWithContext

func (o SelfSubjectAccessReviewSpecOutput) ToSelfSubjectAccessReviewSpecOutputWithContext(ctx context.Context) SelfSubjectAccessReviewSpecOutput

type SelfSubjectAccessReviewState

type SelfSubjectAccessReviewState struct {
}

func (SelfSubjectAccessReviewState) ElementType

type SelfSubjectAccessReviewType

type SelfSubjectAccessReviewType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     *string            `pulumi:"kind"`
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Spec holds information about the request being evaluated.  user and groups must be empty
	Spec SelfSubjectAccessReviewSpec `pulumi:"spec"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	Status *SubjectAccessReviewStatus `pulumi:"status"`
}

SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action

type SelfSubjectAccessReviewTypeArgs

type SelfSubjectAccessReviewTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrInput     `pulumi:"kind"`
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Spec holds information about the request being evaluated.  user and groups must be empty
	Spec SelfSubjectAccessReviewSpecInput `pulumi:"spec"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatusPtrInput `pulumi:"status"`
}

SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action

func (SelfSubjectAccessReviewTypeArgs) ElementType

func (SelfSubjectAccessReviewTypeArgs) ToSelfSubjectAccessReviewTypeOutput

func (i SelfSubjectAccessReviewTypeArgs) ToSelfSubjectAccessReviewTypeOutput() SelfSubjectAccessReviewTypeOutput

func (SelfSubjectAccessReviewTypeArgs) ToSelfSubjectAccessReviewTypeOutputWithContext

func (i SelfSubjectAccessReviewTypeArgs) ToSelfSubjectAccessReviewTypeOutputWithContext(ctx context.Context) SelfSubjectAccessReviewTypeOutput

type SelfSubjectAccessReviewTypeInput

type SelfSubjectAccessReviewTypeInput interface {
	pulumi.Input

	ToSelfSubjectAccessReviewTypeOutput() SelfSubjectAccessReviewTypeOutput
	ToSelfSubjectAccessReviewTypeOutputWithContext(context.Context) SelfSubjectAccessReviewTypeOutput
}

SelfSubjectAccessReviewTypeInput is an input type that accepts SelfSubjectAccessReviewTypeArgs and SelfSubjectAccessReviewTypeOutput values. You can construct a concrete instance of `SelfSubjectAccessReviewTypeInput` via:

SelfSubjectAccessReviewTypeArgs{...}

type SelfSubjectAccessReviewTypeOutput

type SelfSubjectAccessReviewTypeOutput struct{ *pulumi.OutputState }

SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action

func (SelfSubjectAccessReviewTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (SelfSubjectAccessReviewTypeOutput) ElementType

func (SelfSubjectAccessReviewTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (SelfSubjectAccessReviewTypeOutput) Metadata

func (SelfSubjectAccessReviewTypeOutput) Spec

Spec holds information about the request being evaluated. user and groups must be empty

func (SelfSubjectAccessReviewTypeOutput) Status

Status is filled in by the server and indicates whether the request is allowed or not

func (SelfSubjectAccessReviewTypeOutput) ToSelfSubjectAccessReviewTypeOutput

func (o SelfSubjectAccessReviewTypeOutput) ToSelfSubjectAccessReviewTypeOutput() SelfSubjectAccessReviewTypeOutput

func (SelfSubjectAccessReviewTypeOutput) ToSelfSubjectAccessReviewTypeOutputWithContext

func (o SelfSubjectAccessReviewTypeOutput) ToSelfSubjectAccessReviewTypeOutputWithContext(ctx context.Context) SelfSubjectAccessReviewTypeOutput

type SelfSubjectRulesReview

type SelfSubjectRulesReview struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrOutput     `pulumi:"kind"`
	Metadata metav1.ObjectMetaPtrOutput `pulumi:"metadata"`
	// Spec holds information about the request being evaluated.
	Spec SelfSubjectRulesReviewSpecOutput `pulumi:"spec"`
	// Status is filled in by the server and indicates the set of actions a user can perform.
	Status SubjectRulesReviewStatusPtrOutput `pulumi:"status"`
}

SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.

func GetSelfSubjectRulesReview

func GetSelfSubjectRulesReview(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SelfSubjectRulesReviewState, opts ...pulumi.ResourceOption) (*SelfSubjectRulesReview, error)

GetSelfSubjectRulesReview gets an existing SelfSubjectRulesReview resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSelfSubjectRulesReview

func NewSelfSubjectRulesReview(ctx *pulumi.Context,
	name string, args *SelfSubjectRulesReviewArgs, opts ...pulumi.ResourceOption) (*SelfSubjectRulesReview, error)

NewSelfSubjectRulesReview registers a new resource with the given unique name, arguments, and options.

func (*SelfSubjectRulesReview) ElementType

func (*SelfSubjectRulesReview) ElementType() reflect.Type

func (*SelfSubjectRulesReview) ToSelfSubjectRulesReviewOutput

func (i *SelfSubjectRulesReview) ToSelfSubjectRulesReviewOutput() SelfSubjectRulesReviewOutput

func (*SelfSubjectRulesReview) ToSelfSubjectRulesReviewOutputWithContext

func (i *SelfSubjectRulesReview) ToSelfSubjectRulesReviewOutputWithContext(ctx context.Context) SelfSubjectRulesReviewOutput

type SelfSubjectRulesReviewArgs

type SelfSubjectRulesReviewArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrInput
	Metadata metav1.ObjectMetaPtrInput
	// Spec holds information about the request being evaluated.
	Spec SelfSubjectRulesReviewSpecInput
}

The set of arguments for constructing a SelfSubjectRulesReview resource.

func (SelfSubjectRulesReviewArgs) ElementType

func (SelfSubjectRulesReviewArgs) ElementType() reflect.Type

type SelfSubjectRulesReviewArray

type SelfSubjectRulesReviewArray []SelfSubjectRulesReviewInput

func (SelfSubjectRulesReviewArray) ElementType

func (SelfSubjectRulesReviewArray) ToSelfSubjectRulesReviewArrayOutput

func (i SelfSubjectRulesReviewArray) ToSelfSubjectRulesReviewArrayOutput() SelfSubjectRulesReviewArrayOutput

func (SelfSubjectRulesReviewArray) ToSelfSubjectRulesReviewArrayOutputWithContext

func (i SelfSubjectRulesReviewArray) ToSelfSubjectRulesReviewArrayOutputWithContext(ctx context.Context) SelfSubjectRulesReviewArrayOutput

type SelfSubjectRulesReviewArrayInput

type SelfSubjectRulesReviewArrayInput interface {
	pulumi.Input

	ToSelfSubjectRulesReviewArrayOutput() SelfSubjectRulesReviewArrayOutput
	ToSelfSubjectRulesReviewArrayOutputWithContext(context.Context) SelfSubjectRulesReviewArrayOutput
}

SelfSubjectRulesReviewArrayInput is an input type that accepts SelfSubjectRulesReviewArray and SelfSubjectRulesReviewArrayOutput values. You can construct a concrete instance of `SelfSubjectRulesReviewArrayInput` via:

SelfSubjectRulesReviewArray{ SelfSubjectRulesReviewArgs{...} }

type SelfSubjectRulesReviewArrayOutput

type SelfSubjectRulesReviewArrayOutput struct{ *pulumi.OutputState }

func (SelfSubjectRulesReviewArrayOutput) ElementType

func (SelfSubjectRulesReviewArrayOutput) Index

func (SelfSubjectRulesReviewArrayOutput) ToSelfSubjectRulesReviewArrayOutput

func (o SelfSubjectRulesReviewArrayOutput) ToSelfSubjectRulesReviewArrayOutput() SelfSubjectRulesReviewArrayOutput

func (SelfSubjectRulesReviewArrayOutput) ToSelfSubjectRulesReviewArrayOutputWithContext

func (o SelfSubjectRulesReviewArrayOutput) ToSelfSubjectRulesReviewArrayOutputWithContext(ctx context.Context) SelfSubjectRulesReviewArrayOutput

type SelfSubjectRulesReviewInput

type SelfSubjectRulesReviewInput interface {
	pulumi.Input

	ToSelfSubjectRulesReviewOutput() SelfSubjectRulesReviewOutput
	ToSelfSubjectRulesReviewOutputWithContext(ctx context.Context) SelfSubjectRulesReviewOutput
}

type SelfSubjectRulesReviewMap

type SelfSubjectRulesReviewMap map[string]SelfSubjectRulesReviewInput

func (SelfSubjectRulesReviewMap) ElementType

func (SelfSubjectRulesReviewMap) ElementType() reflect.Type

func (SelfSubjectRulesReviewMap) ToSelfSubjectRulesReviewMapOutput

func (i SelfSubjectRulesReviewMap) ToSelfSubjectRulesReviewMapOutput() SelfSubjectRulesReviewMapOutput

func (SelfSubjectRulesReviewMap) ToSelfSubjectRulesReviewMapOutputWithContext

func (i SelfSubjectRulesReviewMap) ToSelfSubjectRulesReviewMapOutputWithContext(ctx context.Context) SelfSubjectRulesReviewMapOutput

type SelfSubjectRulesReviewMapInput

type SelfSubjectRulesReviewMapInput interface {
	pulumi.Input

	ToSelfSubjectRulesReviewMapOutput() SelfSubjectRulesReviewMapOutput
	ToSelfSubjectRulesReviewMapOutputWithContext(context.Context) SelfSubjectRulesReviewMapOutput
}

SelfSubjectRulesReviewMapInput is an input type that accepts SelfSubjectRulesReviewMap and SelfSubjectRulesReviewMapOutput values. You can construct a concrete instance of `SelfSubjectRulesReviewMapInput` via:

SelfSubjectRulesReviewMap{ "key": SelfSubjectRulesReviewArgs{...} }

type SelfSubjectRulesReviewMapOutput

type SelfSubjectRulesReviewMapOutput struct{ *pulumi.OutputState }

func (SelfSubjectRulesReviewMapOutput) ElementType

func (SelfSubjectRulesReviewMapOutput) MapIndex

func (SelfSubjectRulesReviewMapOutput) ToSelfSubjectRulesReviewMapOutput

func (o SelfSubjectRulesReviewMapOutput) ToSelfSubjectRulesReviewMapOutput() SelfSubjectRulesReviewMapOutput

func (SelfSubjectRulesReviewMapOutput) ToSelfSubjectRulesReviewMapOutputWithContext

func (o SelfSubjectRulesReviewMapOutput) ToSelfSubjectRulesReviewMapOutputWithContext(ctx context.Context) SelfSubjectRulesReviewMapOutput

type SelfSubjectRulesReviewOutput

type SelfSubjectRulesReviewOutput struct{ *pulumi.OutputState }

func (SelfSubjectRulesReviewOutput) ElementType

func (SelfSubjectRulesReviewOutput) ToSelfSubjectRulesReviewOutput

func (o SelfSubjectRulesReviewOutput) ToSelfSubjectRulesReviewOutput() SelfSubjectRulesReviewOutput

func (SelfSubjectRulesReviewOutput) ToSelfSubjectRulesReviewOutputWithContext

func (o SelfSubjectRulesReviewOutput) ToSelfSubjectRulesReviewOutputWithContext(ctx context.Context) SelfSubjectRulesReviewOutput

type SelfSubjectRulesReviewSpec

type SelfSubjectRulesReviewSpec struct {
	// Namespace to evaluate rules for. Required.
	Namespace *string `pulumi:"namespace"`
}

type SelfSubjectRulesReviewSpecArgs

type SelfSubjectRulesReviewSpecArgs struct {
	// Namespace to evaluate rules for. Required.
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
}

func (SelfSubjectRulesReviewSpecArgs) ElementType

func (SelfSubjectRulesReviewSpecArgs) ToSelfSubjectRulesReviewSpecOutput

func (i SelfSubjectRulesReviewSpecArgs) ToSelfSubjectRulesReviewSpecOutput() SelfSubjectRulesReviewSpecOutput

func (SelfSubjectRulesReviewSpecArgs) ToSelfSubjectRulesReviewSpecOutputWithContext

func (i SelfSubjectRulesReviewSpecArgs) ToSelfSubjectRulesReviewSpecOutputWithContext(ctx context.Context) SelfSubjectRulesReviewSpecOutput

type SelfSubjectRulesReviewSpecInput

type SelfSubjectRulesReviewSpecInput interface {
	pulumi.Input

	ToSelfSubjectRulesReviewSpecOutput() SelfSubjectRulesReviewSpecOutput
	ToSelfSubjectRulesReviewSpecOutputWithContext(context.Context) SelfSubjectRulesReviewSpecOutput
}

SelfSubjectRulesReviewSpecInput is an input type that accepts SelfSubjectRulesReviewSpecArgs and SelfSubjectRulesReviewSpecOutput values. You can construct a concrete instance of `SelfSubjectRulesReviewSpecInput` via:

SelfSubjectRulesReviewSpecArgs{...}

type SelfSubjectRulesReviewSpecOutput

type SelfSubjectRulesReviewSpecOutput struct{ *pulumi.OutputState }

func (SelfSubjectRulesReviewSpecOutput) ElementType

func (SelfSubjectRulesReviewSpecOutput) Namespace

Namespace to evaluate rules for. Required.

func (SelfSubjectRulesReviewSpecOutput) ToSelfSubjectRulesReviewSpecOutput

func (o SelfSubjectRulesReviewSpecOutput) ToSelfSubjectRulesReviewSpecOutput() SelfSubjectRulesReviewSpecOutput

func (SelfSubjectRulesReviewSpecOutput) ToSelfSubjectRulesReviewSpecOutputWithContext

func (o SelfSubjectRulesReviewSpecOutput) ToSelfSubjectRulesReviewSpecOutputWithContext(ctx context.Context) SelfSubjectRulesReviewSpecOutput

type SelfSubjectRulesReviewState

type SelfSubjectRulesReviewState struct {
}

func (SelfSubjectRulesReviewState) ElementType

type SelfSubjectRulesReviewType

type SelfSubjectRulesReviewType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     *string            `pulumi:"kind"`
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Spec holds information about the request being evaluated.
	Spec SelfSubjectRulesReviewSpec `pulumi:"spec"`
	// Status is filled in by the server and indicates the set of actions a user can perform.
	Status *SubjectRulesReviewStatus `pulumi:"status"`
}

SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.

type SelfSubjectRulesReviewTypeArgs

type SelfSubjectRulesReviewTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrInput     `pulumi:"kind"`
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Spec holds information about the request being evaluated.
	Spec SelfSubjectRulesReviewSpecInput `pulumi:"spec"`
	// Status is filled in by the server and indicates the set of actions a user can perform.
	Status SubjectRulesReviewStatusPtrInput `pulumi:"status"`
}

SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.

func (SelfSubjectRulesReviewTypeArgs) ElementType

func (SelfSubjectRulesReviewTypeArgs) ToSelfSubjectRulesReviewTypeOutput

func (i SelfSubjectRulesReviewTypeArgs) ToSelfSubjectRulesReviewTypeOutput() SelfSubjectRulesReviewTypeOutput

func (SelfSubjectRulesReviewTypeArgs) ToSelfSubjectRulesReviewTypeOutputWithContext

func (i SelfSubjectRulesReviewTypeArgs) ToSelfSubjectRulesReviewTypeOutputWithContext(ctx context.Context) SelfSubjectRulesReviewTypeOutput

type SelfSubjectRulesReviewTypeInput

type SelfSubjectRulesReviewTypeInput interface {
	pulumi.Input

	ToSelfSubjectRulesReviewTypeOutput() SelfSubjectRulesReviewTypeOutput
	ToSelfSubjectRulesReviewTypeOutputWithContext(context.Context) SelfSubjectRulesReviewTypeOutput
}

SelfSubjectRulesReviewTypeInput is an input type that accepts SelfSubjectRulesReviewTypeArgs and SelfSubjectRulesReviewTypeOutput values. You can construct a concrete instance of `SelfSubjectRulesReviewTypeInput` via:

SelfSubjectRulesReviewTypeArgs{...}

type SelfSubjectRulesReviewTypeOutput

type SelfSubjectRulesReviewTypeOutput struct{ *pulumi.OutputState }

SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.

func (SelfSubjectRulesReviewTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (SelfSubjectRulesReviewTypeOutput) ElementType

func (SelfSubjectRulesReviewTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (SelfSubjectRulesReviewTypeOutput) Metadata

func (SelfSubjectRulesReviewTypeOutput) Spec

Spec holds information about the request being evaluated.

func (SelfSubjectRulesReviewTypeOutput) Status

Status is filled in by the server and indicates the set of actions a user can perform.

func (SelfSubjectRulesReviewTypeOutput) ToSelfSubjectRulesReviewTypeOutput

func (o SelfSubjectRulesReviewTypeOutput) ToSelfSubjectRulesReviewTypeOutput() SelfSubjectRulesReviewTypeOutput

func (SelfSubjectRulesReviewTypeOutput) ToSelfSubjectRulesReviewTypeOutputWithContext

func (o SelfSubjectRulesReviewTypeOutput) ToSelfSubjectRulesReviewTypeOutputWithContext(ctx context.Context) SelfSubjectRulesReviewTypeOutput

type SubjectAccessReview

type SubjectAccessReview struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrOutput     `pulumi:"kind"`
	Metadata metav1.ObjectMetaPtrOutput `pulumi:"metadata"`
	// Spec holds information about the request being evaluated
	Spec SubjectAccessReviewSpecOutput `pulumi:"spec"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatusPtrOutput `pulumi:"status"`
}

SubjectAccessReview checks whether or not a user or group can perform an action.

func GetSubjectAccessReview

func GetSubjectAccessReview(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SubjectAccessReviewState, opts ...pulumi.ResourceOption) (*SubjectAccessReview, error)

GetSubjectAccessReview gets an existing SubjectAccessReview resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSubjectAccessReview

func NewSubjectAccessReview(ctx *pulumi.Context,
	name string, args *SubjectAccessReviewArgs, opts ...pulumi.ResourceOption) (*SubjectAccessReview, error)

NewSubjectAccessReview registers a new resource with the given unique name, arguments, and options.

func (*SubjectAccessReview) ElementType

func (*SubjectAccessReview) ElementType() reflect.Type

func (*SubjectAccessReview) ToSubjectAccessReviewOutput

func (i *SubjectAccessReview) ToSubjectAccessReviewOutput() SubjectAccessReviewOutput

func (*SubjectAccessReview) ToSubjectAccessReviewOutputWithContext

func (i *SubjectAccessReview) ToSubjectAccessReviewOutputWithContext(ctx context.Context) SubjectAccessReviewOutput

type SubjectAccessReviewArgs

type SubjectAccessReviewArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrInput
	Metadata metav1.ObjectMetaPtrInput
	// Spec holds information about the request being evaluated
	Spec SubjectAccessReviewSpecInput
}

The set of arguments for constructing a SubjectAccessReview resource.

func (SubjectAccessReviewArgs) ElementType

func (SubjectAccessReviewArgs) ElementType() reflect.Type

type SubjectAccessReviewArray

type SubjectAccessReviewArray []SubjectAccessReviewInput

func (SubjectAccessReviewArray) ElementType

func (SubjectAccessReviewArray) ElementType() reflect.Type

func (SubjectAccessReviewArray) ToSubjectAccessReviewArrayOutput

func (i SubjectAccessReviewArray) ToSubjectAccessReviewArrayOutput() SubjectAccessReviewArrayOutput

func (SubjectAccessReviewArray) ToSubjectAccessReviewArrayOutputWithContext

func (i SubjectAccessReviewArray) ToSubjectAccessReviewArrayOutputWithContext(ctx context.Context) SubjectAccessReviewArrayOutput

type SubjectAccessReviewArrayInput

type SubjectAccessReviewArrayInput interface {
	pulumi.Input

	ToSubjectAccessReviewArrayOutput() SubjectAccessReviewArrayOutput
	ToSubjectAccessReviewArrayOutputWithContext(context.Context) SubjectAccessReviewArrayOutput
}

SubjectAccessReviewArrayInput is an input type that accepts SubjectAccessReviewArray and SubjectAccessReviewArrayOutput values. You can construct a concrete instance of `SubjectAccessReviewArrayInput` via:

SubjectAccessReviewArray{ SubjectAccessReviewArgs{...} }

type SubjectAccessReviewArrayOutput

type SubjectAccessReviewArrayOutput struct{ *pulumi.OutputState }

func (SubjectAccessReviewArrayOutput) ElementType

func (SubjectAccessReviewArrayOutput) Index

func (SubjectAccessReviewArrayOutput) ToSubjectAccessReviewArrayOutput

func (o SubjectAccessReviewArrayOutput) ToSubjectAccessReviewArrayOutput() SubjectAccessReviewArrayOutput

func (SubjectAccessReviewArrayOutput) ToSubjectAccessReviewArrayOutputWithContext

func (o SubjectAccessReviewArrayOutput) ToSubjectAccessReviewArrayOutputWithContext(ctx context.Context) SubjectAccessReviewArrayOutput

type SubjectAccessReviewInput

type SubjectAccessReviewInput interface {
	pulumi.Input

	ToSubjectAccessReviewOutput() SubjectAccessReviewOutput
	ToSubjectAccessReviewOutputWithContext(ctx context.Context) SubjectAccessReviewOutput
}

type SubjectAccessReviewMap

type SubjectAccessReviewMap map[string]SubjectAccessReviewInput

func (SubjectAccessReviewMap) ElementType

func (SubjectAccessReviewMap) ElementType() reflect.Type

func (SubjectAccessReviewMap) ToSubjectAccessReviewMapOutput

func (i SubjectAccessReviewMap) ToSubjectAccessReviewMapOutput() SubjectAccessReviewMapOutput

func (SubjectAccessReviewMap) ToSubjectAccessReviewMapOutputWithContext

func (i SubjectAccessReviewMap) ToSubjectAccessReviewMapOutputWithContext(ctx context.Context) SubjectAccessReviewMapOutput

type SubjectAccessReviewMapInput

type SubjectAccessReviewMapInput interface {
	pulumi.Input

	ToSubjectAccessReviewMapOutput() SubjectAccessReviewMapOutput
	ToSubjectAccessReviewMapOutputWithContext(context.Context) SubjectAccessReviewMapOutput
}

SubjectAccessReviewMapInput is an input type that accepts SubjectAccessReviewMap and SubjectAccessReviewMapOutput values. You can construct a concrete instance of `SubjectAccessReviewMapInput` via:

SubjectAccessReviewMap{ "key": SubjectAccessReviewArgs{...} }

type SubjectAccessReviewMapOutput

type SubjectAccessReviewMapOutput struct{ *pulumi.OutputState }

func (SubjectAccessReviewMapOutput) ElementType

func (SubjectAccessReviewMapOutput) MapIndex

func (SubjectAccessReviewMapOutput) ToSubjectAccessReviewMapOutput

func (o SubjectAccessReviewMapOutput) ToSubjectAccessReviewMapOutput() SubjectAccessReviewMapOutput

func (SubjectAccessReviewMapOutput) ToSubjectAccessReviewMapOutputWithContext

func (o SubjectAccessReviewMapOutput) ToSubjectAccessReviewMapOutputWithContext(ctx context.Context) SubjectAccessReviewMapOutput

type SubjectAccessReviewOutput

type SubjectAccessReviewOutput struct{ *pulumi.OutputState }

func (SubjectAccessReviewOutput) ElementType

func (SubjectAccessReviewOutput) ElementType() reflect.Type

func (SubjectAccessReviewOutput) ToSubjectAccessReviewOutput

func (o SubjectAccessReviewOutput) ToSubjectAccessReviewOutput() SubjectAccessReviewOutput

func (SubjectAccessReviewOutput) ToSubjectAccessReviewOutputWithContext

func (o SubjectAccessReviewOutput) ToSubjectAccessReviewOutputWithContext(ctx context.Context) SubjectAccessReviewOutput

type SubjectAccessReviewSpec

type SubjectAccessReviewSpec struct {
	// Extra corresponds to the user.Info.GetExtra() method from the authenticator.  Since that is input to the authorizer it needs a reflection here.
	Extra map[string][]string `pulumi:"extra"`
	// Groups is the groups you're testing for.
	Group []string `pulumi:"group"`
	// NonResourceAttributes describes information for a non-resource access request
	NonResourceAttributes *NonResourceAttributes `pulumi:"nonResourceAttributes"`
	// ResourceAuthorizationAttributes describes information for a resource access request
	ResourceAttributes *ResourceAttributes `pulumi:"resourceAttributes"`
	// UID information about the requesting user.
	Uid *string `pulumi:"uid"`
	// User is the user you're testing for. If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups
	User *string `pulumi:"user"`
}

SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set

type SubjectAccessReviewSpecArgs

type SubjectAccessReviewSpecArgs struct {
	// Extra corresponds to the user.Info.GetExtra() method from the authenticator.  Since that is input to the authorizer it needs a reflection here.
	Extra pulumi.StringArrayMapInput `pulumi:"extra"`
	// Groups is the groups you're testing for.
	Group pulumi.StringArrayInput `pulumi:"group"`
	// NonResourceAttributes describes information for a non-resource access request
	NonResourceAttributes NonResourceAttributesPtrInput `pulumi:"nonResourceAttributes"`
	// ResourceAuthorizationAttributes describes information for a resource access request
	ResourceAttributes ResourceAttributesPtrInput `pulumi:"resourceAttributes"`
	// UID information about the requesting user.
	Uid pulumi.StringPtrInput `pulumi:"uid"`
	// User is the user you're testing for. If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups
	User pulumi.StringPtrInput `pulumi:"user"`
}

SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set

func (SubjectAccessReviewSpecArgs) ElementType

func (SubjectAccessReviewSpecArgs) ToSubjectAccessReviewSpecOutput

func (i SubjectAccessReviewSpecArgs) ToSubjectAccessReviewSpecOutput() SubjectAccessReviewSpecOutput

func (SubjectAccessReviewSpecArgs) ToSubjectAccessReviewSpecOutputWithContext

func (i SubjectAccessReviewSpecArgs) ToSubjectAccessReviewSpecOutputWithContext(ctx context.Context) SubjectAccessReviewSpecOutput

type SubjectAccessReviewSpecInput

type SubjectAccessReviewSpecInput interface {
	pulumi.Input

	ToSubjectAccessReviewSpecOutput() SubjectAccessReviewSpecOutput
	ToSubjectAccessReviewSpecOutputWithContext(context.Context) SubjectAccessReviewSpecOutput
}

SubjectAccessReviewSpecInput is an input type that accepts SubjectAccessReviewSpecArgs and SubjectAccessReviewSpecOutput values. You can construct a concrete instance of `SubjectAccessReviewSpecInput` via:

SubjectAccessReviewSpecArgs{...}

type SubjectAccessReviewSpecOutput

type SubjectAccessReviewSpecOutput struct{ *pulumi.OutputState }

SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set

func (SubjectAccessReviewSpecOutput) ElementType

func (SubjectAccessReviewSpecOutput) Extra

Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.

func (SubjectAccessReviewSpecOutput) Group

Groups is the groups you're testing for.

func (SubjectAccessReviewSpecOutput) NonResourceAttributes

NonResourceAttributes describes information for a non-resource access request

func (SubjectAccessReviewSpecOutput) ResourceAttributes

ResourceAuthorizationAttributes describes information for a resource access request

func (SubjectAccessReviewSpecOutput) ToSubjectAccessReviewSpecOutput

func (o SubjectAccessReviewSpecOutput) ToSubjectAccessReviewSpecOutput() SubjectAccessReviewSpecOutput

func (SubjectAccessReviewSpecOutput) ToSubjectAccessReviewSpecOutputWithContext

func (o SubjectAccessReviewSpecOutput) ToSubjectAccessReviewSpecOutputWithContext(ctx context.Context) SubjectAccessReviewSpecOutput

func (SubjectAccessReviewSpecOutput) Uid

UID information about the requesting user.

func (SubjectAccessReviewSpecOutput) User

User is the user you're testing for. If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups

type SubjectAccessReviewState

type SubjectAccessReviewState struct {
}

func (SubjectAccessReviewState) ElementType

func (SubjectAccessReviewState) ElementType() reflect.Type

type SubjectAccessReviewStatus

type SubjectAccessReviewStatus struct {
	// Allowed is required. True if the action would be allowed, false otherwise.
	Allowed bool `pulumi:"allowed"`
	// Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.
	Denied *bool `pulumi:"denied"`
	// EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
	EvaluationError *string `pulumi:"evaluationError"`
	// Reason is optional.  It indicates why a request was allowed or denied.
	Reason *string `pulumi:"reason"`
}

SubjectAccessReviewStatus

type SubjectAccessReviewStatusArgs

type SubjectAccessReviewStatusArgs struct {
	// Allowed is required. True if the action would be allowed, false otherwise.
	Allowed pulumi.BoolInput `pulumi:"allowed"`
	// Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.
	Denied pulumi.BoolPtrInput `pulumi:"denied"`
	// EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
	EvaluationError pulumi.StringPtrInput `pulumi:"evaluationError"`
	// Reason is optional.  It indicates why a request was allowed or denied.
	Reason pulumi.StringPtrInput `pulumi:"reason"`
}

SubjectAccessReviewStatus

func (SubjectAccessReviewStatusArgs) ElementType

func (SubjectAccessReviewStatusArgs) ToSubjectAccessReviewStatusOutput

func (i SubjectAccessReviewStatusArgs) ToSubjectAccessReviewStatusOutput() SubjectAccessReviewStatusOutput

func (SubjectAccessReviewStatusArgs) ToSubjectAccessReviewStatusOutputWithContext

func (i SubjectAccessReviewStatusArgs) ToSubjectAccessReviewStatusOutputWithContext(ctx context.Context) SubjectAccessReviewStatusOutput

func (SubjectAccessReviewStatusArgs) ToSubjectAccessReviewStatusPtrOutput

func (i SubjectAccessReviewStatusArgs) ToSubjectAccessReviewStatusPtrOutput() SubjectAccessReviewStatusPtrOutput

func (SubjectAccessReviewStatusArgs) ToSubjectAccessReviewStatusPtrOutputWithContext

func (i SubjectAccessReviewStatusArgs) ToSubjectAccessReviewStatusPtrOutputWithContext(ctx context.Context) SubjectAccessReviewStatusPtrOutput

type SubjectAccessReviewStatusInput

type SubjectAccessReviewStatusInput interface {
	pulumi.Input

	ToSubjectAccessReviewStatusOutput() SubjectAccessReviewStatusOutput
	ToSubjectAccessReviewStatusOutputWithContext(context.Context) SubjectAccessReviewStatusOutput
}

SubjectAccessReviewStatusInput is an input type that accepts SubjectAccessReviewStatusArgs and SubjectAccessReviewStatusOutput values. You can construct a concrete instance of `SubjectAccessReviewStatusInput` via:

SubjectAccessReviewStatusArgs{...}

type SubjectAccessReviewStatusOutput

type SubjectAccessReviewStatusOutput struct{ *pulumi.OutputState }

SubjectAccessReviewStatus

func (SubjectAccessReviewStatusOutput) Allowed

Allowed is required. True if the action would be allowed, false otherwise.

func (SubjectAccessReviewStatusOutput) Denied

Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.

func (SubjectAccessReviewStatusOutput) ElementType

func (SubjectAccessReviewStatusOutput) EvaluationError

EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.

func (SubjectAccessReviewStatusOutput) Reason

Reason is optional. It indicates why a request was allowed or denied.

func (SubjectAccessReviewStatusOutput) ToSubjectAccessReviewStatusOutput

func (o SubjectAccessReviewStatusOutput) ToSubjectAccessReviewStatusOutput() SubjectAccessReviewStatusOutput

func (SubjectAccessReviewStatusOutput) ToSubjectAccessReviewStatusOutputWithContext

func (o SubjectAccessReviewStatusOutput) ToSubjectAccessReviewStatusOutputWithContext(ctx context.Context) SubjectAccessReviewStatusOutput

func (SubjectAccessReviewStatusOutput) ToSubjectAccessReviewStatusPtrOutput

func (o SubjectAccessReviewStatusOutput) ToSubjectAccessReviewStatusPtrOutput() SubjectAccessReviewStatusPtrOutput

func (SubjectAccessReviewStatusOutput) ToSubjectAccessReviewStatusPtrOutputWithContext

func (o SubjectAccessReviewStatusOutput) ToSubjectAccessReviewStatusPtrOutputWithContext(ctx context.Context) SubjectAccessReviewStatusPtrOutput

type SubjectAccessReviewStatusPtrInput

type SubjectAccessReviewStatusPtrInput interface {
	pulumi.Input

	ToSubjectAccessReviewStatusPtrOutput() SubjectAccessReviewStatusPtrOutput
	ToSubjectAccessReviewStatusPtrOutputWithContext(context.Context) SubjectAccessReviewStatusPtrOutput
}

SubjectAccessReviewStatusPtrInput is an input type that accepts SubjectAccessReviewStatusArgs, SubjectAccessReviewStatusPtr and SubjectAccessReviewStatusPtrOutput values. You can construct a concrete instance of `SubjectAccessReviewStatusPtrInput` via:

        SubjectAccessReviewStatusArgs{...}

or:

        nil

type SubjectAccessReviewStatusPtrOutput

type SubjectAccessReviewStatusPtrOutput struct{ *pulumi.OutputState }

func (SubjectAccessReviewStatusPtrOutput) Allowed

Allowed is required. True if the action would be allowed, false otherwise.

func (SubjectAccessReviewStatusPtrOutput) Denied

Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.

func (SubjectAccessReviewStatusPtrOutput) Elem

func (SubjectAccessReviewStatusPtrOutput) ElementType

func (SubjectAccessReviewStatusPtrOutput) EvaluationError

EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.

func (SubjectAccessReviewStatusPtrOutput) Reason

Reason is optional. It indicates why a request was allowed or denied.

func (SubjectAccessReviewStatusPtrOutput) ToSubjectAccessReviewStatusPtrOutput

func (o SubjectAccessReviewStatusPtrOutput) ToSubjectAccessReviewStatusPtrOutput() SubjectAccessReviewStatusPtrOutput

func (SubjectAccessReviewStatusPtrOutput) ToSubjectAccessReviewStatusPtrOutputWithContext

func (o SubjectAccessReviewStatusPtrOutput) ToSubjectAccessReviewStatusPtrOutputWithContext(ctx context.Context) SubjectAccessReviewStatusPtrOutput

type SubjectAccessReviewType

type SubjectAccessReviewType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     *string            `pulumi:"kind"`
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Spec holds information about the request being evaluated
	Spec SubjectAccessReviewSpec `pulumi:"spec"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	Status *SubjectAccessReviewStatus `pulumi:"status"`
}

SubjectAccessReview checks whether or not a user or group can perform an action.

type SubjectAccessReviewTypeArgs

type SubjectAccessReviewTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind     pulumi.StringPtrInput     `pulumi:"kind"`
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Spec holds information about the request being evaluated
	Spec SubjectAccessReviewSpecInput `pulumi:"spec"`
	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatusPtrInput `pulumi:"status"`
}

SubjectAccessReview checks whether or not a user or group can perform an action.

func (SubjectAccessReviewTypeArgs) ElementType

func (SubjectAccessReviewTypeArgs) ToSubjectAccessReviewTypeOutput

func (i SubjectAccessReviewTypeArgs) ToSubjectAccessReviewTypeOutput() SubjectAccessReviewTypeOutput

func (SubjectAccessReviewTypeArgs) ToSubjectAccessReviewTypeOutputWithContext

func (i SubjectAccessReviewTypeArgs) ToSubjectAccessReviewTypeOutputWithContext(ctx context.Context) SubjectAccessReviewTypeOutput

type SubjectAccessReviewTypeInput

type SubjectAccessReviewTypeInput interface {
	pulumi.Input

	ToSubjectAccessReviewTypeOutput() SubjectAccessReviewTypeOutput
	ToSubjectAccessReviewTypeOutputWithContext(context.Context) SubjectAccessReviewTypeOutput
}

SubjectAccessReviewTypeInput is an input type that accepts SubjectAccessReviewTypeArgs and SubjectAccessReviewTypeOutput values. You can construct a concrete instance of `SubjectAccessReviewTypeInput` via:

SubjectAccessReviewTypeArgs{...}

type SubjectAccessReviewTypeOutput

type SubjectAccessReviewTypeOutput struct{ *pulumi.OutputState }

SubjectAccessReview checks whether or not a user or group can perform an action.

func (SubjectAccessReviewTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (SubjectAccessReviewTypeOutput) ElementType

func (SubjectAccessReviewTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (SubjectAccessReviewTypeOutput) Metadata

func (SubjectAccessReviewTypeOutput) Spec

Spec holds information about the request being evaluated

func (SubjectAccessReviewTypeOutput) Status

Status is filled in by the server and indicates whether the request is allowed or not

func (SubjectAccessReviewTypeOutput) ToSubjectAccessReviewTypeOutput

func (o SubjectAccessReviewTypeOutput) ToSubjectAccessReviewTypeOutput() SubjectAccessReviewTypeOutput

func (SubjectAccessReviewTypeOutput) ToSubjectAccessReviewTypeOutputWithContext

func (o SubjectAccessReviewTypeOutput) ToSubjectAccessReviewTypeOutputWithContext(ctx context.Context) SubjectAccessReviewTypeOutput

type SubjectRulesReviewStatus

type SubjectRulesReviewStatus struct {
	// EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.
	EvaluationError *string `pulumi:"evaluationError"`
	// Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
	Incomplete bool `pulumi:"incomplete"`
	// NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
	NonResourceRules []NonResourceRule `pulumi:"nonResourceRules"`
	// ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
	ResourceRules []ResourceRule `pulumi:"resourceRules"`
}

SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.

type SubjectRulesReviewStatusArgs

type SubjectRulesReviewStatusArgs struct {
	// EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.
	EvaluationError pulumi.StringPtrInput `pulumi:"evaluationError"`
	// Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
	Incomplete pulumi.BoolInput `pulumi:"incomplete"`
	// NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
	NonResourceRules NonResourceRuleArrayInput `pulumi:"nonResourceRules"`
	// ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
	ResourceRules ResourceRuleArrayInput `pulumi:"resourceRules"`
}

SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.

func (SubjectRulesReviewStatusArgs) ElementType

func (SubjectRulesReviewStatusArgs) ToSubjectRulesReviewStatusOutput

func (i SubjectRulesReviewStatusArgs) ToSubjectRulesReviewStatusOutput() SubjectRulesReviewStatusOutput

func (SubjectRulesReviewStatusArgs) ToSubjectRulesReviewStatusOutputWithContext

func (i SubjectRulesReviewStatusArgs) ToSubjectRulesReviewStatusOutputWithContext(ctx context.Context) SubjectRulesReviewStatusOutput

func (SubjectRulesReviewStatusArgs) ToSubjectRulesReviewStatusPtrOutput

func (i SubjectRulesReviewStatusArgs) ToSubjectRulesReviewStatusPtrOutput() SubjectRulesReviewStatusPtrOutput

func (SubjectRulesReviewStatusArgs) ToSubjectRulesReviewStatusPtrOutputWithContext

func (i SubjectRulesReviewStatusArgs) ToSubjectRulesReviewStatusPtrOutputWithContext(ctx context.Context) SubjectRulesReviewStatusPtrOutput

type SubjectRulesReviewStatusInput

type SubjectRulesReviewStatusInput interface {
	pulumi.Input

	ToSubjectRulesReviewStatusOutput() SubjectRulesReviewStatusOutput
	ToSubjectRulesReviewStatusOutputWithContext(context.Context) SubjectRulesReviewStatusOutput
}

SubjectRulesReviewStatusInput is an input type that accepts SubjectRulesReviewStatusArgs and SubjectRulesReviewStatusOutput values. You can construct a concrete instance of `SubjectRulesReviewStatusInput` via:

SubjectRulesReviewStatusArgs{...}

type SubjectRulesReviewStatusOutput

type SubjectRulesReviewStatusOutput struct{ *pulumi.OutputState }

SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.

func (SubjectRulesReviewStatusOutput) ElementType

func (SubjectRulesReviewStatusOutput) EvaluationError

EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.

func (SubjectRulesReviewStatusOutput) Incomplete

Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.

func (SubjectRulesReviewStatusOutput) NonResourceRules

NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.

func (SubjectRulesReviewStatusOutput) ResourceRules

ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.

func (SubjectRulesReviewStatusOutput) ToSubjectRulesReviewStatusOutput

func (o SubjectRulesReviewStatusOutput) ToSubjectRulesReviewStatusOutput() SubjectRulesReviewStatusOutput

func (SubjectRulesReviewStatusOutput) ToSubjectRulesReviewStatusOutputWithContext

func (o SubjectRulesReviewStatusOutput) ToSubjectRulesReviewStatusOutputWithContext(ctx context.Context) SubjectRulesReviewStatusOutput

func (SubjectRulesReviewStatusOutput) ToSubjectRulesReviewStatusPtrOutput

func (o SubjectRulesReviewStatusOutput) ToSubjectRulesReviewStatusPtrOutput() SubjectRulesReviewStatusPtrOutput

func (SubjectRulesReviewStatusOutput) ToSubjectRulesReviewStatusPtrOutputWithContext

func (o SubjectRulesReviewStatusOutput) ToSubjectRulesReviewStatusPtrOutputWithContext(ctx context.Context) SubjectRulesReviewStatusPtrOutput

type SubjectRulesReviewStatusPtrInput

type SubjectRulesReviewStatusPtrInput interface {
	pulumi.Input

	ToSubjectRulesReviewStatusPtrOutput() SubjectRulesReviewStatusPtrOutput
	ToSubjectRulesReviewStatusPtrOutputWithContext(context.Context) SubjectRulesReviewStatusPtrOutput
}

SubjectRulesReviewStatusPtrInput is an input type that accepts SubjectRulesReviewStatusArgs, SubjectRulesReviewStatusPtr and SubjectRulesReviewStatusPtrOutput values. You can construct a concrete instance of `SubjectRulesReviewStatusPtrInput` via:

        SubjectRulesReviewStatusArgs{...}

or:

        nil

type SubjectRulesReviewStatusPtrOutput

type SubjectRulesReviewStatusPtrOutput struct{ *pulumi.OutputState }

func (SubjectRulesReviewStatusPtrOutput) Elem

func (SubjectRulesReviewStatusPtrOutput) ElementType

func (SubjectRulesReviewStatusPtrOutput) EvaluationError

EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.

func (SubjectRulesReviewStatusPtrOutput) Incomplete

Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.

func (SubjectRulesReviewStatusPtrOutput) NonResourceRules

NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.

func (SubjectRulesReviewStatusPtrOutput) ResourceRules

ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.

func (SubjectRulesReviewStatusPtrOutput) ToSubjectRulesReviewStatusPtrOutput

func (o SubjectRulesReviewStatusPtrOutput) ToSubjectRulesReviewStatusPtrOutput() SubjectRulesReviewStatusPtrOutput

func (SubjectRulesReviewStatusPtrOutput) ToSubjectRulesReviewStatusPtrOutputWithContext

func (o SubjectRulesReviewStatusPtrOutput) ToSubjectRulesReviewStatusPtrOutputWithContext(ctx context.Context) SubjectRulesReviewStatusPtrOutput

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL