v1alpha1

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 14, 2019 License: MIT Imports: 4 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the rbac v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=rbac.istio.io

Package v1alpha1 contains API Schema definitions for the rbac v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=rbac.istio.io

Index

Constants

This section is empty.

Variables

View Source 
var (
	// SchemeGroupVersion is group version used to register these objects
	SchemeGroupVersion = schema.GroupVersion{Group: "rbac.istio.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
)

Functions

func RegisterDefaults 

func RegisterDefaults(scheme *runtime.Scheme) error

RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.

Types

type AccessRule 

type AccessRule struct {
	// Required. A list of service names.
	// Exact match, prefix match, and suffix match are supported for service names.
	// For example, the service name "bookstore.mtv.cluster.local" matches
	// "bookstore.mtv.cluster.local" (exact match), or "bookstore*" (prefix match),
	// or "*.mtv.cluster.local" (suffix match).
	// If set to ["*"], it refers to all services in the namespace.
	Services []string `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
	// Optional. A list of HTTP hosts. This is matched against the HOST header in
	// a HTTP request. Exact match, prefix match and suffix match are supported.
	// For example, the host "test.abc.com" matches "test.abc.com" (exact match),
	// or "*.abc.com" (prefix match), or "test.abc.*" (suffix match).
	// If not specified, it matches to any host.
	// This field should not be set for TCP services. The policy will be ignored.
	Hosts []string `protobuf:"bytes,5,rep,name=hosts,proto3" json:"hosts,omitempty"`
	// Optional. A list of HTTP hosts that must not be matched.
	NotHosts []string `protobuf:"bytes,6,rep,name=not_hosts,json=notHosts,proto3" json:"not_hosts,omitempty"`
	// Optional. A list of HTTP paths or gRPC methods.
	// gRPC methods must be presented as fully-qualified name in the form of
	// "/packageName.serviceName/methodName" and are case sensitive.
	// Exact match, prefix match, and suffix match are supported. For example,
	// the path "/books/review" matches "/books/review" (exact match),
	// or "/books/*" (prefix match), or "*/review" (suffix match).
	// If not specified, it matches to any path.
	// This field should not be set for TCP services. The policy will be ignored.
	Paths []string `protobuf:"bytes,2,rep,name=paths,proto3" json:"paths,omitempty"`
	// Optional. A list of HTTP paths or gRPC methods that must not be matched.
	NotPaths []string `protobuf:"bytes,7,rep,name=not_paths,json=notPaths,proto3" json:"not_paths,omitempty"`
	// Optional. A list of HTTP methods (e.g., "GET", "POST").
	// If not specified or specified as "*", it matches to any methods.
	// This field should not be set for TCP services. The policy will be ignored.
	// For gRPC services, only `POST` is allowed; other methods will result in denying services.
	Methods []string `protobuf:"bytes,3,rep,name=methods,proto3" json:"methods,omitempty"`
	// Optional. A list of HTTP methods that must not be matched.
	// Note: It's an error to set methods and not_methods at the same time.
	NotMethods []string `protobuf:"bytes,8,rep,name=not_methods,json=notMethods,proto3" json:"not_methods,omitempty"`
	// Optional. A list of port numbers of the request. If not specified, it matches
	// to any port number.
	// Note: It's an error to set ports and not_ports at the same time.
	Ports []int32 `protobuf:"varint,9,rep,packed,name=ports,proto3" json:"ports,omitempty"`
	// Optional.  A list of port numbers that must not be matched.
	// Note: It's an error to set ports and not_ports at the same time.
	NotPorts []int32 `protobuf:"varint,10,rep,packed,name=not_ports,json=notPorts,proto3" json:"not_ports,omitempty"`
	// Optional. Extra constraints in the ServiceRole specification.
	Constraints []*AccessRule_Constraint `protobuf:"bytes,4,rep,name=constraints,proto3" json:"constraints,omitempty"`
}

AccessRule defines a permission to access a list of services.

func (*AccessRule) DeepCopy 

func (in *AccessRule) DeepCopy() *AccessRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessRule.

func (*AccessRule) DeepCopyInto 

func (in *AccessRule) DeepCopyInto(out *AccessRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AccessRule_Constraint 

type AccessRule_Constraint struct {
	// Key of the constraint.
	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	// List of valid values for the constraint.
	// Exact match, prefix match, and suffix match are supported.
	// For example, the value "v1alpha2" matches "v1alpha2" (exact match),
	// or "v1*" (prefix match), or "*alpha2" (suffix match).
	Values []string `protobuf:"bytes,2,rep,name=values,proto3" json:"values,omitempty"`
}

Definition of a custom constraint. The supported keys are listed in the "constraint and properties" page.

func (*AccessRule_Constraint) DeepCopy 

func (in *AccessRule_Constraint) DeepCopy() *AccessRule_Constraint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessRule_Constraint.

func (*AccessRule_Constraint) DeepCopyInto 

func (in *AccessRule_Constraint) DeepCopyInto(out *AccessRule_Constraint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RoleRef 

type RoleRef struct {
	// Required. The type of the role being referenced.
	// Currently, "ServiceRole" is the only supported value for "kind".
	Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
	// Required. The name of the ServiceRole object being referenced.
	// The ServiceRole object must be in the same namespace as the ServiceRoleBinding object.
	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
}

RoleRef refers to a role object.

func (*RoleRef) DeepCopy 

func (in *RoleRef) DeepCopy() *RoleRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleRef.

func (*RoleRef) DeepCopyInto 

func (in *RoleRef) DeepCopyInto(out *RoleRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceRole 

type ServiceRole struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ServiceRoleSpec   `json:"spec,omitempty"`
	Status ServiceRoleStatus `json:"status,omitempty"`
}

ServiceRole is the Schema for the serviceroles API +k8s:openapi-gen=true

func (*ServiceRole) DeepCopy 

func (in *ServiceRole) DeepCopy() *ServiceRole

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRole.

func (*ServiceRole) DeepCopyInto 

func (in *ServiceRole) DeepCopyInto(out *ServiceRole)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceRole) DeepCopyObject 

func (in *ServiceRole) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ServiceRoleBinding 

type ServiceRoleBinding struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ServiceRoleBindingSpec   `json:"spec,omitempty"`
	Status ServiceRoleBindingStatus `json:"status,omitempty"`
}

ServiceRoleBinding is the Schema for the servicerolebindings API +k8s:openapi-gen=true

func (*ServiceRoleBinding) DeepCopy 

func (in *ServiceRoleBinding) DeepCopy() *ServiceRoleBinding

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleBinding.

func (*ServiceRoleBinding) DeepCopyInto 

func (in *ServiceRoleBinding) DeepCopyInto(out *ServiceRoleBinding)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceRoleBinding) DeepCopyObject 

func (in *ServiceRoleBinding) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ServiceRoleBindingList 

type ServiceRoleBindingList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ServiceRoleBinding `json:"items"`
}

ServiceRoleBindingList contains a list of ServiceRoleBinding

func (*ServiceRoleBindingList) DeepCopy 

func (in *ServiceRoleBindingList) DeepCopy() *ServiceRoleBindingList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleBindingList.

func (*ServiceRoleBindingList) DeepCopyInto 

func (in *ServiceRoleBindingList) DeepCopyInto(out *ServiceRoleBindingList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceRoleBindingList) DeepCopyObject 

func (in *ServiceRoleBindingList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ServiceRoleBindingSpec 

type ServiceRoleBindingSpec struct {

	// Required. List of subjects that are assigned the ServiceRole object.
	Subjects []*Subject `json:"subjects,omitempty"`
	// Required. Reference to the ServiceRole object.
	RoleRef *RoleRef `json:"roleRef,omitempty"`
}

ServiceRoleBindingSpec defines the desired state of ServiceRoleBinding +k8s:openapi-gen=true

func (*ServiceRoleBindingSpec) DeepCopy 

func (in *ServiceRoleBindingSpec) DeepCopy() *ServiceRoleBindingSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleBindingSpec.

func (*ServiceRoleBindingSpec) DeepCopyInto 

func (in *ServiceRoleBindingSpec) DeepCopyInto(out *ServiceRoleBindingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceRoleBindingStatus 

type ServiceRoleBindingStatus struct {
}

ServiceRoleBindingStatus defines the observed state of ServiceRoleBinding +k8s:openapi-gen=true

func (*ServiceRoleBindingStatus) DeepCopy 

func (in *ServiceRoleBindingStatus) DeepCopy() *ServiceRoleBindingStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleBindingStatus.

func (*ServiceRoleBindingStatus) DeepCopyInto 

func (in *ServiceRoleBindingStatus) DeepCopyInto(out *ServiceRoleBindingStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceRoleList 

type ServiceRoleList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ServiceRole `json:"items"`
}

ServiceRoleList contains a list of ServiceRole

func (*ServiceRoleList) DeepCopy 

func (in *ServiceRoleList) DeepCopy() *ServiceRoleList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleList.

func (*ServiceRoleList) DeepCopyInto 

func (in *ServiceRoleList) DeepCopyInto(out *ServiceRoleList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceRoleList) DeepCopyObject 

func (in *ServiceRoleList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ServiceRoleSpec 

type ServiceRoleSpec struct {

	// Required. The set of access rules (permissions) that the role has.
	Rules []*AccessRule `json:"rules,omitempty"`
}

ServiceRoleSpec defines the desired state of ServiceRole +k8s:openapi-gen=true

func (*ServiceRoleSpec) DeepCopy 

func (in *ServiceRoleSpec) DeepCopy() *ServiceRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleSpec.

func (*ServiceRoleSpec) DeepCopyInto 

func (in *ServiceRoleSpec) DeepCopyInto(out *ServiceRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceRoleStatus 

type ServiceRoleStatus struct {
}

ServiceRoleStatus defines the observed state of ServiceRole +k8s:openapi-gen=true

func (*ServiceRoleStatus) DeepCopy 

func (in *ServiceRoleStatus) DeepCopy() *ServiceRoleStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleStatus.

func (*ServiceRoleStatus) DeepCopyInto 

func (in *ServiceRoleStatus) DeepCopyInto(out *ServiceRoleStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Subject 

type Subject struct {
	// Optional. The user name/ID that the subject represents.
	User string `protobuf:"bytes,1,opt,name=user,proto3" json:"user,omitempty"`
	// Optional. A list of subject names. This is matched to the
	// `source.principal` attribute. If one of subject names is "*", it matches to a subject with any name.
	// Prefix and suffix matches are supported.
	Names []string `protobuf:"bytes,4,rep,name=names,proto3" json:"names,omitempty"`
	// Optional. A list of subject names that must not be matched.
	NotNames []string `protobuf:"bytes,5,rep,name=not_names,json=notNames,proto3" json:"not_names,omitempty"`
	// Optional. The group that the subject belongs to.
	// Deprecated. Use groups and not_groups instead.
	Group string `protobuf:"bytes,2,opt,name=group,proto3" json:"group,omitempty"` // Deprecated: Do not use.
	// Optional. A list of groups that the subject represents. This is matched to the
	// `request.auth.claims[groups]` attribute. If not specified, it applies to any groups.
	Groups []string `protobuf:"bytes,6,rep,name=groups,proto3" json:"groups,omitempty"`
	// Optional. A list of groups that must not be matched.
	NotGroups []string `protobuf:"bytes,7,rep,name=not_groups,json=notGroups,proto3" json:"not_groups,omitempty"`
	// Optional. A list of namespaces that the subject represents. This is matched to
	// the `source.namespace` attribute. If not specified, it applies to any namespaces.
	Namespaces []string `protobuf:"bytes,8,rep,name=namespaces,proto3" json:"namespaces,omitempty"`
	// Optional. A list of namespaces that must not be matched.
	NotNamespaces []string `protobuf:"bytes,9,rep,name=not_namespaces,json=notNamespaces,proto3" json:"not_namespaces,omitempty"`
	// Optional. A list of IP address or CIDR ranges that the subject represents.
	// E.g. 192.168.100.2 or 10.1.0.0/16. If not specified, it applies to any IP addresses.
	Ips []string `protobuf:"bytes,10,rep,name=ips,proto3" json:"ips,omitempty"`
	// Optional. A list of IP addresses or CIDR ranges that must not be matched.
	NotIps []string `protobuf:"bytes,11,rep,name=not_ips,json=notIps,proto3" json:"not_ips,omitempty"`
	// Optional. The set of properties that identify the subject.
	Properties map[string]string `` /* 161-byte string literal not displayed */
}

Subject defines an identity. The identity is either a user or identified by a set of `properties`. The supported keys in `properties` are listed in "constraint and properties" page.

func (*Subject) DeepCopy 

func (in *Subject) DeepCopy() *Subject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subject.

func (*Subject) DeepCopyInto 

func (in *Subject) DeepCopyInto(out *Subject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.