Documentation
¶
Index ¶
Constants ¶
View Source
const Group = "abac.authorization.kubernetes.io"
Group is the API group for abac
Variables ¶
View Source
var Codecs = serializer.NewCodecFactory(Scheme)
Codecs provides access to encoding and decoding for the scheme
View Source
var Scheme = runtime.NewScheme()
Scheme is the default instance of runtime.Scheme to which types in the abac API group are registered.
Functions ¶
This section is empty.
Types ¶
type Policy ¶
type Policy struct {
unversioned.TypeMeta
// Spec describes the policy rule
Spec PolicySpec
}
Policy contains a single ABAC policy rule
func (*Policy) GetObjectKind ¶
func (obj *Policy) GetObjectKind() unversioned.ObjectKind
type PolicySpec ¶
type PolicySpec struct {
// User is the username this rule applies to.
// Either user or group is required to match the request.
// "*" matches all users.
User string
// Group is the group this rule applies to.
// Either user or group is required to match the request.
// "*" matches all groups.
Group string
// Readonly matches readonly requests when true, and all requests when false
Readonly bool
// APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests.
// "*" matches all API groups
APIGroup string
// Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests.
// "*" matches all resources
Resource string
// Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests.
// "*" matches all namespaces (including unnamespaced requests)
Namespace string
// NonResourcePath matches non-resource request paths.
// "*" matches all paths
// "/foo/*" matches all subpaths of foo
NonResourcePath string
}
PolicySpec contains the attributes for a policy rule
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.