Documentation
¶
Index ¶
- Constants
- Variables
- type ExtraValue
- type LocalSubjectAccessReview
- type LocalSubjectAccessReviewList
- type NonResourceAttributes
- type NonResourceRule
- type ResourceAttributes
- type ResourceRule
- type SelfSubjectAccessReview
- type SelfSubjectAccessReviewList
- type SelfSubjectAccessReviewSpec
- type SelfSubjectRulesReview
- type SelfSubjectRulesReviewList
- type SelfSubjectRulesReviewSpec
- type SubjectAccessReview
- type SubjectAccessReviewList
- type SubjectAccessReviewSpec
- type SubjectAccessReviewStatus
- type SubjectRulesReviewStatus
Constants ¶
View Source
const GroupName = "authorization.k8s.io"
Variables ¶
View Source
var ( GroupVersion = metav1.GroupVersion{Group: GroupName, Version: "v1"} SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme SchemaGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} )
Functions ¶
This section is empty.
Types ¶
type ExtraValue ¶
type ExtraValue []string
type LocalSubjectAccessReview ¶
type LocalSubjectAccessReview struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
// Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace
// you made the request against. If empty, it is defaulted.
Spec SubjectAccessReviewSpec `json:"spec"`
// Status is filled in by the server and indicates whether the request is allowed or not
Status *SubjectAccessReviewStatus `json:"status,omitempty"`
}
func (*LocalSubjectAccessReview) DeepCopy ¶
func (in *LocalSubjectAccessReview) DeepCopy() *LocalSubjectAccessReview
func (*LocalSubjectAccessReview) DeepCopyInto ¶
func (in *LocalSubjectAccessReview) DeepCopyInto(out *LocalSubjectAccessReview)
func (*LocalSubjectAccessReview) DeepCopyObject ¶
func (in *LocalSubjectAccessReview) DeepCopyObject() runtime.Object
type LocalSubjectAccessReviewList ¶
type LocalSubjectAccessReviewList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []LocalSubjectAccessReview `json:"items"`
}
func (*LocalSubjectAccessReviewList) DeepCopy ¶
func (in *LocalSubjectAccessReviewList) DeepCopy() *LocalSubjectAccessReviewList
func (*LocalSubjectAccessReviewList) DeepCopyInto ¶
func (in *LocalSubjectAccessReviewList) DeepCopyInto(out *LocalSubjectAccessReviewList)
func (*LocalSubjectAccessReviewList) DeepCopyObject ¶
func (in *LocalSubjectAccessReviewList) DeepCopyObject() runtime.Object
type NonResourceAttributes ¶
type NonResourceAttributes struct {
// Path is the URL path of the request
Path string `json:"path,omitempty"`
// Verb is the standard HTTP verb
Verb string `json:"verb,omitempty"`
}
func (*NonResourceAttributes) DeepCopy ¶
func (in *NonResourceAttributes) DeepCopy() *NonResourceAttributes
func (*NonResourceAttributes) DeepCopyInto ¶
func (in *NonResourceAttributes) DeepCopyInto(out *NonResourceAttributes)
type NonResourceRule ¶
type NonResourceRule struct {
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
Verbs []string `json:"verbs"`
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
// final step in the path. "*" means all.
NonResourceURLs []string `json:"nonResourceURLs"`
}
func (*NonResourceRule) DeepCopy ¶
func (in *NonResourceRule) DeepCopy() *NonResourceRule
func (*NonResourceRule) DeepCopyInto ¶
func (in *NonResourceRule) DeepCopyInto(out *NonResourceRule)
type ResourceAttributes ¶
type ResourceAttributes struct {
// Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces
// "" (empty) is defaulted for LocalSubjectAccessReviews
// "" (empty) is empty for cluster-scoped resources
// "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
Namespace string `json:"namespace,omitempty"`
// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.
Verb string `json:"verb,omitempty"`
// Group is the API Group of the Resource. "*" means all.
Group string `json:"group,omitempty"`
// Version is the API Version of the Resource. "*" means all.
Version string `json:"version,omitempty"`
// Resource is one of the existing resource types. "*" means all.
Resource string `json:"resource,omitempty"`
// Subresource is one of the existing resource types. "" means none.
Subresource string `json:"subresource,omitempty"`
// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
Name string `json:"name,omitempty"`
}
func (*ResourceAttributes) DeepCopy ¶
func (in *ResourceAttributes) DeepCopy() *ResourceAttributes
func (*ResourceAttributes) DeepCopyInto ¶
func (in *ResourceAttributes) DeepCopyInto(out *ResourceAttributes)
type ResourceRule ¶
type ResourceRule struct {
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
Verbs []string `json:"verbs"`
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// the enumerated resources in any API group will be allowed. "*" means all.
APIGroups []string `json:"apiGroups"`
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
Resources []string `json:"resources"`
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
ResourceNames []string `json:"resourceNames"`
}
func (*ResourceRule) DeepCopy ¶
func (in *ResourceRule) DeepCopy() *ResourceRule
func (*ResourceRule) DeepCopyInto ¶
func (in *ResourceRule) DeepCopyInto(out *ResourceRule)
type SelfSubjectAccessReview ¶
type SelfSubjectAccessReview struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
// Spec holds information about the request being evaluated. user and groups must be empty
Spec SelfSubjectAccessReviewSpec `json:"spec"`
// Status is filled in by the server and indicates whether the request is allowed or not
Status *SubjectAccessReviewStatus `json:"status,omitempty"`
}
func (*SelfSubjectAccessReview) DeepCopy ¶
func (in *SelfSubjectAccessReview) DeepCopy() *SelfSubjectAccessReview
func (*SelfSubjectAccessReview) DeepCopyInto ¶
func (in *SelfSubjectAccessReview) DeepCopyInto(out *SelfSubjectAccessReview)
func (*SelfSubjectAccessReview) DeepCopyObject ¶
func (in *SelfSubjectAccessReview) DeepCopyObject() runtime.Object
type SelfSubjectAccessReviewList ¶
type SelfSubjectAccessReviewList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []SelfSubjectAccessReview `json:"items"`
}
func (*SelfSubjectAccessReviewList) DeepCopy ¶
func (in *SelfSubjectAccessReviewList) DeepCopy() *SelfSubjectAccessReviewList
func (*SelfSubjectAccessReviewList) DeepCopyInto ¶
func (in *SelfSubjectAccessReviewList) DeepCopyInto(out *SelfSubjectAccessReviewList)
func (*SelfSubjectAccessReviewList) DeepCopyObject ¶
func (in *SelfSubjectAccessReviewList) DeepCopyObject() runtime.Object
type SelfSubjectAccessReviewSpec ¶
type SelfSubjectAccessReviewSpec struct {
// ResourceAuthorizationAttributes describes information for a resource access request
ResourceAttributes *ResourceAttributes `json:"resourceAttributes,omitempty"`
// NonResourceAttributes describes information for a non-resource access request
NonResourceAttributes *NonResourceAttributes `json:"nonResourceAttributes,omitempty"`
}
func (*SelfSubjectAccessReviewSpec) DeepCopy ¶
func (in *SelfSubjectAccessReviewSpec) DeepCopy() *SelfSubjectAccessReviewSpec
func (*SelfSubjectAccessReviewSpec) DeepCopyInto ¶
func (in *SelfSubjectAccessReviewSpec) DeepCopyInto(out *SelfSubjectAccessReviewSpec)
type SelfSubjectRulesReview ¶
type SelfSubjectRulesReview struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
// Spec holds information about the request being evaluated.
Spec SelfSubjectRulesReviewSpec `json:"spec"`
// Status is filled in by the server and indicates the set of actions a user can perform.
Status *SubjectRulesReviewStatus `json:"status,omitempty"`
}
func (*SelfSubjectRulesReview) DeepCopy ¶
func (in *SelfSubjectRulesReview) DeepCopy() *SelfSubjectRulesReview
func (*SelfSubjectRulesReview) DeepCopyInto ¶
func (in *SelfSubjectRulesReview) DeepCopyInto(out *SelfSubjectRulesReview)
func (*SelfSubjectRulesReview) DeepCopyObject ¶
func (in *SelfSubjectRulesReview) DeepCopyObject() runtime.Object
type SelfSubjectRulesReviewList ¶
type SelfSubjectRulesReviewList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []SelfSubjectRulesReview `json:"items"`
}
func (*SelfSubjectRulesReviewList) DeepCopy ¶
func (in *SelfSubjectRulesReviewList) DeepCopy() *SelfSubjectRulesReviewList
func (*SelfSubjectRulesReviewList) DeepCopyInto ¶
func (in *SelfSubjectRulesReviewList) DeepCopyInto(out *SelfSubjectRulesReviewList)
func (*SelfSubjectRulesReviewList) DeepCopyObject ¶
func (in *SelfSubjectRulesReviewList) DeepCopyObject() runtime.Object
type SelfSubjectRulesReviewSpec ¶
type SelfSubjectRulesReviewSpec struct {
// Namespace to evaluate rules for. Required.
Namespace string `json:"namespace,omitempty"`
}
func (*SelfSubjectRulesReviewSpec) DeepCopy ¶
func (in *SelfSubjectRulesReviewSpec) DeepCopy() *SelfSubjectRulesReviewSpec
func (*SelfSubjectRulesReviewSpec) DeepCopyInto ¶
func (in *SelfSubjectRulesReviewSpec) DeepCopyInto(out *SelfSubjectRulesReviewSpec)
type SubjectAccessReview ¶
type SubjectAccessReview struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata"`
// Spec holds information about the request being evaluated
Spec SubjectAccessReviewSpec `json:"spec"`
// Status is filled in by the server and indicates whether the request is allowed or not
Status *SubjectAccessReviewStatus `json:"status,omitempty"`
}
func (*SubjectAccessReview) DeepCopy ¶
func (in *SubjectAccessReview) DeepCopy() *SubjectAccessReview
func (*SubjectAccessReview) DeepCopyInto ¶
func (in *SubjectAccessReview) DeepCopyInto(out *SubjectAccessReview)
func (*SubjectAccessReview) DeepCopyObject ¶
func (in *SubjectAccessReview) DeepCopyObject() runtime.Object
type SubjectAccessReviewList ¶
type SubjectAccessReviewList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []SubjectAccessReview `json:"items"`
}
func (*SubjectAccessReviewList) DeepCopy ¶
func (in *SubjectAccessReviewList) DeepCopy() *SubjectAccessReviewList
func (*SubjectAccessReviewList) DeepCopyInto ¶
func (in *SubjectAccessReviewList) DeepCopyInto(out *SubjectAccessReviewList)
func (*SubjectAccessReviewList) DeepCopyObject ¶
func (in *SubjectAccessReviewList) DeepCopyObject() runtime.Object
type SubjectAccessReviewSpec ¶
type SubjectAccessReviewSpec struct {
// ResourceAuthorizationAttributes describes information for a resource access request
ResourceAttributes *ResourceAttributes `json:"resourceAttributes,omitempty"`
// NonResourceAttributes describes information for a non-resource access request
NonResourceAttributes *NonResourceAttributes `json:"nonResourceAttributes,omitempty"`
// User is the user you're testing for.
// If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups
User string `json:"user,omitempty"`
// Groups is the groups you're testing for.
Groups []string `json:"groups"`
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
// it needs a reflection here.
Extra map[string]ExtraValue `json:"extra,omitempty"`
// UID information about the requesting user.
UID string `json:"uid,omitempty"`
}
func (*SubjectAccessReviewSpec) DeepCopy ¶
func (in *SubjectAccessReviewSpec) DeepCopy() *SubjectAccessReviewSpec
func (*SubjectAccessReviewSpec) DeepCopyInto ¶
func (in *SubjectAccessReviewSpec) DeepCopyInto(out *SubjectAccessReviewSpec)
type SubjectAccessReviewStatus ¶
type SubjectAccessReviewStatus struct {
// Allowed is required. True if the action would be allowed, false otherwise.
Allowed bool `json:"allowed"`
// Denied is optional. True if the action would be denied, otherwise
// false. If both allowed is false and denied is false, then the
// authorizer has no opinion on whether to authorize the action. Denied
// may not be true if Allowed is true.
Denied bool `json:"denied,omitempty"`
// Reason is optional. It indicates why a request was allowed or denied.
Reason string `json:"reason,omitempty"`
// EvaluationError is an indication that some error occurred during the authorization check.
// It is entirely possible to get an error and be able to continue determine authorization status in spite of it.
// For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
EvaluationError string `json:"evaluationError,omitempty"`
}
func (*SubjectAccessReviewStatus) DeepCopy ¶
func (in *SubjectAccessReviewStatus) DeepCopy() *SubjectAccessReviewStatus
func (*SubjectAccessReviewStatus) DeepCopyInto ¶
func (in *SubjectAccessReviewStatus) DeepCopyInto(out *SubjectAccessReviewStatus)
type SubjectRulesReviewStatus ¶
type SubjectRulesReviewStatus struct {
// ResourceRules is the list of actions the subject is allowed to perform on resources.
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
ResourceRules []ResourceRule `json:"resourceRules"`
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
NonResourceRules []NonResourceRule `json:"nonResourceRules"`
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
// encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
Incomplete bool `json:"incomplete"`
// EvaluationError can appear in combination with Rules. It indicates an error occurred during
// rule evaluation, such as an authorizer that doesn't support rule evaluation, and that
// ResourceRules and/or NonResourceRules may be incomplete.
EvaluationError string `json:"evaluationError,omitempty"`
}
func (*SubjectRulesReviewStatus) DeepCopy ¶
func (in *SubjectRulesReviewStatus) DeepCopy() *SubjectRulesReviewStatus
func (*SubjectRulesReviewStatus) DeepCopyInto ¶
func (in *SubjectRulesReviewStatus) DeepCopyInto(out *SubjectRulesReviewStatus)
Source Files
Click to show internal directories.
Click to hide internal directories.