authorization

package
v1.8.0-beta.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 2, 2017 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

+k8s:deepcopy-gen=package,register +groupName=authorization.k8s.io

Index

Constants

View Source 
const GroupName = "authorization.k8s.io"

GroupName is the group name use in this package

Variables

View Source 
var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source 
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

SchemeGroupVersion is group version used to register these objects

Functions

func Kind 

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns a Group qualified GroupKind

func RegisterDeepCopies deprecated added in v1.4.1 

func RegisterDeepCopies(scheme *runtime.Scheme) error

RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.

Deprecated: deepcopy registration will go away when static deepcopy is fully implemented.

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type ExtraValue added in v1.4.1 

type ExtraValue []string

ExtraValue masks the value so protobuf can generate +protobuf.nullable=true

type LocalSubjectAccessReview 

type LocalSubjectAccessReview struct {
	metav1.TypeMeta
	metav1.ObjectMeta

	// Spec holds information about the request being evaluated.  spec.namespace must be equal to the namespace
	// you made the request against.  If empty, it is defaulted.
	Spec SubjectAccessReviewSpec

	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatus
}

LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.

func (*LocalSubjectAccessReview) DeepCopy added in v1.8.0 

func (in *LocalSubjectAccessReview) DeepCopy() *LocalSubjectAccessReview

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalSubjectAccessReview.

func (*LocalSubjectAccessReview) DeepCopyInto added in v1.8.0 

func (in *LocalSubjectAccessReview) DeepCopyInto(out *LocalSubjectAccessReview)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LocalSubjectAccessReview) DeepCopyObject added in v1.8.0 

func (in *LocalSubjectAccessReview) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type NonResourceAttributes 

type NonResourceAttributes struct {
	// Path is the URL path of the request
	Path string
	// Verb is the standard HTTP verb
	Verb string
}

NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface

func (*NonResourceAttributes) DeepCopy added in v1.8.0 

func (in *NonResourceAttributes) DeepCopy() *NonResourceAttributes

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NonResourceAttributes.

func (*NonResourceAttributes) DeepCopyInto added in v1.8.0 

func (in *NonResourceAttributes) DeepCopyInto(out *NonResourceAttributes)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceAttributes 

type ResourceAttributes struct {
	// Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces
	// "" (empty) is defaulted for LocalSubjectAccessReviews
	// "" (empty) is empty for cluster-scoped resources
	// "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
	Namespace string
	// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy.  "*" means all.
	Verb string
	// Group is the API Group of the Resource.  "*" means all.
	Group string
	// Version is the API Version of the Resource.  "*" means all.
	Version string
	// Resource is one of the existing resource types.  "*" means all.
	Resource string
	// Subresource is one of the existing resource types.  "" means none.
	Subresource string
	// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
	Name string
}

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

func (*ResourceAttributes) DeepCopy added in v1.8.0 

func (in *ResourceAttributes) DeepCopy() *ResourceAttributes

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResourceAttributes.

func (*ResourceAttributes) DeepCopyInto added in v1.8.0 

func (in *ResourceAttributes) DeepCopyInto(out *ResourceAttributes)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SelfSubjectAccessReview 

type SelfSubjectAccessReview struct {
	metav1.TypeMeta
	metav1.ObjectMeta

	// Spec holds information about the request being evaluated.
	Spec SelfSubjectAccessReviewSpec

	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatus
}

SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means "in all namespaces". Self is a special case, because users should always be able to check whether they can perform an action

func (*SelfSubjectAccessReview) DeepCopy added in v1.8.0 

func (in *SelfSubjectAccessReview) DeepCopy() *SelfSubjectAccessReview

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectAccessReview.

func (*SelfSubjectAccessReview) DeepCopyInto added in v1.8.0 

func (in *SelfSubjectAccessReview) DeepCopyInto(out *SelfSubjectAccessReview)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SelfSubjectAccessReview) DeepCopyObject added in v1.8.0 

func (in *SelfSubjectAccessReview) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SelfSubjectAccessReviewSpec 

type SelfSubjectAccessReviewSpec struct {
	// ResourceAttributes describes information for a resource access request
	ResourceAttributes *ResourceAttributes
	// NonResourceAttributes describes information for a non-resource access request
	NonResourceAttributes *NonResourceAttributes
}

SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAttributes and NonResourceAttributes must be set

func (*SelfSubjectAccessReviewSpec) DeepCopy added in v1.8.0 

func (in *SelfSubjectAccessReviewSpec) DeepCopy() *SelfSubjectAccessReviewSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelfSubjectAccessReviewSpec.

func (*SelfSubjectAccessReviewSpec) DeepCopyInto added in v1.8.0 

func (in *SelfSubjectAccessReviewSpec) DeepCopyInto(out *SelfSubjectAccessReviewSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SubjectAccessReview 

type SubjectAccessReview struct {
	metav1.TypeMeta
	metav1.ObjectMeta

	// Spec holds information about the request being evaluated
	Spec SubjectAccessReviewSpec

	// Status is filled in by the server and indicates whether the request is allowed or not
	Status SubjectAccessReviewStatus
}

SubjectAccessReview checks whether or not a user or group can perform an action. Not filling in a spec.namespace means "in all namespaces".

func (*SubjectAccessReview) DeepCopy added in v1.8.0 

func (in *SubjectAccessReview) DeepCopy() *SubjectAccessReview

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubjectAccessReview.

func (*SubjectAccessReview) DeepCopyInto added in v1.8.0 

func (in *SubjectAccessReview) DeepCopyInto(out *SubjectAccessReview)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SubjectAccessReview) DeepCopyObject added in v1.8.0 

func (in *SubjectAccessReview) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SubjectAccessReviewSpec 

type SubjectAccessReviewSpec struct {
	// ResourceAttributes describes information for a resource access request
	ResourceAttributes *ResourceAttributes
	// NonResourceAttributes describes information for a non-resource access request
	NonResourceAttributes *NonResourceAttributes

	// User is the user you're testing for.
	// If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups
	User string
	// Groups is the groups you're testing for.
	Groups []string
	// Extra corresponds to the user.Info.GetExtra() method from the authenticator.  Since that is input to the authorizer
	// it needs a reflection here.
	Extra map[string]ExtraValue
	// UID information about the requesting user.
	UID string
}

SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAttributes and NonResourceAttributes must be set

func (*SubjectAccessReviewSpec) DeepCopy added in v1.8.0 

func (in *SubjectAccessReviewSpec) DeepCopy() *SubjectAccessReviewSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubjectAccessReviewSpec.

func (*SubjectAccessReviewSpec) DeepCopyInto added in v1.8.0 

func (in *SubjectAccessReviewSpec) DeepCopyInto(out *SubjectAccessReviewSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SubjectAccessReviewStatus 

type SubjectAccessReviewStatus struct {
	// Allowed is required.  True if the action would be allowed, false otherwise.
	Allowed bool
	// Reason is optional.  It indicates why a request was allowed or denied.
	Reason string
	// EvaluationError is an indication that some error occurred during the authorization check.
	// It is entirely possible to get an error and be able to continue determine authorization status in spite of it.
	// For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
	EvaluationError string
}

SubjectAccessReviewStatus

func (*SubjectAccessReviewStatus) DeepCopy added in v1.8.0 

func (in *SubjectAccessReviewStatus) DeepCopy() *SubjectAccessReviewStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubjectAccessReviewStatus.

func (*SubjectAccessReviewStatus) DeepCopyInto added in v1.8.0 

func (in *SubjectAccessReviewStatus) DeepCopyInto(out *SubjectAccessReviewStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Directories

Path Synopsis
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
 Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
+groupName=authorization.k8s.io
 +groupName=authorization.k8s.io
+groupName=authorization.k8s.io
 +groupName=authorization.k8s.io

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.