 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Overview ¶
+k8s:deepcopy-gen=package,register +groupName=rbac.authorization.k8s.io
Index ¶
- Constants
- Variables
- func APIGroupMatches(rule *PolicyRule, requestedGroup string) bool
- func Kind(kind string) schema.GroupKind
- func NonResourceURLMatches(rule *PolicyRule, requestedURL string) bool
- func RegisterDeepCopies(scheme *runtime.Scheme) errordeprecated
- func Resource(resource string) schema.GroupResource
- func ResourceMatches(rule *PolicyRule, requestedResource string) bool
- func ResourceNameMatches(rule *PolicyRule, requestedName string) bool
- func RoleRefGroupKind(roleRef RoleRef) schema.GroupKind
- func SubjectsStrings(subjects []Subject) ([]string, []string, []string, []string)
- func VerbMatches(rule *PolicyRule, requestedVerb string) bool
- type ClusterRole
- type ClusterRoleBinding
- type ClusterRoleBindingBuilder
- func (r *ClusterRoleBindingBuilder) Binding() (ClusterRoleBinding, error)
- func (r *ClusterRoleBindingBuilder) BindingOrDie() ClusterRoleBinding
- func (r *ClusterRoleBindingBuilder) Groups(groups ...string) *ClusterRoleBindingBuilder
- func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *ClusterRoleBindingBuilder
- func (r *ClusterRoleBindingBuilder) Users(users ...string) *ClusterRoleBindingBuilder
 
- type ClusterRoleBindingList
- type ClusterRoleList
- type PolicyRule
- type PolicyRuleBuilder
- func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder
- func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder
- func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder
- func (r *PolicyRuleBuilder) Rule() (PolicyRule, error)
- func (r *PolicyRuleBuilder) RuleOrDie() PolicyRule
- func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder
 
- type Role
- type RoleBinding
- type RoleBindingBuilder
- func (r *RoleBindingBuilder) Binding() (RoleBinding, error)
- func (r *RoleBindingBuilder) BindingOrDie() RoleBinding
- func (r *RoleBindingBuilder) Groups(groups ...string) *RoleBindingBuilder
- func (r *RoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *RoleBindingBuilder
- func (r *RoleBindingBuilder) Users(users ...string) *RoleBindingBuilder
 
- type RoleBindingList
- type RoleList
- type RoleRef
- type SortableRuleSlice
- type Subject
Constants ¶
const ( APIGroupAll = "*" ResourceAll = "*" VerbAll = "*" NonResourceAll = "*" GroupKind = "Group" ServiceAccountKind = "ServiceAccount" UserKind = "User" // AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false" AutoUpdateAnnotationKey = "rbac.authorization.kubernetes.io/autoupdate" )
const GroupName = "rbac.authorization.k8s.io"
    Variables ¶
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
    SchemeGroupVersion is group version used to register these objects
Functions ¶
func APIGroupMatches ¶ added in v1.5.0
func APIGroupMatches(rule *PolicyRule, requestedGroup string) bool
func NonResourceURLMatches ¶ added in v1.5.0
func NonResourceURLMatches(rule *PolicyRule, requestedURL string) bool
        
          
            func RegisterDeepCopies
            deprecated
            
          
  
    
      added in
      v1.4.1
    
  
      
      
    func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
func ResourceMatches ¶ added in v1.5.0
func ResourceMatches(rule *PolicyRule, requestedResource string) bool
func ResourceNameMatches ¶ added in v1.5.0
func ResourceNameMatches(rule *PolicyRule, requestedName string) bool
func RoleRefGroupKind ¶ added in v1.5.0
func SubjectsStrings ¶ added in v1.6.0
subjectsStrings returns users, groups, serviceaccounts, unknown for display purposes.
func VerbMatches ¶ added in v1.5.0
func VerbMatches(rule *PolicyRule, requestedVerb string) bool
Types ¶
type ClusterRole ¶
type ClusterRole struct {
	metav1.TypeMeta
	// Standard object's metadata.
	metav1.ObjectMeta
	// Rules holds all the PolicyRules for this ClusterRole
	Rules []PolicyRule
}
    ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
func (*ClusterRole) DeepCopy ¶ added in v1.8.0
func (in *ClusterRole) DeepCopy() *ClusterRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRole.
func (*ClusterRole) DeepCopyInto ¶ added in v1.8.0
func (in *ClusterRole) DeepCopyInto(out *ClusterRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterRole) DeepCopyObject ¶ added in v1.8.0
func (in *ClusterRole) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterRoleBinding ¶
type ClusterRoleBinding struct {
	metav1.TypeMeta
	// Standard object's metadata.
	metav1.ObjectMeta
	// Subjects holds references to the objects the role applies to.
	Subjects []Subject
	// RoleRef can only reference a ClusterRole in the global namespace.
	// If the RoleRef cannot be resolved, the Authorizer must return an error.
	RoleRef RoleRef
}
    ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.
func (*ClusterRoleBinding) DeepCopy ¶ added in v1.8.0
func (in *ClusterRoleBinding) DeepCopy() *ClusterRoleBinding
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleBinding.
func (*ClusterRoleBinding) DeepCopyInto ¶ added in v1.8.0
func (in *ClusterRoleBinding) DeepCopyInto(out *ClusterRoleBinding)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterRoleBinding) DeepCopyObject ¶ added in v1.8.0
func (in *ClusterRoleBinding) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterRoleBindingBuilder ¶ added in v1.5.0
type ClusterRoleBindingBuilder struct {
	ClusterRoleBinding ClusterRoleBinding
}
    +k8s:deepcopy-gen=false ClusterRoleBindingBuilder let's us attach methods. A no-no for API types. We use it to construct bindings in code. It's more compact than trying to write them out in a literal.
func NewClusterBinding ¶ added in v1.5.0
func NewClusterBinding(clusterRoleName string) *ClusterRoleBindingBuilder
func (*ClusterRoleBindingBuilder) Binding ¶ added in v1.5.0
func (r *ClusterRoleBindingBuilder) Binding() (ClusterRoleBinding, error)
func (*ClusterRoleBindingBuilder) BindingOrDie ¶ added in v1.5.0
func (r *ClusterRoleBindingBuilder) BindingOrDie() ClusterRoleBinding
func (*ClusterRoleBindingBuilder) Groups ¶ added in v1.5.0
func (r *ClusterRoleBindingBuilder) Groups(groups ...string) *ClusterRoleBindingBuilder
func (*ClusterRoleBindingBuilder) SAs ¶ added in v1.5.0
func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *ClusterRoleBindingBuilder
func (*ClusterRoleBindingBuilder) Users ¶ added in v1.5.0
func (r *ClusterRoleBindingBuilder) Users(users ...string) *ClusterRoleBindingBuilder
type ClusterRoleBindingList ¶
type ClusterRoleBindingList struct {
	metav1.TypeMeta
	// Standard object's metadata.
	metav1.ListMeta
	// Items is a list of ClusterRoleBindings
	Items []ClusterRoleBinding
}
    ClusterRoleBindingList is a collection of ClusterRoleBindings
func (*ClusterRoleBindingList) DeepCopy ¶ added in v1.8.0
func (in *ClusterRoleBindingList) DeepCopy() *ClusterRoleBindingList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleBindingList.
func (*ClusterRoleBindingList) DeepCopyInto ¶ added in v1.8.0
func (in *ClusterRoleBindingList) DeepCopyInto(out *ClusterRoleBindingList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterRoleBindingList) DeepCopyObject ¶ added in v1.8.0
func (in *ClusterRoleBindingList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterRoleList ¶
type ClusterRoleList struct {
	metav1.TypeMeta
	// Standard object's metadata.
	metav1.ListMeta
	// Items is a list of ClusterRoles
	Items []ClusterRole
}
    ClusterRoleList is a collection of ClusterRoles
func (*ClusterRoleList) DeepCopy ¶ added in v1.8.0
func (in *ClusterRoleList) DeepCopy() *ClusterRoleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleList.
func (*ClusterRoleList) DeepCopyInto ¶ added in v1.8.0
func (in *ClusterRoleList) DeepCopyInto(out *ClusterRoleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterRoleList) DeepCopyObject ¶ added in v1.8.0
func (in *ClusterRoleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PolicyRule ¶
type PolicyRule struct {
	// Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
	Verbs []string
	// APIGroups is the name of the APIGroup that contains the resources.
	// If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
	APIGroups []string
	// Resources is a list of resources this rule applies to.  ResourceAll represents all resources.
	Resources []string
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames []string
	// NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path
	// If an action is not a resource API request, then the URL is split on '/' and is checked against the NonResourceURLs to look for a match.
	// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
	// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
	NonResourceURLs []string
}
    PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
func (PolicyRule) CompactString ¶ added in v1.7.0
func (r PolicyRule) CompactString() string
CompactString exposes a compact string representation for use in escalation error messages
func (*PolicyRule) DeepCopy ¶ added in v1.8.0
func (in *PolicyRule) DeepCopy() *PolicyRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule.
func (*PolicyRule) DeepCopyInto ¶ added in v1.8.0
func (in *PolicyRule) DeepCopyInto(out *PolicyRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (PolicyRule) String ¶ added in v1.7.0
func (r PolicyRule) String() string
type PolicyRuleBuilder ¶ added in v1.5.0
type PolicyRuleBuilder struct {
	PolicyRule PolicyRule
}
    +k8s:deepcopy-gen=false PolicyRuleBuilder let's us attach methods. A no-no for API types. We use it to construct rules in code. It's more compact than trying to write them out in a literal and allows us to perform some basic checking during construction
func NewRule ¶ added in v1.5.0
func NewRule(verbs ...string) *PolicyRuleBuilder
func (*PolicyRuleBuilder) Groups ¶ added in v1.5.0
func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder
func (*PolicyRuleBuilder) Names ¶ added in v1.5.0
func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder
func (*PolicyRuleBuilder) Resources ¶ added in v1.5.0
func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder
func (*PolicyRuleBuilder) Rule ¶ added in v1.5.0
func (r *PolicyRuleBuilder) Rule() (PolicyRule, error)
func (*PolicyRuleBuilder) RuleOrDie ¶ added in v1.5.0
func (r *PolicyRuleBuilder) RuleOrDie() PolicyRule
func (*PolicyRuleBuilder) URLs ¶ added in v1.5.0
func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder
type Role ¶
type Role struct {
	metav1.TypeMeta
	// Standard object's metadata.
	metav1.ObjectMeta
	// Rules holds all the PolicyRules for this Role
	Rules []PolicyRule
}
    Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
func (*Role) DeepCopy ¶ added in v1.8.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Role.
func (*Role) DeepCopyInto ¶ added in v1.8.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Role) DeepCopyObject ¶ added in v1.8.0
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RoleBinding ¶
type RoleBinding struct {
	metav1.TypeMeta
	metav1.ObjectMeta
	// Subjects holds references to the objects the role applies to.
	Subjects []Subject
	// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
	// If the RoleRef cannot be resolved, the Authorizer must return an error.
	RoleRef RoleRef
}
    RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.
func (*RoleBinding) DeepCopy ¶ added in v1.8.0
func (in *RoleBinding) DeepCopy() *RoleBinding
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBinding.
func (*RoleBinding) DeepCopyInto ¶ added in v1.8.0
func (in *RoleBinding) DeepCopyInto(out *RoleBinding)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RoleBinding) DeepCopyObject ¶ added in v1.8.0
func (in *RoleBinding) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RoleBindingBuilder ¶ added in v1.6.0
type RoleBindingBuilder struct {
	RoleBinding RoleBinding
}
    +k8s:deepcopy-gen=false RoleBindingBuilder let's us attach methods. It is similar to ClusterRoleBindingBuilder above.
func NewRoleBinding ¶ added in v1.6.0
func NewRoleBinding(roleName, namespace string) *RoleBindingBuilder
NewRoleBinding creates a RoleBinding builder that can be used to define the subjects of a role binding. At least one of the `Groups`, `Users` or `SAs` method must be called before calling the `Binding*` methods.
func NewRoleBindingForClusterRole ¶ added in v1.6.0
func NewRoleBindingForClusterRole(roleName, namespace string) *RoleBindingBuilder
func (*RoleBindingBuilder) Binding ¶ added in v1.6.0
func (r *RoleBindingBuilder) Binding() (RoleBinding, error)
Binding builds and returns the RoleBinding API object from the builder object.
func (*RoleBindingBuilder) BindingOrDie ¶ added in v1.6.0
func (r *RoleBindingBuilder) BindingOrDie() RoleBinding
BindingOrDie calls the binding method and panics if there is an error.
func (*RoleBindingBuilder) Groups ¶ added in v1.6.0
func (r *RoleBindingBuilder) Groups(groups ...string) *RoleBindingBuilder
Groups adds the specified groups as the subjects of the RoleBinding.
func (*RoleBindingBuilder) SAs ¶ added in v1.6.0
func (r *RoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *RoleBindingBuilder
SAs adds the specified service accounts as the subjects of the RoleBinding.
func (*RoleBindingBuilder) Users ¶ added in v1.6.0
func (r *RoleBindingBuilder) Users(users ...string) *RoleBindingBuilder
Users adds the specified users as the subjects of the RoleBinding.
type RoleBindingList ¶
type RoleBindingList struct {
	metav1.TypeMeta
	// Standard object's metadata.
	metav1.ListMeta
	// Items is a list of roleBindings
	Items []RoleBinding
}
    RoleBindingList is a collection of RoleBindings
func (*RoleBindingList) DeepCopy ¶ added in v1.8.0
func (in *RoleBindingList) DeepCopy() *RoleBindingList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBindingList.
func (*RoleBindingList) DeepCopyInto ¶ added in v1.8.0
func (in *RoleBindingList) DeepCopyInto(out *RoleBindingList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RoleBindingList) DeepCopyObject ¶ added in v1.8.0
func (in *RoleBindingList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RoleList ¶
type RoleList struct {
	metav1.TypeMeta
	// Standard object's metadata.
	metav1.ListMeta
	// Items is a list of roles
	Items []Role
}
    RoleList is a collection of Roles
func (*RoleList) DeepCopy ¶ added in v1.8.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleList.
func (*RoleList) DeepCopyInto ¶ added in v1.8.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RoleList) DeepCopyObject ¶ added in v1.8.0
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type RoleRef ¶ added in v1.5.0
type RoleRef struct {
	// APIGroup is the group for the resource being referenced
	APIGroup string
	// Kind is the type of resource being referenced
	Kind string
	// Name is the name of resource being referenced
	Name string
}
    RoleRef contains information that points to the role being used
func (*RoleRef) DeepCopy ¶ added in v1.8.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleRef.
func (*RoleRef) DeepCopyInto ¶ added in v1.8.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SortableRuleSlice ¶ added in v1.7.0
type SortableRuleSlice []PolicyRule
func (SortableRuleSlice) Len ¶ added in v1.7.0
func (s SortableRuleSlice) Len() int
func (SortableRuleSlice) Less ¶ added in v1.7.0
func (s SortableRuleSlice) Less(i, j int) bool
func (SortableRuleSlice) Swap ¶ added in v1.7.0
func (s SortableRuleSlice) Swap(i, j int)
type Subject ¶
type Subject struct {
	// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
	// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
	Kind string
	// APIGroup holds the API group of the referenced subject.
	// Defaults to "" for ServiceAccount subjects.
	// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
	APIGroup string
	// Name of the object being referenced.
	Name string
	// Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
	// the Authorizer should report an error.
	Namespace string
}
    Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.
func (*Subject) DeepCopy ¶ added in v1.8.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subject.
func (*Subject) DeepCopyInto ¶ added in v1.8.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
       Directories
      ¶
      Directories
      ¶
    
    | Path | Synopsis | 
|---|---|
| Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery. | Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery. | 
| +groupName=rbac.authorization.k8s.io | +groupName=rbac.authorization.k8s.io | 
| +groupName=rbac.authorization.k8s.io | +groupName=rbac.authorization.k8s.io | 
| +groupName=rbac.authorization.k8s.io | +groupName=rbac.authorization.k8s.io |