Documentation
¶
Overview ¶
+groupName=rbac.authorization.k8s.io
Index ¶
- Constants
- Variables
- func AddToScheme(scheme *runtime.Scheme)
- func DeepCopy_rbac_ClusterRole(in ClusterRole, out *ClusterRole, c *conversion.Cloner) error
- func DeepCopy_rbac_ClusterRoleBinding(in ClusterRoleBinding, out *ClusterRoleBinding, c *conversion.Cloner) error
- func DeepCopy_rbac_ClusterRoleBindingList(in ClusterRoleBindingList, out *ClusterRoleBindingList, c *conversion.Cloner) error
- func DeepCopy_rbac_ClusterRoleList(in ClusterRoleList, out *ClusterRoleList, c *conversion.Cloner) error
- func DeepCopy_rbac_PolicyRule(in PolicyRule, out *PolicyRule, c *conversion.Cloner) error
- func DeepCopy_rbac_Role(in Role, out *Role, c *conversion.Cloner) error
- func DeepCopy_rbac_RoleBinding(in RoleBinding, out *RoleBinding, c *conversion.Cloner) error
- func DeepCopy_rbac_RoleBindingList(in RoleBindingList, out *RoleBindingList, c *conversion.Cloner) error
- func DeepCopy_rbac_RoleList(in RoleList, out *RoleList, c *conversion.Cloner) error
- func DeepCopy_rbac_Subject(in Subject, out *Subject, c *conversion.Cloner) error
- func Kind(kind string) unversioned.GroupKind
- func Resource(resource string) unversioned.GroupResource
- type ClusterRole
- type ClusterRoleBinding
- type ClusterRoleBindingList
- type ClusterRoleList
- type PolicyRule
- type Role
- type RoleBinding
- type RoleBindingList
- type RoleList
- type Subject
Constants ¶
const (
APIGroupAll = "*"
ResourceAll = "*"
VerbAll = "*"
NonResourceAll = "*"
GroupKind = "Group"
ServiceAccountKind = "ServiceAccount"
UserKind = "User"
UserAll = "*"
)
const GroupName = "rbac.authorization.k8s.io"
Variables ¶
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func AddToScheme ¶
func AddToScheme(scheme *runtime.Scheme)
func DeepCopy_rbac_ClusterRole ¶
func DeepCopy_rbac_ClusterRole(in ClusterRole, out *ClusterRole, c *conversion.Cloner) error
func DeepCopy_rbac_ClusterRoleBinding ¶
func DeepCopy_rbac_ClusterRoleBinding(in ClusterRoleBinding, out *ClusterRoleBinding, c *conversion.Cloner) error
func DeepCopy_rbac_ClusterRoleBindingList ¶
func DeepCopy_rbac_ClusterRoleBindingList(in ClusterRoleBindingList, out *ClusterRoleBindingList, c *conversion.Cloner) error
func DeepCopy_rbac_ClusterRoleList ¶
func DeepCopy_rbac_ClusterRoleList(in ClusterRoleList, out *ClusterRoleList, c *conversion.Cloner) error
func DeepCopy_rbac_PolicyRule ¶
func DeepCopy_rbac_PolicyRule(in PolicyRule, out *PolicyRule, c *conversion.Cloner) error
func DeepCopy_rbac_Role ¶
func DeepCopy_rbac_Role(in Role, out *Role, c *conversion.Cloner) error
func DeepCopy_rbac_RoleBinding ¶
func DeepCopy_rbac_RoleBinding(in RoleBinding, out *RoleBinding, c *conversion.Cloner) error
func DeepCopy_rbac_RoleBindingList ¶
func DeepCopy_rbac_RoleBindingList(in RoleBindingList, out *RoleBindingList, c *conversion.Cloner) error
func DeepCopy_rbac_RoleList ¶
func DeepCopy_rbac_RoleList(in RoleList, out *RoleList, c *conversion.Cloner) error
func DeepCopy_rbac_Subject ¶
func DeepCopy_rbac_Subject(in Subject, out *Subject, c *conversion.Cloner) error
Types ¶
type ClusterRole ¶
type ClusterRole struct {
unversioned.TypeMeta
// Standard object's metadata.
api.ObjectMeta
// Rules holds all the PolicyRules for this ClusterRole
Rules []PolicyRule
}
ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
type ClusterRoleBinding ¶
type ClusterRoleBinding struct {
unversioned.TypeMeta
// Standard object's metadata.
api.ObjectMeta
// Subjects holds references to the objects the role applies to.
Subjects []Subject
// RoleRef can only reference a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
RoleRef api.ObjectReference
}
ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.
type ClusterRoleBindingList ¶
type ClusterRoleBindingList struct {
unversioned.TypeMeta
// Standard object's metadata.
unversioned.ListMeta
// Items is a list of ClusterRoleBindings
Items []ClusterRoleBinding
}
ClusterRoleBindingList is a collection of ClusterRoleBindings
type ClusterRoleList ¶
type ClusterRoleList struct {
unversioned.TypeMeta
// Standard object's metadata.
unversioned.ListMeta
// Items is a list of ClusterRoles
Items []ClusterRole
}
ClusterRoleList is a collection of ClusterRoles
type PolicyRule ¶
type PolicyRule struct {
// Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.
Verbs []string
// AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports.
// If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.
AttributeRestrictions runtime.Object
// APIGroups is the name of the APIGroup that contains the resources.
// If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
APIGroups []string
// Resources is a list of resources this rule applies to. ResourceAll represents all resources.
Resources []string
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
ResourceNames []string
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
// If an action is not a resource API request, then the URL is split on '/' and is checked against the NonResourceURLs to look for a match.
// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
NonResourceURLs []string
}
PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
type Role ¶
type Role struct {
unversioned.TypeMeta
// Standard object's metadata.
api.ObjectMeta
// Rules holds all the PolicyRules for this Role
Rules []PolicyRule
}
Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
type RoleBinding ¶
type RoleBinding struct {
unversioned.TypeMeta
api.ObjectMeta
// Subjects holds references to the objects the role applies to.
Subjects []Subject
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
RoleRef api.ObjectReference
}
RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.
type RoleBindingList ¶
type RoleBindingList struct {
unversioned.TypeMeta
// Standard object's metadata.
unversioned.ListMeta
// Items is a list of roleBindings
Items []RoleBinding
}
RoleBindingList is a collection of RoleBindings
type RoleList ¶
type RoleList struct {
unversioned.TypeMeta
// Standard object's metadata.
unversioned.ListMeta
// Items is a list of roles
Items []Role
}
RoleList is a collection of Roles
type Subject ¶
type Subject struct {
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
Kind string
// APIVersion holds the API group and version of the referenced object. For non-object references such as "Group" and "User" this is
// expected to be API version of this API group. For example "rbac/v1alpha1".
APIVersion string
// Name of the object being referenced.
Name string
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
// the Authorizer should report an error.
Namespace string
}
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.
Directories
¶
Path | Synopsis |
---|---|
Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery.
|
Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery. |
+groupName=rbac.authorization.k8s.io +genconversion=true Package v1alpha1 is a generated protocol buffer package.
|
+groupName=rbac.authorization.k8s.io +genconversion=true Package v1alpha1 is a generated protocol buffer package. |