Documentation

Index

Constants

View Source
const (
	APIGroupAll    = "*"
	ResourceAll    = "*"
	VerbAll        = "*"
	NonResourceAll = "*"

	GroupKind          = "Group"
	ServiceAccountKind = "ServiceAccount"
	UserKind           = "User"

	// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false"
	AutoUpdateAnnotationKey = "rbac.authorization.kubernetes.io/autoupdate"
)
View Source
const GroupName = "rbac.authorization.k8s.io"

Variables

View Source
var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

    SchemeGroupVersion is group version used to register these objects

    Functions

    func Kind

    func Kind(kind string) schema.GroupKind

      Kind takes an unqualified kind and returns a Group qualified GroupKind

      func Resource

      func Resource(resource string) schema.GroupResource

        Resource takes an unqualified resource and returns a Group qualified GroupResource

        func ResourceMatches

        func ResourceMatches(rule *PolicyRule, combinedRequestedResource, requestedSubresource string) bool

        func SubjectsStrings

        func SubjectsStrings(subjects []Subject) ([]string, []string, []string, []string)

          subjectsStrings returns users, groups, serviceaccounts, unknown for display purposes.

          Types

          type AggregationRule

          type AggregationRule struct {
          	// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
          	// If any of the selectors match, then the ClusterRole's permissions will be added
          	ClusterRoleSelectors []metav1.LabelSelector
          }

            AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole

            func (*AggregationRule) DeepCopy

            func (in *AggregationRule) DeepCopy() *AggregationRule

              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AggregationRule.

              func (*AggregationRule) DeepCopyInto

              func (in *AggregationRule) DeepCopyInto(out *AggregationRule)

                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                type ClusterRole

                type ClusterRole struct {
                	metav1.TypeMeta
                	// Standard object's metadata.
                	metav1.ObjectMeta
                
                	// Rules holds all the PolicyRules for this ClusterRole
                	Rules []PolicyRule
                
                	// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
                	// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
                	// stomped by the controller.
                	AggregationRule *AggregationRule
                }

                  ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.

                  func (*ClusterRole) DeepCopy

                  func (in *ClusterRole) DeepCopy() *ClusterRole

                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRole.

                    func (*ClusterRole) DeepCopyInto

                    func (in *ClusterRole) DeepCopyInto(out *ClusterRole)

                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                      func (*ClusterRole) DeepCopyObject

                      func (in *ClusterRole) DeepCopyObject() runtime.Object

                        DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                        type ClusterRoleBinding

                        type ClusterRoleBinding struct {
                        	metav1.TypeMeta
                        	// Standard object's metadata.
                        	metav1.ObjectMeta
                        
                        	// Subjects holds references to the objects the role applies to.
                        	Subjects []Subject
                        
                        	// RoleRef can only reference a ClusterRole in the global namespace.
                        	// If the RoleRef cannot be resolved, the Authorizer must return an error.
                        	RoleRef RoleRef
                        }

                          ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.

                          func (*ClusterRoleBinding) DeepCopy

                          func (in *ClusterRoleBinding) DeepCopy() *ClusterRoleBinding

                            DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleBinding.

                            func (*ClusterRoleBinding) DeepCopyInto

                            func (in *ClusterRoleBinding) DeepCopyInto(out *ClusterRoleBinding)

                              DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                              func (*ClusterRoleBinding) DeepCopyObject

                              func (in *ClusterRoleBinding) DeepCopyObject() runtime.Object

                                DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                type ClusterRoleBindingBuilder

                                type ClusterRoleBindingBuilder struct {
                                	ClusterRoleBinding ClusterRoleBinding
                                }

                                  +k8s:deepcopy-gen=false ClusterRoleBindingBuilder let's us attach methods. A no-no for API types. We use it to construct bindings in code. It's more compact than trying to write them out in a literal.

                                  func NewClusterBinding

                                  func NewClusterBinding(clusterRoleName string) *ClusterRoleBindingBuilder

                                  func (*ClusterRoleBindingBuilder) Binding

                                  func (*ClusterRoleBindingBuilder) BindingOrDie

                                  func (*ClusterRoleBindingBuilder) Groups

                                  func (*ClusterRoleBindingBuilder) SAs

                                  func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *ClusterRoleBindingBuilder

                                  func (*ClusterRoleBindingBuilder) Users

                                  type ClusterRoleBindingList

                                  type ClusterRoleBindingList struct {
                                  	metav1.TypeMeta
                                  	// Standard object's metadata.
                                  	metav1.ListMeta
                                  
                                  	// Items is a list of ClusterRoleBindings
                                  	Items []ClusterRoleBinding
                                  }

                                    ClusterRoleBindingList is a collection of ClusterRoleBindings

                                    func (*ClusterRoleBindingList) DeepCopy

                                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleBindingList.

                                      func (*ClusterRoleBindingList) DeepCopyInto

                                      func (in *ClusterRoleBindingList) DeepCopyInto(out *ClusterRoleBindingList)

                                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                        func (*ClusterRoleBindingList) DeepCopyObject

                                        func (in *ClusterRoleBindingList) DeepCopyObject() runtime.Object

                                          DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                          type ClusterRoleList

                                          type ClusterRoleList struct {
                                          	metav1.TypeMeta
                                          	// Standard object's metadata.
                                          	metav1.ListMeta
                                          
                                          	// Items is a list of ClusterRoles
                                          	Items []ClusterRole
                                          }

                                            ClusterRoleList is a collection of ClusterRoles

                                            func (*ClusterRoleList) DeepCopy

                                            func (in *ClusterRoleList) DeepCopy() *ClusterRoleList

                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleList.

                                              func (*ClusterRoleList) DeepCopyInto

                                              func (in *ClusterRoleList) DeepCopyInto(out *ClusterRoleList)

                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                func (*ClusterRoleList) DeepCopyObject

                                                func (in *ClusterRoleList) DeepCopyObject() runtime.Object

                                                  DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                  type PolicyRule

                                                  type PolicyRule struct {
                                                  	// Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
                                                  	Verbs []string
                                                  
                                                  	// APIGroups is the name of the APIGroup that contains the resources.
                                                  	// If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
                                                  	APIGroups []string
                                                  	// Resources is a list of resources this rule applies to.  '*' represents all resources in the specified apiGroups.
                                                  	// '*/foo' represents the subresource 'foo' for all resources in the specified apiGroups.
                                                  	Resources []string
                                                  	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
                                                  	ResourceNames []string
                                                  
                                                  	// NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path
                                                  	// If an action is not a resource API request, then the URL is split on '/' and is checked against the NonResourceURLs to look for a match.
                                                  	// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
                                                  	// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
                                                  	NonResourceURLs []string
                                                  }

                                                    PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.

                                                    func (PolicyRule) CompactString

                                                    func (r PolicyRule) CompactString() string

                                                      CompactString exposes a compact string representation for use in escalation error messages

                                                      func (*PolicyRule) DeepCopy

                                                      func (in *PolicyRule) DeepCopy() *PolicyRule

                                                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule.

                                                        func (*PolicyRule) DeepCopyInto

                                                        func (in *PolicyRule) DeepCopyInto(out *PolicyRule)

                                                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                          func (PolicyRule) String

                                                          func (r PolicyRule) String() string

                                                          type PolicyRuleBuilder

                                                          type PolicyRuleBuilder struct {
                                                          	PolicyRule PolicyRule
                                                          }

                                                            +k8s:deepcopy-gen=false PolicyRuleBuilder let's us attach methods. A no-no for API types. We use it to construct rules in code. It's more compact than trying to write them out in a literal and allows us to perform some basic checking during construction

                                                            func NewRule

                                                            func NewRule(verbs ...string) *PolicyRuleBuilder

                                                            func (*PolicyRuleBuilder) Groups

                                                            func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder

                                                            func (*PolicyRuleBuilder) Names

                                                            func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder

                                                            func (*PolicyRuleBuilder) Resources

                                                            func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder

                                                            func (*PolicyRuleBuilder) Rule

                                                            func (r *PolicyRuleBuilder) Rule() (PolicyRule, error)

                                                            func (*PolicyRuleBuilder) RuleOrDie

                                                            func (r *PolicyRuleBuilder) RuleOrDie() PolicyRule

                                                            func (*PolicyRuleBuilder) URLs

                                                            func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder

                                                            type Role

                                                            type Role struct {
                                                            	metav1.TypeMeta
                                                            	// Standard object's metadata.
                                                            	metav1.ObjectMeta
                                                            
                                                            	// Rules holds all the PolicyRules for this Role
                                                            	Rules []PolicyRule
                                                            }

                                                              Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.

                                                              func (*Role) DeepCopy

                                                              func (in *Role) DeepCopy() *Role

                                                                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Role.

                                                                func (*Role) DeepCopyInto

                                                                func (in *Role) DeepCopyInto(out *Role)

                                                                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                  func (*Role) DeepCopyObject

                                                                  func (in *Role) DeepCopyObject() runtime.Object

                                                                    DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                    type RoleBinding

                                                                    type RoleBinding struct {
                                                                    	metav1.TypeMeta
                                                                    	metav1.ObjectMeta
                                                                    
                                                                    	// Subjects holds references to the objects the role applies to.
                                                                    	Subjects []Subject
                                                                    
                                                                    	// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
                                                                    	// If the RoleRef cannot be resolved, the Authorizer must return an error.
                                                                    	RoleRef RoleRef
                                                                    }

                                                                      RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.

                                                                      func (*RoleBinding) DeepCopy

                                                                      func (in *RoleBinding) DeepCopy() *RoleBinding

                                                                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBinding.

                                                                        func (*RoleBinding) DeepCopyInto

                                                                        func (in *RoleBinding) DeepCopyInto(out *RoleBinding)

                                                                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                          func (*RoleBinding) DeepCopyObject

                                                                          func (in *RoleBinding) DeepCopyObject() runtime.Object

                                                                            DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                            type RoleBindingBuilder

                                                                            type RoleBindingBuilder struct {
                                                                            	RoleBinding RoleBinding
                                                                            }

                                                                              +k8s:deepcopy-gen=false RoleBindingBuilder let's us attach methods. It is similar to ClusterRoleBindingBuilder above.

                                                                              func NewRoleBinding

                                                                              func NewRoleBinding(roleName, namespace string) *RoleBindingBuilder

                                                                                NewRoleBinding creates a RoleBinding builder that can be used to define the subjects of a role binding. At least one of the `Groups`, `Users` or `SAs` method must be called before calling the `Binding*` methods.

                                                                                func NewRoleBindingForClusterRole

                                                                                func NewRoleBindingForClusterRole(roleName, namespace string) *RoleBindingBuilder

                                                                                func (*RoleBindingBuilder) Binding

                                                                                func (r *RoleBindingBuilder) Binding() (RoleBinding, error)

                                                                                  Binding builds and returns the RoleBinding API object from the builder object.

                                                                                  func (*RoleBindingBuilder) BindingOrDie

                                                                                  func (r *RoleBindingBuilder) BindingOrDie() RoleBinding

                                                                                    BindingOrDie calls the binding method and panics if there is an error.

                                                                                    func (*RoleBindingBuilder) Groups

                                                                                    func (r *RoleBindingBuilder) Groups(groups ...string) *RoleBindingBuilder

                                                                                      Groups adds the specified groups as the subjects of the RoleBinding.

                                                                                      func (*RoleBindingBuilder) SAs

                                                                                      func (r *RoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *RoleBindingBuilder

                                                                                        SAs adds the specified service accounts as the subjects of the RoleBinding.

                                                                                        func (*RoleBindingBuilder) Users

                                                                                        func (r *RoleBindingBuilder) Users(users ...string) *RoleBindingBuilder

                                                                                          Users adds the specified users as the subjects of the RoleBinding.

                                                                                          type RoleBindingList

                                                                                          type RoleBindingList struct {
                                                                                          	metav1.TypeMeta
                                                                                          	// Standard object's metadata.
                                                                                          	metav1.ListMeta
                                                                                          
                                                                                          	// Items is a list of roleBindings
                                                                                          	Items []RoleBinding
                                                                                          }

                                                                                            RoleBindingList is a collection of RoleBindings

                                                                                            func (*RoleBindingList) DeepCopy

                                                                                            func (in *RoleBindingList) DeepCopy() *RoleBindingList

                                                                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBindingList.

                                                                                              func (*RoleBindingList) DeepCopyInto

                                                                                              func (in *RoleBindingList) DeepCopyInto(out *RoleBindingList)

                                                                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                func (*RoleBindingList) DeepCopyObject

                                                                                                func (in *RoleBindingList) DeepCopyObject() runtime.Object

                                                                                                  DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                                  type RoleList

                                                                                                  type RoleList struct {
                                                                                                  	metav1.TypeMeta
                                                                                                  	// Standard object's metadata.
                                                                                                  	metav1.ListMeta
                                                                                                  
                                                                                                  	// Items is a list of roles
                                                                                                  	Items []Role
                                                                                                  }

                                                                                                    RoleList is a collection of Roles

                                                                                                    func (*RoleList) DeepCopy

                                                                                                    func (in *RoleList) DeepCopy() *RoleList

                                                                                                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleList.

                                                                                                      func (*RoleList) DeepCopyInto

                                                                                                      func (in *RoleList) DeepCopyInto(out *RoleList)

                                                                                                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                        func (*RoleList) DeepCopyObject

                                                                                                        func (in *RoleList) DeepCopyObject() runtime.Object

                                                                                                          DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                                          type RoleRef

                                                                                                          type RoleRef struct {
                                                                                                          	// APIGroup is the group for the resource being referenced
                                                                                                          	APIGroup string
                                                                                                          	// Kind is the type of resource being referenced
                                                                                                          	Kind string
                                                                                                          	// Name is the name of resource being referenced
                                                                                                          	Name string
                                                                                                          }

                                                                                                            RoleRef contains information that points to the role being used

                                                                                                            func (*RoleRef) DeepCopy

                                                                                                            func (in *RoleRef) DeepCopy() *RoleRef

                                                                                                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleRef.

                                                                                                              func (*RoleRef) DeepCopyInto

                                                                                                              func (in *RoleRef) DeepCopyInto(out *RoleRef)

                                                                                                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                type SortableRuleSlice

                                                                                                                type SortableRuleSlice []PolicyRule

                                                                                                                func (SortableRuleSlice) DeepCopy

                                                                                                                func (in SortableRuleSlice) DeepCopy() SortableRuleSlice

                                                                                                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SortableRuleSlice.

                                                                                                                  func (SortableRuleSlice) DeepCopyInto

                                                                                                                  func (in SortableRuleSlice) DeepCopyInto(out *SortableRuleSlice)

                                                                                                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                    func (SortableRuleSlice) Len

                                                                                                                    func (s SortableRuleSlice) Len() int

                                                                                                                    func (SortableRuleSlice) Less

                                                                                                                    func (s SortableRuleSlice) Less(i, j int) bool

                                                                                                                    func (SortableRuleSlice) Swap

                                                                                                                    func (s SortableRuleSlice) Swap(i, j int)

                                                                                                                    type Subject

                                                                                                                    type Subject struct {
                                                                                                                    	// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
                                                                                                                    	// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
                                                                                                                    	Kind string
                                                                                                                    	// APIGroup holds the API group of the referenced subject.
                                                                                                                    	// Defaults to "" for ServiceAccount subjects.
                                                                                                                    	// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
                                                                                                                    	APIGroup string
                                                                                                                    	// Name of the object being referenced.
                                                                                                                    	Name string
                                                                                                                    	// Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
                                                                                                                    	// the Authorizer should report an error.
                                                                                                                    	Namespace string
                                                                                                                    }

                                                                                                                      Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.

                                                                                                                      func (*Subject) DeepCopy

                                                                                                                      func (in *Subject) DeepCopy() *Subject

                                                                                                                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subject.

                                                                                                                        func (*Subject) DeepCopyInto

                                                                                                                        func (in *Subject) DeepCopyInto(out *Subject)

                                                                                                                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                          Directories

                                                                                                                          Path Synopsis
                                                                                                                          Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery.
                                                                                                                          Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery.