Documentation

Overview

    +groupName=abac.authorization.kubernetes.io

    +k8s:openapi-gen=true

    Index

    Constants

    View Source
    const GroupName = "abac.authorization.kubernetes.io"

    Variables

    View Source
    var (
    	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes, addConversionFuncs)
    	AddToScheme   = SchemeBuilder.AddToScheme
    )
    View Source
    var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}

      SchemeGroupVersion is the API group and version for abac v1beta1

      Functions

      func Convert_abac_PolicySpec_To_v1beta1_PolicySpec

      func Convert_abac_PolicySpec_To_v1beta1_PolicySpec(in *abac.PolicySpec, out *PolicySpec, s conversion.Scope) error

      func Convert_abac_Policy_To_v1beta1_Policy

      func Convert_abac_Policy_To_v1beta1_Policy(in *abac.Policy, out *Policy, s conversion.Scope) error

      func Convert_v1beta1_PolicySpec_To_abac_PolicySpec

      func Convert_v1beta1_PolicySpec_To_abac_PolicySpec(in *PolicySpec, out *abac.PolicySpec, s conversion.Scope) error

      func Convert_v1beta1_Policy_To_abac_Policy

      func Convert_v1beta1_Policy_To_abac_Policy(in *Policy, out *abac.Policy, s conversion.Scope) error

      func DeepCopy_v1beta1_Policy

      func DeepCopy_v1beta1_Policy(in interface{}, out interface{}, c *conversion.Cloner) error

      func DeepCopy_v1beta1_PolicySpec

      func DeepCopy_v1beta1_PolicySpec(in interface{}, out interface{}, c *conversion.Cloner) error

      func RegisterConversions

      func RegisterConversions(scheme *runtime.Scheme) error

        RegisterConversions adds conversion functions to the given scheme. Public to allow building arbitrary schemes.

        func RegisterDeepCopies

        func RegisterDeepCopies(scheme *runtime.Scheme) error

          RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.

          func RegisterDefaults

          func RegisterDefaults(scheme *runtime.Scheme) error

            RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.

            Types

            type Policy

            type Policy struct {
            	metav1.TypeMeta `json:",inline"`
            
            	// Spec describes the policy rule
            	Spec PolicySpec `json:"spec"`
            }

              Policy contains a single ABAC policy rule

              func (*Policy) GetObjectKind

              func (obj *Policy) GetObjectKind() schema.ObjectKind

              type PolicySpec

              type PolicySpec struct {
              	// User is the username this rule applies to.
              	// Either user or group is required to match the request.
              	// "*" matches all users.
              	// +optional
              	User string `json:"user,omitempty"`
              
              	// Group is the group this rule applies to.
              	// Either user or group is required to match the request.
              	// "*" matches all groups.
              	// +optional
              	Group string `json:"group,omitempty"`
              
              	// Readonly matches readonly requests when true, and all requests when false
              	// +optional
              	Readonly bool `json:"readonly,omitempty"`
              
              	// APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests.
              	// "*" matches all API groups
              	// +optional
              	APIGroup string `json:"apiGroup,omitempty"`
              
              	// Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests.
              	// "*" matches all resources
              	// +optional
              	Resource string `json:"resource,omitempty"`
              
              	// Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests.
              	// "*" matches all namespaces (including unnamespaced requests)
              	// +optional
              	Namespace string `json:"namespace,omitempty"`
              
              	// NonResourcePath matches non-resource request paths.
              	// "*" matches all paths
              	// "/foo/*" matches all subpaths of foo
              	// +optional
              	NonResourcePath string `json:"nonResourcePath,omitempty"`
              }

                PolicySpec contains the attributes for a policy rule