Documentation

Overview

    +k8s:deepcopy-gen=package,register +groupName=rbac.authorization.k8s.io

    Index

    Constants

    View Source
    const (
    	APIGroupAll    = "*"
    	ResourceAll    = "*"
    	VerbAll        = "*"
    	NonResourceAll = "*"
    
    	GroupKind          = "Group"
    	ServiceAccountKind = "ServiceAccount"
    	UserKind           = "User"
    
    	// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false"
    	AutoUpdateAnnotationKey = "rbac.authorization.kubernetes.io/autoupdate"
    )
    View Source
    const GroupName = "rbac.authorization.k8s.io"

    Variables

    View Source
    var (
    	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
    	AddToScheme   = SchemeBuilder.AddToScheme
    )
    View Source
    var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

      SchemeGroupVersion is group version used to register these objects

      Functions

      func APIGroupMatches

      func APIGroupMatches(rule PolicyRule, requestedGroup string) bool

      func DeepCopy_rbac_ClusterRole

      func DeepCopy_rbac_ClusterRole(in interface{}, out interface{}, c *conversion.Cloner) error

      func DeepCopy_rbac_ClusterRoleBinding

      func DeepCopy_rbac_ClusterRoleBinding(in interface{}, out interface{}, c *conversion.Cloner) error

      func DeepCopy_rbac_ClusterRoleBindingList

      func DeepCopy_rbac_ClusterRoleBindingList(in interface{}, out interface{}, c *conversion.Cloner) error

      func DeepCopy_rbac_ClusterRoleList

      func DeepCopy_rbac_ClusterRoleList(in interface{}, out interface{}, c *conversion.Cloner) error

      func DeepCopy_rbac_PolicyRule

      func DeepCopy_rbac_PolicyRule(in interface{}, out interface{}, c *conversion.Cloner) error

      func DeepCopy_rbac_Role

      func DeepCopy_rbac_Role(in interface{}, out interface{}, c *conversion.Cloner) error

      func DeepCopy_rbac_RoleBinding

      func DeepCopy_rbac_RoleBinding(in interface{}, out interface{}, c *conversion.Cloner) error

      func DeepCopy_rbac_RoleBindingList

      func DeepCopy_rbac_RoleBindingList(in interface{}, out interface{}, c *conversion.Cloner) error

      func DeepCopy_rbac_RoleList

      func DeepCopy_rbac_RoleList(in interface{}, out interface{}, c *conversion.Cloner) error

      func DeepCopy_rbac_RoleRef

      func DeepCopy_rbac_RoleRef(in interface{}, out interface{}, c *conversion.Cloner) error

      func DeepCopy_rbac_Subject

      func DeepCopy_rbac_Subject(in interface{}, out interface{}, c *conversion.Cloner) error

      func Kind

      func Kind(kind string) schema.GroupKind

        Kind takes an unqualified kind and returns a Group qualified GroupKind

        func NonResourceURLMatches

        func NonResourceURLMatches(rule PolicyRule, requestedURL string) bool

        func RegisterDeepCopies

        func RegisterDeepCopies(scheme *runtime.Scheme) error

          RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.

          func Resource

          func Resource(resource string) schema.GroupResource

            Resource takes an unqualified resource and returns a Group qualified GroupResource

            func ResourceMatches

            func ResourceMatches(rule PolicyRule, requestedResource string) bool

            func ResourceNameMatches

            func ResourceNameMatches(rule PolicyRule, requestedName string) bool

            func RoleRefGroupKind

            func RoleRefGroupKind(roleRef RoleRef) schema.GroupKind

            func SubjectsStrings

            func SubjectsStrings(subjects []Subject) ([]string, []string, []string, []string)

              subjectsStrings returns users, groups, serviceaccounts, unknown for display purposes.

              func VerbMatches

              func VerbMatches(rule PolicyRule, requestedVerb string) bool

              Types

              type ClusterRole

              type ClusterRole struct {
              	metav1.TypeMeta
              	// Standard object's metadata.
              	metav1.ObjectMeta
              
              	// Rules holds all the PolicyRules for this ClusterRole
              	Rules []PolicyRule
              }

                ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.

                type ClusterRoleBinding

                type ClusterRoleBinding struct {
                	metav1.TypeMeta
                	// Standard object's metadata.
                	metav1.ObjectMeta
                
                	// Subjects holds references to the objects the role applies to.
                	Subjects []Subject
                
                	// RoleRef can only reference a ClusterRole in the global namespace.
                	// If the RoleRef cannot be resolved, the Authorizer must return an error.
                	RoleRef RoleRef
                }

                  ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.

                  type ClusterRoleBindingBuilder

                  type ClusterRoleBindingBuilder struct {
                  	ClusterRoleBinding ClusterRoleBinding
                  }

                    +k8s:deepcopy-gen=false ClusterRoleBindingBuilder let's us attach methods. A no-no for API types. We use it to construct bindings in code. It's more compact than trying to write them out in a literal.

                    func NewClusterBinding

                    func NewClusterBinding(clusterRoleName string) *ClusterRoleBindingBuilder

                    func (*ClusterRoleBindingBuilder) Binding

                    func (*ClusterRoleBindingBuilder) BindingOrDie

                    func (*ClusterRoleBindingBuilder) Groups

                    func (*ClusterRoleBindingBuilder) SAs

                    func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *ClusterRoleBindingBuilder

                    func (*ClusterRoleBindingBuilder) Users

                    type ClusterRoleBindingList

                    type ClusterRoleBindingList struct {
                    	metav1.TypeMeta
                    	// Standard object's metadata.
                    	metav1.ListMeta
                    
                    	// Items is a list of ClusterRoleBindings
                    	Items []ClusterRoleBinding
                    }

                      ClusterRoleBindingList is a collection of ClusterRoleBindings

                      type ClusterRoleList

                      type ClusterRoleList struct {
                      	metav1.TypeMeta
                      	// Standard object's metadata.
                      	metav1.ListMeta
                      
                      	// Items is a list of ClusterRoles
                      	Items []ClusterRole
                      }

                        ClusterRoleList is a collection of ClusterRoles

                        type PolicyRule

                        type PolicyRule struct {
                        	// Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
                        	Verbs []string
                        
                        	// APIGroups is the name of the APIGroup that contains the resources.
                        	// If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
                        	APIGroups []string
                        	// Resources is a list of resources this rule applies to.  ResourceAll represents all resources.
                        	Resources []string
                        	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
                        	ResourceNames []string
                        
                        	// NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path
                        	// If an action is not a resource API request, then the URL is split on '/' and is checked against the NonResourceURLs to look for a match.
                        	// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
                        	// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
                        	NonResourceURLs []string
                        }

                          PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.

                          type PolicyRuleBuilder

                          type PolicyRuleBuilder struct {
                          	PolicyRule PolicyRule
                          }

                            +k8s:deepcopy-gen=false PolicyRuleBuilder let's us attach methods. A no-no for API types. We use it to construct rules in code. It's more compact than trying to write them out in a literal and allows us to perform some basic checking during construction

                            func NewRule

                            func NewRule(verbs ...string) *PolicyRuleBuilder

                            func (*PolicyRuleBuilder) Groups

                            func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder

                            func (*PolicyRuleBuilder) Names

                            func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder

                            func (*PolicyRuleBuilder) Resources

                            func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder

                            func (*PolicyRuleBuilder) Rule

                            func (r *PolicyRuleBuilder) Rule() (PolicyRule, error)

                            func (*PolicyRuleBuilder) RuleOrDie

                            func (r *PolicyRuleBuilder) RuleOrDie() PolicyRule

                            func (*PolicyRuleBuilder) URLs

                            func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder

                            type Role

                            type Role struct {
                            	metav1.TypeMeta
                            	// Standard object's metadata.
                            	metav1.ObjectMeta
                            
                            	// Rules holds all the PolicyRules for this Role
                            	Rules []PolicyRule
                            }

                              Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.

                              type RoleBinding

                              type RoleBinding struct {
                              	metav1.TypeMeta
                              	metav1.ObjectMeta
                              
                              	// Subjects holds references to the objects the role applies to.
                              	Subjects []Subject
                              
                              	// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
                              	// If the RoleRef cannot be resolved, the Authorizer must return an error.
                              	RoleRef RoleRef
                              }

                                RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.

                                type RoleBindingBuilder

                                type RoleBindingBuilder struct {
                                	RoleBinding RoleBinding
                                }

                                  +k8s:deepcopy-gen=false RoleBindingBuilder let's us attach methods. It is similar to ClusterRoleBindingBuilder above.

                                  func NewRoleBinding

                                  func NewRoleBinding(roleName, namespace string) *RoleBindingBuilder

                                    NewRoleBinding creates a RoleBinding builder that can be used to define the subjects of a role binding. At least one of the `Groups`, `Users` or `SAs` method must be called before calling the `Binding*` methods.

                                    func NewRoleBindingForClusterRole

                                    func NewRoleBindingForClusterRole(roleName, namespace string) *RoleBindingBuilder

                                    func (*RoleBindingBuilder) Binding

                                    func (r *RoleBindingBuilder) Binding() (RoleBinding, error)

                                      Binding builds and returns the RoleBinding API object from the builder object.

                                      func (*RoleBindingBuilder) BindingOrDie

                                      func (r *RoleBindingBuilder) BindingOrDie() RoleBinding

                                        BindingOrDie calls the binding method and panics if there is an error.

                                        func (*RoleBindingBuilder) Groups

                                        func (r *RoleBindingBuilder) Groups(groups ...string) *RoleBindingBuilder

                                          Groups adds the specified groups as the subjects of the RoleBinding.

                                          func (*RoleBindingBuilder) SAs

                                          func (r *RoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *RoleBindingBuilder

                                            SAs adds the specified service accounts as the subjects of the RoleBinding.

                                            func (*RoleBindingBuilder) Users

                                            func (r *RoleBindingBuilder) Users(users ...string) *RoleBindingBuilder

                                              Users adds the specified users as the subjects of the RoleBinding.

                                              type RoleBindingList

                                              type RoleBindingList struct {
                                              	metav1.TypeMeta
                                              	// Standard object's metadata.
                                              	metav1.ListMeta
                                              
                                              	// Items is a list of roleBindings
                                              	Items []RoleBinding
                                              }

                                                RoleBindingList is a collection of RoleBindings

                                                type RoleList

                                                type RoleList struct {
                                                	metav1.TypeMeta
                                                	// Standard object's metadata.
                                                	metav1.ListMeta
                                                
                                                	// Items is a list of roles
                                                	Items []Role
                                                }

                                                  RoleList is a collection of Roles

                                                  type RoleRef

                                                  type RoleRef struct {
                                                  	// APIGroup is the group for the resource being referenced
                                                  	APIGroup string
                                                  	// Kind is the type of resource being referenced
                                                  	Kind string
                                                  	// Name is the name of resource being referenced
                                                  	Name string
                                                  }

                                                    RoleRef contains information that points to the role being used

                                                    type Subject

                                                    type Subject struct {
                                                    	// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
                                                    	// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
                                                    	Kind string
                                                    	// APIGroup holds the API group of the referenced subject.
                                                    	// Defaults to "" for ServiceAccount subjects.
                                                    	// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
                                                    	APIGroup string
                                                    	// Name of the object being referenced.
                                                    	Name string
                                                    	// Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
                                                    	// the Authorizer should report an error.
                                                    	Namespace string
                                                    }

                                                      Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.

                                                      Directories

                                                      Path Synopsis
                                                      Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery.
                                                      Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery.
                                                      +groupName=rbac.authorization.k8s.io Package v1alpha1 is a generated protocol buffer package.
                                                      +groupName=rbac.authorization.k8s.io Package v1alpha1 is a generated protocol buffer package.
                                                      +groupName=rbac.authorization.k8s.io Package v1beta1 is a generated protocol buffer package.
                                                      +groupName=rbac.authorization.k8s.io Package v1beta1 is a generated protocol buffer package.