rbac

package

v1.4.12 Latest Latest Go to latest Published: Apr 20, 2017 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/GoogleCloudPlatform/kubernetes

Documentation ¶

Overview ¶

+groupName=rbac.authorization.k8s.io

Index ¶

Constants
Variables
func DeepCopy_rbac_ClusterRole(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_ClusterRoleBinding(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_ClusterRoleBindingList(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_ClusterRoleList(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_PolicyRule(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_Role(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_RoleBinding(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_RoleBindingList(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_RoleList(in interface{}, out interface{}, c *conversion.Cloner) error
func DeepCopy_rbac_Subject(in interface{}, out interface{}, c *conversion.Cloner) error
func Kind(kind string) unversioned.GroupKind
func RegisterDeepCopies(scheme *runtime.Scheme) error
func Resource(resource string) unversioned.GroupResource
type ClusterRole
type ClusterRoleBinding
type ClusterRoleBindingList
type ClusterRoleList
type PolicyRule
type Role
type RoleBinding
type RoleBindingList
type RoleList
type Subject

Constants ¶

View Source

const (
	APIGroupAll    = "*"
	ResourceAll    = "*"
	VerbAll        = "*"
	NonResourceAll = "*"

	GroupKind          = "Group"
	ServiceAccountKind = "ServiceAccount"
	UserKind           = "User"

	UserAll = "*"
)

View Source

const GroupName = "rbac.authorization.k8s.io"

Variables ¶

View Source

var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
)

View Source

var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

SchemeGroupVersion is group version used to register these objects

Functions ¶

func DeepCopy_rbac_ClusterRole ¶

func DeepCopy_rbac_ClusterRole(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_rbac_ClusterRoleBinding ¶

func DeepCopy_rbac_ClusterRoleBinding(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_rbac_ClusterRoleBindingList ¶

func DeepCopy_rbac_ClusterRoleBindingList(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_rbac_ClusterRoleList ¶

func DeepCopy_rbac_ClusterRoleList(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_rbac_PolicyRule ¶

func DeepCopy_rbac_PolicyRule(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_rbac_Role ¶

func DeepCopy_rbac_Role(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_rbac_RoleBinding ¶

func DeepCopy_rbac_RoleBinding(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_rbac_RoleBindingList ¶

func DeepCopy_rbac_RoleBindingList(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_rbac_RoleList ¶

func DeepCopy_rbac_RoleList(in interface{}, out interface{}, c *conversion.Cloner) error

func DeepCopy_rbac_Subject ¶

func DeepCopy_rbac_Subject(in interface{}, out interface{}, c *conversion.Cloner) error

func Kind ¶

func Kind(kind string) unversioned.GroupKind

Kind takes an unqualified kind and returns a Group qualified GroupKind

func RegisterDeepCopies ¶ added in v1.4.0

func RegisterDeepCopies(scheme *runtime.Scheme) error

RegisterDeepCopies adds deep-copy functions to the given scheme. Public to allow building arbitrary schemes.

func Resource ¶

func Resource(resource string) unversioned.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types ¶

type ClusterRole ¶

type ClusterRole struct {
	unversioned.TypeMeta
	// Standard object's metadata.
	api.ObjectMeta

	// Rules holds all the PolicyRules for this ClusterRole
	Rules []PolicyRule
}

ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.

type ClusterRoleBinding ¶

type ClusterRoleBinding struct {
	unversioned.TypeMeta
	// Standard object's metadata.
	api.ObjectMeta

	// Subjects holds references to the objects the role applies to.
	Subjects []Subject

	// RoleRef can only reference a ClusterRole in the global namespace.
	// If the RoleRef cannot be resolved, the Authorizer must return an error.
	RoleRef api.ObjectReference
}

ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.

type ClusterRoleBindingList ¶

type ClusterRoleBindingList struct {
	unversioned.TypeMeta
	// Standard object's metadata.
	unversioned.ListMeta

	// Items is a list of ClusterRoleBindings
	Items []ClusterRoleBinding
}

ClusterRoleBindingList is a collection of ClusterRoleBindings

type ClusterRoleList ¶

type ClusterRoleList struct {
	unversioned.TypeMeta
	// Standard object's metadata.
	unversioned.ListMeta

	// Items is a list of ClusterRoles
	Items []ClusterRole
}

ClusterRoleList is a collection of ClusterRoles

type PolicyRule ¶

type PolicyRule struct {
	// Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
	Verbs []string
	// AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports.
	// If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.
	AttributeRestrictions runtime.Object

	APIGroups []string
	// Resources is a list of resources this rule applies to.  ResourceAll represents all resources.
	Resources []string
	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
	ResourceNames []string

	// NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path
	// If an action is not a resource API request, then the URL is split on '/' and is checked against the NonResourceURLs to look for a match.
	// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
	// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
	NonResourceURLs []string
}

PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.

type Role ¶

type Role struct {
	unversioned.TypeMeta
	// Standard object's metadata.
	api.ObjectMeta

	// Rules holds all the PolicyRules for this Role
	Rules []PolicyRule
}

Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.

type RoleBinding ¶

type RoleBinding struct {
	unversioned.TypeMeta
	api.ObjectMeta

	// Subjects holds references to the objects the role applies to.
	Subjects []Subject

	// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
	// If the RoleRef cannot be resolved, the Authorizer must return an error.
	RoleRef api.ObjectReference
}

RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.

type RoleBindingList ¶

type RoleBindingList struct {
	unversioned.TypeMeta
	// Standard object's metadata.
	unversioned.ListMeta

	// Items is a list of roleBindings
	Items []RoleBinding
}

RoleBindingList is a collection of RoleBindings

type RoleList ¶

type RoleList struct {
	unversioned.TypeMeta
	// Standard object's metadata.
	unversioned.ListMeta

	// Items is a list of roles
	Items []Role
}

RoleList is a collection of Roles

type Subject ¶

type Subject struct {
	// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
	// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
	Kind string
	// APIVersion holds the API group and version of the referenced object. For non-object references such as "Group" and "User" this is
	// expected to be API version of this API group. For example, "rbac/v1alpha1".
	APIVersion string
	// Name of the object being referenced.
	Name string
	// Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
	// the Authorizer should report an error.
	Namespace string
}

Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
install Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery.	Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery.
v1alpha1 Package v1alpha1 is a generated protocol buffer package.	Package v1alpha1 is a generated protocol buffer package.
validation

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL