Documentation

Overview

    +k8s:deepcopy-gen=package +groupName=rbac.authorization.k8s.io

    Index

    Constants

    View Source
    const (
    	APIGroupAll    = "*"
    	ResourceAll    = "*"
    	VerbAll        = "*"
    	NonResourceAll = "*"
    
    	GroupKind          = "Group"
    	ServiceAccountKind = "ServiceAccount"
    	UserKind           = "User"
    
    	// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false"
    	AutoUpdateAnnotationKey = "rbac.authorization.kubernetes.io/autoupdate"
    )
    View Source
    const GroupName = "rbac.authorization.k8s.io"

    Variables

    View Source
    var (
    	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
    	AddToScheme   = SchemeBuilder.AddToScheme
    )
    View Source
    var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

      SchemeGroupVersion is group version used to register these objects

      Functions

      func APIGroupMatches

      func APIGroupMatches(rule *PolicyRule, requestedGroup string) bool

      func Kind

      func Kind(kind string) schema.GroupKind

        Kind takes an unqualified kind and returns a Group qualified GroupKind

        func NonResourceURLMatches

        func NonResourceURLMatches(rule *PolicyRule, requestedURL string) bool

        func Resource

        func Resource(resource string) schema.GroupResource

          Resource takes an unqualified resource and returns a Group qualified GroupResource

          func ResourceMatches

          func ResourceMatches(rule *PolicyRule, combinedRequestedResource, requestedSubresource string) bool

          func ResourceNameMatches

          func ResourceNameMatches(rule *PolicyRule, requestedName string) bool

          func RoleRefGroupKind

          func RoleRefGroupKind(roleRef RoleRef) schema.GroupKind

          func SubjectsStrings

          func SubjectsStrings(subjects []Subject) ([]string, []string, []string, []string)

            subjectsStrings returns users, groups, serviceaccounts, unknown for display purposes.

            func VerbMatches

            func VerbMatches(rule *PolicyRule, requestedVerb string) bool

            Types

            type AggregationRule

            type AggregationRule struct {
            	// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
            	// If any of the selectors match, then the ClusterRole's permissions will be added
            	ClusterRoleSelectors []metav1.LabelSelector
            }

              AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole

              func (*AggregationRule) DeepCopy

              func (in *AggregationRule) DeepCopy() *AggregationRule

                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AggregationRule.

                func (*AggregationRule) DeepCopyInto

                func (in *AggregationRule) DeepCopyInto(out *AggregationRule)

                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                  type ClusterRole

                  type ClusterRole struct {
                  	metav1.TypeMeta
                  	// Standard object's metadata.
                  	metav1.ObjectMeta
                  
                  	// Rules holds all the PolicyRules for this ClusterRole
                  	Rules []PolicyRule
                  
                  	// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
                  	// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
                  	// stomped by the controller.
                  	AggregationRule *AggregationRule
                  }

                    ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.

                    func (*ClusterRole) DeepCopy

                    func (in *ClusterRole) DeepCopy() *ClusterRole

                      DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRole.

                      func (*ClusterRole) DeepCopyInto

                      func (in *ClusterRole) DeepCopyInto(out *ClusterRole)

                        DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                        func (*ClusterRole) DeepCopyObject

                        func (in *ClusterRole) DeepCopyObject() runtime.Object

                          DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                          type ClusterRoleBinding

                          type ClusterRoleBinding struct {
                          	metav1.TypeMeta
                          	// Standard object's metadata.
                          	metav1.ObjectMeta
                          
                          	// Subjects holds references to the objects the role applies to.
                          	Subjects []Subject
                          
                          	// RoleRef can only reference a ClusterRole in the global namespace.
                          	// If the RoleRef cannot be resolved, the Authorizer must return an error.
                          	RoleRef RoleRef
                          }

                            ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.

                            func (*ClusterRoleBinding) DeepCopy

                            func (in *ClusterRoleBinding) DeepCopy() *ClusterRoleBinding

                              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleBinding.

                              func (*ClusterRoleBinding) DeepCopyInto

                              func (in *ClusterRoleBinding) DeepCopyInto(out *ClusterRoleBinding)

                                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                func (*ClusterRoleBinding) DeepCopyObject

                                func (in *ClusterRoleBinding) DeepCopyObject() runtime.Object

                                  DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                  type ClusterRoleBindingBuilder

                                  type ClusterRoleBindingBuilder struct {
                                  	ClusterRoleBinding ClusterRoleBinding
                                  }

                                    +k8s:deepcopy-gen=false ClusterRoleBindingBuilder let's us attach methods. A no-no for API types. We use it to construct bindings in code. It's more compact than trying to write them out in a literal.

                                    func NewClusterBinding

                                    func NewClusterBinding(clusterRoleName string) *ClusterRoleBindingBuilder

                                    func (*ClusterRoleBindingBuilder) Binding

                                    func (*ClusterRoleBindingBuilder) BindingOrDie

                                    func (*ClusterRoleBindingBuilder) Groups

                                    func (*ClusterRoleBindingBuilder) SAs

                                    func (r *ClusterRoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *ClusterRoleBindingBuilder

                                    func (*ClusterRoleBindingBuilder) Users

                                    type ClusterRoleBindingList

                                    type ClusterRoleBindingList struct {
                                    	metav1.TypeMeta
                                    	// Standard object's metadata.
                                    	metav1.ListMeta
                                    
                                    	// Items is a list of ClusterRoleBindings
                                    	Items []ClusterRoleBinding
                                    }

                                      ClusterRoleBindingList is a collection of ClusterRoleBindings

                                      func (*ClusterRoleBindingList) DeepCopy

                                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleBindingList.

                                        func (*ClusterRoleBindingList) DeepCopyInto

                                        func (in *ClusterRoleBindingList) DeepCopyInto(out *ClusterRoleBindingList)

                                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                          func (*ClusterRoleBindingList) DeepCopyObject

                                          func (in *ClusterRoleBindingList) DeepCopyObject() runtime.Object

                                            DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                            type ClusterRoleList

                                            type ClusterRoleList struct {
                                            	metav1.TypeMeta
                                            	// Standard object's metadata.
                                            	metav1.ListMeta
                                            
                                            	// Items is a list of ClusterRoles
                                            	Items []ClusterRole
                                            }

                                              ClusterRoleList is a collection of ClusterRoles

                                              func (*ClusterRoleList) DeepCopy

                                              func (in *ClusterRoleList) DeepCopy() *ClusterRoleList

                                                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterRoleList.

                                                func (*ClusterRoleList) DeepCopyInto

                                                func (in *ClusterRoleList) DeepCopyInto(out *ClusterRoleList)

                                                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                  func (*ClusterRoleList) DeepCopyObject

                                                  func (in *ClusterRoleList) DeepCopyObject() runtime.Object

                                                    DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                    type PolicyRule

                                                    type PolicyRule struct {
                                                    	// Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
                                                    	Verbs []string
                                                    
                                                    	// APIGroups is the name of the APIGroup that contains the resources.
                                                    	// If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
                                                    	APIGroups []string
                                                    	// Resources is a list of resources this rule applies to.  '*' represents all resources in the specified apiGroups.
                                                    	// '*/foo' represents the subresource 'foo' for all resources in the specified apiGroups.
                                                    	Resources []string
                                                    	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.
                                                    	ResourceNames []string
                                                    
                                                    	// NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path
                                                    	// If an action is not a resource API request, then the URL is split on '/' and is checked against the NonResourceURLs to look for a match.
                                                    	// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
                                                    	// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"),  but not both.
                                                    	NonResourceURLs []string
                                                    }

                                                      PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.

                                                      func (PolicyRule) CompactString

                                                      func (r PolicyRule) CompactString() string

                                                        CompactString exposes a compact string representation for use in escalation error messages

                                                        func (*PolicyRule) DeepCopy

                                                        func (in *PolicyRule) DeepCopy() *PolicyRule

                                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule.

                                                          func (*PolicyRule) DeepCopyInto

                                                          func (in *PolicyRule) DeepCopyInto(out *PolicyRule)

                                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                            func (PolicyRule) String

                                                            func (r PolicyRule) String() string

                                                            type PolicyRuleBuilder

                                                            type PolicyRuleBuilder struct {
                                                            	PolicyRule PolicyRule
                                                            }

                                                              +k8s:deepcopy-gen=false PolicyRuleBuilder let's us attach methods. A no-no for API types. We use it to construct rules in code. It's more compact than trying to write them out in a literal and allows us to perform some basic checking during construction

                                                              func NewRule

                                                              func NewRule(verbs ...string) *PolicyRuleBuilder

                                                              func (*PolicyRuleBuilder) Groups

                                                              func (r *PolicyRuleBuilder) Groups(groups ...string) *PolicyRuleBuilder

                                                              func (*PolicyRuleBuilder) Names

                                                              func (r *PolicyRuleBuilder) Names(names ...string) *PolicyRuleBuilder

                                                              func (*PolicyRuleBuilder) Resources

                                                              func (r *PolicyRuleBuilder) Resources(resources ...string) *PolicyRuleBuilder

                                                              func (*PolicyRuleBuilder) Rule

                                                              func (r *PolicyRuleBuilder) Rule() (PolicyRule, error)

                                                              func (*PolicyRuleBuilder) RuleOrDie

                                                              func (r *PolicyRuleBuilder) RuleOrDie() PolicyRule

                                                              func (*PolicyRuleBuilder) URLs

                                                              func (r *PolicyRuleBuilder) URLs(urls ...string) *PolicyRuleBuilder

                                                              type Role

                                                              type Role struct {
                                                              	metav1.TypeMeta
                                                              	// Standard object's metadata.
                                                              	metav1.ObjectMeta
                                                              
                                                              	// Rules holds all the PolicyRules for this Role
                                                              	Rules []PolicyRule
                                                              }

                                                                Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.

                                                                func (*Role) DeepCopy

                                                                func (in *Role) DeepCopy() *Role

                                                                  DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Role.

                                                                  func (*Role) DeepCopyInto

                                                                  func (in *Role) DeepCopyInto(out *Role)

                                                                    DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                    func (*Role) DeepCopyObject

                                                                    func (in *Role) DeepCopyObject() runtime.Object

                                                                      DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                      type RoleBinding

                                                                      type RoleBinding struct {
                                                                      	metav1.TypeMeta
                                                                      	metav1.ObjectMeta
                                                                      
                                                                      	// Subjects holds references to the objects the role applies to.
                                                                      	Subjects []Subject
                                                                      
                                                                      	// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
                                                                      	// If the RoleRef cannot be resolved, the Authorizer must return an error.
                                                                      	RoleRef RoleRef
                                                                      }

                                                                        RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.

                                                                        func (*RoleBinding) DeepCopy

                                                                        func (in *RoleBinding) DeepCopy() *RoleBinding

                                                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBinding.

                                                                          func (*RoleBinding) DeepCopyInto

                                                                          func (in *RoleBinding) DeepCopyInto(out *RoleBinding)

                                                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                            func (*RoleBinding) DeepCopyObject

                                                                            func (in *RoleBinding) DeepCopyObject() runtime.Object

                                                                              DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                              type RoleBindingBuilder

                                                                              type RoleBindingBuilder struct {
                                                                              	RoleBinding RoleBinding
                                                                              }

                                                                                +k8s:deepcopy-gen=false RoleBindingBuilder let's us attach methods. It is similar to ClusterRoleBindingBuilder above.

                                                                                func NewRoleBinding

                                                                                func NewRoleBinding(roleName, namespace string) *RoleBindingBuilder

                                                                                  NewRoleBinding creates a RoleBinding builder that can be used to define the subjects of a role binding. At least one of the `Groups`, `Users` or `SAs` method must be called before calling the `Binding*` methods.

                                                                                  func NewRoleBindingForClusterRole

                                                                                  func NewRoleBindingForClusterRole(roleName, namespace string) *RoleBindingBuilder

                                                                                  func (*RoleBindingBuilder) Binding

                                                                                  func (r *RoleBindingBuilder) Binding() (RoleBinding, error)

                                                                                    Binding builds and returns the RoleBinding API object from the builder object.

                                                                                    func (*RoleBindingBuilder) BindingOrDie

                                                                                    func (r *RoleBindingBuilder) BindingOrDie() RoleBinding

                                                                                      BindingOrDie calls the binding method and panics if there is an error.

                                                                                      func (*RoleBindingBuilder) Groups

                                                                                      func (r *RoleBindingBuilder) Groups(groups ...string) *RoleBindingBuilder

                                                                                        Groups adds the specified groups as the subjects of the RoleBinding.

                                                                                        func (*RoleBindingBuilder) SAs

                                                                                        func (r *RoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *RoleBindingBuilder

                                                                                          SAs adds the specified service accounts as the subjects of the RoleBinding.

                                                                                          func (*RoleBindingBuilder) Users

                                                                                          func (r *RoleBindingBuilder) Users(users ...string) *RoleBindingBuilder

                                                                                            Users adds the specified users as the subjects of the RoleBinding.

                                                                                            type RoleBindingList

                                                                                            type RoleBindingList struct {
                                                                                            	metav1.TypeMeta
                                                                                            	// Standard object's metadata.
                                                                                            	metav1.ListMeta
                                                                                            
                                                                                            	// Items is a list of roleBindings
                                                                                            	Items []RoleBinding
                                                                                            }

                                                                                              RoleBindingList is a collection of RoleBindings

                                                                                              func (*RoleBindingList) DeepCopy

                                                                                              func (in *RoleBindingList) DeepCopy() *RoleBindingList

                                                                                                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleBindingList.

                                                                                                func (*RoleBindingList) DeepCopyInto

                                                                                                func (in *RoleBindingList) DeepCopyInto(out *RoleBindingList)

                                                                                                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                  func (*RoleBindingList) DeepCopyObject

                                                                                                  func (in *RoleBindingList) DeepCopyObject() runtime.Object

                                                                                                    DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                                    type RoleList

                                                                                                    type RoleList struct {
                                                                                                    	metav1.TypeMeta
                                                                                                    	// Standard object's metadata.
                                                                                                    	metav1.ListMeta
                                                                                                    
                                                                                                    	// Items is a list of roles
                                                                                                    	Items []Role
                                                                                                    }

                                                                                                      RoleList is a collection of Roles

                                                                                                      func (*RoleList) DeepCopy

                                                                                                      func (in *RoleList) DeepCopy() *RoleList

                                                                                                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleList.

                                                                                                        func (*RoleList) DeepCopyInto

                                                                                                        func (in *RoleList) DeepCopyInto(out *RoleList)

                                                                                                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                          func (*RoleList) DeepCopyObject

                                                                                                          func (in *RoleList) DeepCopyObject() runtime.Object

                                                                                                            DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

                                                                                                            type RoleRef

                                                                                                            type RoleRef struct {
                                                                                                            	// APIGroup is the group for the resource being referenced
                                                                                                            	APIGroup string
                                                                                                            	// Kind is the type of resource being referenced
                                                                                                            	Kind string
                                                                                                            	// Name is the name of resource being referenced
                                                                                                            	Name string
                                                                                                            }

                                                                                                              RoleRef contains information that points to the role being used

                                                                                                              func (*RoleRef) DeepCopy

                                                                                                              func (in *RoleRef) DeepCopy() *RoleRef

                                                                                                                DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleRef.

                                                                                                                func (*RoleRef) DeepCopyInto

                                                                                                                func (in *RoleRef) DeepCopyInto(out *RoleRef)

                                                                                                                  DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                  type SortableRuleSlice

                                                                                                                  type SortableRuleSlice []PolicyRule

                                                                                                                  func (SortableRuleSlice) DeepCopy

                                                                                                                  func (in SortableRuleSlice) DeepCopy() SortableRuleSlice

                                                                                                                    DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SortableRuleSlice.

                                                                                                                    func (SortableRuleSlice) DeepCopyInto

                                                                                                                    func (in SortableRuleSlice) DeepCopyInto(out *SortableRuleSlice)

                                                                                                                      DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                      func (SortableRuleSlice) Len

                                                                                                                      func (s SortableRuleSlice) Len() int

                                                                                                                      func (SortableRuleSlice) Less

                                                                                                                      func (s SortableRuleSlice) Less(i, j int) bool

                                                                                                                      func (SortableRuleSlice) Swap

                                                                                                                      func (s SortableRuleSlice) Swap(i, j int)

                                                                                                                      type Subject

                                                                                                                      type Subject struct {
                                                                                                                      	// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
                                                                                                                      	// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
                                                                                                                      	Kind string
                                                                                                                      	// APIGroup holds the API group of the referenced subject.
                                                                                                                      	// Defaults to "" for ServiceAccount subjects.
                                                                                                                      	// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
                                                                                                                      	APIGroup string
                                                                                                                      	// Name of the object being referenced.
                                                                                                                      	Name string
                                                                                                                      	// Namespace of the referenced object.  If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
                                                                                                                      	// the Authorizer should report an error.
                                                                                                                      	Namespace string
                                                                                                                      }

                                                                                                                        Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.

                                                                                                                        func (*Subject) DeepCopy

                                                                                                                        func (in *Subject) DeepCopy() *Subject

                                                                                                                          DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subject.

                                                                                                                          func (*Subject) DeepCopyInto

                                                                                                                          func (in *Subject) DeepCopyInto(out *Subject)

                                                                                                                            DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                                                                                                                            Directories

                                                                                                                            Path Synopsis
                                                                                                                            Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery.
                                                                                                                            Package install installs the batch API group, making it available as an option to all of the API encoding/decoding machinery.
                                                                                                                            +groupName=rbac.authorization.k8s.io
                                                                                                                            +groupName=rbac.authorization.k8s.io
                                                                                                                            +groupName=rbac.authorization.k8s.io
                                                                                                                            +groupName=rbac.authorization.k8s.io
                                                                                                                            +groupName=rbac.authorization.k8s.io
                                                                                                                            +groupName=rbac.authorization.k8s.io