api

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 4, 2015 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Policy is a singleton and this is its name
	PolicyName  = "default"
	ResourceAll = "*"
	VerbAll     = "*"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Policy

type Policy struct {
	kapi.TypeMeta   `json:",inline"`
	kapi.ObjectMeta `json:"metadata,omitempty" `

	// LastModified is the last time that any part of the Policy was created, updated, or deleted
	LastModified kutil.Time `json:"lastModified"`

	// Roles holds all the Roles held by this Policy, mapped by Role.Name
	Roles map[string]Role `json:"roles"`
}

Policy is a object that holds all the Roles for a particular namespace. There is at most one Policy document per namespace.

func (*Policy) IsAnAPIObject

func (*Policy) IsAnAPIObject()

type PolicyBinding

type PolicyBinding struct {
	kapi.TypeMeta   `json:",inline"`
	kapi.ObjectMeta `json:"metadata,omitempty"`

	// LastModified is the last time that any part of the PolicyBinding was created, updated, or deleted
	LastModified kutil.Time `json:"lastModified"`

	// PolicyRef is a reference to the Policy that contains all the Roles that this PolicyBinding's RoleBindings may reference
	PolicyRef kapi.ObjectReference `json:"policyRef"`
	// RoleBindings holds all the RoleBindings held by this PolicyBinding, mapped by RoleBinding.Name
	RoleBindings map[string]RoleBinding `json:"roleBindings"`
}

PolicyBinding is a object that holds all the RoleBindings for a particular namespace. There is one PolicyBinding document per referenced Policy namespace

func (*PolicyBinding) IsAnAPIObject

func (*PolicyBinding) IsAnAPIObject()

type PolicyBindingList

type PolicyBindingList struct {
	kapi.TypeMeta `json:",inline"`
	kapi.ListMeta `json:"metadata,omitempty"`
	Items         []PolicyBinding `json:"items"`
}

PolicyBindingList is a collection of PolicyBindings

func (*PolicyBindingList) IsAnAPIObject

func (*PolicyBindingList) IsAnAPIObject()

type PolicyList

type PolicyList struct {
	kapi.TypeMeta `json:",inline"`
	kapi.ListMeta `json:"metadata,omitempty"`
	Items         []Policy `json:"items"`
}

PolicyList is a collection of Policies

func (*PolicyList) IsAnAPIObject

func (*PolicyList) IsAnAPIObject()

type PolicyRule

type PolicyRule struct {
	// Deny is true if any request matching this rule should be denied.  If false, any request matching this rule is allowed.
	Deny bool `json:"deny"`
	// Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule.  VerbAll represents all kinds.
	Verbs []string `json:"verbs"`
	// AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports.
	// If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.
	AttributeRestrictions kruntime.EmbeddedObject `json:"attributeRestrictions"`
	// ResourceKinds is a list of kinds this rule applies to.  ResourceAll represents all kinds.
	ResourceKinds []string `json:"resourceKinds"`
}

PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.

type Role

type Role struct {
	kapi.TypeMeta   `json:",inline"`
	kapi.ObjectMeta `json:"metadata,omitempty"`

	// Rules holds all the PolicyRules for this Role
	Rules []PolicyRule `json:"rules"`
}

Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings.

func (*Role) IsAnAPIObject

func (*Role) IsAnAPIObject()

type RoleBinding

type RoleBinding struct {
	kapi.TypeMeta   `json:",inline"`
	kapi.ObjectMeta `json:"metadata,omitempty"`

	// UserNames holds all the usernames directly bound to the role
	UserNames []string `json:"userNames"`
	// GroupNames holds all the groups directly bound to the role
	GroupNames []string `json:"groupNames"`

	// Since Policy is a singleton, this is sufficient knowledge to locate a role
	// RoleRefs can only reference the current namespace and the global namespace
	// If the RoleRef cannot be resolved, the Authorizer must return an error.
	RoleRef kapi.ObjectReference `json:"roleRef"`
}

RoleBinding references a Role, but not contain it. It adds who and namespace information. It can reference any Role in the same namespace or in the global namespace.

func (*RoleBinding) IsAnAPIObject

func (*RoleBinding) IsAnAPIObject()

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL