Skip to content

authorization.v1.subjectAccessReviewSpec

"SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set"

Index

Fields

fn withExtra

withExtra(extra)

"Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here."

fn withExtraMixin

withExtraMixin(extra)

"Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here."

Note: This function appends passed data to existing values

fn withGroups

withGroups(groups)

"Groups is the groups you're testing for."

fn withGroupsMixin

withGroupsMixin(groups)

"Groups is the groups you're testing for."

Note: This function appends passed data to existing values

fn withUid

withUid(uid)

"UID information about the requesting user."

fn withUser

withUser(user)

"User is the user you're testing for. If you specify \"User\" but not \"Groups\", then is it interpreted as \"What if User were not a member of any groups"

obj nonResourceAttributes

"NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface"

fn nonResourceAttributes.withPath

withPath(path)

"Path is the URL path of the request"

fn nonResourceAttributes.withVerb

withVerb(verb)

"Verb is the standard HTTP verb"

obj resourceAttributes

"ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface"

fn resourceAttributes.withGroup

withGroup(group)

"Group is the API Group of the Resource. \"*\" means all."

fn resourceAttributes.withName

withName(name)

"Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all."

fn resourceAttributes.withNamespace

withNamespace(namespace)

"Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces \"\" (empty) is defaulted for LocalSubjectAccessReviews \"\" (empty) is empty for cluster-scoped resources \"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview"

fn resourceAttributes.withResource

withResource(resource)

"Resource is one of the existing resource types. \"*\" means all."

fn resourceAttributes.withSubresource

withSubresource(subresource)

"Subresource is one of the existing resource types. \"\" means none."

fn resourceAttributes.withVerb

withVerb(verb)

"Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all."

fn resourceAttributes.withVersion

withVersion(version)

"Version is the API Version of the Resource. \"*\" means all."