From 4bacc2419c2c3e3305b26f05ca882a29736a59ed Mon Sep 17 00:00:00 2001 From: Rick Sostheim Date: Sun, 21 May 2017 21:12:51 -0700 Subject: [PATCH] trivial markdown changes to cleanup page rendering inserted json body pretty printed for further clarity. --- docs/admin/accessing-the-api.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/docs/admin/accessing-the-api.md b/docs/admin/accessing-the-api.md index a819700aff..25bc27d45d 100644 --- a/docs/admin/accessing-the-api.md +++ b/docs/admin/accessing-the-api.md @@ -63,9 +63,18 @@ A request must include the username of the requester, the requested action, and For example, if Bob has the policy below, then he can read pods only in the namespace `projectCarabou`: - ```json - {"apiVersion": "abac.authorization.kubernetes.io/v1beta1", "kind": "Policy", "spec": {"user": "bob", "namespace": "projectCaribou", "resource": "pods", "readonly": true}} - ``` +```json +{ + "apiVersion": "abac.authorization.kubernetes.io/v1beta1", + "kind": "Policy", + "spec": { + "user": "bob", + "namespace": "projectCaribou", + "resource": "pods", + "readonly": true + } +} +``` If Bob makes the following request, the request is authorized because he is allowed to read objects in the `projectCaribou` namespace: ```json @@ -82,7 +91,7 @@ If Bob makes the following request, the request is authorized because he is allo } } ``` -If Bob makes a request to write (`creat`e or `update`) to the objects in the `projectCaribou` namespace, his authorization is denied. If Bob makes a request to read (`get`) objects in a different namespace such as `projectFish`, then his authorization is denied. +If Bob makes a request to write (`create` or `update`) to the objects in the `projectCaribou` namespace, his authorization is denied. If Bob makes a request to read (`get`) objects in a different namespace such as `projectFish`, then his authorization is denied. Kubernetes authorization requires that you use common REST attributes to interact with existing organization-wide or cloud-provider-wide access control systems. It is important to use REST formatting because these control systems might interact with other APIs besides the Kubernetes API.