kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
website/content/en/docs/reference/kubernetes-api/authorization-resources/local-subject-access-review...

3.4 KiB
Raw Permalink Blame History

api_metadata content_type description title weight auto_generated
apiVersion import kind
authorization.k8s.io/v1 k8s.io/api/authorization/v1 LocalSubjectAccessReview
api_reference LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. LocalSubjectAccessReview 1 true

apiVersion: authorization.k8s.io/v1

import "k8s.io/api/authorization/v1"

LocalSubjectAccessReview

LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.

  • apiVersion: authorization.k8s.io/v1

  • kind: LocalSubjectAccessReview

  • metadata (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta)

  • spec (<a href="{{< ref "../authorization-resources/subject-access-review-v1#SubjectAccessReviewSpec" >}}">SubjectAccessReviewSpec), required

    Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.

  • status (<a href="{{< ref "../authorization-resources/subject-access-review-v1#SubjectAccessReviewStatus" >}}">SubjectAccessReviewStatus)

    Status is filled in by the server and indicates whether the request is allowed or not

Operations

create create a LocalSubjectAccessReview

HTTP Request

POST /apis/authorization.k8s.io/v1/namespaces/{namespace}/localsubjectaccessreviews

Parameters

  • namespace (in path): string, required

    <a href="{{< ref "../common-parameters/common-parameters#namespace" >}}">namespace

  • body: <a href="{{< ref "../authorization-resources/local-subject-access-review-v1#LocalSubjectAccessReview" >}}">LocalSubjectAccessReview, required

  • dryRun (in query): string

    <a href="{{< ref "../common-parameters/common-parameters#dryRun" >}}">dryRun

  • fieldManager (in query): string

    <a href="{{< ref "../common-parameters/common-parameters#fieldManager" >}}">fieldManager

  • pretty (in query): string

    <a href="{{< ref "../common-parameters/common-parameters#pretty" >}}">pretty

Response

200 (<a href="{{< ref "../authorization-resources/local-subject-access-review-v1#LocalSubjectAccessReview" >}}">LocalSubjectAccessReview): OK

201 (<a href="{{< ref "../authorization-resources/local-subject-access-review-v1#LocalSubjectAccessReview" >}}">LocalSubjectAccessReview): Created

202 (<a href="{{< ref "../authorization-resources/local-subject-access-review-v1#LocalSubjectAccessReview" >}}">LocalSubjectAccessReview): Accepted

401: Unauthorized