kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
website/docs/api-reference/v1.5/documents/_generated_subjectaccessrev...

4.0 KiB
Raw Blame History

SubjectAccessReview v1beta1

Group Version Kind
Authorization v1beta1 SubjectAccessReview

SubjectAccessReview checks whether or not a user or group can perform an action.

Field Description
apiVersion
string		 APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
kind
string		 Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
metadata
ObjectMeta
spec
SubjectAccessReviewSpec		 Spec holds information about the request being evaluated
status
SubjectAccessReviewStatus		 Status is filled in by the server and indicates whether the request is allowed or not

SubjectAccessReviewSpec v1beta1

Field Description
extra
object		 Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.
group
string array		 Groups is the groups you're testing for.
nonResourceAttributes
NonResourceAttributes		 NonResourceAttributes describes information for a non-resource access request
resourceAttributes
ResourceAttributes		 ResourceAuthorizationAttributes describes information for a resource access request
user
string		 User is the user you're testing for. If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups

SubjectAccessReviewStatus v1beta1

Field Description
allowed
boolean		 Allowed is required. True if the action would be allowed, false otherwise.
evaluationError
string		 EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
reason
string		 Reason is optional. It indicates why a request was allowed or denied.

Write Operations

See supported operations below...

Create

bdocs-tab:kubectl kubectl Command


Coming Soon

bdocs-tab:curl curl Command (requires kubectl proxy to be running)


Coming Soon

bdocs-tab:kubectl Output


Coming Soon

bdocs-tab:curl Response Body


Coming Soon

create a SubjectAccessReview

HTTP Request

POST /apis/authorization.k8s.io/v1beta1/subjectaccessreviews

Query Parameters

Parameter Description
pretty If 'true', then the output is pretty printed.

Body Parameters

Parameter Description
body
SubjectAccessReview

Response

Code Description
200
SubjectAccessReview		 OK