▽

Package abac

Constants

GroupName is the API group for abac

const GroupName = "abac.authorization.kubernetes.io"

Variables

var (
    // SchemeBuilder is the scheme builder with scheme init functions to run for this API package
    SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
    // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme
    AddToScheme = SchemeBuilder.AddToScheme
)

Codecs provides access to encoding and decoding for the scheme

var Codecs = serializer.NewCodecFactory(Scheme)

Scheme is the default instance of runtime.Scheme to which types in the abac API group are api.Registry. TODO: remove this, abac should not have its own scheme.

var Scheme = runtime.NewScheme()

SchemeGroupVersion is the API group version used to register abac internal

var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

type Policy ¶

Policy contains a single ABAC policy rule

type Policy struct {
    metav1.TypeMeta

    // Spec describes the policy rule
    Spec PolicySpec
}

func (*Policy) DeepCopy ¶

func (in *Policy) DeepCopy() *Policy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.

func (*Policy) DeepCopyInto ¶

func (in *Policy) DeepCopyInto(out *Policy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Policy) DeepCopyObject ¶

func (in *Policy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PolicySpec ¶

PolicySpec contains the attributes for a policy rule

type PolicySpec struct {

    // User is the username this rule applies to.
    // Either user or group is required to match the request.
    // "*" matches all users.
    User string

    // Group is the group this rule applies to.
    // Either user or group is required to match the request.
    // "*" matches all groups.
    Group string

    // Readonly matches readonly requests when true, and all requests when false
    Readonly bool

    // APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests.
    // "*" matches all API groups
    APIGroup string

    // Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests.
    // "*" matches all resources
    Resource string

    // Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests.
    // "*" matches all namespaces (including unnamespaced requests)
    Namespace string

    // NonResourcePath matches non-resource request paths.
    // "*" matches all paths
    // "/foo/*" matches all subpaths of foo
    NonResourcePath string
}

func (*PolicySpec) DeepCopy ¶

func (in *PolicySpec) DeepCopy() *PolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec.

func (*PolicySpec) DeepCopyInto ¶

func (in *PolicySpec) DeepCopyInto(out *PolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Subdirectories