forked from cw-ozaki/kubernetes-json-schema
-
Notifications
You must be signed in to change notification settings - Fork 0
/
subjectaccessreviewspec-authorization-v1.json
126 lines (126 loc) · 3.86 KB
/
subjectaccessreviewspec-authorization-v1.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
{
"description": "SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set",
"properties": {
"extra": {
"description": "Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.",
"type": "object",
"additionalProperties": {
"type": [
"array",
"null"
],
"items": {
"type": [
"string",
"null"
]
}
}
},
"groups": {
"description": "Groups is the groups you're testing for.",
"type": [
"array",
"null"
],
"items": {
"type": [
"string",
"null"
]
}
},
"nonResourceAttributes": {
"description": "NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface",
"properties": {
"path": {
"description": "Path is the URL path of the request",
"type": [
"string",
"null"
]
},
"verb": {
"description": "Verb is the standard HTTP verb",
"type": [
"string",
"null"
]
}
},
"additionalProperties": false
},
"resourceAttributes": {
"description": "ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface",
"properties": {
"group": {
"description": "Group is the API Group of the Resource. \"*\" means all.",
"type": [
"string",
"null"
]
},
"name": {
"description": "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.",
"type": [
"string",
"null"
]
},
"namespace": {
"description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces \"\" (empty) is defaulted for LocalSubjectAccessReviews \"\" (empty) is empty for cluster-scoped resources \"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview",
"type": [
"string",
"null"
]
},
"resource": {
"description": "Resource is one of the existing resource types. \"*\" means all.",
"type": [
"string",
"null"
]
},
"subresource": {
"description": "Subresource is one of the existing resource types. \"\" means none.",
"type": [
"string",
"null"
]
},
"verb": {
"description": "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
"type": [
"string",
"null"
]
},
"version": {
"description": "Version is the API Version of the Resource. \"*\" means all.",
"type": [
"string",
"null"
]
}
},
"additionalProperties": false
},
"uid": {
"description": "UID information about the requesting user.",
"type": [
"string",
"null"
]
},
"user": {
"description": "User is the user you're testing for. If you specify \"User\" but not \"Groups\", then is it interpreted as \"What if User were not a member of any groups",
"type": [
"string",
"null"
]
}
},
"additionalProperties": false,
"$schema": "http://json-schema.org/schema#",
"type": "object"
}