登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

zhuchance / kubernetes

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
types.go 8.03 KB
一键复制 编辑 原始数据 按行查看 历史
mbohlool 提交于 2016-10-14 15:37 . Add +optional tag to all fields with omitempty json tag
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177
/*

Copyright 2015 The Kubernetes Authors.



Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at



    http://www.apache.org/licenses/LICENSE-2.0



Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

*/



package v1beta1



import (

	"fmt"



	"k8s.io/kubernetes/pkg/api/unversioned"

	"k8s.io/kubernetes/pkg/api/v1"

)



// +genclient=true

// +nonNamespaced=true

// +noMethods=true



// SubjectAccessReview checks whether or not a user or group can perform an action.

type SubjectAccessReview struct {

	unversioned.TypeMeta `json:",inline"`

	// +optional

	v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`



	// Spec holds information about the request being evaluated

	Spec SubjectAccessReviewSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`



	// Status is filled in by the server and indicates whether the request is allowed or not

	// +optional

	Status SubjectAccessReviewStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`

}



// +genclient=true

// +nonNamespaced=true

// +noMethods=true



// SelfSubjectAccessReview checks whether or the current user can perform an action.  Not filling in a

// spec.namespace means "in all namespaces".  Self is a special case, because users should always be able

// to check whether they can perform an action

type SelfSubjectAccessReview struct {

	unversioned.TypeMeta `json:",inline"`

	// +optional

	v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`



	// Spec holds information about the request being evaluated.  user and groups must be empty

	Spec SelfSubjectAccessReviewSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`



	// Status is filled in by the server and indicates whether the request is allowed or not

	// +optional

	Status SubjectAccessReviewStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`

}



// +genclient=true

// +noMethods=true



// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace.

// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions

// checking.

type LocalSubjectAccessReview struct {

	unversioned.TypeMeta `json:",inline"`

	// +optional

	v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`



	// Spec holds information about the request being evaluated.  spec.namespace must be equal to the namespace

	// you made the request against.  If empty, it is defaulted.

	Spec SubjectAccessReviewSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`



	// Status is filled in by the server and indicates whether the request is allowed or not

	// +optional

	Status SubjectAccessReviewStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`

}



// ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

type ResourceAttributes struct {

	// Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces

	// "" (empty) is defaulted for LocalSubjectAccessReviews

	// "" (empty) is empty for cluster-scoped resources

	// "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview

	// +optional

	Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"`

	// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy.  "*" means all.

	// +optional

	Verb string `json:"verb,omitempty" protobuf:"bytes,2,opt,name=verb"`

	// Group is the API Group of the Resource.  "*" means all.

	// +optional

	Group string `json:"group,omitempty" protobuf:"bytes,3,opt,name=group"`

	// Version is the API Version of the Resource.  "*" means all.

	// +optional

	Version string `json:"version,omitempty" protobuf:"bytes,4,opt,name=version"`

	// Resource is one of the existing resource types.  "*" means all.

	// +optional

	Resource string `json:"resource,omitempty" protobuf:"bytes,5,opt,name=resource"`

	// Subresource is one of the existing resource types.  "" means none.

	// +optional

	Subresource string `json:"subresource,omitempty" protobuf:"bytes,6,opt,name=subresource"`

	// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.

	// +optional

	Name string `json:"name,omitempty" protobuf:"bytes,7,opt,name=name"`

}



// NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface

type NonResourceAttributes struct {

	// Path is the URL path of the request

	// +optional

	Path string `json:"path,omitempty" protobuf:"bytes,1,opt,name=path"`

	// Verb is the standard HTTP verb

	// +optional

	Verb string `json:"verb,omitempty" protobuf:"bytes,2,opt,name=verb"`

}



// SubjectAccessReviewSpec is a description of the access request.  Exactly one of ResourceAuthorizationAttributes

// and NonResourceAuthorizationAttributes must be set

type SubjectAccessReviewSpec struct {

	// ResourceAuthorizationAttributes describes information for a resource access request

	// +optional

	ResourceAttributes *ResourceAttributes `json:"resourceAttributes,omitempty" protobuf:"bytes,1,opt,name=resourceAttributes"`

	// NonResourceAttributes describes information for a non-resource access request

	// +optional

	NonResourceAttributes *NonResourceAttributes `json:"nonResourceAttributes,omitempty" protobuf:"bytes,2,opt,name=nonResourceAttributes"`



	// User is the user you're testing for.

	// If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups

	// +optional

	User string `json:"user,omitempty" protobuf:"bytes,3,opt,name=verb"`

	// Groups is the groups you're testing for.

	// +optional

	Groups []string `json:"group,omitempty" protobuf:"bytes,4,rep,name=group"`

	// Extra corresponds to the user.Info.GetExtra() method from the authenticator.  Since that is input to the authorizer

	// it needs a reflection here.

	// +optional

	Extra map[string]ExtraValue `json:"extra,omitempty" protobuf:"bytes,5,rep,name=extra"`

}



// ExtraValue masks the value so protobuf can generate

// +protobuf.nullable=true

// +protobuf.options.(gogoproto.goproto_stringer)=false

type ExtraValue []string



func (t ExtraValue) String() string {

	return fmt.Sprintf("%v", []string(t))

}



// SelfSubjectAccessReviewSpec is a description of the access request.  Exactly one of ResourceAuthorizationAttributes

// and NonResourceAuthorizationAttributes must be set

type SelfSubjectAccessReviewSpec struct {

	// ResourceAuthorizationAttributes describes information for a resource access request

	// +optional

	ResourceAttributes *ResourceAttributes `json:"resourceAttributes,omitempty" protobuf:"bytes,1,opt,name=resourceAttributes"`

	// NonResourceAttributes describes information for a non-resource access request

	// +optional

	NonResourceAttributes *NonResourceAttributes `json:"nonResourceAttributes,omitempty" protobuf:"bytes,2,opt,name=nonResourceAttributes"`

}



// SubjectAccessReviewStatus

type SubjectAccessReviewStatus struct {

	// Allowed is required.  True if the action would be allowed, false otherwise.

	Allowed bool `json:"allowed" protobuf:"varint,1,opt,name=allowed"`

	// Reason is optional.  It indicates why a request was allowed or denied.

	// +optional

	Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"`

	// EvaluationError is an indication that some error occurred during the authorization check.

	// It is entirely possible to get an error and be able to continue determine authorization status in spite of it.

	// For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.

	// +optional

	EvaluationError string `json:"evaluationError,omitempty" protobuf:"bytes,3,opt,name=evaluationError"`

}
Go
1
https://gitee.com/meoom/kubernetes.git
git@gitee.com:meoom/kubernetes.git
meoom
kubernetes
kubernetes
v1.5.0-beta.1
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
53164aa7 5694891 3bd8fe86 5694891