"description":"API at /apis/authorization.k8s.io/v1beta1",
"operations":[
...
...
@@ -123,9 +176,9 @@
}
],
"models":{
"v1beta1.SelfSubjectAccessReview":{
"id":"v1beta1.SelfSubjectAccessReview",
"description":"SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means \"in all namespaces\". Self is a special case, because users should always be able to check whether they can perform an action",
"v1beta1.LocalSubjectAccessReview":{
"id":"v1beta1.LocalSubjectAccessReview",
"description":"LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.",
"required":[
"spec"
],
...
...
@@ -142,8 +195,8 @@
"$ref":"v1.ObjectMeta"
},
"spec":{
"$ref":"v1beta1.SelfSubjectAccessReviewSpec",
"description":"Spec holds information about the request being evaluated. user and groups must be empty"
"$ref":"v1beta1.SubjectAccessReviewSpec",
"description":"Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted."
},
"status":{
"$ref":"v1beta1.SubjectAccessReviewStatus",
...
...
@@ -259,9 +312,9 @@
}
}
},
"v1beta1.SelfSubjectAccessReviewSpec":{
"id":"v1beta1.SelfSubjectAccessReviewSpec",
"description":"SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set",
"v1beta1.SubjectAccessReviewSpec":{
"id":"v1beta1.SubjectAccessReviewSpec",
"description":"SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set",
"properties":{
"resourceAttributes":{
"$ref":"v1beta1.ResourceAttributes",
...
...
@@ -270,6 +323,21 @@
"nonResourceAttributes":{
"$ref":"v1beta1.NonResourceAttributes",
"description":"NonResourceAttributes describes information for a non-resource access request"
},
"user":{
"type":"string",
"description":"User is the user you're testing for. If you specify \"User\" but not \"Group\", then is it interpreted as \"What if User were not a member of any groups"
},
"group":{
"type":"array",
"items":{
"type":"string"
},
"description":"Groups is the groups you're testing for."
},
"extra":{
"type":"object",
"description":"Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here."
}
}
},
...
...
@@ -342,9 +410,9 @@
}
}
},
"v1beta1.SubjectAccessReview":{
"id":"v1beta1.SubjectAccessReview",
"description":"SubjectAccessReview checks whether or not a user or group can perform an action.",
"v1beta1.SelfSubjectAccessReview":{
"id":"v1beta1.SelfSubjectAccessReview",
"description":"SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means \"in all namespaces\". Self is a special case, because users should always be able to check whether they can perform an action",
"required":[
"spec"
],
...
...
@@ -361,8 +429,8 @@
"$ref":"v1.ObjectMeta"
},
"spec":{
"$ref":"v1beta1.SubjectAccessReviewSpec",
"description":"Spec holds information about the request being evaluated"
"$ref":"v1beta1.SelfSubjectAccessReviewSpec",
"description":"Spec holds information about the request being evaluated. user and groups must be empty"
},
"status":{
"$ref":"v1beta1.SubjectAccessReviewStatus",
...
...
@@ -370,9 +438,9 @@
}
}
},
"v1beta1.SubjectAccessReviewSpec":{
"id":"v1beta1.SubjectAccessReviewSpec",
"description":"SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set",
"v1beta1.SelfSubjectAccessReviewSpec":{
"id":"v1beta1.SelfSubjectAccessReviewSpec",
"description":"SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set",
"properties":{
"resourceAttributes":{
"$ref":"v1beta1.ResourceAttributes",
...
...
@@ -381,21 +449,34 @@
"nonResourceAttributes":{
"$ref":"v1beta1.NonResourceAttributes",
"description":"NonResourceAttributes describes information for a non-resource access request"
}
}
},
"v1beta1.SubjectAccessReview":{
"id":"v1beta1.SubjectAccessReview",
"description":"SubjectAccessReview checks whether or not a user or group can perform an action.",
"required":[
"spec"
],
"properties":{
"kind":{
"type":"string",
"description":"Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds"
},
"user":{
"apiVersion":{
"type":"string",
"description":"User is the user you're testing for. If you specify \"User\" but not \"Group\", then is it interpreted as \"What if User were not a member of any groups"
"description":"APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources"
},
"group":{
"type":"array",
"items":{
"type":"string"
},
"description":"Groups is the groups you're testing for."
"metadata":{
"$ref":"v1.ObjectMeta"
},
"extra":{
"type":"object",
"description":"Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here."
"spec":{
"$ref":"v1beta1.SubjectAccessReviewSpec",
"description":"Spec holds information about the request being evaluated"
},
"status":{
"$ref":"v1beta1.SubjectAccessReviewStatus",
"description":"Status is filled in by the server and indicates whether the request is allowed or not"