Documentation
¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the rbac v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=rbac.istio.io
Package v1alpha1 contains API Schema definitions for the rbac v1alpha1 API group +k8s:deepcopy-gen=package,register +groupName=rbac.istio.io
Index ¶
- Variables
- func RegisterDefaults(scheme *runtime.Scheme) error
- type AccessRule
- type AccessRule_Constraint
- type RoleRef
- type ServiceRole
- type ServiceRoleBinding
- type ServiceRoleBindingList
- type ServiceRoleBindingSpec
- type ServiceRoleBindingStatus
- type ServiceRoleList
- type ServiceRoleSpec
- type ServiceRoleStatus
- type Subject
Constants ¶
This section is empty.
Variables ¶
var ( // SchemeGroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: "rbac.istio.io", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} )
Functions ¶
func RegisterDefaults ¶
RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.
Types ¶
type AccessRule ¶
type AccessRule struct {
// Required. A list of service names.
// Exact match, prefix match, and suffix match are supported for service names.
// For example, the service name "bookstore.mtv.cluster.local" matches
// "bookstore.mtv.cluster.local" (exact match), or "bookstore*" (prefix match),
// or "*.mtv.cluster.local" (suffix match).
// If set to ["*"], it refers to all services in the namespace.
Services []string `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"`
// Optional. A list of HTTP hosts. This is matched against the HOST header in
// a HTTP request. Exact match, prefix match and suffix match are supported.
// For example, the host "test.abc.com" matches "test.abc.com" (exact match),
// or "*.abc.com" (prefix match), or "test.abc.*" (suffix match).
// If not specified, it matches to any host.
// This field should not be set for TCP services. The policy will be ignored.
Hosts []string `protobuf:"bytes,5,rep,name=hosts,proto3" json:"hosts,omitempty"`
// Optional. A list of HTTP hosts that must not be matched.
NotHosts []string `protobuf:"bytes,6,rep,name=not_hosts,json=notHosts,proto3" json:"not_hosts,omitempty"`
// Optional. A list of HTTP paths or gRPC methods.
// gRPC methods must be presented as fully-qualified name in the form of
// "/packageName.serviceName/methodName" and are case sensitive.
// Exact match, prefix match, and suffix match are supported. For example,
// the path "/books/review" matches "/books/review" (exact match),
// or "/books/*" (prefix match), or "*/review" (suffix match).
// If not specified, it matches to any path.
// This field should not be set for TCP services. The policy will be ignored.
Paths []string `protobuf:"bytes,2,rep,name=paths,proto3" json:"paths,omitempty"`
// Optional. A list of HTTP paths or gRPC methods that must not be matched.
NotPaths []string `protobuf:"bytes,7,rep,name=not_paths,json=notPaths,proto3" json:"not_paths,omitempty"`
// Optional. A list of HTTP methods (e.g., "GET", "POST").
// If not specified or specified as "*", it matches to any methods.
// This field should not be set for TCP services. The policy will be ignored.
// For gRPC services, only `POST` is allowed; other methods will result in denying services.
Methods []string `protobuf:"bytes,3,rep,name=methods,proto3" json:"methods,omitempty"`
// Optional. A list of HTTP methods that must not be matched.
// Note: It's an error to set methods and not_methods at the same time.
NotMethods []string `protobuf:"bytes,8,rep,name=not_methods,json=notMethods,proto3" json:"not_methods,omitempty"`
// Optional. A list of port numbers of the request. If not specified, it matches
// to any port number.
// Note: It's an error to set ports and not_ports at the same time.
Ports []int32 `protobuf:"varint,9,rep,packed,name=ports,proto3" json:"ports,omitempty"`
// Optional. A list of port numbers that must not be matched.
// Note: It's an error to set ports and not_ports at the same time.
NotPorts []int32 `protobuf:"varint,10,rep,packed,name=not_ports,json=notPorts,proto3" json:"not_ports,omitempty"`
// Optional. Extra constraints in the ServiceRole specification.
Constraints []*AccessRule_Constraint `protobuf:"bytes,4,rep,name=constraints,proto3" json:"constraints,omitempty"`
}
AccessRule defines a permission to access a list of services.
func (*AccessRule) DeepCopy ¶
func (in *AccessRule) DeepCopy() *AccessRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessRule.
func (*AccessRule) DeepCopyInto ¶
func (in *AccessRule) DeepCopyInto(out *AccessRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AccessRule_Constraint ¶
type AccessRule_Constraint struct {
// Key of the constraint.
Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
// List of valid values for the constraint.
// Exact match, prefix match, and suffix match are supported.
// For example, the value "v1alpha2" matches "v1alpha2" (exact match),
// or "v1*" (prefix match), or "*alpha2" (suffix match).
Values []string `protobuf:"bytes,2,rep,name=values,proto3" json:"values,omitempty"`
}
Definition of a custom constraint. The supported keys are listed in the "constraint and properties" page.
func (*AccessRule_Constraint) DeepCopy ¶
func (in *AccessRule_Constraint) DeepCopy() *AccessRule_Constraint
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessRule_Constraint.
func (*AccessRule_Constraint) DeepCopyInto ¶
func (in *AccessRule_Constraint) DeepCopyInto(out *AccessRule_Constraint)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RoleRef ¶
type RoleRef struct {
// Required. The type of the role being referenced.
// Currently, "ServiceRole" is the only supported value for "kind".
Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
// Required. The name of the ServiceRole object being referenced.
// The ServiceRole object must be in the same namespace as the ServiceRoleBinding object.
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
}
RoleRef refers to a role object.
func (*RoleRef) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleRef.
func (*RoleRef) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceRole ¶
type ServiceRole struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ServiceRoleSpec `json:"spec,omitempty"`
Status ServiceRoleStatus `json:"status,omitempty"`
}
ServiceRole is the Schema for the serviceroles API +k8s:openapi-gen=true
func (*ServiceRole) DeepCopy ¶
func (in *ServiceRole) DeepCopy() *ServiceRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRole.
func (*ServiceRole) DeepCopyInto ¶
func (in *ServiceRole) DeepCopyInto(out *ServiceRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ServiceRole) DeepCopyObject ¶
func (in *ServiceRole) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ServiceRoleBinding ¶
type ServiceRoleBinding struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ServiceRoleBindingSpec `json:"spec,omitempty"`
Status ServiceRoleBindingStatus `json:"status,omitempty"`
}
ServiceRoleBinding is the Schema for the servicerolebindings API +k8s:openapi-gen=true
func (*ServiceRoleBinding) DeepCopy ¶
func (in *ServiceRoleBinding) DeepCopy() *ServiceRoleBinding
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleBinding.
func (*ServiceRoleBinding) DeepCopyInto ¶
func (in *ServiceRoleBinding) DeepCopyInto(out *ServiceRoleBinding)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ServiceRoleBinding) DeepCopyObject ¶
func (in *ServiceRoleBinding) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ServiceRoleBindingList ¶
type ServiceRoleBindingList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ServiceRoleBinding `json:"items"`
}
ServiceRoleBindingList contains a list of ServiceRoleBinding
func (*ServiceRoleBindingList) DeepCopy ¶
func (in *ServiceRoleBindingList) DeepCopy() *ServiceRoleBindingList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleBindingList.
func (*ServiceRoleBindingList) DeepCopyInto ¶
func (in *ServiceRoleBindingList) DeepCopyInto(out *ServiceRoleBindingList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ServiceRoleBindingList) DeepCopyObject ¶
func (in *ServiceRoleBindingList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ServiceRoleBindingSpec ¶
type ServiceRoleBindingSpec struct {
// Required. List of subjects that are assigned the ServiceRole object.
Subjects []*Subject `json:"subjects,omitempty"`
// Required. Reference to the ServiceRole object.
RoleRef *RoleRef `json:"roleRef,omitempty"`
}
ServiceRoleBindingSpec defines the desired state of ServiceRoleBinding +k8s:openapi-gen=true
func (*ServiceRoleBindingSpec) DeepCopy ¶
func (in *ServiceRoleBindingSpec) DeepCopy() *ServiceRoleBindingSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleBindingSpec.
func (*ServiceRoleBindingSpec) DeepCopyInto ¶
func (in *ServiceRoleBindingSpec) DeepCopyInto(out *ServiceRoleBindingSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceRoleBindingStatus ¶
type ServiceRoleBindingStatus struct {
}
ServiceRoleBindingStatus defines the observed state of ServiceRoleBinding +k8s:openapi-gen=true
func (*ServiceRoleBindingStatus) DeepCopy ¶
func (in *ServiceRoleBindingStatus) DeepCopy() *ServiceRoleBindingStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleBindingStatus.
func (*ServiceRoleBindingStatus) DeepCopyInto ¶
func (in *ServiceRoleBindingStatus) DeepCopyInto(out *ServiceRoleBindingStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceRoleList ¶
type ServiceRoleList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ServiceRole `json:"items"`
}
ServiceRoleList contains a list of ServiceRole
func (*ServiceRoleList) DeepCopy ¶
func (in *ServiceRoleList) DeepCopy() *ServiceRoleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleList.
func (*ServiceRoleList) DeepCopyInto ¶
func (in *ServiceRoleList) DeepCopyInto(out *ServiceRoleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ServiceRoleList) DeepCopyObject ¶
func (in *ServiceRoleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ServiceRoleSpec ¶
type ServiceRoleSpec struct {
// Required. The set of access rules (permissions) that the role has.
Rules []*AccessRule `json:"rules,omitempty"`
}
ServiceRoleSpec defines the desired state of ServiceRole +k8s:openapi-gen=true
func (*ServiceRoleSpec) DeepCopy ¶
func (in *ServiceRoleSpec) DeepCopy() *ServiceRoleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleSpec.
func (*ServiceRoleSpec) DeepCopyInto ¶
func (in *ServiceRoleSpec) DeepCopyInto(out *ServiceRoleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceRoleStatus ¶
type ServiceRoleStatus struct {
}
ServiceRoleStatus defines the observed state of ServiceRole +k8s:openapi-gen=true
func (*ServiceRoleStatus) DeepCopy ¶
func (in *ServiceRoleStatus) DeepCopy() *ServiceRoleStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceRoleStatus.
func (*ServiceRoleStatus) DeepCopyInto ¶
func (in *ServiceRoleStatus) DeepCopyInto(out *ServiceRoleStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Subject ¶
type Subject struct {
// Optional. The user name/ID that the subject represents.
User string `protobuf:"bytes,1,opt,name=user,proto3" json:"user,omitempty"`
// Optional. A list of subject names. This is matched to the
// `source.principal` attribute. If one of subject names is "*", it matches to a subject with any name.
// Prefix and suffix matches are supported.
Names []string `protobuf:"bytes,4,rep,name=names,proto3" json:"names,omitempty"`
// Optional. A list of subject names that must not be matched.
NotNames []string `protobuf:"bytes,5,rep,name=not_names,json=notNames,proto3" json:"not_names,omitempty"`
// Optional. The group that the subject belongs to.
// Deprecated. Use groups and not_groups instead.
Group string `protobuf:"bytes,2,opt,name=group,proto3" json:"group,omitempty"` // Deprecated: Do not use.
// Optional. A list of groups that the subject represents. This is matched to the
// `request.auth.claims[groups]` attribute. If not specified, it applies to any groups.
Groups []string `protobuf:"bytes,6,rep,name=groups,proto3" json:"groups,omitempty"`
// Optional. A list of groups that must not be matched.
NotGroups []string `protobuf:"bytes,7,rep,name=not_groups,json=notGroups,proto3" json:"not_groups,omitempty"`
// Optional. A list of namespaces that the subject represents. This is matched to
// the `source.namespace` attribute. If not specified, it applies to any namespaces.
Namespaces []string `protobuf:"bytes,8,rep,name=namespaces,proto3" json:"namespaces,omitempty"`
// Optional. A list of namespaces that must not be matched.
NotNamespaces []string `protobuf:"bytes,9,rep,name=not_namespaces,json=notNamespaces,proto3" json:"not_namespaces,omitempty"`
// Optional. A list of IP address or CIDR ranges that the subject represents.
// E.g. 192.168.100.2 or 10.1.0.0/16. If not specified, it applies to any IP addresses.
Ips []string `protobuf:"bytes,10,rep,name=ips,proto3" json:"ips,omitempty"`
// Optional. A list of IP addresses or CIDR ranges that must not be matched.
NotIps []string `protobuf:"bytes,11,rep,name=not_ips,json=notIps,proto3" json:"not_ips,omitempty"`
// Optional. The set of properties that identify the subject.
Properties map[string]string `` /* 161-byte string literal not displayed */
}
Subject defines an identity. The identity is either a user or identified by a set of `properties`. The supported keys in `properties` are listed in "constraint and properties" page.
func (*Subject) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subject.
func (*Subject) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files