vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/types.go - cloudstack-kubernetes-provider - Git at Google

 /*
 Copyright 2015 The Kubernetes Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */

 // +k8s:openapi-gen=true

 package v1beta1

 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

 // Policy contains a single ABAC policy rule
 type Policy struct {
 	metav1.TypeMeta `json:",inline"`

 	// Spec describes the policy rule
 	Spec PolicySpec `json:"spec"`
 }

 // PolicySpec contains the attributes for a policy rule
 type PolicySpec struct {
 	// User is the username this rule applies to.
 	// Either user or group is required to match the request.
 	// "*" matches all users.
 	// +optional
 	User string `json:"user,omitempty"`

 	// Group is the group this rule applies to.
 	// Either user or group is required to match the request.
 	// "*" matches all groups.
 	// +optional
 	Group string `json:"group,omitempty"`

 	// Readonly matches readonly requests when true, and all requests when false
 	// +optional
 	Readonly bool `json:"readonly,omitempty"`

 	// APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests.
 	// "*" matches all API groups
 	// +optional
 	APIGroup string `json:"apiGroup,omitempty"`

 	// Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests.
 	// "*" matches all resources
 	// +optional
 	Resource string `json:"resource,omitempty"`

 	// Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests.
 	// "*" matches all namespaces (including unnamespaced requests)
 	// +optional
 	Namespace string `json:"namespace,omitempty"`

 	// NonResourcePath matches non-resource request paths.
 	// "*" matches all paths
 	// "/foo/*" matches all subpaths of foo
 	// +optional
 	NonResourcePath string `json:"nonResourcePath,omitempty"`
 }
	/*
	Copyright 2015 The Kubernetes Authors.

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	*/

	// +k8s:openapi-gen=true

	package v1beta1

	import (
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	)

	// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

	// Policy contains a single ABAC policy rule
	type Policy struct {
	metav1.TypeMeta `json:",inline"`

	// Spec describes the policy rule
	Spec PolicySpec `json:"spec"`
	}

	// PolicySpec contains the attributes for a policy rule
	type PolicySpec struct {
	// User is the username this rule applies to.
	// Either user or group is required to match the request.
	// "*" matches all users.
	// +optional
	User string `json:"user,omitempty"`

	// Group is the group this rule applies to.
	// Either user or group is required to match the request.
	// "*" matches all groups.
	// +optional
	Group string `json:"group,omitempty"`

	// Readonly matches readonly requests when true, and all requests when false
	// +optional
	Readonly bool `json:"readonly,omitempty"`

	// APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests.
	// "*" matches all API groups
	// +optional
	APIGroup string `json:"apiGroup,omitempty"`

	// Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests.
	// "*" matches all resources
	// +optional
	Resource string `json:"resource,omitempty"`

	// Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests.
	// "*" matches all namespaces (including unnamespaced requests)
	// +optional
	Namespace string `json:"namespace,omitempty"`

	// NonResourcePath matches non-resource request paths.
	// "*" matches all paths
	// "/foo/*" matches all subpaths of foo
	// +optional
	NonResourcePath string `json:"nonResourcePath,omitempty"`
	}