v1beta1.LocalSubjectAccessReview

You are viewing documentation for a release that is no longer supported. The latest supported version of version 3 is [3.11]. For the most recent version 4, see [4]

You are viewing documentation for a release that is no longer supported. The latest supported version of version 3 is [3.11]. For the most recent version 4, see [4]

Description

LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.

Object Schema

Expand or mouse-over a field for more information about it.

  1. apiVersion:
  2. kind:
  3. metadata:
  4. annotations:
  5. [string]:
  6. clusterName:
  7. creationTimestamp:
  8. deletionGracePeriodSeconds:
  9. deletionTimestamp:
  10. finalizers:
  11. - [string]:
  12. generateName:
  13. generation:
  14. initializers:
  15. pending:
  16. - name:
  17. result:
  18. apiVersion:
  19. code:
  20. details:
  21. causes:
  22. - field:
  23. message:
  24. reason:
  25. group:
  26. kind:
  27. name:
  28. retryAfterSeconds:
  29. uid:
  30. kind:
  31. message:
  32. metadata:
  33. resourceVersion:
  34. selfLink:
  35. reason:
  36. status:
  37. labels:
  38. [string]:
  39. name:
  40. namespace:
  41. ownerReferences:
  42. - apiVersion:
  43. blockOwnerDeletion:
  44. controller:
  45. kind:
  46. name:
  47. uid:
  48. resourceVersion:
  49. selfLink:
  50. uid:
  51. spec:
  52. extra:
  53. [string]:
  54. group:
  55. - [string]:
  56. nonResourceAttributes:
  57. path:
  58. verb:
  59. resourceAttributes:
  60. group:
  61. name:
  62. namespace:
  63. resource:
  64. subresource:
  65. verb:
  66. version:
  67. user:
  68. status:
  69. allowed:
  70. evaluationError:
  71. reason:

Operations

Create a LocalSubjectAccessReview

Create a LocalSubjectAccessReview

HTTP request

  1. POST /apis/authorization.k8s.io/v1beta1/localsubjectaccessreviews HTTP/1.1
  2. Authorization: Bearer $TOKEN
  3. Accept: application/json
  4. Connection: close
  5. Content-Type: application/json'
  6. {
  7. "kind": "LocalSubjectAccessReview",
  8. "apiVersion": "authorization.k8s.io/v1beta1",
  9. ...
  10. }

Curl request

  1. $ curl -k \
  2. -X POST \
  3. -d @- \
  4. -H "Authorization: Bearer $TOKEN" \
  5. -H 'Accept: application/json' \
  6. -H 'Content-Type: application/json' \
  7. https://$ENDPOINT/apis/authorization.k8s.io/v1beta1/localsubjectaccessreviews <<'EOF'
  8. {
  9. "kind": "LocalSubjectAccessReview",
  10. "apiVersion": "authorization.k8s.io/v1beta1",
  11. ...
  12. }
  13. EOF

HTTP body

ParameterSchema

body

v1beta1.LocalSubjectAccessReview

Query parameters

ParameterDescription

pretty

If ‘true’, then the output is pretty printed.

Responses

HTTP CodeSchema

200 OK

v1beta1.LocalSubjectAccessReview

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf

Create a LocalSubjectAccessReview in a namespace

Create a LocalSubjectAccessReview

HTTP request

  1. POST /apis/authorization.k8s.io/v1beta1/namespaces/$NAMESPACE/localsubjectaccessreviews HTTP/1.1
  2. Authorization: Bearer $TOKEN
  3. Accept: application/json
  4. Connection: close
  5. Content-Type: application/json'
  6. {
  7. "kind": "LocalSubjectAccessReview",
  8. "apiVersion": "authorization.k8s.io/v1beta1",
  9. ...
  10. }

Curl request

  1. $ curl -k \
  2. -X POST \
  3. -d @- \
  4. -H "Authorization: Bearer $TOKEN" \
  5. -H 'Accept: application/json' \
  6. -H 'Content-Type: application/json' \
  7. https://$ENDPOINT/apis/authorization.k8s.io/v1beta1/namespaces/$NAMESPACE/localsubjectaccessreviews <<'EOF'
  8. {
  9. "kind": "LocalSubjectAccessReview",
  10. "apiVersion": "authorization.k8s.io/v1beta1",
  11. ...
  12. }
  13. EOF

HTTP body

ParameterSchema

body

v1beta1.LocalSubjectAccessReview

Path parameters

ParameterDescription

namespace

object name and auth scope, such as for teams and projects

Query parameters

ParameterDescription

pretty

If ‘true’, then the output is pretty printed.

Responses

HTTP CodeSchema

200 OK

v1beta1.LocalSubjectAccessReview

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf