v1beta1.LocalSubjectAccessReview
Description
LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.
Object Schema
Expand or mouse-over a field for more information about it.
apiVersion:
kind:
metadata:
annotations:
[string]:
clusterName:
creationTimestamp:
deletionGracePeriodSeconds:
deletionTimestamp:
finalizers:
- [string]:
generateName:
generation:
initializers:
pending:
- name:
result:
apiVersion:
code:
details:
causes:
- field:
message:
reason:
group:
kind:
name:
retryAfterSeconds:
uid:
kind:
message:
metadata:
resourceVersion:
selfLink:
reason:
status:
labels:
[string]:
name:
namespace:
ownerReferences:
- apiVersion:
blockOwnerDeletion:
controller:
kind:
name:
uid:
resourceVersion:
selfLink:
uid:
spec:
extra:
[string]:
group:
- [string]:
nonResourceAttributes:
path:
verb:
resourceAttributes:
group:
name:
namespace:
resource:
subresource:
verb:
version:
user:
status:
allowed:
evaluationError:
reason:
Operations
Create a LocalSubjectAccessReview
Create a LocalSubjectAccessReview
HTTP request
POST /apis/authorization.k8s.io/v1beta1/localsubjectaccessreviews HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'
{
"kind": "LocalSubjectAccessReview",
"apiVersion": "authorization.k8s.io/v1beta1",
...
}
Curl request
$ curl -k \
-X POST \
-d @- \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
https://$ENDPOINT/apis/authorization.k8s.io/v1beta1/localsubjectaccessreviews <<'EOF'
{
"kind": "LocalSubjectAccessReview",
"apiVersion": "authorization.k8s.io/v1beta1",
...
}
EOF
HTTP body
Parameter | Schema |
---|---|
body | v1beta1.LocalSubjectAccessReview |
Query parameters
Parameter | Description |
---|---|
pretty | If ‘true’, then the output is pretty printed. |
Responses
HTTP Code | Schema |
---|---|
200 OK | v1beta1.LocalSubjectAccessReview |
401 Unauthorized |
Consumes
- */*
Produces
application/json
application/yaml
application/vnd.kubernetes.protobuf
Create a LocalSubjectAccessReview in a namespace
Create a LocalSubjectAccessReview
HTTP request
POST /apis/authorization.k8s.io/v1beta1/namespaces/$NAMESPACE/localsubjectaccessreviews HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'
{
"kind": "LocalSubjectAccessReview",
"apiVersion": "authorization.k8s.io/v1beta1",
...
}
Curl request
$ curl -k \
-X POST \
-d @- \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
https://$ENDPOINT/apis/authorization.k8s.io/v1beta1/namespaces/$NAMESPACE/localsubjectaccessreviews <<'EOF'
{
"kind": "LocalSubjectAccessReview",
"apiVersion": "authorization.k8s.io/v1beta1",
...
}
EOF
HTTP body
Parameter | Schema |
---|---|
body | v1beta1.LocalSubjectAccessReview |
Path parameters
Parameter | Description |
---|---|
namespace | object name and auth scope, such as for teams and projects |
Query parameters
Parameter | Description |
---|---|
pretty | If ‘true’, then the output is pretty printed. |
Responses
HTTP Code | Schema |
---|---|
200 OK | v1beta1.LocalSubjectAccessReview |
401 Unauthorized |
Consumes
- */*
Produces
application/json
application/yaml
application/vnd.kubernetes.protobuf