class Pyrite::Api::Authorization::V1::SelfSubjectRulesReview
- Pyrite::Api::Authorization::V1::SelfSubjectRulesReview
- Pyrite::Kubernetes::Object
- Pyrite::Kubernetes::Resource
- Pyrite::Kubernetes::Spec
- Reference
- Object
Overview
SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to [show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.](show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.)
Defined in:
versions/v1.14/api/authorization/v1/self_subject_rules_review.crConstructors
-
.new(ctx : YAML::ParseContext, node : YAML::Nodes::Node)
SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace.
-
.new(pull : JSON::PullParser)
SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace.
- .new(*, metadata : Apimachinery::Apis::Meta::V1::ObjectMeta? = nil, spec : Api::Authorization::V1::SelfSubjectRulesReviewSpec, status : Api::Authorization::V1::SubjectRulesReviewStatus? = nil)
Instance Method Summary
- #spec : Api::Authorization::V1::SelfSubjectRulesReviewSpec
- #spec=(spec : Api::Authorization::V1::SelfSubjectRulesReviewSpec)
- #status : Api::Authorization::V1::SubjectRulesReviewStatus?
- #status=(status : Api::Authorization::V1::SubjectRulesReviewStatus?)
Instance methods inherited from class Pyrite::Kubernetes::Object
metadata : Apimachinery::Apis::Meta::V1::ObjectMeta?
metadata,
metadata=(metadata : Apimachinery::Apis::Meta::V1::ObjectMeta?)
metadata=
Constructor methods inherited from class Pyrite::Kubernetes::Object
new(ctx : YAML::ParseContext, node : YAML::Nodes::Node)new(pull : JSON::PullParser) new
Instance methods inherited from class Pyrite::Kubernetes::Resource
api_version : String
api_version,
kind : String
kind
Constructor methods inherited from class Pyrite::Kubernetes::Resource
new(ctx : YAML::ParseContext, node : YAML::Nodes::Node)new(pull : JSON::PullParser) new
Constructor methods inherited from class Pyrite::Kubernetes::Spec
new(ctx : YAML::ParseContext, node : YAML::Nodes::Node)new(pull : JSON::PullParser) new
Constructor Detail
SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to [show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.](show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.)
SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to [show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.](show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.)