PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.
- Value Params
- nonResourceRules
nonResourceRules
is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.- resourceRules
resourceRules
is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one ofresourceRules
andnonResourceRules
has to be non-empty.- subjects
subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.
- Companion
- object
Value members
Concrete methods
nonResourceRules
is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.
nonResourceRules
is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.
If the field is not present, fails with com.coralogix.zio.k8s.client.UndefinedField.
resourceRules
is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of resourceRules
and nonResourceRules
has to be non-empty.
resourceRules
is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of resourceRules
and nonResourceRules
has to be non-empty.
If the field is not present, fails with com.coralogix.zio.k8s.client.UndefinedField.
subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.
subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.
This effect always succeeds, it is safe to use the field subjects directly.