github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-16 23:29:21 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #8508 from caesarxuchao/authorization-docs

Browse Source 
update docs/authorization.md to v1beta3
This commit is contained in:
Dawn Chen 2015-05-21 09:24:20 -07:00
commit 0df124dca4
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/authorization.md
View File

@ -30,7 +30,7 @@ A request has 4 attributes that can be considered for authorization:
- whether the request is readonly (GETs are readonly) - whether the request is readonly (GETs are readonly)
- what resource is being accessed - what resource is being accessed
- applies only to the API endpoints, such as - applies only to the API endpoints, such as
`/api/v1beta1/pods`. For miscelaneous endpoints, like `/version`, the `/api/v1beta3/namespaces/default/pods`. For miscelaneous endpoints, like `/version`, the
resource is the empty string. resource is the empty string.
- the namespace of the object being access, or the empty string if the - the namespace of the object being access, or the empty string if the
endpoint does not support namespaced objects. endpoint does not support namespaced objects.
@ -46,11 +46,11 @@ The file format is [one JSON object per line](http://jsonlines.org/). There sho
one map per line. one map per line.
Each line is a "policy object". A policy object is a map with the following properties: Each line is a "policy object". A policy object is a map with the following properties:
- `user`, type string; the user-string from `--token_auth_file` - `user`, type string; the user-string from `--token_auth_file`
- `readonly`, type boolean, when true, means that the policy only applies to GET - `readonly`, type boolean, when true, means that the policy only applies to GET
operations. operations.
- `resource`, type string; a resource from an URL, such as `pods`. - `resource`, type string; a resource from an URL, such as `pods`.
- `namespace`, type string; a namespace string. - `namespace`, type string; a namespace string.
An unset property is the same as a property set to the zero value for its type (e.g. empty string, 0, false). An unset property is the same as a property set to the zero value for its type (e.g. empty string, 0, false).
However, unset should be preferred for readability. However, unset should be preferred for readability.