github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add deny to SAR API

Browse Source
This commit is contained in:
Mike Danese
2017-10-13 13:51:38 -07:00
parent cfe580c99f
commit 096da12fc4
8 changed files with 78 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/apis/authorization/types.go
View File

@@ -140,8 +140,13 @@ type SelfSubjectAccessReviewSpec struct {
// SubjectAccessReviewStatus
type SubjectAccessReviewStatus struct {
// Allowed is required. True if the action would be allowed, false otherwise.
// Allowed is required. True if the action would be allowed, false otherwise.
Allowed bool
// Denied is optional. True if the action would be denied, otherwise
// false. If both allowed is false and denied is false, then the
// authorizer has no opinion on whether to authorize the action. Denied
// may not be true if Allowed is true.
Denied bool
// Reason is optional. It indicates why a request was allowed or denied.
Reason string
// EvaluationError is an indication that some error occurred during the authorization check.