ResourceAttributes

ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface

Schema URL

https://raw.githubusercontent.com/nlamirault/schema-hub/main/schemas/authorization.api.k8s.io/ResourceAttributes_v1.json

▶ Usage examples

VS Code / yaml-language-server

# yaml-language-server: $schema=https://raw.githubusercontent.com/nlamirault/schema-hub/main/schemas/authorization.api.k8s.io/ResourceAttributes_v1.json

kubeconform

kubeconform -schema-location 'https://raw.githubusercontent.com/nlamirault/schema-hub/main/schemas/{{ .Group }}/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json' manifest.yaml

Resource Structure

fieldSelectorobject

fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.

groupstring

Group is the API Group of the Resource. "*" means all.

labelSelectorobject

labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.

namestring

Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.

namespacestring

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview

resourcestring

Resource is one of the existing resource types. "*" means all.

subresourcestring

Subresource is one of the existing resource types. "" means none.

verbstring

Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.

versionstring

Version is the API Version of the Resource. "*" means all.