Description

LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.

Object Schema

Expand or mouse-over a field for more information about it.

apiVersion:
kind:
metadata:
annotations:
[string]:
clusterName:
creationTimestamp:
deletionGracePeriodSeconds:
deletionTimestamp:
finalizers:
- [string]:
generateName:
generation:
initializers:
pending:
- name:
result:
apiVersion:
code:
details:
causes:
- field:
message:
reason:
group:
kind:
name:
retryAfterSeconds:
uid:
kind:
message:
metadata:
resourceVersion:
selfLink:
reason:
status:
labels:
[string]:
name:
namespace:
ownerReferences:
- apiVersion:
blockOwnerDeletion:
controller:
kind:
name:
uid:
resourceVersion:
selfLink:
uid:
spec:
extra:
[string]:
group:
- [string]:
nonResourceAttributes:
path:
verb:
resourceAttributes:
group:
name:
namespace:
resource:
subresource:
verb:
version:
user:
status:
allowed:
evaluationError:
reason:

Operations

Create a LocalSubjectAccessReview

Create a LocalSubjectAccessReview

HTTP request

POST /apis/authorization.k8s.io/v1beta1/localsubjectaccessreviews HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'

{
  "kind": "LocalSubjectAccessReview",
  "apiVersion": "authorization.k8s.io/v1beta1",
  ...
}

Curl request

$ curl -k \
    -X POST \
    -d @- \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json' \
    https://$ENDPOINT/apis/authorization.k8s.io/v1beta1/localsubjectaccessreviews <<'EOF'
{
  "kind": "LocalSubjectAccessReview",
  "apiVersion": "authorization.k8s.io/v1beta1",
  ...
}
EOF

HTTP body

Parameter Schema

body

v1beta1.LocalSubjectAccessReview

Query parameters

Parameter Description

pretty

If 'true', then the output is pretty printed.

Responses

HTTP Code Schema

200 OK

v1beta1.LocalSubjectAccessReview

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf

Create a LocalSubjectAccessReview in a namespace

Create a LocalSubjectAccessReview

HTTP request

POST /apis/authorization.k8s.io/v1beta1/namespaces/$NAMESPACE/localsubjectaccessreviews HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'

{
  "kind": "LocalSubjectAccessReview",
  "apiVersion": "authorization.k8s.io/v1beta1",
  ...
}

Curl request

$ curl -k \
    -X POST \
    -d @- \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json' \
    https://$ENDPOINT/apis/authorization.k8s.io/v1beta1/namespaces/$NAMESPACE/localsubjectaccessreviews <<'EOF'
{
  "kind": "LocalSubjectAccessReview",
  "apiVersion": "authorization.k8s.io/v1beta1",
  ...
}
EOF

HTTP body

Parameter Schema

body

v1beta1.LocalSubjectAccessReview

Path parameters

Parameter Description

namespace

object name and auth scope, such as for teams and projects

Query parameters

Parameter Description

pretty

If 'true', then the output is pretty printed.

Responses

HTTP Code Schema

200 OK

v1beta1.LocalSubjectAccessReview

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf