Description

SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server’s authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.

Object Schema

Expand or mouse-over a field for more information about it.

apiVersion:
kind:
metadata:
annotations:
[string]:
clusterName:
creationTimestamp:
deletionGracePeriodSeconds:
deletionTimestamp:
finalizers:
- [string]:
generateName:
generation:
initializers:
pending:
- name:
result:
apiVersion:
code:
details:
causes:
- field:
message:
reason:
group:
kind:
name:
retryAfterSeconds:
uid:
kind:
message:
metadata:
continue:
resourceVersion:
selfLink:
reason:
status:
labels:
[string]:
name:
namespace:
ownerReferences:
- apiVersion:
blockOwnerDeletion:
controller:
kind:
name:
uid:
resourceVersion:
selfLink:
uid:
spec:
namespace:
status:
evaluationError:
incomplete:
nonResourceRules:
- nonResourceURLs:
- - [string]:
verbs:
- [string]:
resourceRules:
- apiGroups:
- - [string]:
resourceNames:
- [string]:
resources:
- [string]:
verbs:
- [string]:

Operations

Create a SelfSubjectRulesReview

Create a SelfSubjectRulesReview

HTTP request

POST /apis/authorization.k8s.io/v1beta1/selfsubjectrulesreviews HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'

{
  "kind": "SelfSubjectRulesReview",
  "apiVersion": "authorization.k8s.io/v1beta1",
  ...
}

Curl request

$ curl -k \
    -X POST \
    -d @- \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json' \
    https://$ENDPOINT/apis/authorization.k8s.io/v1beta1/selfsubjectrulesreviews <<'EOF'
{
  "kind": "SelfSubjectRulesReview",
  "apiVersion": "authorization.k8s.io/v1beta1",
  ...
}
EOF

HTTP body

Parameter Schema

body

v1beta1.SelfSubjectRulesReview

Query parameters

Parameter Description

pretty

If 'true', then the output is pretty printed.

Responses

HTTP Code Schema

200 OK

v1beta1.SelfSubjectRulesReview

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf