v1¶

class pulumi_kubernetes.authorization.v1.LocalSubjectAccessReview(resource_name, opts=None, spec=None, metadata=None, __name__=None, __opts__=None)¶

LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.

Create a LocalSubjectAccessReview resource with the given unique name, arguments, and options.

Parameters

• resource_name (str) – The unique name of the resource.

• opts (pulumi.ResourceOptions) – A bag of options that control this resource’s behavior.

• spec (pulumi.Input[dict]) – Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.

• metadata (pulumi.Input[dict]) –

apiVersion: pulumi.Output[str] = None¶

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

kind: pulumi.Output[str] = None¶

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

spec: pulumi.Output[dict] = None¶

Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.

status: pulumi.Output[dict] = None¶

Status is filled in by the server and indicates whether the request is allowed or not

static get(resource_name, id, opts=None)¶

Get the state of an existing LocalSubjectAccessReview resource, as identified by id. The ID is of the form [namespace]/[name]; if [namespace] is omitted, then (per Kubernetes convention) the ID becomes default/[name].

Pulumi will keep track of this resource using resource_name as the Pulumi ID.

Parameters

• resource_name (str) – Unique name used to register this resource with Pulumi.

• id (pulumi.Input[str]) – An ID for the Kubernetes resource to retrieve. Takes the form [namespace]/[name] or [name].

• opts (Optional[pulumi.ResourceOptions]) – A bag of options that control this resource’s behavior.

translate_output_property(prop: str) → str¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop: str) → str¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_kubernetes.authorization.v1.SelfSubjectAccessReview(resource_name, opts=None, spec=None, metadata=None, __name__=None, __opts__=None)¶

SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means “in all namespaces”. Self is a special case, because users should always be able to check whether they can perform an action

Create a SelfSubjectAccessReview resource with the given unique name, arguments, and options.

Parameters

• resource_name (str) – The unique name of the resource.

• opts (pulumi.ResourceOptions) – A bag of options that control this resource’s behavior.

• spec (pulumi.Input[dict]) – Spec holds information about the request being evaluated. user and groups must be empty

• metadata (pulumi.Input[dict]) –

apiVersion: pulumi.Output[str] = None¶

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

kind: pulumi.Output[str] = None¶

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

spec: pulumi.Output[dict] = None¶

Spec holds information about the request being evaluated. user and groups must be empty

status: pulumi.Output[dict] = None¶

Status is filled in by the server and indicates whether the request is allowed or not

static get(resource_name, id, opts=None)¶

Get the state of an existing SelfSubjectAccessReview resource, as identified by id. The ID is of the form [namespace]/[name]; if [namespace] is omitted, then (per Kubernetes convention) the ID becomes default/[name].

Pulumi will keep track of this resource using resource_name as the Pulumi ID.

Parameters

• resource_name (str) – Unique name used to register this resource with Pulumi.

• id (pulumi.Input[str]) – An ID for the Kubernetes resource to retrieve. Takes the form [namespace]/[name] or [name].

• opts (Optional[pulumi.ResourceOptions]) – A bag of options that control this resource’s behavior.

translate_output_property(prop: str) → str¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop: str) → str¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_kubernetes.authorization.v1.SelfSubjectRulesReview(resource_name, opts=None, spec=None, metadata=None, __name__=None, __opts__=None)¶

SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server’s authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.

Create a SelfSubjectRulesReview resource with the given unique name, arguments, and options.

Parameters

• resource_name (str) – The unique name of the resource.

• opts (pulumi.ResourceOptions) – A bag of options that control this resource’s behavior.

• spec (pulumi.Input[dict]) – Spec holds information about the request being evaluated.

• metadata (pulumi.Input[dict]) –

apiVersion: pulumi.Output[str] = None¶

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

kind: pulumi.Output[str] = None¶

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

spec: pulumi.Output[dict] = None¶

Spec holds information about the request being evaluated.

status: pulumi.Output[dict] = None¶

Status is filled in by the server and indicates the set of actions a user can perform.

static get(resource_name, id, opts=None)¶

Get the state of an existing SelfSubjectRulesReview resource, as identified by id. The ID is of the form [namespace]/[name]; if [namespace] is omitted, then (per Kubernetes convention) the ID becomes default/[name].

Pulumi will keep track of this resource using resource_name as the Pulumi ID.

Parameters

• resource_name (str) – Unique name used to register this resource with Pulumi.

• id (pulumi.Input[str]) – An ID for the Kubernetes resource to retrieve. Takes the form [namespace]/[name] or [name].

• opts (Optional[pulumi.ResourceOptions]) – A bag of options that control this resource’s behavior.

translate_output_property(prop: str) → str¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop: str) → str¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_kubernetes.authorization.v1.SubjectAccessReview(resource_name, opts=None, spec=None, metadata=None, __name__=None, __opts__=None)¶

SubjectAccessReview checks whether or not a user or group can perform an action.

Create a SubjectAccessReview resource with the given unique name, arguments, and options.

Parameters

• resource_name (str) – The unique name of the resource.

• opts (pulumi.ResourceOptions) – A bag of options that control this resource’s behavior.

• spec (pulumi.Input[dict]) – Spec holds information about the request being evaluated

• metadata (pulumi.Input[dict]) –

apiVersion: pulumi.Output[str] = None¶

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

kind: pulumi.Output[str] = None¶

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

spec: pulumi.Output[dict] = None¶

Spec holds information about the request being evaluated

status: pulumi.Output[dict] = None¶

Status is filled in by the server and indicates whether the request is allowed or not

static get(resource_name, id, opts=None)¶

Get the state of an existing SubjectAccessReview resource, as identified by id. The ID is of the form [namespace]/[name]; if [namespace] is omitted, then (per Kubernetes convention) the ID becomes default/[name].

Pulumi will keep track of this resource using resource_name as the Pulumi ID.

Parameters

• resource_name (str) – Unique name used to register this resource with Pulumi.

• id (pulumi.Input[str]) – An ID for the Kubernetes resource to retrieve. Takes the form [namespace]/[name] or [name].

• opts (Optional[pulumi.ResourceOptions]) – A bag of options that control this resource’s behavior.

translate_output_property(prop: str) → str¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop: str) → str¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str