Subject Schema¶
Note
This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.
Return to the root config schema
https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/user/properties/extraClusterRoleBindings/additionalProperties/properties/subjects/items
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.
| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
|---|---|---|---|---|---|---|---|
| Can be instantiated | No | Unknown status | No | Forbidden | Allowed | none | config/schemas/config.yaml* |
TYPE:
object (Subject)
PROPERTIES:
| Property | Type | Required | Nullable | Defined by |
|---|---|---|---|---|
| apiGroup | string |
Optional | cannot be null | Welkin Apps Config |
| kind | string |
Required | cannot be null | Welkin Apps Config |
| name | string |
Required | cannot be null | Welkin Apps Config |
| namespace | string |
Optional | cannot be null | Welkin Apps Config |
apiGroup¶
APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
apiGroup
-
is optional
-
Type:
string(Kind) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string (Kind)
kind¶
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
kind
-
is required
-
Type:
string(Kind) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string (Kind)
CONSTRAINTS:
enum: the value of this property must be equal to one of the following values:
| Value | Explanation |
|---|---|
"Group" |
|
"ServiceAccount" |
|
"User" |
name¶
Name of the object being referenced.
name
-
is required
-
Type:
string(Name) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string (Name)
namespace¶
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
namespace
-
is optional
-
Type:
string(Namespace) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
string (Namespace)
Return to the root config schema
Generated Sun Jan 19 03:48:14 UTC 2025 from elastisys/compliantkubernetes-apps@main