Role
apiVersion: rbac.authorization.k8s.io/v1
import "k8s.io/api/rbac/v1"
Role
Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: Role
-
metadata (ObjectMeta)
Standard object’s metadata. -
rules ([]PolicyRule)
Rules holds all the PolicyRules for this Role
PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.- rules.apiGroups ([]string)
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. - rules.resources ([]string)
Resources is a list of resources this rule applies to. ResourceAll represents all resources. - rules.verbs ([]string), required
Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. - rules.resourceNames ([]string)
ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - rules.nonResourceURLs ([]string)
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as “pods” or “secrets”) or non-resource URL paths (such as “/api”), but not both.
- rules.apiGroups ([]string)
RoleList
RoleList is a collection of Roles
-
apiVersion: rbac.authorization.k8s.io/v1
-
kind: RoleList
-
metadata (ListMeta)
Standard object’s metadata. -
items ([]Role), required
Items is a list of Roles
Operations
get
read the specified Role
HTTP Request
GET /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}
Parameters
- {name} (string), required
name of the Role - {namespace} (string), required
namespace - ?pretty (string)
pretty
Response
200 (Role): OK
401: Unauthorized
list
list or watch objects of kind Role
HTTP Request
GET /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles
Parameters
- {namespace} (string), required
namespace - ?allowWatchBookmarks (boolean)
allowWatchBookmarks - ?continue (string)
continue - ?fieldSelector (string)
fieldSelector - ?labelSelector (string)
labelSelector - ?limit (integer)
limit - ?pretty (string)
pretty - ?resourceVersion (string)
resourceVersion - ?resourceVersionMatch (string)
resourceVersionMatch - ?timeoutSeconds (integer)
timeoutSeconds - ?watch (boolean)
watch
Response
200 (RoleList): OK
401: Unauthorized
list
list or watch objects of kind Role
HTTP Request
GET /apis/rbac.authorization.k8s.io/v1/roles
Parameters
- ?allowWatchBookmarks (boolean)
allowWatchBookmarks - ?continue (string)
continue - ?fieldSelector (string)
fieldSelector - ?labelSelector (string)
labelSelector - ?limit (integer)
limit - ?pretty (string)
pretty - ?resourceVersion (string)
resourceVersion - ?resourceVersionMatch (string)
resourceVersionMatch - ?timeoutSeconds (integer)
timeoutSeconds - ?watch (boolean)
watch
Response
200 (RoleList): OK
401: Unauthorized
create
create a Role
HTTP Request
POST /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles
Parameters
-
{namespace} (string), required
namespace -
body (Role), required
-
?dryRun (string)
dryRun -
?fieldManager (string)
fieldManager -
?pretty (string)
pretty
Response
200 (Role): OK
201 (Role): Created
202 (Role): Accepted
401: Unauthorized
update
replace the specified Role
HTTP Request
PUT /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}
Parameters
-
{name} (string), required
name of the Role -
{namespace} (string), required
namespace -
body (Role), required
-
?dryRun (string)
dryRun -
?fieldManager (string)
fieldManager -
?pretty (string)
pretty
Response
200 (Role): OK
201 (Role): Created
401: Unauthorized
patch
partially update the specified Role
HTTP Request
PATCH /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}
Parameters
-
{name} (string), required
name of the Role -
{namespace} (string), required
namespace -
body (Patch), required
-
?dryRun (string)
dryRun -
?fieldManager (string)
fieldManager -
?force (boolean)
force -
?pretty (string)
pretty
Response
200 (Role): OK
401: Unauthorized
delete
delete a Role
HTTP Request
DELETE /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}
Parameters
-
{name} (string), required
name of the Role -
{namespace} (string), required
namespace -
body (DeleteOptions)
-
?dryRun (string)
dryRun -
?gracePeriodSeconds (integer)
gracePeriodSeconds -
?pretty (string)
pretty -
?propagationPolicy (string)
propagationPolicy
Response
200 (Status): OK
202 (Status): Accepted
401: Unauthorized
deletecollection
delete collection of Role
HTTP Request
DELETE /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles
Parameters
-
{namespace} (string), required
namespace -
body (DeleteOptions)
-
?continue (string)
continue -
?dryRun (string)
dryRun -
?fieldSelector (string)
fieldSelector -
?gracePeriodSeconds (integer)
gracePeriodSeconds -
?labelSelector (string)
labelSelector -
?limit (integer)
limit -
?pretty (string)
pretty -
?propagationPolicy (string)
propagationPolicy -
?resourceVersion (string)
resourceVersion -
?resourceVersionMatch (string)
resourceVersionMatch -
?timeoutSeconds (integer)
timeoutSeconds
Response
200 (Status): OK
401: Unauthorized