forked from openfaas/faas-netes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiam.openfaas.com_policies.yaml
78 lines (78 loc) · 3.21 KB
/
iam.openfaas.com_policies.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.4
name: policies.iam.openfaas.com
spec:
group: iam.openfaas.com
names:
kind: Policy
listKind: PolicyList
plural: policies
singular: policy
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.statement
name: Statement
type: string
name: v1
schema:
openAPIV3Schema:
description: Policy is used to define a policy for a function
type: object
required:
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
type: object
required:
- statement
properties:
statement:
type: array
items:
type: object
required:
- action
- effect
- resource
- sid
properties:
action:
description: Action is a set of actions that the policy applies to i.e. Function:Read
type: array
items:
type: string
condition:
description: 'Condition is a set of conditions that the policy applies to { "StringLike": { "jwt:https://my-identity-provider.com#sub-id": [ "1234567890", "0987654321" ], } }'
type: object
additionalProperties:
type: object
additionalProperties:
type: array
items:
type: string
effect:
description: Effect is the effect of the policy - only Allow is supported
type: string
resource:
description: Resource is a set of resources that the policy applies to - only namespaces are supported at present
type: array
items:
type: string
sid:
description: SID is the unique identifier for the policy
type: string
served: true
storage: true
subresources: {}