1"""
2Rule holds information that describes an action that can be taken
3"""
4type Rule {
5  """
6  Verbs is a list of verbs that apply to all of the listed resources for this
7  rule. These include "get", "list", "watch", "create", "update", "delete".
8  TODO: add support for "patch" (this is expensive and should be delayed
9  until a further release). TODO: add support for "watch" (via websockets)
10  """
11  verbs: [String!]!
12  """
13  Resources is a list of resources that this rule applies to. "*" represents
14  all resources.
15  """
16  resources: [String!]!
17  """
18  ResourceNames is an optional list of resource names that the rule applies
19  to.
20  """
21  resourceNames: [String!]!
22}
23
24"""
25ClusterRole applies to all namespaces within a cluster.
26"""
27type ClusterRole {
28  rules: [Rule!]
29  "Name of the ClusterRole"
30  name: String!
31}
32
33"""
34Role applies only to a single namespace.
35"""
36type Role {
37  rules: [Rule!]
38  "Namespace of the Role"
39  namespace: String!
40  "Name of the Role"
41  name: String!
42}
43
44"""
45RoleRef maps groups to Roles or ClusterRoles.
46"""
47type RoleRef {
48  "Type of role being referenced."
49  type: String!
50  "Name of the resource being referenced"
51  name: String!
52}
53
54type Subject {
55  "Kind of object referenced (user or group)"
56  kind: String!
57  "Name of the referenced object"
58  name: String!
59}
60
61"""
62ClusterRoleBinding grants the permissions defined in a ClusterRole referenced
63to a user or a set of users
64"""
65type ClusterRoleBinding {
66  "Subjects holds references to the objects the ClusterRole applies to"
67  subjects: [Subject!]
68  "RoleRef references a ClusterRole in the current namespace"
69  roleRef: RoleRef
70  "Name of the ClusterRoleBinding"
71  name: String!
72}
73
74"""
75RoleBinding grants the permissions defined in a Role referenced to a user or
76a set of users
77"""
78type RoleBinding {
79  "Subjects holds references to the objects the Role applies to"
80  subjects: [Subject!]
81  "RoleRef references a Role in the current namespace"
82  roleRef: RoleRef
83  "Namespace of the RoleBinding"
84  namespace: String!
85  "Name of the RoleBinding"
86  name: String!
87}
88
89