subjectrulesreviewstatus-authorization-v1beta1.json

{
  "description": "SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.",
  "required": [
    "resourceRules",
    "nonResourceRules",
    "incomplete"
  ],
  "properties": {
    "evaluationError": {
      "description": "EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.",
      "type": [
        "string",
        "null"
      ]
    },
    "incomplete": {
      "description": "Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.",
      "type": "boolean"
    },
    "nonResourceRules": {
      "description": "NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
      "type": [
        "array",
        "null"
      ],
      "items": {
        "$ref": "_definitions.json#/definitions/io.k8s.api.authorization.v1beta1.NonResourceRule"
      }
    },
    "resourceRules": {
      "description": "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
      "type": [
        "array",
        "null"
      ],
      "items": {
        "$ref": "_definitions.json#/definitions/io.k8s.api.authorization.v1beta1.ResourceRule"
      }
    }
  },
  "$schema": "http://json-schema.org/schema#",
  "type": "object"
}