kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Clarified the apiGroup identified by empty string 

Noted this where the relevance of api group is introduced, and
corrected the reference to what the empty string means ("core" api
group, which is the terminology used in the page that introduces api
group, rather than the old text "default").
pull/1304/head
Mike Spreitzer 2016-09-25 15:33:10 -07:00
parent adadd48fe2
commit 30a8b4724f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/admin/authorization.md
View File

@ -53,7 +53,7 @@ A request has the following attributes that can be considered for authorization:
- what resource is being accessed (for resource requests only)
- what subresource is being accessed (for resource requests only)
- the namespace of the object being accessed (for namespaced resource requests only)
- the API group being accessed (for resource requests only)
- the API group being accessed (for resource requests only); an empty string designates the [core API group](../api.md#api-groups)
The request verb for a resource API endpoint can be determined by the HTTP verb used and whether or not the request acts on an individual resource or a collection of resources:
@ -231,7 +231,7 @@ metadata:
namespace: default
name: pod-reader
rules:
- apiGroups: [""] # The API group "" indicates the default API Group.
- apiGroups: [""] # The API group "" indicates the core API Group.
resources: ["pods"]
verbs: ["get", "watch", "list"]
nonResourceURLs: []
@ -632,4 +632,4 @@ subjectaccessreview "" created
```
This is useful for debugging access problems, in that you can use this resource
to determine what access an authorizer is granting.
to determine what access an authorizer is granting.