From 30a8b4724f49578c5402d0257a3dbde2ed56dc43 Mon Sep 17 00:00:00 2001 From: Mike Spreitzer Date: Sun, 25 Sep 2016 15:33:10 -0700 Subject: [PATCH] Clarified the apiGroup identified by empty string Noted this where the relevance of api group is introduced, and corrected the reference to what the empty string means ("core" api group, which is the terminology used in the page that introduces api group, rather than the old text "default"). --- docs/admin/authorization.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/admin/authorization.md b/docs/admin/authorization.md index 0c8508a1ecc..a72a855cb2a 100644 --- a/docs/admin/authorization.md +++ b/docs/admin/authorization.md @@ -53,7 +53,7 @@ A request has the following attributes that can be considered for authorization: - what resource is being accessed (for resource requests only) - what subresource is being accessed (for resource requests only) - the namespace of the object being accessed (for namespaced resource requests only) - - the API group being accessed (for resource requests only) + - the API group being accessed (for resource requests only); an empty string designates the [core API group](../api.md#api-groups) The request verb for a resource API endpoint can be determined by the HTTP verb used and whether or not the request acts on an individual resource or a collection of resources: @@ -231,7 +231,7 @@ metadata: namespace: default name: pod-reader rules: - - apiGroups: [""] # The API group "" indicates the default API Group. + - apiGroups: [""] # The API group "" indicates the core API Group. resources: ["pods"] verbs: ["get", "watch", "list"] nonResourceURLs: [] @@ -632,4 +632,4 @@ subjectaccessreview "" created ``` This is useful for debugging access problems, in that you can use this resource -to determine what access an authorizer is granting. \ No newline at end of file +to determine what access an authorizer is granting.