PodSecurityPolicySubjectReview [security.openshift.io/v1]

.apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

.kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

.spec

object

PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview

.status

object

PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.

groups

array (string)

groups is the groups you’re testing for.

template

PodTemplateSpec core/v1

template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. If its non-empty, it will be checked.

user

string

user is the user you’re testing for. If you specify "user" but not "group", then is it interpreted as "What if user were not a member of any groups. If user and groups are empty, then the check is performed using only the serviceAccountName in the template.

allowedBy

ObjectReference core/v1

allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A nil, indicates that it was denied.

reason

string

A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available.

template

PodTemplateSpec core/v1

template is the PodTemplateSpec after the defaulting is applied.