×

Description

PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.

Object Schema

Expand or mouse-over a field for more information about it.

apiVersion:
kind:
Collapse all
spec:
Collapse all
groups:
- [string]:
Collapse all
template:
Collapse all
metadata:
Collapse all
annotations:
[string]:
clusterName:
creationTimestamp:
deletionGracePeriodSeconds:
deletionTimestamp:
Collapse all
finalizers:
- [string]:
generateName:
generation:
Collapse all
initializers:
Collapse all
pending:
- name:
Collapse all
result:
apiVersion:
code:
Collapse all
details:
Collapse all
causes:
- field:
message:
reason:
group:
kind:
name:
retryAfterSeconds:
uid:
kind:
message:
Collapse all
metadata:
resourceVersion:
selfLink:
reason:
status:
Collapse all
labels:
[string]:
name:
namespace:
Collapse all
ownerReferences:
- apiVersion:
blockOwnerDeletion:
controller:
kind:
name:
uid:
resourceVersion:
selfLink:
uid:
Collapse all
spec:
activeDeadlineSeconds:
Collapse all
affinity:
Collapse all
nodeAffinity:
Collapse all
preferredDuringSchedulingIgnoredDuringExecution:
Collapse all
- preference:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
weight:
Collapse all
requiredDuringSchedulingIgnoredDuringExecution:
Collapse all
nodeSelectorTerms:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
Collapse all
podAffinity:
Collapse all
preferredDuringSchedulingIgnoredDuringExecution:
Collapse all
- podAffinityTerm:
Collapse all
- labelSelector:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
Collapse all
matchLabels:
[string]:
Collapse all
namespaces:
- [string]:
topologyKey:
weight:
Collapse all
requiredDuringSchedulingIgnoredDuringExecution:
Collapse all
- labelSelector:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
Collapse all
matchLabels:
[string]:
Collapse all
namespaces:
- [string]:
topologyKey:
Collapse all
podAntiAffinity:
Collapse all
preferredDuringSchedulingIgnoredDuringExecution:
Collapse all
- podAffinityTerm:
Collapse all
- labelSelector:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
Collapse all
matchLabels:
[string]:
Collapse all
namespaces:
- [string]:
topologyKey:
weight:
Collapse all
requiredDuringSchedulingIgnoredDuringExecution:
Collapse all
- labelSelector:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
Collapse all
matchLabels:
[string]:
Collapse all
namespaces:
- [string]:
topologyKey:
automountServiceAccountToken:
Collapse all
containers:
Collapse all
- args:
- - [string]:
Collapse all
command:
- [string]:
Collapse all
env:
- name:
value:
Collapse all
valueFrom:
Collapse all
configMapKeyRef:
key:
name:
optional:
Collapse all
fieldRef:
apiVersion:
fieldPath:
Collapse all
resourceFieldRef:
containerName:
divisor:
resource:
Collapse all
secretKeyRef:
key:
name:
optional:
Collapse all
envFrom:
Collapse all
- configMapRef:
- name:
optional:
prefix:
Collapse all
secretRef:
name:
optional:
image:
imagePullPolicy:
Collapse all
lifecycle:
Collapse all
postStart:
Collapse all
exec:
Collapse all
command:
- [string]:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
Collapse all
tcpSocket:
host:
port:
Collapse all
preStop:
Collapse all
exec:
Collapse all
command:
- [string]:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
Collapse all
tcpSocket:
host:
port:
Collapse all
livenessProbe:
Collapse all
exec:
Collapse all
command:
- [string]:
failureThreshold:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
initialDelaySeconds:
periodSeconds:
successThreshold:
Collapse all
tcpSocket:
host:
port:
timeoutSeconds:
name:
Collapse all
ports:
- containerPort:
hostIP:
hostPort:
name:
protocol:
Collapse all
readinessProbe:
Collapse all
exec:
Collapse all
command:
- [string]:
failureThreshold:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
initialDelaySeconds:
periodSeconds:
successThreshold:
Collapse all
tcpSocket:
host:
port:
timeoutSeconds:
Collapse all
resources:
Collapse all
limits:
[string]:
Collapse all
requests:
[string]:
Collapse all
securityContext:
Collapse all
capabilities:
Collapse all
add:
- [string]:
Collapse all
drop:
- [string]:
privileged:
readOnlyRootFilesystem:
runAsNonRoot:
runAsUser:
Collapse all
seLinuxOptions:
level:
role:
type:
user:
stdin:
stdinOnce:
terminationMessagePath:
terminationMessagePolicy:
tty:
Collapse all
volumeMounts:
- mountPath:
name:
readOnly:
subPath:
workingDir:
dnsPolicy:
Collapse all
hostAliases:
Collapse all
- hostnames:
- - [string]:
ip:
hostIPC:
hostNetwork:
hostPID:
hostname:
Collapse all
imagePullSecrets:
- name:
Collapse all
initContainers:
Collapse all
- args:
- - [string]:
Collapse all
command:
- [string]:
Collapse all
env:
- name:
value:
Collapse all
valueFrom:
Collapse all
configMapKeyRef:
key:
name:
optional:
Collapse all
fieldRef:
apiVersion:
fieldPath:
Collapse all
resourceFieldRef:
containerName:
divisor:
resource:
Collapse all
secretKeyRef:
key:
name:
optional:
Collapse all
envFrom:
Collapse all
- configMapRef:
- name:
optional:
prefix:
Collapse all
secretRef:
name:
optional:
image:
imagePullPolicy:
Collapse all
lifecycle:
Collapse all
postStart:
Collapse all
exec:
Collapse all
command:
- [string]:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
Collapse all
tcpSocket:
host:
port:
Collapse all
preStop:
Collapse all
exec:
Collapse all
command:
- [string]:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
Collapse all
tcpSocket:
host:
port:
Collapse all
livenessProbe:
Collapse all
exec:
Collapse all
command:
- [string]:
failureThreshold:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
initialDelaySeconds:
periodSeconds:
successThreshold:
Collapse all
tcpSocket:
host:
port:
timeoutSeconds:
name:
Collapse all
ports:
- containerPort:
hostIP:
hostPort:
name:
protocol:
Collapse all
readinessProbe:
Collapse all
exec:
Collapse all
command:
- [string]:
failureThreshold:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
initialDelaySeconds:
periodSeconds:
successThreshold:
Collapse all
tcpSocket:
host:
port:
timeoutSeconds:
Collapse all
resources:
Collapse all
limits:
[string]:
Collapse all
requests:
[string]:
Collapse all
securityContext:
Collapse all
capabilities:
Collapse all
add:
- [string]:
Collapse all
drop:
- [string]:
privileged:
readOnlyRootFilesystem:
runAsNonRoot:
runAsUser:
Collapse all
seLinuxOptions:
level:
role:
type:
user:
stdin:
stdinOnce:
terminationMessagePath:
terminationMessagePolicy:
tty:
Collapse all
volumeMounts:
- mountPath:
name:
readOnly:
subPath:
workingDir:
nodeName:
Collapse all
nodeSelector:
[string]:
restartPolicy:
schedulerName:
Collapse all
securityContext:
fsGroup:
runAsNonRoot:
runAsUser:
Collapse all
seLinuxOptions:
level:
role:
type:
user:
Collapse all
supplementalGroups:
- [integer]:
serviceAccount:
serviceAccountName:
subdomain:
terminationGracePeriodSeconds:
Collapse all
tolerations:
- effect:
key:
operator:
tolerationSeconds:
value:
Collapse all
volumes:
Collapse all
- awsElasticBlockStore:
- fsType:
partition:
readOnly:
volumeID:
Collapse all
azureDisk:
cachingMode:
diskName:
diskURI:
fsType:
kind:
readOnly:
Collapse all
azureFile:
readOnly:
secretName:
shareName:
Collapse all
cephfs:
Collapse all
monitors:
- [string]:
path:
readOnly:
secretFile:
Collapse all
secretRef:
name:
user:
Collapse all
cinder:
fsType:
readOnly:
volumeID:
Collapse all
configMap:
defaultMode:
Collapse all
items:
- key:
mode:
path:
name:
optional:
Collapse all
downwardAPI:
defaultMode:
Collapse all
items:
Collapse all
- fieldRef:
- apiVersion:
fieldPath:
mode:
path:
Collapse all
resourceFieldRef:
containerName:
divisor:
resource:
Collapse all
emptyDir:
medium:
sizeLimit:
Collapse all
fc:
fsType:
lun:
readOnly:
Collapse all
targetWWNs:
- [string]:
Collapse all
flexVolume:
driver:
fsType:
Collapse all
options:
[string]:
readOnly:
Collapse all
secretRef:
name:
Collapse all
flocker:
datasetName:
datasetUUID:
Collapse all
gcePersistentDisk:
fsType:
partition:
pdName:
readOnly:
Collapse all
gitRepo:
directory:
repository:
revision:
Collapse all
glusterfs:
endpoints:
path:
readOnly:
Collapse all
hostPath:
path:
Collapse all
iscsi:
chapAuthDiscovery:
chapAuthSession:
fsType:
iqn:
iscsiInterface:
lun:
Collapse all
portals:
- [string]:
readOnly:
Collapse all
secretRef:
name:
targetPortal:
name:
Collapse all
nfs:
path:
readOnly:
server:
Collapse all
persistentVolumeClaim:
claimName:
readOnly:
Collapse all
photonPersistentDisk:
fsType:
pdID:
Collapse all
portworxVolume:
fsType:
readOnly:
volumeID:
Collapse all
projected:
defaultMode:
Collapse all
sources:
Collapse all
- configMap:
Collapse all
- items:
- - key:
mode:
path:
name:
optional:
Collapse all
downwardAPI:
Collapse all
items:
Collapse all
- fieldRef:
- apiVersion:
fieldPath:
mode:
path:
Collapse all
resourceFieldRef:
containerName:
divisor:
resource:
Collapse all
secret:
Collapse all
items:
- key:
mode:
path:
name:
optional:
Collapse all
quobyte:
group:
readOnly:
registry:
user:
volume:
Collapse all
rbd:
fsType:
image:
keyring:
Collapse all
monitors:
- [string]:
pool:
readOnly:
Collapse all
secretRef:
name:
user:
Collapse all
scaleIO:
fsType:
gateway:
protectionDomain:
readOnly:
Collapse all
secretRef:
name:
sslEnabled:
storageMode:
storagePool:
system:
volumeName:
Collapse all
secret:
defaultMode:
Collapse all
items:
- key:
mode:
path:
optional:
secretName:
Collapse all
storageos:
fsType:
readOnly:
Collapse all
secretRef:
name:
volumeName:
volumeNamespace:
Collapse all
vsphereVolume:
fsType:
storagePolicyID:
storagePolicyName:
volumePath:
user:
Collapse all
status:
Collapse all
allowedBy:
apiVersion:
fieldPath:
kind:
name:
namespace:
resourceVersion:
uid:
reason:
Collapse all
template:
Collapse all
metadata:
Collapse all
annotations:
[string]:
clusterName:
creationTimestamp:
deletionGracePeriodSeconds:
deletionTimestamp:
Collapse all
finalizers:
- [string]:
generateName:
generation:
Collapse all
initializers:
Collapse all
pending:
- name:
Collapse all
result:
apiVersion:
code:
Collapse all
details:
Collapse all
causes:
- field:
message:
reason:
group:
kind:
name:
retryAfterSeconds:
uid:
kind:
message:
Collapse all
metadata:
resourceVersion:
selfLink:
reason:
status:
Collapse all
labels:
[string]:
name:
namespace:
Collapse all
ownerReferences:
- apiVersion:
blockOwnerDeletion:
controller:
kind:
name:
uid:
resourceVersion:
selfLink:
uid:
Collapse all
spec:
activeDeadlineSeconds:
Collapse all
affinity:
Collapse all
nodeAffinity:
Collapse all
preferredDuringSchedulingIgnoredDuringExecution:
Collapse all
- preference:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
weight:
Collapse all
requiredDuringSchedulingIgnoredDuringExecution:
Collapse all
nodeSelectorTerms:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
Collapse all
podAffinity:
Collapse all
preferredDuringSchedulingIgnoredDuringExecution:
Collapse all
- podAffinityTerm:
Collapse all
- labelSelector:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
Collapse all
matchLabels:
[string]:
Collapse all
namespaces:
- [string]:
topologyKey:
weight:
Collapse all
requiredDuringSchedulingIgnoredDuringExecution:
Collapse all
- labelSelector:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
Collapse all
matchLabels:
[string]:
Collapse all
namespaces:
- [string]:
topologyKey:
Collapse all
podAntiAffinity:
Collapse all
preferredDuringSchedulingIgnoredDuringExecution:
Collapse all
- podAffinityTerm:
Collapse all
- labelSelector:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
Collapse all
matchLabels:
[string]:
Collapse all
namespaces:
- [string]:
topologyKey:
weight:
Collapse all
requiredDuringSchedulingIgnoredDuringExecution:
Collapse all
- labelSelector:
Collapse all
- matchExpressions:
- - key:
operator:
Collapse all
values:
- [string]:
Collapse all
matchLabels:
[string]:
Collapse all
namespaces:
- [string]:
topologyKey:
automountServiceAccountToken:
Collapse all
containers:
Collapse all
- args:
- - [string]:
Collapse all
command:
- [string]:
Collapse all
env:
- name:
value:
Collapse all
valueFrom:
Collapse all
configMapKeyRef:
key:
name:
optional:
Collapse all
fieldRef:
apiVersion:
fieldPath:
Collapse all
resourceFieldRef:
containerName:
divisor:
resource:
Collapse all
secretKeyRef:
key:
name:
optional:
Collapse all
envFrom:
Collapse all
- configMapRef:
- name:
optional:
prefix:
Collapse all
secretRef:
name:
optional:
image:
imagePullPolicy:
Collapse all
lifecycle:
Collapse all
postStart:
Collapse all
exec:
Collapse all
command:
- [string]:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
Collapse all
tcpSocket:
host:
port:
Collapse all
preStop:
Collapse all
exec:
Collapse all
command:
- [string]:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
Collapse all
tcpSocket:
host:
port:
Collapse all
livenessProbe:
Collapse all
exec:
Collapse all
command:
- [string]:
failureThreshold:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
initialDelaySeconds:
periodSeconds:
successThreshold:
Collapse all
tcpSocket:
host:
port:
timeoutSeconds:
name:
Collapse all
ports:
- containerPort:
hostIP:
hostPort:
name:
protocol:
Collapse all
readinessProbe:
Collapse all
exec:
Collapse all
command:
- [string]:
failureThreshold:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
initialDelaySeconds:
periodSeconds:
successThreshold:
Collapse all
tcpSocket:
host:
port:
timeoutSeconds:
Collapse all
resources:
Collapse all
limits:
[string]:
Collapse all
requests:
[string]:
Collapse all
securityContext:
Collapse all
capabilities:
Collapse all
add:
- [string]:
Collapse all
drop:
- [string]:
privileged:
readOnlyRootFilesystem:
runAsNonRoot:
runAsUser:
Collapse all
seLinuxOptions:
level:
role:
type:
user:
stdin:
stdinOnce:
terminationMessagePath:
terminationMessagePolicy:
tty:
Collapse all
volumeMounts:
- mountPath:
name:
readOnly:
subPath:
workingDir:
dnsPolicy:
Collapse all
hostAliases:
Collapse all
- hostnames:
- - [string]:
ip:
hostIPC:
hostNetwork:
hostPID:
hostname:
Collapse all
imagePullSecrets:
- name:
Collapse all
initContainers:
Collapse all
- args:
- - [string]:
Collapse all
command:
- [string]:
Collapse all
env:
- name:
value:
Collapse all
valueFrom:
Collapse all
configMapKeyRef:
key:
name:
optional:
Collapse all
fieldRef:
apiVersion:
fieldPath:
Collapse all
resourceFieldRef:
containerName:
divisor:
resource:
Collapse all
secretKeyRef:
key:
name:
optional:
Collapse all
envFrom:
Collapse all
- configMapRef:
- name:
optional:
prefix:
Collapse all
secretRef:
name:
optional:
image:
imagePullPolicy:
Collapse all
lifecycle:
Collapse all
postStart:
Collapse all
exec:
Collapse all
command:
- [string]:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
Collapse all
tcpSocket:
host:
port:
Collapse all
preStop:
Collapse all
exec:
Collapse all
command:
- [string]:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
Collapse all
tcpSocket:
host:
port:
Collapse all
livenessProbe:
Collapse all
exec:
Collapse all
command:
- [string]:
failureThreshold:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
initialDelaySeconds:
periodSeconds:
successThreshold:
Collapse all
tcpSocket:
host:
port:
timeoutSeconds:
name:
Collapse all
ports:
- containerPort:
hostIP:
hostPort:
name:
protocol:
Collapse all
readinessProbe:
Collapse all
exec:
Collapse all
command:
- [string]:
failureThreshold:
Collapse all
httpGet:
host:
Collapse all
httpHeaders:
- name:
value:
path:
port:
scheme:
initialDelaySeconds:
periodSeconds:
successThreshold:
Collapse all
tcpSocket:
host:
port:
timeoutSeconds:
Collapse all
resources:
Collapse all
limits:
[string]:
Collapse all
requests:
[string]:
Collapse all
securityContext:
Collapse all
capabilities:
Collapse all
add:
- [string]:
Collapse all
drop:
- [string]:
privileged:
readOnlyRootFilesystem:
runAsNonRoot:
runAsUser:
Collapse all
seLinuxOptions:
level:
role:
type:
user:
stdin:
stdinOnce:
terminationMessagePath:
terminationMessagePolicy:
tty:
Collapse all
volumeMounts:
- mountPath:
name:
readOnly:
subPath:
workingDir:
nodeName:
Collapse all
nodeSelector:
[string]:
restartPolicy:
schedulerName:
Collapse all
securityContext:
fsGroup:
runAsNonRoot:
runAsUser:
Collapse all
seLinuxOptions:
level:
role:
type:
user:
Collapse all
supplementalGroups:
- [integer]:
serviceAccount:
serviceAccountName:
subdomain:
terminationGracePeriodSeconds:
Collapse all
tolerations:
- effect:
key:
operator:
tolerationSeconds:
value:
Collapse all
volumes:
Collapse all
- awsElasticBlockStore:
- fsType:
partition:
readOnly:
volumeID:
Collapse all
azureDisk:
cachingMode:
diskName:
diskURI:
fsType:
kind:
readOnly:
Collapse all
azureFile:
readOnly:
secretName:
shareName:
Collapse all
cephfs:
Collapse all
monitors:
- [string]:
path:
readOnly:
secretFile:
Collapse all
secretRef:
name:
user:
Collapse all
cinder:
fsType:
readOnly:
volumeID:
Collapse all
configMap:
defaultMode:
Collapse all
items:
- key:
mode:
path:
name:
optional:
Collapse all
downwardAPI:
defaultMode:
Collapse all
items:
Collapse all
- fieldRef:
- apiVersion:
fieldPath:
mode:
path:
Collapse all
resourceFieldRef:
containerName:
divisor:
resource:
Collapse all
emptyDir:
medium:
sizeLimit:
Collapse all
fc:
fsType:
lun:
readOnly:
Collapse all
targetWWNs:
- [string]:
Collapse all
flexVolume:
driver:
fsType:
Collapse all
options:
[string]:
readOnly:
Collapse all
secretRef:
name:
Collapse all
flocker:
datasetName:
datasetUUID:
Collapse all
gcePersistentDisk:
fsType:
partition:
pdName:
readOnly:
Collapse all
gitRepo:
directory:
repository:
revision:
Collapse all
glusterfs:
endpoints:
path:
readOnly:
Collapse all
hostPath:
path:
Collapse all
iscsi:
chapAuthDiscovery:
chapAuthSession:
fsType:
iqn:
iscsiInterface:
lun:
Collapse all
portals:
- [string]:
readOnly:
Collapse all
secretRef:
name:
targetPortal:
name:
Collapse all
nfs:
path:
readOnly:
server:
Collapse all
persistentVolumeClaim:
claimName:
readOnly:
Collapse all
photonPersistentDisk:
fsType:
pdID:
Collapse all
portworxVolume:
fsType:
readOnly:
volumeID:
Collapse all
projected:
defaultMode:
Collapse all
sources:
Collapse all
- configMap:
Collapse all
- items:
- - key:
mode:
path:
name:
optional:
Collapse all
downwardAPI:
Collapse all
items:
Collapse all
- fieldRef:
- apiVersion:
fieldPath:
mode:
path:
Collapse all
resourceFieldRef:
containerName:
divisor:
resource:
Collapse all
secret:
Collapse all
items:
- key:
mode:
path:
name:
optional:
Collapse all
quobyte:
group:
readOnly:
registry:
user:
volume:
Collapse all
rbd:
fsType:
image:
keyring:
Collapse all
monitors:
- [string]:
pool:
readOnly:
Collapse all
secretRef:
name:
user:
Collapse all
scaleIO:
fsType:
gateway:
protectionDomain:
readOnly:
Collapse all
secretRef:
name:
sslEnabled:
storageMode:
storagePool:
system:
volumeName:
Collapse all
secret:
defaultMode:
Collapse all
items:
- key:
mode:
path:
optional:
secretName:
Collapse all
storageos:
fsType:
readOnly:
Collapse all
secretRef:
name:
volumeName:
volumeNamespace:
Collapse all
vsphereVolume:
fsType:
storagePolicyID:
storagePolicyName:
volumePath:

Operations

Create a PodSecurityPolicySubjectReview

Create a PodSecurityPolicySubjectReview

HTTP request

POST /apis/security.openshift.io/v1/podsecuritypolicysubjectreviews HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'

{
  "kind": "PodSecurityPolicySubjectReview",
  "apiVersion": "security.openshift.io/v1",
  ...
}

Curl request

$ curl -k \
    -X POST \
    -d @- \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json' \
    https://$ENDPOINT/apis/security.openshift.io/v1/podsecuritypolicysubjectreviews <<'EOF'
{
  "kind": "PodSecurityPolicySubjectReview",
  "apiVersion": "security.openshift.io/v1",
  ...
}
EOF

HTTP body

Parameter Schema

body

v1.PodSecurityPolicySubjectReview

Query parameters

Parameter Description

pretty

If 'true', then the output is pretty printed.

Responses

HTTP Code Schema

200 OK

v1.PodSecurityPolicySubjectReview

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf

Create a PodSecurityPolicySubjectReview in a namespace

Create a PodSecurityPolicySubjectReview

HTTP request

POST /apis/security.openshift.io/v1/namespaces/$NAMESPACE/podsecuritypolicysubjectreviews HTTP/1.1
Authorization: Bearer $TOKEN
Accept: application/json
Connection: close
Content-Type: application/json'

{
  "kind": "PodSecurityPolicySubjectReview",
  "apiVersion": "security.openshift.io/v1",
  ...
}

Curl request

$ curl -k \
    -X POST \
    -d @- \
    -H "Authorization: Bearer $TOKEN" \
    -H 'Accept: application/json' \
    -H 'Content-Type: application/json' \
    https://$ENDPOINT/apis/security.openshift.io/v1/namespaces/$NAMESPACE/podsecuritypolicysubjectreviews <<'EOF'
{
  "kind": "PodSecurityPolicySubjectReview",
  "apiVersion": "security.openshift.io/v1",
  ...
}
EOF

HTTP body

Parameter Schema

body

v1.PodSecurityPolicySubjectReview

Path parameters

Parameter Description

namespace

object name and auth scope, such as for teams and projects

Query parameters

Parameter Description

pretty

If 'true', then the output is pretty printed.

Responses

HTTP Code Schema

200 OK

v1.PodSecurityPolicySubjectReview

401 Unauthorized

Consumes

  • */*

Produces

  • application/json

  • application/yaml

  • application/vnd.kubernetes.protobuf