piceli.k8s.templates.deployable.role#
Module Contents#
Classes#
Abstract base class for defining Kubernetes roles ( |
|
Represents a Kubernetes Role for namespace-scoped access control. |
|
Represents a Kubernetes ClusterRole for cluster-wide access control. |
Functions#
gets the role necessaries to authorize a service account on this the K8s object |
API#
- class piceli.k8s.templates.deployable.role.K8sRole(/, **data: typing.Any)[source]#
Bases:
pydantic.BaseModelAbstract base class for defining Kubernetes roles (
RoleandClusterRole).- Parameters:
name (Name) – The unique name of the role, following DNS subdomain name conventions, used in resource URLs, and provided by clients at creation time. This name is intended to be human-friendly and should be unique within a given scope at a particular time, with a maximum length of 63 characters.
api_group (str) – The name of the API group that the resources belong to.
resource (str) – The name of the resources within the API group that the role applies to.
verbs (list[APIRequestVerb]) – A list of actions that are allowed on the resources.
Initialization
Create a new model by parsing and validating input data from keyword arguments.
Raises [
ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.selfis explicitly positional-only to allowselfas a field name.- name: piceli.k8s.templates.auxiliary.names.Name#
None
- verbs: list[piceli.k8s.constants.verbs.APIRequestVerb]#
None
- piceli.k8s.templates.deployable.role.get_role(role_cls: type[kubernetes.client.V1Role | kubernetes.client.V1ClusterRole], name: str, api_group: str, resource: str, resource_names: list[str], verbs: list[piceli.k8s.constants.verbs.APIRequestVerb], labels: Optional[piceli.k8s.templates.auxiliary.labels.Labels] = None) kubernetes.client.V1Role | kubernetes.client.V1ClusterRole[source]#
- class piceli.k8s.templates.deployable.role.Role(/, **data: typing.Any)[source]#
Bases:
piceli.k8s.templates.deployable.role.K8sRole,piceli.k8s.templates.deployable.base.DeployableRepresents a Kubernetes Role for namespace-scoped access control.
A Role defines permissions within a specific namespace, granting specified actions on resources to users or service accounts.
Inherits common attributes from K8sRole and adds namespace-specific configuration.
Initialization
Create a new model by parsing and validating input data from keyword arguments.
Raises [
ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.selfis explicitly positional-only to allowselfas a field name.- verbs: list[piceli.k8s.constants.verbs.APIRequestVerb]#
None
- classmethod from_deployable(template: piceli.k8s.templates.deployable.base.Deployable, auth_verbs: Optional[list[piceli.k8s.constants.verbs.APIRequestVerb]] = None) list[piceli.k8s.templates.deployable.role.Role][source]#
Creates a Role from a deployable
- class piceli.k8s.templates.deployable.role.ClusterRole(/, **data: typing.Any)[source]#
Bases:
piceli.k8s.templates.deployable.role.K8sRole,piceli.k8s.templates.deployable.base.DeployableRepresents a Kubernetes ClusterRole for cluster-wide access control.
ClusterRoles grant permissions on resources across all namespaces in the cluster, or on a specified set of resources, irrespective of their namespace.
Inherits from K8sRole, focusing on cluster-wide permissions without namespace specification.
Initialization
Create a new model by parsing and validating input data from keyword arguments.
Raises [
ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.selfis explicitly positional-only to allowselfas a field name.- verbs: list[piceli.k8s.constants.verbs.APIRequestVerb]#
None
- piceli.k8s.templates.deployable.role.get_template_auth_roles(template: piceli.k8s.templates.deployable.base.Deployable, verbs: Optional[list[piceli.k8s.constants.verbs.APIRequestVerb]] = None) list[piceli.k8s.templates.deployable.role.Role][source]#
gets the role necessaries to authorize a service account on this the K8s object