Alauda DevOps Connectors Docs
  • Русский

    • Connector [accesspolicies.alauda.io/v1alpha1]

    Description
    AccessPolicy defines the access strategy for Connectors in a namespace. It specifies which Connectors are covered and what permissions are granted, either automatically (defaultPermission) or after approval checks pass (checkGrantedPermission).
    Type
    object

    Specification

    PropertyTypeDescription
    apiVersionstring

    APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

    kindstring

    Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

    metadataObjectMeta

    ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.

    specobject

    AccessPolicySpec defines the desired state of AccessPolicy.

    statusobject

    AccessPolicyStatus defines the observed state of AccessPolicy.

    .spec

    Description
    AccessPolicySpec defines the desired state of AccessPolicy.
    Type
    object
    PropertyTypeDescription
    checkGrantedPermissionobject

    CheckGrantedPermission defines permissions granted only after approval checks pass.

    connectorobject

    Connector specifies which Connectors this policy applies to. If empty, the policy applies to all Connectors in the namespace.

    defaultPermissionobject

    DefaultPermission defines the Role and RoleBinding automatically granted without any approval check.

    .spec.checkGrantedPermission

    Description
    CheckGrantedPermission defines permissions granted only after approval checks pass.
    Type
    object
    Required
    spec
    PropertyTypeDescription
    specobject

    Spec contains the check rules and the permissions to grant after all checks pass.

    .spec.checkGrantedPermission.spec

    Description
    Spec contains the check rules and the permissions to grant after all checks pass.
    Type
    object
    Required
    checksroleTemplate
    PropertyTypeDescription
    checksarray

    Checks is the list of approval check rules.

    roleTemplateobject

    RoleTemplate defines the rules for the generated Role.

    .spec.checkGrantedPermission.spec.checks

    Description
    Checks is the list of approval check rules.
    Type
    array

    .spec.checkGrantedPermission.spec.checks[]

    Description
    CheckRule defines a check rule that must pass for a permission to be granted. it contains either a reference to a CheckRuleSpec stored in a ConfigMap or the CheckRuleSpec itself. you can specify either Ref or Spec, but not both.
    Type
    object
    Required
    name
    PropertyTypeDescription
    namestring

    Name is the identifier of this check rule, referenced in AccessRequest status.

    refobject

    Ref is a reference to a CheckRuleSpec stored in a ConfigMap.

    specobject

    Spec contains the check rule specification.

    .spec.checkGrantedPermission.spec.checks[].ref

    Description
    Ref is a reference to a CheckRuleSpec stored in a ConfigMap.
    Type
    object
    Required
    configMap
    PropertyTypeDescription
    configMapobject

    ConfigMap references the ConfigMap containing the CheckRuleSpec.

    .spec.checkGrantedPermission.spec.checks[].ref.configMap

    Description
    ConfigMap references the ConfigMap containing the CheckRuleSpec.
    Type
    object
    PropertyTypeDescription
    namestring

    Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

    .spec.checkGrantedPermission.spec.checks[].spec

    Description
    Spec contains the check rule specification.
    Type
    object
    Required
    selector
    PropertyTypeDescription
    selectorobject

    Selector specifies how to find the Check Duck Type resource.

    stateobject

    State configures how the check result is computed. If empty, the default duck-type field status.state is used.

    .spec.checkGrantedPermission.spec.checks[].spec.selector

    Description
    Selector specifies how to find the Check Duck Type resource.
    Type
    object
    Required
    objectRef
    PropertyTypeDescription
    matchExpressionsarray

    matchExpressions is a list of label selector requirements. The requirements are ANDed.

    matchLabelsobject

    matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

    objectRefobject

    ObjectRef specifies the reference to the object to check against. kind and apiVersion are required to distinguish different duck types

    .spec.checkGrantedPermission.spec.checks[].spec.selector.matchExpressions

    Description
    matchExpressions is a list of label selector requirements. The requirements are ANDed.
    Type
    array

    .spec.checkGrantedPermission.spec.checks[].spec.selector.matchExpressions[]

    Description
    A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
    Type
    object
    Required
    keyoperator
    PropertyTypeDescription
    keystring

    key is the label key that the selector applies to.

    operatorstring

    operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

    valuesarray

    values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

    .spec.checkGrantedPermission.spec.checks[].spec.selector.matchExpressions[].values

    Description
    values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
    Type
    array

    .spec.checkGrantedPermission.spec.checks[].spec.selector.matchExpressions[].values[]

    Type
    string

    .spec.checkGrantedPermission.spec.checks[].spec.selector.matchLabels

    Description
    matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
    Type
    object

    .spec.checkGrantedPermission.spec.checks[].spec.selector.objectRef

    Description
    ObjectRef specifies the reference to the object to check against. kind and apiVersion are required to distinguish different duck types
    Type
    object
    PropertyTypeDescription
    apiVersionstring

    API version of the referent.

    fieldPathstring

    If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

    kindstring

    Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

    namestring

    Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

    namespacestring

    Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

    resourceVersionstring

    Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

    uidstring

    UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

    .spec.checkGrantedPermission.spec.checks[].spec.state

    Description
    State configures how the check result is computed. If empty, the default duck-type field status.state is used.
    Type
    object
    PropertyTypeDescription
    regostring

    Rego is an OPA Rego script (package "approval") that receives the full check resource as input and must output status = {"state": "approved|rejected|pending|passed"}. If empty, the default duck-type field status.state is used.

    .spec.checkGrantedPermission.spec.roleTemplate

    Description
    RoleTemplate defines the rules for the generated Role.
    Type
    object
    PropertyTypeDescription
    refobject

    Ref specifies a reference to a RoleTemplate

    .spec.checkGrantedPermission.spec.roleTemplate.ref

    Description
    Ref specifies a reference to a RoleTemplate
    Type
    object
    PropertyTypeDescription
    configMapobject

    ConfigMap specifies a local reference to a ConfigMap whose data["rules"] contains the YAML-encoded list of rbacv1.PolicyRule entries. Only ConfigMaps in the connectors system namespace are supported.

    .spec.checkGrantedPermission.spec.roleTemplate.ref.configMap

    Description
    ConfigMap specifies a local reference to a ConfigMap whose data["rules"] contains the YAML-encoded list of rbacv1.PolicyRule entries. Only ConfigMaps in the connectors system namespace are supported.
    Type
    object
    PropertyTypeDescription
    namestring

    Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

    .spec.connector

    Description
    Connector specifies which Connectors this policy applies to. If empty, the policy applies to all Connectors in the namespace.
    Type
    object
    PropertyTypeDescription
    matchExpressionsarray

    matchExpressions is a list of label selector requirements. The requirements are ANDed.

    matchLabelsobject

    matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

    namesarray

    Names is an explicit list of resource names to match.

    .spec.connector.matchExpressions

    Description
    matchExpressions is a list of label selector requirements. The requirements are ANDed.
    Type
    array

    .spec.connector.matchExpressions[]

    Description
    A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
    Type
    object
    Required
    keyoperator
    PropertyTypeDescription
    keystring

    key is the label key that the selector applies to.

    operatorstring

    operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

    valuesarray

    values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

    .spec.connector.matchExpressions[].values

    Description
    values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
    Type
    array

    .spec.connector.matchExpressions[].values[]

    Type
    string

    .spec.connector.matchLabels

    Description
    matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
    Type
    object

    .spec.connector.names

    Description
    Names is an explicit list of resource names to match.
    Type
    array

    .spec.connector.names[]

    Type
    string

    .spec.defaultPermission

    Description
    DefaultPermission defines the Role and RoleBinding automatically granted without any approval check.
    Type
    object
    Required
    bindingTemplateroleTemplate
    PropertyTypeDescription
    bindingTemplateobject

    BindingTemplate defines the subjects for the generated RoleBinding.

    roleTemplateobject

    RoleTemplate defines the rules to include in the generated Role.

    .spec.defaultPermission.bindingTemplate

    Description
    BindingTemplate defines the subjects for the generated RoleBinding.
    Type
    object
    PropertyTypeDescription
    serviceAccountsarray

    ServiceAccounts is the list of service account templates to bind.

    .spec.defaultPermission.bindingTemplate.serviceAccounts

    Description
    ServiceAccounts is the list of service account templates to bind.
    Type
    array

    .spec.defaultPermission.bindingTemplate.serviceAccounts[]

    Description
    ServiceAccountTemplate defines a template for binding ServiceAccounts. it extends rbacv1.Subject with dynamic label-based selectors.
    Type
    object
    PropertyTypeDescription
    namesarray

    Names is the list of service account names to bind.

    namespaceSelectorobject

    NamespaceSelector selects Namespaces by label and/or name.

    .spec.defaultPermission.bindingTemplate.serviceAccounts[].names

    Description
    Names is the list of service account names to bind.
    Type
    array

    .spec.defaultPermission.bindingTemplate.serviceAccounts[].names[]

    Type
    string

    .spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector

    Description
    NamespaceSelector selects Namespaces by label and/or name.
    Type
    object
    PropertyTypeDescription
    matchExpressionsarray

    matchExpressions is a list of label selector requirements. The requirements are ANDed.

    matchLabelsobject

    matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

    namesarray

    Names is an explicit list of resource names to match.

    .spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.matchExpressions

    Description
    matchExpressions is a list of label selector requirements. The requirements are ANDed.
    Type
    array

    .spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.matchExpressions[]

    Description
    A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
    Type
    object
    Required
    keyoperator
    PropertyTypeDescription
    keystring

    key is the label key that the selector applies to.

    operatorstring

    operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

    valuesarray

    values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

    .spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.matchExpressions[].values

    Description
    values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
    Type
    array

    .spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.matchExpressions[].values[]

    Type
    string

    .spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.matchLabels

    Description
    matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
    Type
    object

    .spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.names

    Description
    Names is an explicit list of resource names to match.
    Type
    array

    .spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.names[]

    Type
    string

    .spec.defaultPermission.roleTemplate

    Description
    RoleTemplate defines the rules to include in the generated Role.
    Type
    object
    PropertyTypeDescription
    refobject

    Ref specifies a reference to a RoleTemplate

    .spec.defaultPermission.roleTemplate.ref

    Description
    Ref specifies a reference to a RoleTemplate
    Type
    object
    PropertyTypeDescription
    configMapobject

    ConfigMap specifies a local reference to a ConfigMap whose data["rules"] contains the YAML-encoded list of rbacv1.PolicyRule entries. Only ConfigMaps in the connectors system namespace are supported.

    .spec.defaultPermission.roleTemplate.ref.configMap

    Description
    ConfigMap specifies a local reference to a ConfigMap whose data["rules"] contains the YAML-encoded list of rbacv1.PolicyRule entries. Only ConfigMaps in the connectors system namespace are supported.
    Type
    object
    PropertyTypeDescription
    namestring

    Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

    .status

    Description
    AccessPolicyStatus defines the observed state of AccessPolicy.
    Type
    object
    PropertyTypeDescription
    annotationsobject

    Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.

    conditionsarray

    Conditions the latest available observations of a resource's current state.

    matchedConnectorsarray

    MatchedConnectors records the Connector names matched by spec.connector.

    observedGenerationinteger

    ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.

    .status.annotations

    Description
    Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
    Type
    object

    .status.conditions

    Description
    Conditions the latest available observations of a resource's current state.
    Type
    array

    .status.conditions[]

    Description
    Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
    Type
    object
    Required
    statustype
    PropertyTypeDescription
    lastTransitionTimestring

    LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).

    messagestring

    A human readable message indicating details about the transition.

    reasonstring

    The reason for the condition's last transition.

    severitystring

    Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.

    statusstring

    Status of the condition, one of True, False, Unknown.

    typestring

    Type of condition.

    .status.matchedConnectors

    Description
    MatchedConnectors records the Connector names matched by spec.connector.
    Type
    array

    .status.matchedConnectors[]

    Description
    LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
    Type
    object
    PropertyTypeDescription
    namestring

    Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

    API Endpoints

    The following API endpoints are available:

    • /apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies
      • DELETE: delete collection of AccessPolicy
      • GET: list objects of kind AccessPolicy
      • POST: create a new AccessPolicy
    • /apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies/{name}
      • DELETE: delete the specified AccessPolicy
      • GET: read the specified AccessPolicy
      • PATCH: partially update the specified AccessPolicy
      • PUT: replace the specified AccessPolicy
    • /apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies/{name}/status
      • GET: read status of the specified AccessPolicy
      • PATCH: partially update status of the specified AccessPolicy
      • PUT: replace status of the specified AccessPolicy

    /apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies

    HTTP method
    DELETE
    Description
    delete collection of AccessPolicy
    HTTP responses
    HTTP codeResponse body
    200 - OKStatus schema
    401 - UnauthorizedEmpty
    HTTP method
    GET
    Description
    list objects of kind AccessPolicy
    HTTP responses
    HTTP codeResponse body
    200 - OKAccessPolicyList schema
    401 - UnauthorizedEmpty
    HTTP method
    POST
    Description
    create a new AccessPolicy
    Query parameters
    ParameterTypeDescription
    dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
    fieldValidationstringfieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
    Body parameters
    ParameterTypeDescription
    bodyAccessPolicy schemaapplication/json formatted
    HTTP responses
    HTTP codeResponse body
    200 - OKAccessPolicy schema
    201 - CreatedAccessPolicy schema
    202 - AcceptedAccessPolicy schema
    401 - UnauthorizedEmpty

    /apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies/{name}

    HTTP method
    DELETE
    Description
    delete the specified AccessPolicy
    Query parameters
    ParameterTypeDescription
    dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
    HTTP responses
    HTTP codeResponse body
    200 - OKStatus schema
    202 - AcceptedStatus schema
    401 - UnauthorizedEmpty
    HTTP method
    GET
    Description
    read the specified AccessPolicy
    HTTP responses
    HTTP codeResponse body
    200 - OKAccessPolicy schema
    401 - UnauthorizedEmpty
    HTTP method
    PATCH
    Description
    partially update the specified AccessPolicy
    Query parameters
    ParameterTypeDescription
    dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
    fieldValidationstringfieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
    HTTP responses
    HTTP codeResponse body
    200 - OKAccessPolicy schema
    401 - UnauthorizedEmpty
    HTTP method
    PUT
    Description
    replace the specified AccessPolicy
    Query parameters
    ParameterTypeDescription
    dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
    fieldValidationstringfieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
    Body parameters
    ParameterTypeDescription
    bodyAccessPolicy schemaapplication/json formatted
    HTTP responses
    HTTP codeResponse body
    200 - OKAccessPolicy schema
    201 - CreatedAccessPolicy schema
    401 - UnauthorizedEmpty

    /apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies/{name}/status

    HTTP method
    GET
    Description
    read status of the specified AccessPolicy
    HTTP responses
    HTTP codeResponse body
    200 - OKAccessPolicy schema
    401 - UnauthorizedEmpty
    HTTP method
    PATCH
    Description
    partially update status of the specified AccessPolicy
    Query parameters
    ParameterTypeDescription
    dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
    fieldValidationstringfieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
    HTTP responses
    HTTP codeResponse body
    200 - OKAccessPolicy schema
    401 - UnauthorizedEmpty
    HTTP method
    PUT
    Description
    replace status of the specified AccessPolicy
    Query parameters
    ParameterTypeDescription
    dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
    fieldValidationstringfieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
    Body parameters
    ParameterTypeDescription
    bodyAccessPolicy schemaapplication/json formatted
    HTTP responses
    HTTP codeResponse body
    200 - OKAccessPolicy schema
    201 - CreatedAccessPolicy schema
    401 - UnauthorizedEmpty