k8s_openapi/v1_30/api/authorization/v1/
subject_rules_review_status.rs

1// Generated from definition io.k8s.api.authorization.v1.SubjectRulesReviewStatus
2
3/// SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.
4#[derive(Clone, Debug, Default, PartialEq)]
5pub struct SubjectRulesReviewStatus {
6    /// EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.
7    pub evaluation_error: Option<std::string::String>,
8
9    /// Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
10    pub incomplete: bool,
11
12    /// NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
13    pub non_resource_rules: std::vec::Vec<crate::api::authorization::v1::NonResourceRule>,
14
15    /// ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
16    pub resource_rules: std::vec::Vec<crate::api::authorization::v1::ResourceRule>,
17}
18
19impl crate::DeepMerge for SubjectRulesReviewStatus {
20    fn merge_from(&mut self, other: Self) {
21        crate::DeepMerge::merge_from(&mut self.evaluation_error, other.evaluation_error);
22        crate::DeepMerge::merge_from(&mut self.incomplete, other.incomplete);
23        crate::merge_strategies::list::atomic(&mut self.non_resource_rules, other.non_resource_rules);
24        crate::merge_strategies::list::atomic(&mut self.resource_rules, other.resource_rules);
25    }
26}
27
28impl<'de> crate::serde::Deserialize<'de> for SubjectRulesReviewStatus {
29    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
30        #[allow(non_camel_case_types)]
31        enum Field {
32            Key_evaluation_error,
33            Key_incomplete,
34            Key_non_resource_rules,
35            Key_resource_rules,
36            Other,
37        }
38
39        impl<'de> crate::serde::Deserialize<'de> for Field {
40            fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
41                struct Visitor;
42
43                impl crate::serde::de::Visitor<'_> for Visitor {
44                    type Value = Field;
45
46                    fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
47                        f.write_str("field identifier")
48                    }
49
50                    fn visit_str<E>(self, v: &str) -> Result<Self::Value, E> where E: crate::serde::de::Error {
51                        Ok(match v {
52                            "evaluationError" => Field::Key_evaluation_error,
53                            "incomplete" => Field::Key_incomplete,
54                            "nonResourceRules" => Field::Key_non_resource_rules,
55                            "resourceRules" => Field::Key_resource_rules,
56                            _ => Field::Other,
57                        })
58                    }
59                }
60
61                deserializer.deserialize_identifier(Visitor)
62            }
63        }
64
65        struct Visitor;
66
67        impl<'de> crate::serde::de::Visitor<'de> for Visitor {
68            type Value = SubjectRulesReviewStatus;
69
70            fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
71                f.write_str("SubjectRulesReviewStatus")
72            }
73
74            fn visit_map<A>(self, mut map: A) -> Result<Self::Value, A::Error> where A: crate::serde::de::MapAccess<'de> {
75                let mut value_evaluation_error: Option<std::string::String> = None;
76                let mut value_incomplete: Option<bool> = None;
77                let mut value_non_resource_rules: Option<std::vec::Vec<crate::api::authorization::v1::NonResourceRule>> = None;
78                let mut value_resource_rules: Option<std::vec::Vec<crate::api::authorization::v1::ResourceRule>> = None;
79
80                while let Some(key) = crate::serde::de::MapAccess::next_key::<Field>(&mut map)? {
81                    match key {
82                        Field::Key_evaluation_error => value_evaluation_error = crate::serde::de::MapAccess::next_value(&mut map)?,
83                        Field::Key_incomplete => value_incomplete = crate::serde::de::MapAccess::next_value(&mut map)?,
84                        Field::Key_non_resource_rules => value_non_resource_rules = crate::serde::de::MapAccess::next_value(&mut map)?,
85                        Field::Key_resource_rules => value_resource_rules = crate::serde::de::MapAccess::next_value(&mut map)?,
86                        Field::Other => { let _: crate::serde::de::IgnoredAny = crate::serde::de::MapAccess::next_value(&mut map)?; },
87                    }
88                }
89
90                Ok(SubjectRulesReviewStatus {
91                    evaluation_error: value_evaluation_error,
92                    incomplete: value_incomplete.unwrap_or_default(),
93                    non_resource_rules: value_non_resource_rules.unwrap_or_default(),
94                    resource_rules: value_resource_rules.unwrap_or_default(),
95                })
96            }
97        }
98
99        deserializer.deserialize_struct(
100            "SubjectRulesReviewStatus",
101            &[
102                "evaluationError",
103                "incomplete",
104                "nonResourceRules",
105                "resourceRules",
106            ],
107            Visitor,
108        )
109    }
110}
111
112impl crate::serde::Serialize for SubjectRulesReviewStatus {
113    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: crate::serde::Serializer {
114        let mut state = serializer.serialize_struct(
115            "SubjectRulesReviewStatus",
116            3 +
117            self.evaluation_error.as_ref().map_or(0, |_| 1),
118        )?;
119        if let Some(value) = &self.evaluation_error {
120            crate::serde::ser::SerializeStruct::serialize_field(&mut state, "evaluationError", value)?;
121        }
122        crate::serde::ser::SerializeStruct::serialize_field(&mut state, "incomplete", &self.incomplete)?;
123        crate::serde::ser::SerializeStruct::serialize_field(&mut state, "nonResourceRules", &self.non_resource_rules)?;
124        crate::serde::ser::SerializeStruct::serialize_field(&mut state, "resourceRules", &self.resource_rules)?;
125        crate::serde::ser::SerializeStruct::end(state)
126    }
127}
128
129#[cfg(feature = "schemars")]
130impl crate::schemars::JsonSchema for SubjectRulesReviewStatus {
131    fn schema_name() -> std::borrow::Cow<'static, str> {
132        "io.k8s.api.authorization.v1.SubjectRulesReviewStatus".into()
133    }
134
135    fn json_schema(__gen: &mut crate::schemars::SchemaGenerator) -> crate::schemars::Schema {
136        crate::schemars::json_schema!({
137            "description": "SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.",
138            "type": "object",
139            "properties": {
140                "evaluationError": {
141                    "description": "EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.",
142                    "type": "string",
143                },
144                "incomplete": {
145                    "description": "Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.",
146                    "type": "boolean",
147                },
148                "nonResourceRules": {
149                    "description": "NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
150                    "type": "array",
151                    "items": (__gen.subschema_for::<crate::api::authorization::v1::NonResourceRule>()),
152                },
153                "resourceRules": {
154                    "description": "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
155                    "type": "array",
156                    "items": (__gen.subschema_for::<crate::api::authorization::v1::ResourceRule>()),
157                },
158            },
159            "required": [
160                "incomplete",
161                "nonResourceRules",
162                "resourceRules",
163            ],
164        })
165    }
166}