{ "description": "PolicyRulesWithSubjects prescribes a test that applies to a request to an apiserver. The test considers the subject making the request, the verb being requested, and the resource to be acted upon. This PolicyRulesWithSubjects matches a request if and only if both (a) at least one member of subjects matches the request and (b) at least one member of resourceRules or nonResourceRules matches the request.", "properties": { "nonResourceRules": { "description": "`nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.", "items": { "$ref": "/api/_definitions.json#/$defs/io.k8s.api.flowcontrol.v1.NonResourcePolicyRule" }, "type": [ "array", "null" ], "x-kubernetes-list-type": "atomic" }, "resourceRules": { "description": "`resourceRules` is a slice of ResourcePolicyRules that identify matching requests according to their verb and the target resource. At least one of `resourceRules` and `nonResourceRules` has to be non-empty.", "items": { "$ref": "/api/_definitions.json#/$defs/io.k8s.api.flowcontrol.v1.ResourcePolicyRule" }, "type": [ "array", "null" ], "x-kubernetes-list-type": "atomic" }, "subjects": { "description": "subjects is the list of normal user, serviceaccount, or group that this rule cares about. There must be at least one member in this slice. A slice that includes both the system:authenticated and system:unauthenticated user groups matches every request. Required.", "items": { "$ref": "/api/_definitions.json#/$defs/io.k8s.api.flowcontrol.v1.Subject" }, "type": [ "array", "null" ], "x-kubernetes-list-type": "atomic" } }, "required": [ "subjects" ], "type": "object", "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://kubernetes.io/api/policyruleswithsubjects/flowcontrol/v1" }