Access Token

AccessToken defines a token with permissions.

For example, the following configurations sets up a token with edit permission for the component named wordpress in the default namespace:

apiVersion: core.kalm.dev/v1alpha1
kind: AccessToken
metadata:
name: c153f45fd4344...95d29ec2a3bad2d8
spec:
memo: token for update webhook
rules:
- kind: components
name: wordpress
namespace: default
verb: edit
token: 4ddb864cfx56pkxw

AccessToken

A model to describe general access token permissions, It's designed to be easy to translate to casbin policies.

This model should NOT be generate manually through Kubernetes api directly. Instead, use kalm apis to manage records.

NameTypeDescriptionRequired
memostringmemo for this tokenFalse
tokenstringtoken value, minimum length is 64True
rulesAccessTokenRule[]rules of this tokenTrue
creatorstringcreator of this tokenTrue
expiredAt*metav1.Timewhen will this access token expireFalse

AccessTokenRule

describe the permission this token has.

NameTypeDescriptionRequired
verbAccessTokenVerbwhat this token can doTrue
namespacestringnamespace this rule has effect on, value * means all namespaces.True
kindstringkind of resource this rule has effect on, e.g. Kalm's Component, value * means all kinds of resources.True
namestringname of resource this rule has effect on, value * means all resources of the given kind.True

AccessTokenVerb

NameDescription
viewcan view
editcan edit
managecan manage

AccessTokenStatus

NameTypeDescription
lastUsedAtinttimestamp that this token last been used at.
usedCountintcount of how many times this token has been used.
Last updated on by Liu Mingmin