File tree Expand file tree Collapse file tree 1 file changed +5
-2
lines changed Expand file tree Collapse file tree 1 file changed +5
-2
lines changed Original file line number Diff line number Diff line change @@ -33,8 +33,10 @@ depend on specific fields of specific kinds of objects are handled by Admission
3333Controllers.)
3434
3535When multiple authorization modules are configured, each is checked in sequence,
36- and if any module authorizes the request, then the request can proceed. If all
37- modules deny the request, then the request is denied (HTTP status code 403).
36+ and if any module authorizes the request, then the request can proceed. If any
37+ module denies the request, the request is denied. If all modules have no opinion
38+ on the request, then the request is denied. A deny returns an HTTP status code
39+ 403 .
3840
3941## Review Your Request Attributes
4042Kubernetes reviews only the following API request attributes:
@@ -136,6 +138,7 @@ spec:
136138 verb: create
137139status:
138140 allowed: true
141+ denied: false
139142```
140143
141144## Using Flags for Your Authorization Module
You can’t perform that action at this time.
0 commit comments