From f957de7217c868b4f071942d05af64ced5e6c095 Mon Sep 17 00:00:00 2001
From: windsonsea <haifeng.yao@daocloud.io>
Date: Sat, 16 Jul 2022 13:07:22 +0800
Subject: [PATCH] updated /kubernetes-api/authorization-resources/

---
 .../self-subject-access-review-v1.md          |  4 +-
 .../self-subject-rules-review-v1.md           | 55 ++++++++++++-------
 2 files changed, 36 insertions(+), 23 deletions(-)

diff --git a/content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-access-review-v1.md b/content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-access-review-v1.md
index 164a054c41422..6ed5ef043144d 100644
--- a/content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-access-review-v1.md
+++ b/content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-access-review-v1.md
@@ -45,8 +45,8 @@ Self 是一个特殊情况，因为用户应始终能够检查自己是否可以
 -->
 - **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
 
-  标准的列表元数据。
-  更多信息：https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+  标准的列表元数据。更多信息：
+  https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 - **spec** (<a href="{{< ref "../authorization-resources/self-subject-access-review-v1#SelfSubjectAccessReviewSpec" >}}">SelfSubjectAccessReviewSpec</a>)，必需
   
diff --git a/content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-rules-review-v1.md b/content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-rules-review-v1.md
index e4c39decdca3d..a93e7b1b9431f 100644
--- a/content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-rules-review-v1.md
+++ b/content/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-rules-review-v1.md
@@ -49,8 +49,8 @@ SubjectAccessReview 和 LocalAccessReview 是遵从 API 服务器所做鉴权决
 -->  
 - **metadata** (<a href="{{< ref "../common-definitions/object-meta#ObjectMeta" >}}">ObjectMeta</a>)
 
-  标准的列表元数据。
-  更多信息：https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+  标准的列表元数据。更多信息：
+  https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 
 - **spec** (<a href="{{< ref "../authorization-resources/self-subject-rules-review-v1#SelfSubjectRulesReviewSpec" >}}">SelfSubjectRulesReviewSpec</a>)，必需
   
@@ -60,12 +60,6 @@ SubjectAccessReview 和 LocalAccessReview 是遵从 API 服务器所做鉴权决
   Status is filled in by the server and indicates the set of actions a user can perform.
   <a name="SubjectRulesReviewStatus"></a>
   *SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.*
-  - **status.incomplete** (boolean), required
-    Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
-  - **status.nonResourceRules** ([]NonResourceRule), required
-    NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
-    <a name="NonResourceRule"></a>
-    *NonResourceRule holds information that describes a rule for the non-resource*
 -->
 - **status** (SubjectRulesReviewStatus)
   
@@ -76,6 +70,15 @@ SubjectAccessReview 和 LocalAccessReview 是遵从 API 服务器所做鉴权决
   此检查可能不完整，具体取决于服务器配置的 Authorizer 的集合以及评估期间遇到的任何错误。
   由于鉴权规则是叠加的，所以如果某个规则出现在列表中，即使该列表不完整，也可以安全地假定该主体拥有该权限。**
 
+  <!--
+  - **status.incomplete** (boolean), required
+    Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
+  - **status.nonResourceRules** ([]NonResourceRule), required
+    NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
+    <a name="NonResourceRule"></a>
+    *NonResourceRule holds information that describes a rule for the non-resource*
+  -->
+
   - **status.incomplete** (boolean)，必需
     
     当此调用返回的规则不完整时，incomplete 结果为 true。
@@ -88,18 +91,14 @@ SubjectAccessReview 和 LocalAccessReview 是遵从 API 服务器所做鉴权决
     
     <a name="NonResourceRule"></a>
     **nonResourceRule 包含描述非资源路径的规则的信息。**
-<!--
+
+    <!--
     - **status.nonResourceRules.verbs** ([]string), required
       Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options.  "*" means all.
     - **status.nonResourceRules.nonResourceURLs** ([]string)
-      NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path.  "*" means all.
-  - **status.resourceRules** ([]ResourceRule), required
-    ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
-    <a name="ResourceRule"></a>
-    *ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.*
-    - **status.resourceRules.verbs** ([]string), required
-    Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy.  "*" means all.  
--->
+      NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full, final step in the path.  "*" means all. 
+    -->
+
     - **status.nonResourceRules.verbs** ([]string)，必需
       
       verb 是 kubernetes 非资源 API 动作的列表，例如 get、post、put、delete、patch、head、options。
@@ -110,6 +109,15 @@ SubjectAccessReview 和 LocalAccessReview 是遵从 API 服务器所做鉴权决
       nonResourceURLs 是用户应有权访问的一组部分 URL。
       允许使用 "*"，但仅能作为路径中最后一段且必须用于完整的一段。
       "*" 表示全部。
+      
+  <!--
+  - **status.resourceRules** ([]ResourceRule), required
+    ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
+    <a name="ResourceRule"></a>
+    *ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.*
+    - **status.resourceRules.verbs** ([]string), required
+    Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy.  "*" means all. 
+  -->
 
   - **status.resourceRules** ([]ResourceRule)，必需
     
@@ -123,7 +131,8 @@ SubjectAccessReview 和 LocalAccessReview 是遵从 API 服务器所做鉴权决
       
       verb 是 kubernetes 资源 API 动作的列表，例如 get、list、watch、create、update、delete、proxy。
       "*" 表示所有动作。
-<!--
+
+    <!--
     - **status.resourceRules.apiGroups** ([]string)
       APIGroups is the name of the APIGroup that contains the resources.  If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.  "*" means all.
     - **status.resourceRules.resourceNames** ([]string)
@@ -131,9 +140,8 @@ SubjectAccessReview 和 LocalAccessReview 是遵从 API 服务器所做鉴权决
     - **status.resourceRules.resources** ([]string)
       Resources is a list of resources this rule applies to.  "*" means all in the specified apiGroups.
        "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
-  - **status.evaluationError** (string)
-    EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.
---> 
+    -->
+
     - **status.resourceRules.apiGroups** ([]string)
       
       apiGroups 是包含资源的 APIGroup 的名称。
@@ -152,6 +160,11 @@ SubjectAccessReview 和 LocalAccessReview 是遵从 API 服务器所做鉴权决
       "*" 表示指定 APIGroup 中的所有资源。
       "*/foo" 表示指定 APIGroup 中所有资源的子资源 "foo"。
 
+  <!--
+  - **status.evaluationError** (string)
+    EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.
+  -->
+
   - **status.evaluationError** (string)
     
     evaluationError 可以与 rules 一起出现。