Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.
Groups is the groups you're testing for.
NonResourceAttributes describes information for a non-resource access request
ResourceAuthorizationAttributes describes information for a resource access request
UID information about the requesting user.
User is the user you're testing for. If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groups
Generated using TypeDoc
SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set