rbac: regenerate API docs for commentstart rule

Regenerate the protobuf definitions, swagger docs, apply
configurations, and OpenAPI specs to reflect the updated field godoc
for the rbac API group.

Part of #134671.

Kubernetes-commit: 9e1597ac5b77a3cb4c1fe2b58b0b1e3df0421d37
This commit is contained in:
krishhna24
2026-06-26 03:12:35 +00:00
committed by Kubernetes Publisher
parent 819ef2ecfd
commit 0a04a027d8
24 changed files with 72 additions and 72 deletions

View File

@@ -27,7 +27,7 @@ import (
//
// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
type AggregationRuleApplyConfiguration struct {
// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
// clusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
// If any of the selectors match, then the ClusterRole's permissions will be added
ClusterRoleSelectors []metav1.LabelSelectorApplyConfiguration `json:"clusterRoleSelectors,omitempty"`
}

View File

@@ -33,11 +33,11 @@ import (
// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
type ClusterRoleApplyConfiguration struct {
metav1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Rules holds all the PolicyRules for this ClusterRole
// rules holds all the PolicyRules for this ClusterRole
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
// aggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
// stomped by the controller.
AggregationRule *AggregationRuleApplyConfiguration `json:"aggregationRule,omitempty"`

View File

@@ -34,11 +34,11 @@ import (
// and adds who information via Subject.
type ClusterRoleBindingApplyConfiguration struct {
metav1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Subjects holds references to the objects the role applies to.
// subjects holds references to the objects the role applies to.
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
// RoleRef can only reference a ClusterRole in the global namespace.
// roleRef can only reference a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
// This field is immutable.
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`

View File

@@ -28,16 +28,16 @@ package v1
// PolicyRule holds information that describes a policy rule, but does not contain information
// about who the rule applies to or which namespace the rule applies to.
type PolicyRuleApplyConfiguration struct {
// Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
// verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
Verbs []string `json:"verbs,omitempty"`
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// apiGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
APIGroups []string `json:"apiGroups,omitempty"`
// Resources is a list of resources this rule applies to. '*' represents all resources.
// resources is a list of resources this rule applies to. '*' represents all resources.
Resources []string `json:"resources,omitempty"`
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
// resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
ResourceNames []string `json:"resourceNames,omitempty"`
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
// nonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
NonResourceURLs []string `json:"nonResourceURLs,omitempty"`

View File

@@ -33,9 +33,9 @@ import (
// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
type RoleApplyConfiguration struct {
metav1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Rules holds all the PolicyRules for this Role
// rules holds all the PolicyRules for this Role
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
}

View File

@@ -35,11 +35,11 @@ import (
// namespace only have effect in that namespace.
type RoleBindingApplyConfiguration struct {
metav1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Subjects holds references to the objects the role applies to.
// subjects holds references to the objects the role applies to.
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
// roleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
// This field is immutable.
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`

View File

@@ -23,11 +23,11 @@ package v1
//
// RoleRef contains information that points to the role being used
type RoleRefApplyConfiguration struct {
// APIGroup is the group for the resource being referenced
// apiGroup is the group for the resource being referenced
APIGroup *string `json:"apiGroup,omitempty"`
// Kind is the type of resource being referenced
// kind is the type of resource being referenced
Kind *string `json:"kind,omitempty"`
// Name is the name of resource being referenced
// name is the name of resource being referenced
Name *string `json:"name,omitempty"`
}

View File

@@ -24,16 +24,16 @@ package v1
// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
// or a value for non-objects such as user and group names.
type SubjectApplyConfiguration struct {
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
Kind *string `json:"kind,omitempty"`
// APIGroup holds the API group of the referenced subject.
// apiGroup holds the API group of the referenced subject.
// Defaults to "" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
APIGroup *string `json:"apiGroup,omitempty"`
// Name of the object being referenced.
// name of the object being referenced.
Name *string `json:"name,omitempty"`
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
// namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
// the Authorizer should report an error.
Namespace *string `json:"namespace,omitempty"`
}

View File

@@ -27,7 +27,7 @@ import (
//
// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
type AggregationRuleApplyConfiguration struct {
// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
// clusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
// If any of the selectors match, then the ClusterRole's permissions will be added
ClusterRoleSelectors []v1.LabelSelectorApplyConfiguration `json:"clusterRoleSelectors,omitempty"`
}

View File

@@ -34,11 +34,11 @@ import (
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 ClusterRole, and will no longer be served in v1.22.
type ClusterRoleApplyConfiguration struct {
v1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Rules holds all the PolicyRules for this ClusterRole
// rules holds all the PolicyRules for this ClusterRole
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
// aggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
// stomped by the controller.
AggregationRule *AggregationRuleApplyConfiguration `json:"aggregationRule,omitempty"`

View File

@@ -35,11 +35,11 @@ import (
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 ClusterRoleBinding, and will no longer be served in v1.22.
type ClusterRoleBindingApplyConfiguration struct {
v1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Subjects holds references to the objects the role applies to.
// subjects holds references to the objects the role applies to.
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
// RoleRef can only reference a ClusterRole in the global namespace.
// roleRef can only reference a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`
}

View File

@@ -28,16 +28,16 @@ package v1alpha1
// PolicyRule holds information that describes a policy rule, but does not contain information
// about who the rule applies to or which namespace the rule applies to.
type PolicyRuleApplyConfiguration struct {
// Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
// verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
Verbs []string `json:"verbs,omitempty"`
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// apiGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
APIGroups []string `json:"apiGroups,omitempty"`
// Resources is a list of resources this rule applies to. '*' represents all resources.
// resources is a list of resources this rule applies to. '*' represents all resources.
Resources []string `json:"resources,omitempty"`
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
// resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
ResourceNames []string `json:"resourceNames,omitempty"`
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
// nonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
NonResourceURLs []string `json:"nonResourceURLs,omitempty"`

View File

@@ -34,9 +34,9 @@ import (
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 Role, and will no longer be served in v1.22.
type RoleApplyConfiguration struct {
v1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Rules holds all the PolicyRules for this Role
// rules holds all the PolicyRules for this Role
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
}

View File

@@ -36,11 +36,11 @@ import (
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 RoleBinding, and will no longer be served in v1.22.
type RoleBindingApplyConfiguration struct {
v1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Subjects holds references to the objects the role applies to.
// subjects holds references to the objects the role applies to.
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
// roleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`
}

View File

@@ -23,11 +23,11 @@ package v1alpha1
//
// RoleRef contains information that points to the role being used
type RoleRefApplyConfiguration struct {
// APIGroup is the group for the resource being referenced
// apiGroup is the group for the resource being referenced
APIGroup *string `json:"apiGroup,omitempty"`
// Kind is the type of resource being referenced
// kind is the type of resource being referenced
Kind *string `json:"kind,omitempty"`
// Name is the name of resource being referenced
// name is the name of resource being referenced
Name *string `json:"name,omitempty"`
}

View File

@@ -24,16 +24,16 @@ package v1alpha1
// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
// or a value for non-objects such as user and group names.
type SubjectApplyConfiguration struct {
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
Kind *string `json:"kind,omitempty"`
// APIVersion holds the API group and version of the referenced subject.
// apiVersion holds the API group and version of the referenced subject.
// Defaults to "v1" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io/v1alpha1" for User and Group subjects.
APIVersion *string `json:"apiVersion,omitempty"`
// Name of the object being referenced.
// name of the object being referenced.
Name *string `json:"name,omitempty"`
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
// namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
// the Authorizer should report an error.
Namespace *string `json:"namespace,omitempty"`
}

View File

@@ -27,7 +27,7 @@ import (
//
// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
type AggregationRuleApplyConfiguration struct {
// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
// clusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
// If any of the selectors match, then the ClusterRole's permissions will be added
ClusterRoleSelectors []v1.LabelSelectorApplyConfiguration `json:"clusterRoleSelectors,omitempty"`
}

View File

@@ -34,11 +34,11 @@ import (
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 ClusterRole, and will no longer be served in v1.22.
type ClusterRoleApplyConfiguration struct {
v1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Rules holds all the PolicyRules for this ClusterRole
// rules holds all the PolicyRules for this ClusterRole
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
// aggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
// stomped by the controller.
AggregationRule *AggregationRuleApplyConfiguration `json:"aggregationRule,omitempty"`

View File

@@ -35,11 +35,11 @@ import (
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 ClusterRoleBinding, and will no longer be served in v1.22.
type ClusterRoleBindingApplyConfiguration struct {
v1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Subjects holds references to the objects the role applies to.
// subjects holds references to the objects the role applies to.
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
// RoleRef can only reference a ClusterRole in the global namespace.
// roleRef can only reference a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`
}

View File

@@ -28,17 +28,17 @@ package v1beta1
// PolicyRule holds information that describes a policy rule, but does not contain information
// about who the rule applies to or which namespace the rule applies to.
type PolicyRuleApplyConfiguration struct {
// Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
// verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
Verbs []string `json:"verbs,omitempty"`
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// apiGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
APIGroups []string `json:"apiGroups,omitempty"`
// Resources is a list of resources this rule applies to. '*' represents all resources in the specified apiGroups.
// resources is a list of resources this rule applies to. '*' represents all resources in the specified apiGroups.
// '*/foo' represents the subresource 'foo' for all resources in the specified apiGroups.
Resources []string `json:"resources,omitempty"`
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
// resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
ResourceNames []string `json:"resourceNames,omitempty"`
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
// nonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
NonResourceURLs []string `json:"nonResourceURLs,omitempty"`

View File

@@ -34,9 +34,9 @@ import (
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 Role, and will no longer be served in v1.22.
type RoleApplyConfiguration struct {
v1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Rules holds all the PolicyRules for this Role
// rules holds all the PolicyRules for this Role
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
}

View File

@@ -36,11 +36,11 @@ import (
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 RoleBinding, and will no longer be served in v1.22.
type RoleBindingApplyConfiguration struct {
v1.TypeMetaApplyConfiguration `json:""`
// Standard object's metadata.
// metadata is the standard object's metadata.
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
// Subjects holds references to the objects the role applies to.
// subjects holds references to the objects the role applies to.
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
// roleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
// If the RoleRef cannot be resolved, the Authorizer must return an error.
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`
}

View File

@@ -23,11 +23,11 @@ package v1beta1
//
// RoleRef contains information that points to the role being used
type RoleRefApplyConfiguration struct {
// APIGroup is the group for the resource being referenced
// apiGroup is the group for the resource being referenced
APIGroup *string `json:"apiGroup,omitempty"`
// Kind is the type of resource being referenced
// kind is the type of resource being referenced
Kind *string `json:"kind,omitempty"`
// Name is the name of resource being referenced
// name is the name of resource being referenced
Name *string `json:"name,omitempty"`
}

View File

@@ -24,16 +24,16 @@ package v1beta1
// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
// or a value for non-objects such as user and group names.
type SubjectApplyConfiguration struct {
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
Kind *string `json:"kind,omitempty"`
// APIGroup holds the API group of the referenced subject.
// apiGroup holds the API group of the referenced subject.
// Defaults to "" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
APIGroup *string `json:"apiGroup,omitempty"`
// Name of the object being referenced.
// name of the object being referenced.
Name *string `json:"name,omitempty"`
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
// namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
// the Authorizer should report an error.
Namespace *string `json:"namespace,omitempty"`
}