github/client-go
1
0
Fork 0
mirror of https://github.com/kubernetes/client-go.git synced 2025-09-15 14:48:16 +00:00
Code Issues Projects Releases Wiki Activity

add --as-group option to cli

Browse Source 
The usecase of this change:
When a super user grant some RBAC permissions to a group, he can use
--as-group to test whether the group get the permissions.
Note that now we support as-groups, as-user-extra in kubeconfig file
after this change.

Kubernetes-commit: e541defd49d01024d17dddf8e966eba2c46a6db0
This commit is contained in:
Cao Shufeng
2017-03-23 23:18:53 -04:00
committed by Kubernetes Publisher
parent fdfa162aed
commit 29b5bff0fa
5 changed files with 63 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
tools/clientcmd/api/types.go
View File

@@ -109,6 +109,12 @@ type AuthInfo struct {
// Impersonate is the username to act-as.
// +optional
Impersonate string `json:"act-as,omitempty"`
// ImpersonateGroups is the groups to imperonate.
// +optional
ImpersonateGroups []string `json:"act-as-groups,omitempty"`
// ImpersonateUserExtra contains additional information for impersonated user.
// +optional
ImpersonateUserExtra map[string][]string `json:"act-as-user-extra,omitempty"`
// Username is the username for basic authentication to the kubernetes cluster.
// +optional
Username string `json:"username,omitempty"`
@@ -172,7 +178,10 @@ func NewCluster() *Cluster {
// NewAuthInfo is a convenience function that returns a new AuthInfo
// object with non-nil maps
func NewAuthInfo() *AuthInfo {
return &AuthInfo{Extensions: make(map[string]runtime.Object)}
return &AuthInfo{
Extensions: make(map[string]runtime.Object),
ImpersonateUserExtra: make(map[string][]string),
}
}
// NewPreferences is a convenience function that returns a new

6
tools/clientcmd/api/v1/types.go
View File

@@ -103,6 +103,12 @@ type AuthInfo struct {
// Impersonate is the username to imperonate. The name matches the flag.
// +optional
Impersonate string `json:"as,omitempty"`
// ImpersonateGroups is the groups to imperonate.
// +optional
ImpersonateGroups []string `json:"as-groups,omitempty"`
// ImpersonateUserExtra contains additional information for impersonated user.
// +optional
ImpersonateUserExtra map[string][]string `json:"as-user-extra,omitempty"`
// Username is the username for basic authentication to the kubernetes cluster.
// +optional
Username string `json:"username,omitempty"`