Use dedicated Unix User and Group ID types

Kubernetes-commit: 9440a68744ea97a45ceeef6d75466405ac101ea1
2025-07-30 22:35:10 +00:00 · 2017-04-20 12:57:07 +02:00 · 2017-04-20 12:57:07 +02:00 · 958f3df6a4
commit 958f3df6a4
parent dad27d745a
11 changed files with 936 additions and 789 deletions
--- a/pkg/api/types.go
+++ b/pkg/api/types.go
@ -2153,7 +2153,7 @@ type PodSecurityContext struct {
 	// PodSecurityContext, the value specified in SecurityContext takes precedence
 	// for that container.
 	// +optional
-	RunAsUser *int64
+	RunAsUser *types.UnixUserID
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
@ -2166,7 +2166,7 @@ type PodSecurityContext struct {
 	// to the container's primary GID.  If unspecified, no groups will be added to
 	// any container.
 	// +optional
-	SupplementalGroups []int64
+	SupplementalGroups []types.UnixGroupID
 	// A special supplemental group that applies to all containers in a pod.
 	// Some volume types allow the Kubelet to change the ownership of that volume
 	// to be owned by the pod:
@ -2177,7 +2177,7 @@ type PodSecurityContext struct {
 	//
 	// If unset, the Kubelet will not modify the ownership and permissions of any volume.
 	// +optional
-	FSGroup *int64
+	FSGroup *types.UnixGroupID
 }

 // PodQOSClass defines the supported qos classes of Pods.
@ -3776,7 +3776,7 @@ type SecurityContext struct {
 	// May also be set in PodSecurityContext.  If set in both SecurityContext and
 	// PodSecurityContext, the value specified in SecurityContext takes precedence.
 	// +optional
-	RunAsUser *int64
+	RunAsUser *types.UnixUserID
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
--- a/pkg/api/v1/generated.pb.go
+++ b/pkg/api/v1/generated.pb.go
--- a/pkg/api/v1/types.generated.go
+++ b/pkg/api/v1/types.generated.go
@ -35864,6 +35864,7 @@ func (x *PodSecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
 						yym8 := z.EncBinary()
 						_ = yym8
 						if false {
+						} else if z.HasExtensions() && z.EncExt(yy7) {
 						} else {
 							r.EncodeInt(int64(yy7))
 						}
@ -35883,6 +35884,7 @@ func (x *PodSecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
 						yym10 := z.EncBinary()
 						_ = yym10
 						if false {
+						} else if z.HasExtensions() && z.EncExt(yy9) {
 						} else {
 							r.EncodeInt(int64(yy9))
 						}
@ -35934,7 +35936,7 @@ func (x *PodSecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
 						_ = yym17
 						if false {
 						} else {
-							z.F.EncSliceInt64V(x.SupplementalGroups, false, e)
+							h.encSlicetypes_UnixGroupID(([]pkg1_types.UnixGroupID)(x.SupplementalGroups), e)
 						}
 					}
 				} else {
@ -35952,7 +35954,7 @@ func (x *PodSecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
 						_ = yym18
 						if false {
 						} else {
-							z.F.EncSliceInt64V(x.SupplementalGroups, false, e)
+							h.encSlicetypes_UnixGroupID(([]pkg1_types.UnixGroupID)(x.SupplementalGroups), e)
 						}
 					}
 				}
@ -35967,6 +35969,7 @@ func (x *PodSecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
 						yym21 := z.EncBinary()
 						_ = yym21
 						if false {
+						} else if z.HasExtensions() && z.EncExt(yy20) {
 						} else {
 							r.EncodeInt(int64(yy20))
 						}
@ -35986,6 +35989,7 @@ func (x *PodSecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
 						yym23 := z.EncBinary()
 						_ = yym23
 						if false {
+						} else if z.HasExtensions() && z.EncExt(yy22) {
 						} else {
 							r.EncodeInt(int64(yy22))
 						}
@ -36071,11 +36075,12 @@ func (x *PodSecurityContext) codecDecodeSelfFromMap(l int, d *codec1978.Decoder)
 				}
 			} else {
 				if x.RunAsUser == nil {
-					x.RunAsUser = new(int64)
+					x.RunAsUser = new(pkg1_types.UnixUserID)
 				}
 				yym6 := z.DecBinary()
 				_ = yym6
 				if false {
+				} else if z.HasExtensions() && z.DecExt(x.RunAsUser) {
 				} else {
 					*((*int64)(x.RunAsUser)) = int64(r.DecodeInt(64))
 				}
@ -36105,7 +36110,7 @@ func (x *PodSecurityContext) codecDecodeSelfFromMap(l int, d *codec1978.Decoder)
 				_ = yym10
 				if false {
 				} else {
-					z.F.DecSliceInt64X(yyv9, false, d)
+					h.decSlicetypes_UnixGroupID((*[]pkg1_types.UnixGroupID)(yyv9), d)
 				}
 			}
 		case "fsGroup":
@ -36115,11 +36120,12 @@ func (x *PodSecurityContext) codecDecodeSelfFromMap(l int, d *codec1978.Decoder)
 				}
 			} else {
 				if x.FSGroup == nil {
-					x.FSGroup = new(int64)
+					x.FSGroup = new(pkg1_types.UnixGroupID)
 				}
 				yym12 := z.DecBinary()
 				_ = yym12
 				if false {
+				} else if z.HasExtensions() && z.DecExt(x.FSGroup) {
 				} else {
 					*((*int64)(x.FSGroup)) = int64(r.DecodeInt(64))
 				}
@ -36176,11 +36182,12 @@ func (x *PodSecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decode
 		}
 	} else {
 		if x.RunAsUser == nil {
-			x.RunAsUser = new(int64)
+			x.RunAsUser = new(pkg1_types.UnixUserID)
 		}
 		yym16 := z.DecBinary()
 		_ = yym16
 		if false {
+		} else if z.HasExtensions() && z.DecExt(x.RunAsUser) {
 		} else {
 			*((*int64)(x.RunAsUser)) = int64(r.DecodeInt(64))
 		}
@ -36230,7 +36237,7 @@ func (x *PodSecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decode
 		_ = yym20
 		if false {
 		} else {
-			z.F.DecSliceInt64X(yyv19, false, d)
+			h.decSlicetypes_UnixGroupID((*[]pkg1_types.UnixGroupID)(yyv19), d)
 		}
 	}
 	yyj13++
@ -36250,11 +36257,12 @@ func (x *PodSecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decode
 		}
 	} else {
 		if x.FSGroup == nil {
-			x.FSGroup = new(int64)
+			x.FSGroup = new(pkg1_types.UnixGroupID)
 		}
 		yym22 := z.DecBinary()
 		_ = yym22
 		if false {
+		} else if z.HasExtensions() && z.DecExt(x.FSGroup) {
 		} else {
 			*((*int64)(x.FSGroup)) = int64(r.DecodeInt(64))
 		}
@ -66020,6 +66028,7 @@ func (x *SecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
 						yym16 := z.EncBinary()
 						_ = yym16
 						if false {
+						} else if z.HasExtensions() && z.EncExt(yy15) {
 						} else {
 							r.EncodeInt(int64(yy15))
 						}
@ -66039,6 +66048,7 @@ func (x *SecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
 						yym18 := z.EncBinary()
 						_ = yym18
 						if false {
+						} else if z.HasExtensions() && z.EncExt(yy17) {
 						} else {
 							r.EncodeInt(int64(yy17))
 						}
@ -66221,11 +66231,12 @@ func (x *SecurityContext) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
 				}
 			} else {
 				if x.RunAsUser == nil {
-					x.RunAsUser = new(int64)
+					x.RunAsUser = new(pkg1_types.UnixUserID)
 				}
 				yym9 := z.DecBinary()
 				_ = yym9
 				if false {
+				} else if z.HasExtensions() && z.DecExt(x.RunAsUser) {
 				} else {
 					*((*int64)(x.RunAsUser)) = int64(r.DecodeInt(64))
 				}
@ -66361,11 +66372,12 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
 		}
 	} else {
 		if x.RunAsUser == nil {
-			x.RunAsUser = new(int64)
+			x.RunAsUser = new(pkg1_types.UnixUserID)
 		}
 		yym20 := z.DecBinary()
 		_ = yym20
 		if false {
+		} else if z.HasExtensions() && z.DecExt(x.RunAsUser) {
 		} else {
 			*((*int64)(x.RunAsUser)) = int64(r.DecodeInt(64))
 		}
@ -70239,6 +70251,143 @@ func (x codecSelfer1234) decSliceHostAlias(v *[]HostAlias, d *codec1978.Decoder)
 	}
 }

+func (x codecSelfer1234) encSlicetypes_UnixGroupID(v []pkg1_types.UnixGroupID, e *codec1978.Encoder) {
+	var h codecSelfer1234
+	z, r := codec1978.GenHelperEncoder(e)
+	_, _, _ = h, z, r
+	r.EncodeArrayStart(len(v))
+	for _, yyv1 := range v {
+		z.EncSendContainerState(codecSelfer_containerArrayElem1234)
+		yym2 := z.EncBinary()
+		_ = yym2
+		if false {
+		} else if z.HasExtensions() && z.EncExt(yyv1) {
+		} else {
+			r.EncodeInt(int64(yyv1))
+		}
+	}
+	z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
+}
+
+func (x codecSelfer1234) decSlicetypes_UnixGroupID(v *[]pkg1_types.UnixGroupID, d *codec1978.Decoder) {
+	var h codecSelfer1234
+	z, r := codec1978.GenHelperDecoder(d)
+	_, _, _ = h, z, r
+
+	yyv1 := *v
+	yyh1, yyl1 := z.DecSliceHelperStart()
+	var yyc1 bool
+	_ = yyc1
+	if yyl1 == 0 {
+		if yyv1 == nil {
+			yyv1 = []pkg1_types.UnixGroupID{}
+			yyc1 = true
+		} else if len(yyv1) != 0 {
+			yyv1 = yyv1[:0]
+			yyc1 = true
+		}
+	} else if yyl1 > 0 {
+		var yyrr1, yyrl1 int
+		var yyrt1 bool
+		_, _ = yyrl1, yyrt1
+		yyrr1 = yyl1 // len(yyv1)
+		if yyl1 > cap(yyv1) {
+
+			yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 8)
+			if yyrt1 {
+				if yyrl1 <= cap(yyv1) {
+					yyv1 = yyv1[:yyrl1]
+				} else {
+					yyv1 = make([]pkg1_types.UnixGroupID, yyrl1)
+				}
+			} else {
+				yyv1 = make([]pkg1_types.UnixGroupID, yyrl1)
+			}
+			yyc1 = true
+			yyrr1 = len(yyv1)
+		} else if yyl1 != len(yyv1) {
+			yyv1 = yyv1[:yyl1]
+			yyc1 = true
+		}
+		yyj1 := 0
+		for ; yyj1 < yyrr1; yyj1++ {
+			yyh1.ElemContainerState(yyj1)
+			if r.TryDecodeAsNil() {
+				yyv1[yyj1] = 0
+			} else {
+				yyv2 := &yyv1[yyj1]
+				yym3 := z.DecBinary()
+				_ = yym3
+				if false {
+				} else if z.HasExtensions() && z.DecExt(yyv2) {
+				} else {
+					*((*int64)(yyv2)) = int64(r.DecodeInt(64))
+				}
+			}
+
+		}
+		if yyrt1 {
+			for ; yyj1 < yyl1; yyj1++ {
+				yyv1 = append(yyv1, 0)
+				yyh1.ElemContainerState(yyj1)
+				if r.TryDecodeAsNil() {
+					yyv1[yyj1] = 0
+				} else {
+					yyv4 := &yyv1[yyj1]
+					yym5 := z.DecBinary()
+					_ = yym5
+					if false {
+					} else if z.HasExtensions() && z.DecExt(yyv4) {
+					} else {
+						*((*int64)(yyv4)) = int64(r.DecodeInt(64))
+					}
+				}
+
+			}
+		}
+
+	} else {
+		yyj1 := 0
+		for ; !r.CheckBreak(); yyj1++ {
+
+			if yyj1 >= len(yyv1) {
+				yyv1 = append(yyv1, 0) // var yyz1 pkg1_types.UnixGroupID
+				yyc1 = true
+			}
+			yyh1.ElemContainerState(yyj1)
+			if yyj1 < len(yyv1) {
+				if r.TryDecodeAsNil() {
+					yyv1[yyj1] = 0
+				} else {
+					yyv6 := &yyv1[yyj1]
+					yym7 := z.DecBinary()
+					_ = yym7
+					if false {
+					} else if z.HasExtensions() && z.DecExt(yyv6) {
+					} else {
+						*((*int64)(yyv6)) = int64(r.DecodeInt(64))
+					}
+				}
+
+			} else {
+				z.DecSwallow()
+			}
+
+		}
+		if yyj1 < len(yyv1) {
+			yyv1 = yyv1[:yyj1]
+			yyc1 = true
+		} else if yyj1 == 0 && yyv1 == nil {
+			yyv1 = []pkg1_types.UnixGroupID{}
+			yyc1 = true
+		}
+	}
+	yyh1.End()
+	if yyc1 {
+		*v = yyv1
+	}
+}
+
 func (x codecSelfer1234) encSlicePodCondition(v []PodCondition, e *codec1978.Encoder) {
 	var h codecSelfer1234
 	z, r := codec1978.GenHelperEncoder(e)
--- a/pkg/api/v1/types.go
+++ b/pkg/api/v1/types.go
@ -2440,7 +2440,7 @@ type PodSecurityContext struct {
 	// PodSecurityContext, the value specified in SecurityContext takes precedence
 	// for that container.
 	// +optional
-	RunAsUser *int64 `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser"`
+	RunAsUser *types.UnixUserID `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser,casttype=k8s.io/apimachinery/pkg/types.UnixUserID"`
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
@ -2453,7 +2453,7 @@ type PodSecurityContext struct {
 	// to the container's primary GID.  If unspecified, no groups will be added to
 	// any container.
 	// +optional
-	SupplementalGroups []int64 `json:"supplementalGroups,omitempty" protobuf:"varint,4,rep,name=supplementalGroups"`
+	SupplementalGroups []types.UnixGroupID `json:"supplementalGroups,omitempty" protobuf:"varint,4,rep,name=supplementalGroups,casttype=k8s.io/apimachinery/pkg/types.UnixGroupID"`
 	// A special supplemental group that applies to all containers in a pod.
 	// Some volume types allow the Kubelet to change the ownership of that volume
 	// to be owned by the pod:
@ -2464,7 +2464,7 @@ type PodSecurityContext struct {
 	//
 	// If unset, the Kubelet will not modify the ownership and permissions of any volume.
 	// +optional
-	FSGroup *int64 `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup"`
+	FSGroup *types.UnixGroupID `json:"fsGroup,omitempty" protobuf:"varint,5,opt,name=fsGroup,casttype=k8s.io/apimachinery/pkg/types.UnixGroupID"`
 }

 // PodQOSClass defines the supported qos classes of Pods.
@ -4367,7 +4367,7 @@ type SecurityContext struct {
 	// May also be set in PodSecurityContext.  If set in both SecurityContext and
 	// PodSecurityContext, the value specified in SecurityContext takes precedence.
 	// +optional
-	RunAsUser *int64 `json:"runAsUser,omitempty" protobuf:"varint,4,opt,name=runAsUser"`
+	RunAsUser *types.UnixUserID `json:"runAsUser,omitempty" protobuf:"varint,4,opt,name=runAsUser,casttype=k8s.io/apimachinery/pkg/types.UnixUserID"`
 	// Indicates that the container must run as a non-root user.
 	// If true, the Kubelet will validate the image at runtime to ensure that it
 	// does not run as UID 0 (root) and fail to start the container if it does.
--- a/pkg/api/v1/zz_generated.conversion.go
+++ b/pkg/api/v1/zz_generated.conversion.go
@ -3412,10 +3412,10 @@ func Convert_api_PodProxyOptions_To_v1_PodProxyOptions(in *api.PodProxyOptions,

 func autoConvert_v1_PodSecurityContext_To_api_PodSecurityContext(in *PodSecurityContext, out *api.PodSecurityContext, s conversion.Scope) error {
 	out.SELinuxOptions = (*api.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions))
-	out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser))
+	out.RunAsUser = (*types.UnixUserID)(unsafe.Pointer(in.RunAsUser))
 	out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot))
-	out.SupplementalGroups = *(*[]int64)(unsafe.Pointer(&in.SupplementalGroups))
-	out.FSGroup = (*int64)(unsafe.Pointer(in.FSGroup))
+	out.SupplementalGroups = *(*[]types.UnixGroupID)(unsafe.Pointer(&in.SupplementalGroups))
+	out.FSGroup = (*types.UnixGroupID)(unsafe.Pointer(in.FSGroup))
 	return nil
 }

@ -3424,10 +3424,10 @@ func autoConvert_api_PodSecurityContext_To_v1_PodSecurityContext(in *api.PodSecu
 	// INFO: in.HostPID opted out of conversion generation
 	// INFO: in.HostIPC opted out of conversion generation
 	out.SELinuxOptions = (*SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions))
-	out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser))
+	out.RunAsUser = (*types.UnixUserID)(unsafe.Pointer(in.RunAsUser))
 	out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot))
-	out.SupplementalGroups = *(*[]int64)(unsafe.Pointer(&in.SupplementalGroups))
-	out.FSGroup = (*int64)(unsafe.Pointer(in.FSGroup))
+	out.SupplementalGroups = *(*[]types.UnixGroupID)(unsafe.Pointer(&in.SupplementalGroups))
+	out.FSGroup = (*types.UnixGroupID)(unsafe.Pointer(in.FSGroup))
 	return nil
 }

@ -4487,7 +4487,7 @@ func autoConvert_v1_SecurityContext_To_api_SecurityContext(in *SecurityContext,
 	out.Capabilities = (*api.Capabilities)(unsafe.Pointer(in.Capabilities))
 	out.Privileged = (*bool)(unsafe.Pointer(in.Privileged))
 	out.SELinuxOptions = (*api.SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions))
-	out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser))
+	out.RunAsUser = (*types.UnixUserID)(unsafe.Pointer(in.RunAsUser))
 	out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot))
 	out.ReadOnlyRootFilesystem = (*bool)(unsafe.Pointer(in.ReadOnlyRootFilesystem))
 	return nil
@ -4502,7 +4502,7 @@ func autoConvert_api_SecurityContext_To_v1_SecurityContext(in *api.SecurityConte
 	out.Capabilities = (*Capabilities)(unsafe.Pointer(in.Capabilities))
 	out.Privileged = (*bool)(unsafe.Pointer(in.Privileged))
 	out.SELinuxOptions = (*SELinuxOptions)(unsafe.Pointer(in.SELinuxOptions))
-	out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser))
+	out.RunAsUser = (*types.UnixUserID)(unsafe.Pointer(in.RunAsUser))
 	out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot))
 	out.ReadOnlyRootFilesystem = (*bool)(unsafe.Pointer(in.ReadOnlyRootFilesystem))
 	return nil
--- a/pkg/api/v1/zz_generated.deepcopy.go
+++ b/pkg/api/v1/zz_generated.deepcopy.go
@ -2317,7 +2317,7 @@ func DeepCopy_v1_PodSecurityContext(in interface{}, out interface{}, c *conversi
 		}
 		if in.RunAsUser != nil {
 			in, out := &in.RunAsUser, &out.RunAsUser
-			*out = new(int64)
+			*out = new(types.UnixUserID)
 			**out = **in
 		}
 		if in.RunAsNonRoot != nil {
@ -2327,12 +2327,12 @@ func DeepCopy_v1_PodSecurityContext(in interface{}, out interface{}, c *conversi
 		}
 		if in.SupplementalGroups != nil {
 			in, out := &in.SupplementalGroups, &out.SupplementalGroups
-			*out = make([]int64, len(*in))
+			*out = make([]types.UnixGroupID, len(*in))
 			copy(*out, *in)
 		}
 		if in.FSGroup != nil {
 			in, out := &in.FSGroup, &out.FSGroup
-			*out = new(int64)
+			*out = new(types.UnixGroupID)
 			**out = **in
 		}
 		return nil
@ -3076,7 +3076,7 @@ func DeepCopy_v1_SecurityContext(in interface{}, out interface{}, c *conversion.
 		}
 		if in.RunAsUser != nil {
 			in, out := &in.RunAsUser, &out.RunAsUser
-			*out = new(int64)
+			*out = new(types.UnixUserID)
 			**out = **in
 		}
 		if in.RunAsNonRoot != nil {
--- a/pkg/api/zz_generated.deepcopy.go
+++ b/pkg/api/zz_generated.deepcopy.go
@ -2335,7 +2335,7 @@ func DeepCopy_api_PodSecurityContext(in interface{}, out interface{}, c *convers
 		}
 		if in.RunAsUser != nil {
 			in, out := &in.RunAsUser, &out.RunAsUser
-			*out = new(int64)
+			*out = new(types.UnixUserID)
 			**out = **in
 		}
 		if in.RunAsNonRoot != nil {
@ -2345,12 +2345,12 @@ func DeepCopy_api_PodSecurityContext(in interface{}, out interface{}, c *convers
 		}
 		if in.SupplementalGroups != nil {
 			in, out := &in.SupplementalGroups, &out.SupplementalGroups
-			*out = make([]int64, len(*in))
+			*out = make([]types.UnixGroupID, len(*in))
 			copy(*out, *in)
 		}
 		if in.FSGroup != nil {
 			in, out := &in.FSGroup, &out.FSGroup
-			*out = new(int64)
+			*out = new(types.UnixGroupID)
 			**out = **in
 		}
 		return nil
@ -3082,7 +3082,7 @@ func DeepCopy_api_SecurityContext(in interface{}, out interface{}, c *conversion
 		}
 		if in.RunAsUser != nil {
 			in, out := &in.RunAsUser, &out.RunAsUser
-			*out = new(int64)
+			*out = new(types.UnixUserID)
 			**out = **in
 		}
 		if in.RunAsNonRoot != nil {
--- a/pkg/apis/extensions/BUILD
+++ b/pkg/apis/extensions/BUILD
@ -23,6 +23,7 @@ go_library(
        "//vendor/k8s.io/apimachinery/pkg/conversion:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
        "//vendor/k8s.io/client-go/pkg/api:go_default_library",
    ],
--- a/pkg/apis/extensions/types.go
+++ b/pkg/apis/extensions/types.go
@ -31,6 +31,7 @@ package extensions
 import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/client-go/pkg/api"
 )
@ -948,15 +949,23 @@ type RunAsUserStrategyOptions struct {
 	Rule RunAsUserStrategy
 	// Ranges are the allowed ranges of uids that may be used.
 	// +optional
-	Ranges []IDRange
+	Ranges []UserIDRange
 }

-// IDRange provides a min/max of an allowed range of IDs.
-type IDRange struct {
+// UserIDRange provides a min/max of an allowed range of UserIDs.
+type UserIDRange struct {
 	// Min is the start of the range, inclusive.
-	Min int64
+	Min types.UnixUserID
 	// Max is the end of the range, inclusive.
-	Max int64
+	Max types.UnixUserID
+}
+
+// GroupIDRange provides a min/max of an allowed range of GroupIDs.
+type GroupIDRange struct {
+	// Min is the start of the range, inclusive.
+	Min types.UnixGroupID
+	// Max is the end of the range, inclusive.
+	Max types.UnixGroupID
 }

 // RunAsUserStrategy denotes strategy types for generating RunAsUser values for a
@ -980,7 +989,7 @@ type FSGroupStrategyOptions struct {
 	// Ranges are the allowed ranges of fs groups.  If you would like to force a single
 	// fs group then supply a single range with the same start and end.
 	// +optional
-	Ranges []IDRange
+	Ranges []GroupIDRange
 }

 // FSGroupStrategyType denotes strategy types for generating FSGroup values for a
@ -1002,7 +1011,7 @@ type SupplementalGroupsStrategyOptions struct {
 	// Ranges are the allowed ranges of supplemental groups.  If you would like to force a single
 	// supplemental group then supply a single range with the same start and end.
 	// +optional
-	Ranges []IDRange
+	Ranges []GroupIDRange
 }

 // SupplementalGroupsStrategyType denotes strategy types for determining valid supplemental
--- a/pkg/apis/extensions/v1beta1/zz_generated.conversion.go
+++ b/pkg/apis/extensions/v1beta1/zz_generated.conversion.go
@ -81,8 +81,6 @@ func RegisterConversions(scheme *runtime.Scheme) error {
 		Convert_extensions_HTTPIngressRuleValue_To_v1beta1_HTTPIngressRuleValue,
 		Convert_v1beta1_HostPortRange_To_extensions_HostPortRange,
 		Convert_extensions_HostPortRange_To_v1beta1_HostPortRange,
-		Convert_v1beta1_IDRange_To_extensions_IDRange,
-		Convert_extensions_IDRange_To_v1beta1_IDRange,
 		Convert_v1beta1_Ingress_To_extensions_Ingress,
 		Convert_extensions_Ingress_To_v1beta1_Ingress,
 		Convert_v1beta1_IngressBackend_To_extensions_IngressBackend,
@ -684,7 +682,7 @@ func autoConvert_extensions_DeploymentStrategy_To_v1beta1_DeploymentStrategy(in

 func autoConvert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions(in *FSGroupStrategyOptions, out *extensions.FSGroupStrategyOptions, s conversion.Scope) error {
 	out.Rule = extensions.FSGroupStrategyType(in.Rule)
-	out.Ranges = *(*[]extensions.IDRange)(unsafe.Pointer(&in.Ranges))
+	out.Ranges = *(*[]extensions.GroupIDRange)(unsafe.Pointer(&in.Ranges))
 	return nil
 }

@ -776,28 +774,6 @@ func Convert_extensions_HostPortRange_To_v1beta1_HostPortRange(in *extensions.Ho
 	return autoConvert_extensions_HostPortRange_To_v1beta1_HostPortRange(in, out, s)
 }

-func autoConvert_v1beta1_IDRange_To_extensions_IDRange(in *IDRange, out *extensions.IDRange, s conversion.Scope) error {
-	out.Min = in.Min
-	out.Max = in.Max
-	return nil
-}
-
-// Convert_v1beta1_IDRange_To_extensions_IDRange is an autogenerated conversion function.
-func Convert_v1beta1_IDRange_To_extensions_IDRange(in *IDRange, out *extensions.IDRange, s conversion.Scope) error {
-	return autoConvert_v1beta1_IDRange_To_extensions_IDRange(in, out, s)
-}
-
-func autoConvert_extensions_IDRange_To_v1beta1_IDRange(in *extensions.IDRange, out *IDRange, s conversion.Scope) error {
-	out.Min = in.Min
-	out.Max = in.Max
-	return nil
-}
-
-// Convert_extensions_IDRange_To_v1beta1_IDRange is an autogenerated conversion function.
-func Convert_extensions_IDRange_To_v1beta1_IDRange(in *extensions.IDRange, out *IDRange, s conversion.Scope) error {
-	return autoConvert_extensions_IDRange_To_v1beta1_IDRange(in, out, s)
-}
-
 func autoConvert_v1beta1_Ingress_To_extensions_Ingress(in *Ingress, out *extensions.Ingress, s conversion.Scope) error {
 	out.ObjectMeta = in.ObjectMeta
 	if err := Convert_v1beta1_IngressSpec_To_extensions_IngressSpec(&in.Spec, &out.Spec, s); err != nil {
@ -1504,7 +1480,7 @@ func autoConvert_extensions_RollingUpdateDeployment_To_v1beta1_RollingUpdateDepl

 func autoConvert_v1beta1_RunAsUserStrategyOptions_To_extensions_RunAsUserStrategyOptions(in *RunAsUserStrategyOptions, out *extensions.RunAsUserStrategyOptions, s conversion.Scope) error {
 	out.Rule = extensions.RunAsUserStrategy(in.Rule)
-	out.Ranges = *(*[]extensions.IDRange)(unsafe.Pointer(&in.Ranges))
+	out.Ranges = *(*[]extensions.UserIDRange)(unsafe.Pointer(&in.Ranges))
 	return nil
 }

@ -1613,7 +1589,7 @@ func autoConvert_extensions_ScaleStatus_To_v1beta1_ScaleStatus(in *extensions.Sc

 func autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions(in *SupplementalGroupsStrategyOptions, out *extensions.SupplementalGroupsStrategyOptions, s conversion.Scope) error {
 	out.Rule = extensions.SupplementalGroupsStrategyType(in.Rule)
-	out.Ranges = *(*[]extensions.IDRange)(unsafe.Pointer(&in.Ranges))
+	out.Ranges = *(*[]extensions.GroupIDRange)(unsafe.Pointer(&in.Ranges))
 	return nil
 }

--- a/pkg/apis/extensions/zz_generated.deepcopy.go
+++ b/pkg/apis/extensions/zz_generated.deepcopy.go
@ -55,10 +55,10 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_DeploymentStatus, InType: reflect.TypeOf(&DeploymentStatus{})},
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_DeploymentStrategy, InType: reflect.TypeOf(&DeploymentStrategy{})},
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_FSGroupStrategyOptions, InType: reflect.TypeOf(&FSGroupStrategyOptions{})},
+		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_GroupIDRange, InType: reflect.TypeOf(&GroupIDRange{})},
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_HTTPIngressPath, InType: reflect.TypeOf(&HTTPIngressPath{})},
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_HTTPIngressRuleValue, InType: reflect.TypeOf(&HTTPIngressRuleValue{})},
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_HostPortRange, InType: reflect.TypeOf(&HostPortRange{})},
-		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_IDRange, InType: reflect.TypeOf(&IDRange{})},
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_Ingress, InType: reflect.TypeOf(&Ingress{})},
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_IngressBackend, InType: reflect.TypeOf(&IngressBackend{})},
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_IngressList, InType: reflect.TypeOf(&IngressList{})},
@ -95,6 +95,7 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_ThirdPartyResourceData, InType: reflect.TypeOf(&ThirdPartyResourceData{})},
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_ThirdPartyResourceDataList, InType: reflect.TypeOf(&ThirdPartyResourceDataList{})},
 		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_ThirdPartyResourceList, InType: reflect.TypeOf(&ThirdPartyResourceList{})},
+		conversion.GeneratedDeepCopyFunc{Fn: DeepCopy_extensions_UserIDRange, InType: reflect.TypeOf(&UserIDRange{})},
 	)
 }

@ -386,13 +387,22 @@ func DeepCopy_extensions_FSGroupStrategyOptions(in interface{}, out interface{},
 		*out = *in
 		if in.Ranges != nil {
 			in, out := &in.Ranges, &out.Ranges
-			*out = make([]IDRange, len(*in))
+			*out = make([]GroupIDRange, len(*in))
 			copy(*out, *in)
 		}
 		return nil
 	}
 }

+func DeepCopy_extensions_GroupIDRange(in interface{}, out interface{}, c *conversion.Cloner) error {
+	{
+		in := in.(*GroupIDRange)
+		out := out.(*GroupIDRange)
+		*out = *in
+		return nil
+	}
+}
+
 func DeepCopy_extensions_HTTPIngressPath(in interface{}, out interface{}, c *conversion.Cloner) error {
 	{
 		in := in.(*HTTPIngressPath)
@ -425,15 +435,6 @@ func DeepCopy_extensions_HostPortRange(in interface{}, out interface{}, c *conve
 	}
 }

-func DeepCopy_extensions_IDRange(in interface{}, out interface{}, c *conversion.Cloner) error {
-	{
-		in := in.(*IDRange)
-		out := out.(*IDRange)
-		*out = *in
-		return nil
-	}
-}
-
 func DeepCopy_extensions_Ingress(in interface{}, out interface{}, c *conversion.Cloner) error {
 	{
 		in := in.(*Ingress)
@ -906,7 +907,7 @@ func DeepCopy_extensions_RunAsUserStrategyOptions(in interface{}, out interface{
 		*out = *in
 		if in.Ranges != nil {
 			in, out := &in.Ranges, &out.Ranges
-			*out = make([]IDRange, len(*in))
+			*out = make([]UserIDRange, len(*in))
 			copy(*out, *in)
 		}
 		return nil
@ -977,7 +978,7 @@ func DeepCopy_extensions_SupplementalGroupsStrategyOptions(in interface{}, out i
 		*out = *in
 		if in.Ranges != nil {
 			in, out := &in.Ranges, &out.Ranges
-			*out = make([]IDRange, len(*in))
+			*out = make([]GroupIDRange, len(*in))
 			copy(*out, *in)
 		}
 		return nil
@ -1057,3 +1058,12 @@ func DeepCopy_extensions_ThirdPartyResourceList(in interface{}, out interface{},
 		return nil
 	}
 }
+
+func DeepCopy_extensions_UserIDRange(in interface{}, out interface{}, c *conversion.Cloner) error {
+	{
+		in := in.(*UserIDRange)
+		out := out.(*UserIDRange)
+		*out = *in
+		return nil
+	}
+}