mirror of
https://github.com/kubernetes/client-go.git
synced 2026-07-16 17:14:36 +00:00
Merge pull request #140034 from krishhna24/rbac-commentstart
rbac: enable commentstart kube-api-linter rule Kubernetes-commit: 1ef08364a754caec0b6706ff61e08cfb39fd53e6
This commit is contained in:
@@ -27,7 +27,7 @@ import (
|
||||
//
|
||||
// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
|
||||
type AggregationRuleApplyConfiguration struct {
|
||||
// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
|
||||
// clusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
|
||||
// If any of the selectors match, then the ClusterRole's permissions will be added
|
||||
ClusterRoleSelectors []metav1.LabelSelectorApplyConfiguration `json:"clusterRoleSelectors,omitempty"`
|
||||
}
|
||||
|
||||
@@ -33,11 +33,11 @@ import (
|
||||
// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.
|
||||
type ClusterRoleApplyConfiguration struct {
|
||||
metav1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Rules holds all the PolicyRules for this ClusterRole
|
||||
// rules holds all the PolicyRules for this ClusterRole
|
||||
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
|
||||
// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
|
||||
// aggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
|
||||
// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
|
||||
// stomped by the controller.
|
||||
AggregationRule *AggregationRuleApplyConfiguration `json:"aggregationRule,omitempty"`
|
||||
|
||||
@@ -34,11 +34,11 @@ import (
|
||||
// and adds who information via Subject.
|
||||
type ClusterRoleBindingApplyConfiguration struct {
|
||||
metav1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Subjects holds references to the objects the role applies to.
|
||||
// subjects holds references to the objects the role applies to.
|
||||
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
|
||||
// RoleRef can only reference a ClusterRole in the global namespace.
|
||||
// roleRef can only reference a ClusterRole in the global namespace.
|
||||
// If the RoleRef cannot be resolved, the Authorizer must return an error.
|
||||
// This field is immutable.
|
||||
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`
|
||||
|
||||
@@ -28,16 +28,16 @@ package v1
|
||||
// PolicyRule holds information that describes a policy rule, but does not contain information
|
||||
// about who the rule applies to or which namespace the rule applies to.
|
||||
type PolicyRuleApplyConfiguration struct {
|
||||
// Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
|
||||
// verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
|
||||
Verbs []string `json:"verbs,omitempty"`
|
||||
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
||||
// apiGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
||||
// the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
|
||||
APIGroups []string `json:"apiGroups,omitempty"`
|
||||
// Resources is a list of resources this rule applies to. '*' represents all resources.
|
||||
// resources is a list of resources this rule applies to. '*' represents all resources.
|
||||
Resources []string `json:"resources,omitempty"`
|
||||
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
|
||||
// resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
|
||||
ResourceNames []string `json:"resourceNames,omitempty"`
|
||||
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
|
||||
// nonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
|
||||
// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
|
||||
// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
|
||||
NonResourceURLs []string `json:"nonResourceURLs,omitempty"`
|
||||
|
||||
@@ -33,9 +33,9 @@ import (
|
||||
// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.
|
||||
type RoleApplyConfiguration struct {
|
||||
metav1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Rules holds all the PolicyRules for this Role
|
||||
// rules holds all the PolicyRules for this Role
|
||||
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
|
||||
}
|
||||
|
||||
|
||||
@@ -35,11 +35,11 @@ import (
|
||||
// namespace only have effect in that namespace.
|
||||
type RoleBindingApplyConfiguration struct {
|
||||
metav1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Subjects holds references to the objects the role applies to.
|
||||
// subjects holds references to the objects the role applies to.
|
||||
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
|
||||
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
|
||||
// roleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
|
||||
// If the RoleRef cannot be resolved, the Authorizer must return an error.
|
||||
// This field is immutable.
|
||||
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`
|
||||
|
||||
@@ -23,11 +23,11 @@ package v1
|
||||
//
|
||||
// RoleRef contains information that points to the role being used
|
||||
type RoleRefApplyConfiguration struct {
|
||||
// APIGroup is the group for the resource being referenced
|
||||
// apiGroup is the group for the resource being referenced
|
||||
APIGroup *string `json:"apiGroup,omitempty"`
|
||||
// Kind is the type of resource being referenced
|
||||
// kind is the type of resource being referenced
|
||||
Kind *string `json:"kind,omitempty"`
|
||||
// Name is the name of resource being referenced
|
||||
// name is the name of resource being referenced
|
||||
Name *string `json:"name,omitempty"`
|
||||
}
|
||||
|
||||
|
||||
@@ -24,16 +24,16 @@ package v1
|
||||
// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
|
||||
// or a value for non-objects such as user and group names.
|
||||
type SubjectApplyConfiguration struct {
|
||||
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
|
||||
// kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
|
||||
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
|
||||
Kind *string `json:"kind,omitempty"`
|
||||
// APIGroup holds the API group of the referenced subject.
|
||||
// apiGroup holds the API group of the referenced subject.
|
||||
// Defaults to "" for ServiceAccount subjects.
|
||||
// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
|
||||
APIGroup *string `json:"apiGroup,omitempty"`
|
||||
// Name of the object being referenced.
|
||||
// name of the object being referenced.
|
||||
Name *string `json:"name,omitempty"`
|
||||
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
|
||||
// namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
|
||||
// the Authorizer should report an error.
|
||||
Namespace *string `json:"namespace,omitempty"`
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@ import (
|
||||
//
|
||||
// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
|
||||
type AggregationRuleApplyConfiguration struct {
|
||||
// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
|
||||
// clusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
|
||||
// If any of the selectors match, then the ClusterRole's permissions will be added
|
||||
ClusterRoleSelectors []v1.LabelSelectorApplyConfiguration `json:"clusterRoleSelectors,omitempty"`
|
||||
}
|
||||
|
||||
@@ -34,11 +34,11 @@ import (
|
||||
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 ClusterRole, and will no longer be served in v1.22.
|
||||
type ClusterRoleApplyConfiguration struct {
|
||||
v1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Rules holds all the PolicyRules for this ClusterRole
|
||||
// rules holds all the PolicyRules for this ClusterRole
|
||||
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
|
||||
// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
|
||||
// aggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
|
||||
// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
|
||||
// stomped by the controller.
|
||||
AggregationRule *AggregationRuleApplyConfiguration `json:"aggregationRule,omitempty"`
|
||||
|
||||
@@ -35,11 +35,11 @@ import (
|
||||
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 ClusterRoleBinding, and will no longer be served in v1.22.
|
||||
type ClusterRoleBindingApplyConfiguration struct {
|
||||
v1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Subjects holds references to the objects the role applies to.
|
||||
// subjects holds references to the objects the role applies to.
|
||||
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
|
||||
// RoleRef can only reference a ClusterRole in the global namespace.
|
||||
// roleRef can only reference a ClusterRole in the global namespace.
|
||||
// If the RoleRef cannot be resolved, the Authorizer must return an error.
|
||||
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`
|
||||
}
|
||||
|
||||
@@ -28,16 +28,16 @@ package v1alpha1
|
||||
// PolicyRule holds information that describes a policy rule, but does not contain information
|
||||
// about who the rule applies to or which namespace the rule applies to.
|
||||
type PolicyRuleApplyConfiguration struct {
|
||||
// Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
|
||||
// verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
|
||||
Verbs []string `json:"verbs,omitempty"`
|
||||
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
||||
// apiGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
||||
// the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
|
||||
APIGroups []string `json:"apiGroups,omitempty"`
|
||||
// Resources is a list of resources this rule applies to. '*' represents all resources.
|
||||
// resources is a list of resources this rule applies to. '*' represents all resources.
|
||||
Resources []string `json:"resources,omitempty"`
|
||||
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
|
||||
// resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
|
||||
ResourceNames []string `json:"resourceNames,omitempty"`
|
||||
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
|
||||
// nonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
|
||||
// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
|
||||
// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
|
||||
NonResourceURLs []string `json:"nonResourceURLs,omitempty"`
|
||||
|
||||
@@ -34,9 +34,9 @@ import (
|
||||
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 Role, and will no longer be served in v1.22.
|
||||
type RoleApplyConfiguration struct {
|
||||
v1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Rules holds all the PolicyRules for this Role
|
||||
// rules holds all the PolicyRules for this Role
|
||||
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
|
||||
}
|
||||
|
||||
|
||||
@@ -36,11 +36,11 @@ import (
|
||||
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 RoleBinding, and will no longer be served in v1.22.
|
||||
type RoleBindingApplyConfiguration struct {
|
||||
v1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Subjects holds references to the objects the role applies to.
|
||||
// subjects holds references to the objects the role applies to.
|
||||
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
|
||||
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
|
||||
// roleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
|
||||
// If the RoleRef cannot be resolved, the Authorizer must return an error.
|
||||
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`
|
||||
}
|
||||
|
||||
@@ -23,11 +23,11 @@ package v1alpha1
|
||||
//
|
||||
// RoleRef contains information that points to the role being used
|
||||
type RoleRefApplyConfiguration struct {
|
||||
// APIGroup is the group for the resource being referenced
|
||||
// apiGroup is the group for the resource being referenced
|
||||
APIGroup *string `json:"apiGroup,omitempty"`
|
||||
// Kind is the type of resource being referenced
|
||||
// kind is the type of resource being referenced
|
||||
Kind *string `json:"kind,omitempty"`
|
||||
// Name is the name of resource being referenced
|
||||
// name is the name of resource being referenced
|
||||
Name *string `json:"name,omitempty"`
|
||||
}
|
||||
|
||||
|
||||
@@ -24,16 +24,16 @@ package v1alpha1
|
||||
// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
|
||||
// or a value for non-objects such as user and group names.
|
||||
type SubjectApplyConfiguration struct {
|
||||
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
|
||||
// kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
|
||||
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
|
||||
Kind *string `json:"kind,omitempty"`
|
||||
// APIVersion holds the API group and version of the referenced subject.
|
||||
// apiVersion holds the API group and version of the referenced subject.
|
||||
// Defaults to "v1" for ServiceAccount subjects.
|
||||
// Defaults to "rbac.authorization.k8s.io/v1alpha1" for User and Group subjects.
|
||||
APIVersion *string `json:"apiVersion,omitempty"`
|
||||
// Name of the object being referenced.
|
||||
// name of the object being referenced.
|
||||
Name *string `json:"name,omitempty"`
|
||||
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
|
||||
// namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
|
||||
// the Authorizer should report an error.
|
||||
Namespace *string `json:"namespace,omitempty"`
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@ import (
|
||||
//
|
||||
// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
|
||||
type AggregationRuleApplyConfiguration struct {
|
||||
// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
|
||||
// clusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
|
||||
// If any of the selectors match, then the ClusterRole's permissions will be added
|
||||
ClusterRoleSelectors []v1.LabelSelectorApplyConfiguration `json:"clusterRoleSelectors,omitempty"`
|
||||
}
|
||||
|
||||
@@ -34,11 +34,11 @@ import (
|
||||
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 ClusterRole, and will no longer be served in v1.22.
|
||||
type ClusterRoleApplyConfiguration struct {
|
||||
v1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Rules holds all the PolicyRules for this ClusterRole
|
||||
// rules holds all the PolicyRules for this ClusterRole
|
||||
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
|
||||
// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
|
||||
// aggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
|
||||
// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
|
||||
// stomped by the controller.
|
||||
AggregationRule *AggregationRuleApplyConfiguration `json:"aggregationRule,omitempty"`
|
||||
|
||||
@@ -35,11 +35,11 @@ import (
|
||||
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 ClusterRoleBinding, and will no longer be served in v1.22.
|
||||
type ClusterRoleBindingApplyConfiguration struct {
|
||||
v1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Subjects holds references to the objects the role applies to.
|
||||
// subjects holds references to the objects the role applies to.
|
||||
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
|
||||
// RoleRef can only reference a ClusterRole in the global namespace.
|
||||
// roleRef can only reference a ClusterRole in the global namespace.
|
||||
// If the RoleRef cannot be resolved, the Authorizer must return an error.
|
||||
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`
|
||||
}
|
||||
|
||||
@@ -28,17 +28,17 @@ package v1beta1
|
||||
// PolicyRule holds information that describes a policy rule, but does not contain information
|
||||
// about who the rule applies to or which namespace the rule applies to.
|
||||
type PolicyRuleApplyConfiguration struct {
|
||||
// Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
|
||||
// verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
|
||||
Verbs []string `json:"verbs,omitempty"`
|
||||
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
||||
// apiGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
||||
// the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
|
||||
APIGroups []string `json:"apiGroups,omitempty"`
|
||||
// Resources is a list of resources this rule applies to. '*' represents all resources in the specified apiGroups.
|
||||
// resources is a list of resources this rule applies to. '*' represents all resources in the specified apiGroups.
|
||||
// '*/foo' represents the subresource 'foo' for all resources in the specified apiGroups.
|
||||
Resources []string `json:"resources,omitempty"`
|
||||
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
|
||||
// resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
|
||||
ResourceNames []string `json:"resourceNames,omitempty"`
|
||||
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
|
||||
// nonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
|
||||
// Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
|
||||
// Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
|
||||
NonResourceURLs []string `json:"nonResourceURLs,omitempty"`
|
||||
|
||||
@@ -34,9 +34,9 @@ import (
|
||||
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 Role, and will no longer be served in v1.22.
|
||||
type RoleApplyConfiguration struct {
|
||||
v1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Rules holds all the PolicyRules for this Role
|
||||
// rules holds all the PolicyRules for this Role
|
||||
Rules []PolicyRuleApplyConfiguration `json:"rules,omitempty"`
|
||||
}
|
||||
|
||||
|
||||
@@ -36,11 +36,11 @@ import (
|
||||
// Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 RoleBinding, and will no longer be served in v1.22.
|
||||
type RoleBindingApplyConfiguration struct {
|
||||
v1.TypeMetaApplyConfiguration `json:""`
|
||||
// Standard object's metadata.
|
||||
// metadata is the standard object's metadata.
|
||||
*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
|
||||
// Subjects holds references to the objects the role applies to.
|
||||
// subjects holds references to the objects the role applies to.
|
||||
Subjects []SubjectApplyConfiguration `json:"subjects,omitempty"`
|
||||
// RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
|
||||
// roleRef can reference a Role in the current namespace or a ClusterRole in the global namespace.
|
||||
// If the RoleRef cannot be resolved, the Authorizer must return an error.
|
||||
RoleRef *RoleRefApplyConfiguration `json:"roleRef,omitempty"`
|
||||
}
|
||||
|
||||
@@ -23,11 +23,11 @@ package v1beta1
|
||||
//
|
||||
// RoleRef contains information that points to the role being used
|
||||
type RoleRefApplyConfiguration struct {
|
||||
// APIGroup is the group for the resource being referenced
|
||||
// apiGroup is the group for the resource being referenced
|
||||
APIGroup *string `json:"apiGroup,omitempty"`
|
||||
// Kind is the type of resource being referenced
|
||||
// kind is the type of resource being referenced
|
||||
Kind *string `json:"kind,omitempty"`
|
||||
// Name is the name of resource being referenced
|
||||
// name is the name of resource being referenced
|
||||
Name *string `json:"name,omitempty"`
|
||||
}
|
||||
|
||||
|
||||
@@ -24,16 +24,16 @@ package v1beta1
|
||||
// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
|
||||
// or a value for non-objects such as user and group names.
|
||||
type SubjectApplyConfiguration struct {
|
||||
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
|
||||
// kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
|
||||
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
|
||||
Kind *string `json:"kind,omitempty"`
|
||||
// APIGroup holds the API group of the referenced subject.
|
||||
// apiGroup holds the API group of the referenced subject.
|
||||
// Defaults to "" for ServiceAccount subjects.
|
||||
// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
|
||||
APIGroup *string `json:"apiGroup,omitempty"`
|
||||
// Name of the object being referenced.
|
||||
// name of the object being referenced.
|
||||
Name *string `json:"name,omitempty"`
|
||||
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
|
||||
// namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
|
||||
// the Authorizer should report an error.
|
||||
Namespace *string `json:"namespace,omitempty"`
|
||||
}
|
||||
|
||||
2
go.mod
2
go.mod
@@ -23,7 +23,7 @@ require (
|
||||
golang.org/x/time v0.15.0
|
||||
google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af
|
||||
gopkg.in/evanphx/json-patch.v4 v4.13.0
|
||||
k8s.io/api v0.0.0-20260708015949-94f17a687154
|
||||
k8s.io/api v0.0.0-20260708100001-3e21fa6e90b9
|
||||
k8s.io/apimachinery v0.0.0-20260708015502-54f40c0d9f0b
|
||||
k8s.io/klog/v2 v2.140.0
|
||||
k8s.io/kube-openapi v0.0.0-20260618221249-bc653b64f974
|
||||
|
||||
4
go.sum
4
go.sum
@@ -118,8 +118,8 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
|
||||
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
k8s.io/api v0.0.0-20260708015949-94f17a687154 h1:G29bMzdl4p7ry0pVV+oppQUG9EofWSukp1tJ26mcl8A=
|
||||
k8s.io/api v0.0.0-20260708015949-94f17a687154/go.mod h1:sTejgfx4mv45PAqMVmygll46Uahae0jKMnP2iaPEH+Q=
|
||||
k8s.io/api v0.0.0-20260708100001-3e21fa6e90b9 h1:tqeYt9vp7CnPAMktT5Bsp+Z0Ve7yUuTD+pX3OhMTLsM=
|
||||
k8s.io/api v0.0.0-20260708100001-3e21fa6e90b9/go.mod h1:sTejgfx4mv45PAqMVmygll46Uahae0jKMnP2iaPEH+Q=
|
||||
k8s.io/apimachinery v0.0.0-20260708015502-54f40c0d9f0b h1:qEKe/madwZpQ2IKk3q8LMdQMlTYYlHtbuA04tRm1ZmQ=
|
||||
k8s.io/apimachinery v0.0.0-20260708015502-54f40c0d9f0b/go.mod h1:IeOBop4d7GmFHoiUEvaNkqUj+XwdQs3RoqyOLtpj4Ok=
|
||||
k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc=
|
||||
|
||||
Reference in New Issue
Block a user