Update comment on ResourcePolicyRule

Track the long-ago addition of the ClusterScope field.
This commit is contained in:
Mike Spreitzer 2021-10-07 14:29:51 -07:00
parent d7f74ca58c
commit 6c7c1cea6f
3 changed files with 12 additions and 6 deletions

View File

@ -241,8 +241,10 @@ type ServiceAccountSubject struct {
// ResourcePolicyRule matches a resource request if and only if: (a)
// at least one member of verbs matches the request, (b) at least one
// member of apiGroups matches the request, (c) at least one member of
// resources matches the request, and (d) least one member of
// namespaces matches the request.
// resources matches the request, and (d) either (d1) the request does
// not specify a namespace (i.e., `Namespace==""`) and clusterScope is
// true or (d2) the request specifies a namespace and least one member
// of namespaces matches the request's namespace.
type ResourcePolicyRule struct {
// `verbs` is a list of matching verbs and may not be empty.
// "*" matches all verbs and, if present, must be the only entry.

View File

@ -279,8 +279,10 @@ type ServiceAccountSubject struct {
// ResourcePolicyRule matches a resource request if and only if: (a)
// at least one member of verbs matches the request, (b) at least one
// member of apiGroups matches the request, (c) at least one member of
// resources matches the request, and (d) least one member of
// namespaces matches the request.
// resources matches the request, and (d) either (d1) the request does
// not specify a namespace (i.e., `Namespace==""`) and clusterScope is
// true or (d2) the request specifies a namespace and least one member
// of namespaces matches the request's namespace.
type ResourcePolicyRule struct {
// `verbs` is a list of matching verbs and may not be empty.
// "*" matches all verbs and, if present, must be the only entry.

View File

@ -279,8 +279,10 @@ type ServiceAccountSubject struct {
// ResourcePolicyRule matches a resource request if and only if: (a)
// at least one member of verbs matches the request, (b) at least one
// member of apiGroups matches the request, (c) at least one member of
// resources matches the request, and (d) least one member of
// namespaces matches the request.
// resources matches the request, and (d) either (d1) the request does
// not specify a namespace (i.e., `Namespace==""`) and clusterScope is
// true or (d2) the request specifies a namespace and least one member
// of namespaces matches the request's namespace.
type ResourcePolicyRule struct {
// `verbs` is a list of matching verbs and may not be empty.
// "*" matches all verbs and, if present, must be the only entry.