github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #34691 from mbohlool/co2

Browse Source 
Automatic merge from submit-queue

Add authentication to openapi Spec

We need authentication definition in OpenAPI spec to be able to generate a client with authorization.
This commit is contained in:
Kubernetes Submit Queue 2016-10-22 04:23:06 -07:00 committed by GitHub
commit 77c53fd1a1
46 changed files with 7912 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
api/openapi-spec/api.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIVersions"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -74,5 +77,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/apis.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIGroupList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -115,5 +118,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/apps.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIGroup"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -100,5 +103,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/authentication.k8s.io.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIGroup"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -100,5 +103,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/authorization.k8s.io.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIGroup"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -100,5 +103,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/autoscaling.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIGroup"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -100,5 +103,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/batch.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIGroup"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -100,5 +103,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/certificates.k8s.io.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIGroup"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -100,5 +103,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/extensions.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIGroup"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -100,5 +103,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

23
api/openapi-spec/logs.json
View File

@ -12,8 +12,8 @@
],
"operationId": "logFileListHandler",
"responses": {
"default": {
"description": "Default Response."
"401": {
"description": "Unauthorized"
}
}
}
@ -25,8 +25,8 @@
],
"operationId": "logFileHandler",
"responses": {
"default": {
"description": "Default Response."
"401": {
"description": "Unauthorized"
}
}
},
@ -42,5 +42,18 @@
]
}
},
"definitions": {}
"definitions": {},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/policy.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIGroup"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -100,5 +103,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/rbac.authorization.k8s.io.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIGroup"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -100,5 +103,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

1608
api/openapi-spec/root_swagger.json
View File

File diff suppressed because it is too large Load Diff

16
api/openapi-spec/storage.k8s.io.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIGroup"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -100,5 +103,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

58
api/openapi-spec/v1.autoscaling.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIResourceList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -53,6 +56,9 @@
"schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscalerList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -159,6 +165,9 @@
"schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscalerList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -192,6 +201,9 @@
"schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -252,6 +264,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -310,6 +325,9 @@
"schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -343,6 +361,9 @@
"schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -376,6 +397,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -411,6 +435,9 @@
"schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -461,6 +488,9 @@
"schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -494,6 +524,9 @@
"schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -529,6 +562,9 @@
"schema": {
"$ref": "#/definitions/v1.HorizontalPodAutoscaler"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -580,6 +616,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -650,6 +689,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -728,6 +770,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1216,5 +1261,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

58
api/openapi-spec/v1.batch.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIResourceList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -53,6 +56,9 @@
"schema": {
"$ref": "#/definitions/v1.JobList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -159,6 +165,9 @@
"schema": {
"$ref": "#/definitions/v1.JobList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -192,6 +201,9 @@
"schema": {
"$ref": "#/definitions/v1.Job"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -252,6 +264,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -310,6 +325,9 @@
"schema": {
"$ref": "#/definitions/v1.Job"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -343,6 +361,9 @@
"schema": {
"$ref": "#/definitions/v1.Job"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -376,6 +397,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -411,6 +435,9 @@
"schema": {
"$ref": "#/definitions/v1.Job"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -461,6 +488,9 @@
"schema": {
"$ref": "#/definitions/v1.Job"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -494,6 +524,9 @@
"schema": {
"$ref": "#/definitions/v1.Job"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -529,6 +562,9 @@
"schema": {
"$ref": "#/definitions/v1.Job"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -580,6 +616,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -650,6 +689,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -728,6 +770,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1914,5 +1959,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

826
api/openapi-spec/v1.json
View File

File diff suppressed because it is too large Load Diff

58
api/openapi-spec/v1alpha1.apps.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIResourceList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -90,6 +93,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PetSetList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -123,6 +129,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PetSet"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -183,6 +192,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -241,6 +253,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PetSet"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -274,6 +289,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PetSet"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -307,6 +325,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -342,6 +363,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PetSet"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -392,6 +416,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PetSet"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -425,6 +452,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PetSet"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -460,6 +490,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PetSet"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -510,6 +543,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PetSetList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -580,6 +616,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -658,6 +697,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -744,6 +786,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1923,5 +1968,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

49
api/openapi-spec/v1alpha1.certificates.k8s.io.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIResourceList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -90,6 +93,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequestList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -123,6 +129,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -183,6 +192,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -233,6 +245,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -266,6 +281,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -299,6 +317,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -334,6 +355,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -376,6 +400,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -426,6 +453,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.CertificateSigningRequest"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -477,6 +507,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -547,6 +580,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1006,5 +1042,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

58
api/openapi-spec/v1alpha1.policy.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIResourceList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -90,6 +93,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudgetList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -123,6 +129,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -183,6 +192,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -241,6 +253,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -274,6 +289,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -307,6 +325,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -342,6 +363,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -392,6 +416,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -425,6 +452,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -460,6 +490,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudget"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -510,6 +543,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.PodDisruptionBudgetList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -580,6 +616,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -658,6 +697,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -744,6 +786,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1221,5 +1266,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

136
api/openapi-spec/v1alpha1.rbac.authorization.k8s.io.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIResourceList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -90,6 +93,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleBindingList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -123,6 +129,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleBinding"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -183,6 +192,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -217,6 +229,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleBinding"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -250,6 +265,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleBinding"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -283,6 +301,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -318,6 +339,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleBinding"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -397,6 +421,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.ClusterRoleList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -430,6 +457,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.ClusterRole"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -490,6 +520,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -524,6 +557,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.ClusterRole"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -557,6 +593,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.ClusterRole"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -590,6 +629,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -625,6 +667,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.ClusterRole"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -704,6 +749,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.RoleBindingList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -737,6 +785,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.RoleBinding"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -797,6 +848,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -839,6 +893,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.RoleBinding"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -872,6 +929,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.RoleBinding"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -905,6 +965,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -940,6 +1003,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.RoleBinding"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1027,6 +1093,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.RoleList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1060,6 +1129,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.Role"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1120,6 +1192,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1162,6 +1237,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.Role"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1195,6 +1273,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.Role"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1228,6 +1309,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1263,6 +1347,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.Role"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1313,6 +1400,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.RoleBindingList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1382,6 +1472,9 @@
"schema": {
"$ref": "#/definitions/v1alpha1.RoleList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1452,6 +1545,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1522,6 +1618,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1600,6 +1699,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1670,6 +1772,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1748,6 +1853,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1826,6 +1934,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1912,6 +2023,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -1990,6 +2104,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -2076,6 +2193,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -2146,6 +2266,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -2756,5 +2879,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

19
api/openapi-spec/v1beta1.authentication.k8s.io.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIResourceList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -53,6 +56,9 @@
"schema": {
"$ref": "#/definitions/v1beta1.TokenReview"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -307,5 +313,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

25
api/openapi-spec/v1beta1.authorization.k8s.io.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIResourceList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -53,6 +56,9 @@
"schema": {
"$ref": "#/definitions/v1beta1.LocalSubjectAccessReview"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -103,6 +109,9 @@
"schema": {
"$ref": "#/definitions/v1beta1.SelfSubjectAccessReview"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -145,6 +154,9 @@
"schema": {
"$ref": "#/definitions/v1beta1.SubjectAccessReview"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -494,5 +506,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

358
api/openapi-spec/v1beta1.extensions.json
View File

File diff suppressed because it is too large Load Diff

43
api/openapi-spec/v1beta1.storage.k8s.io.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIResourceList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -90,6 +93,9 @@
"schema": {
"$ref": "#/definitions/v1beta1.StorageClassList"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -123,6 +129,9 @@
"schema": {
"$ref": "#/definitions/v1beta1.StorageClass"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -183,6 +192,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -233,6 +245,9 @@
"schema": {
"$ref": "#/definitions/v1beta1.StorageClass"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -266,6 +281,9 @@
"schema": {
"$ref": "#/definitions/v1beta1.StorageClass"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -299,6 +317,9 @@
"schema": {
"$ref": "#/definitions/unversioned.Status"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -334,6 +355,9 @@
"schema": {
"$ref": "#/definitions/v1beta1.StorageClass"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -377,6 +401,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -447,6 +474,9 @@
"schema": {
"$ref": "#/definitions/versioned.Event"
}
},
"401": {
"description": "Unauthorized"
}
}
},
@ -851,5 +881,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/v2alpha1.batch.json
View File

@ -28,6 +28,9 @@
"schema": {
"$ref": "#/definitions/unversioned.APIResourceList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -76,5 +79,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

16
api/openapi-spec/version.json
View File

@ -24,6 +24,9 @@
"schema": {
"$ref": "#/definitions/version.Info"
}
},
"401": {
"description": "Unauthorized"
}
}
}
@ -73,5 +76,18 @@
}
}
}
},
"securityDefinitions": {
"BearerToken": {
"description": "Bearer Token authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
},
"security": [
{
"BearerToken": []
}
]
}

3
cmd/kube-apiserver/app/server.go
View File

@ -216,7 +216,7 @@ func Run(s *options.APIServer) error {
serviceAccountGetter = serviceaccountcontroller.NewGetterFromStorageInterface(storageConfig, storageFactory.ResourcePrefix(api.Resource("serviceaccounts")), storageFactory.ResourcePrefix(api.Resource("secrets")))
}
apiAuthenticator, err := authenticator.New(authenticator.AuthenticatorConfig{
apiAuthenticator, securityDefinitions, err := authenticator.New(authenticator.AuthenticatorConfig{
Anonymous: s.AnonymousAuth,
AnyToken: s.EnableAnyToken,
BasicAuthFile: s.BasicAuthFile,
@ -309,6 +309,7 @@ func Run(s *options.APIServer) error {
genericConfig.OpenAPIConfig.Definitions = generatedopenapi.OpenAPIDefinitions
genericConfig.OpenAPIConfig.GetOperationID = openapi.GetOperationID
genericConfig.EnableOpenAPISupport = true
genericConfig.OpenAPIConfig.SecurityDefinitions = securityDefinitions
config := &master.Config{
GenericConfig: genericConfig.Config,

18
federation/apis/openapi-spec/api.json
View File

@ -74,5 +74,23 @@
}
}
}
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
}
}

18
federation/apis/openapi-spec/apis.json
View File

@ -115,5 +115,23 @@
}
}
}
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
}
}

18
federation/apis/openapi-spec/extensions.json
View File

@ -100,5 +100,23 @@
}
}
}
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
}
}

18
federation/apis/openapi-spec/federation.json
View File

@ -100,5 +100,23 @@
}
}
}
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
}
}

20
federation/apis/openapi-spec/logs.json
View File

@ -42,5 +42,23 @@
]
}
},
"definitions": {}
"definitions": {},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
}
}

2185
federation/apis/openapi-spec/root_swagger.json
View File

File diff suppressed because it is too large Load Diff

18
federation/apis/openapi-spec/v1.json
View File

@ -3398,5 +3398,23 @@
}
}
}
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
}
}

2011
federation/apis/openapi-spec/v1beta1.extensions.json
View File

File diff suppressed because it is too large Load Diff

18
federation/apis/openapi-spec/v1beta1.federation.json
View File

@ -996,5 +996,23 @@
}
}
}
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
}
}

18
federation/apis/openapi-spec/version.json
View File

@ -73,5 +73,23 @@
}
}
}
},
"securityDefinitions": {
"HTTPBasic": {
"description": "HTTP Basic authentication",
"type": "basic"
},
"LoopbackTokenBearer": {
"description": "LoopbackToken Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
},
"TokenBearer": {
"description": "Token Bearer authentication",
"type": "apiKey",
"name": "authorization",
"in": "header"
}
}
}

3
federation/cmd/federation-apiserver/app/server.go
View File

@ -117,7 +117,7 @@ func Run(s *options.ServerRunOptions) error {
storageFactory.SetEtcdLocation(groupResource, servers)
}
apiAuthenticator, err := authenticator.New(authenticator.AuthenticatorConfig{
apiAuthenticator, securityDefinitions, err := authenticator.New(authenticator.AuthenticatorConfig{
Anonymous: s.AnonymousAuth,
AnyToken: s.EnableAnyToken,
BasicAuthFile: s.BasicAuthFile,
@ -200,6 +200,7 @@ func Run(s *options.ServerRunOptions) error {
// this method does not provide good operation IDs for federation, we should create federation's own GetOperationID.
genericConfig.OpenAPIConfig.GetOperationID = apiserveropenapi.GetOperationID
genericConfig.EnableOpenAPISupport = true
genericConfig.OpenAPIConfig.SecurityDefinitions = securityDefinitions
// TODO: Move this to generic api server (Need to move the command line flag).
if s.EnableWatchCache {

4
hack/update-federation-openapi-spec.sh
View File

@ -42,6 +42,7 @@ trap cleanup EXIT SIGINT
kube::golang::setup_env
TMP_DIR=$(mktemp -d /tmp/update-federation-openapi-spec.XXXX)
ETCD_HOST=${ETCD_HOST:-127.0.0.1}
ETCD_PORT=${ETCD_PORT:-2379}
API_PORT=${API_PORT:-8050}
@ -49,6 +50,8 @@ API_HOST=${API_HOST:-127.0.0.1}
kube::etcd::start
echo "dummy_token,admin,admin" > $TMP_DIR/tokenauth.csv
# Start federation-apiserver
kube::log::status "Starting federation-apiserver"
"${KUBE_OUTPUT_HOSTBIN}/hyperkube" federation-apiserver \
@ -57,6 +60,7 @@ kube::log::status "Starting federation-apiserver"
--insecure-port="${API_PORT}" \
--etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \
--advertise-address="10.10.10.10" \
--token-auth-file=$TMP_DIR/tokenauth.csv \
--service-cluster-ip-range="10.0.0.0/24" >/tmp/openapi-federation-api-server.log 2>&1 &
APISERVER_PID=$!
kube::util::wait_for_url "${API_HOST}:${API_PORT}/" "apiserver: "

3
hack/update-openapi-spec.sh
View File

@ -52,6 +52,8 @@ API_HOST=${API_HOST:-127.0.0.1}
kube::etcd::start
echo "dummy_token,admin,admin" > $TMP_DIR/tokenauth.csv
# Start kube-apiserver
kube::log::status "Starting kube-apiserver"
"${KUBE_OUTPUT_HOSTBIN}/kube-apiserver" \
@ -61,6 +63,7 @@ kube::log::status "Starting kube-apiserver"
--etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \
--advertise-address="10.10.10.10" \
--cert-dir="${TMP_DIR}/certs" \
--token-auth-file=$TMP_DIR/tokenauth.csv \
--service-cluster-ip-range="10.0.0.0/24" >/tmp/openapi-api-server.log 2>&1 &
APISERVER_PID=$!

1
pkg/apiserver/authenticator/BUILD
View File

@ -31,5 +31,6 @@ go_library(
"//plugin/pkg/auth/authenticator/token/oidc:go_default_library",
"//plugin/pkg/auth/authenticator/token/tokenfile:go_default_library",
"//plugin/pkg/auth/authenticator/token/webhook:go_default_library",
"//vendor:github.com/go-openapi/spec",
],
)

54
pkg/apiserver/authenticator/authn.go
View File

@ -19,6 +19,8 @@ package authenticator
import (
"time"
"github.com/go-openapi/spec"
"k8s.io/kubernetes/pkg/auth/authenticator"
"k8s.io/kubernetes/pkg/auth/authenticator/bearertoken"
"k8s.io/kubernetes/pkg/auth/group"
@ -58,30 +60,35 @@ type AuthenticatorConfig struct {
// New returns an authenticator.Request or an error that supports the standard
// Kubernetes authentication mechanisms.
func New(config AuthenticatorConfig) (authenticator.Request, error) {
func New(config AuthenticatorConfig) (authenticator.Request, *spec.SecurityDefinitions, error) {
var authenticators []authenticator.Request
securityDefinitions := spec.SecurityDefinitions{}
hasBasicAuth := false
hasTokenAuth := false
// BasicAuth methods, local first, then remote
if len(config.BasicAuthFile) > 0 {
basicAuth, err := newAuthenticatorFromBasicAuthFile(config.BasicAuthFile)
if err != nil {
return nil, err
return nil, nil, err
}
authenticators = append(authenticators, basicAuth)
hasBasicAuth = true
}
if len(config.KeystoneURL) > 0 {
keystoneAuth, err := newAuthenticatorFromKeystoneURL(config.KeystoneURL)
if err != nil {
return nil, err
return nil, nil, err
}
authenticators = append(authenticators, keystoneAuth)
hasBasicAuth = true
}
// X509 methods
if len(config.ClientCAFile) > 0 {
certAuth, err := newAuthenticatorFromClientCAFile(config.ClientCAFile)
if err != nil {
return nil, err
return nil, nil, err
}
authenticators = append(authenticators, certAuth)
}
@ -90,16 +97,18 @@ func New(config AuthenticatorConfig) (authenticator.Request, error) {
if len(config.TokenAuthFile) > 0 {
tokenAuth, err := newAuthenticatorFromTokenFile(config.TokenAuthFile)
if err != nil {
return nil, err
return nil, nil, err
}
authenticators = append(authenticators, tokenAuth)
hasTokenAuth = true
}
if len(config.ServiceAccountKeyFiles) > 0 {
serviceAccountAuth, err := newServiceAccountAuthenticator(config.ServiceAccountKeyFiles, config.ServiceAccountLookup, config.ServiceAccountTokenGetter)
if err != nil {
return nil, err
return nil, nil, err
}
authenticators = append(authenticators, serviceAccountAuth)
hasTokenAuth = true
}
// NOTE(ericchiang): Keep the OpenID Connect after Service Accounts.
//
@ -110,32 +119,55 @@ func New(config AuthenticatorConfig) (authenticator.Request, error) {
if len(config.OIDCIssuerURL) > 0 && len(config.OIDCClientID) > 0 {
oidcAuth, err := newAuthenticatorFromOIDCIssuerURL(config.OIDCIssuerURL, config.OIDCClientID, config.OIDCCAFile, config.OIDCUsernameClaim, config.OIDCGroupsClaim)
if err != nil {
return nil, err
return nil, nil, err
}
authenticators = append(authenticators, oidcAuth)
hasTokenAuth = true
}
if len(config.WebhookTokenAuthnConfigFile) > 0 {
webhookTokenAuth, err := newWebhookTokenAuthenticator(config.WebhookTokenAuthnConfigFile, config.WebhookTokenAuthnCacheTTL)
if err != nil {
return nil, err
return nil, nil, err
}
authenticators = append(authenticators, webhookTokenAuth)
hasTokenAuth = true
}
// always add anytoken last, so that every other token authenticator gets to try first
if config.AnyToken {
authenticators = append(authenticators, bearertoken.New(anytoken.AnyTokenAuthenticator{}))
hasTokenAuth = true
}
if hasBasicAuth {
securityDefinitions["HTTPBasic"] = &spec.SecurityScheme{
SecuritySchemeProps: spec.SecuritySchemeProps{
Type: "basic",
Description: "HTTP Basic authentication",
},
}
}
if hasTokenAuth {
securityDefinitions["BearerToken"] = &spec.SecurityScheme{
SecuritySchemeProps: spec.SecuritySchemeProps{
Type: "apiKey",
Name: "authorization",
In: "header",
Description: "Bearer Token authentication",
},
}
}
if len(authenticators) == 0 {
if config.Anonymous {
return anonymous.NewAuthenticator(), nil
return anonymous.NewAuthenticator(), &securityDefinitions, nil
}
}
switch len(authenticators) {
case 0:
return nil, nil
return nil, &securityDefinitions, nil
}
authenticator := union.New(authenticators...)
@ -147,7 +179,7 @@ func New(config AuthenticatorConfig) (authenticator.Request, error) {
authenticator = union.NewFailOnError(authenticator, anonymous.NewAuthenticator())
}
return authenticator, nil
return authenticator, &securityDefinitions, nil
}
// IsValidServiceAccountKeyFile returns true if a valid public RSA key can be read from the given file

23
pkg/genericapiserver/config.go
View File

@ -24,6 +24,7 @@ import (
"os"
"path"
"regexp"
"sort"
"strconv"
"strings"
"time"
@ -331,6 +332,28 @@ func (c *Config) Complete() completedConfig {
}
c.ExternalHost = hostAndPort
}
// All APIs will have the same authentication for now.
if c.OpenAPIConfig != nil && c.OpenAPIConfig.SecurityDefinitions != nil {
c.OpenAPIConfig.DefaultSecurity = []map[string][]string{}
keys := []string{}
for k := range *c.OpenAPIConfig.SecurityDefinitions {
keys = append(keys, k)
}
sort.Strings(keys)
for _, k := range keys {
c.OpenAPIConfig.DefaultSecurity = append(c.OpenAPIConfig.DefaultSecurity, map[string][]string{k: {}})
}
if c.OpenAPIConfig.CommonResponses == nil {
c.OpenAPIConfig.CommonResponses = map[int]spec.Response{}
}
if _, exists := c.OpenAPIConfig.CommonResponses[http.StatusUnauthorized]; !exists {
c.OpenAPIConfig.CommonResponses[http.StatusUnauthorized] = spec.Response{
ResponseProps: spec.ResponseProps{
Description: "Unauthorized",
},
}
}
}
return completedConfig{c}
}

14
pkg/genericapiserver/openapi/common/common.go
View File

@ -45,9 +45,15 @@ type Config struct {
// Info is general information about the API.
Info *spec.Info
// DefaultResponse will be used if an operation does not have any responses listed. It
// will show up as ... "responses" : {"default" : $DefaultResponse} in the spec.
DefaultResponse *spec.Response
// CommonResponses will be added as a response to all operation specs. This is a good place to add common
// responses such as authorization failed.
CommonResponses map[int]spec.Response
// List of webservice's path prefixes to ignore
IgnorePrefixes []string
@ -57,6 +63,14 @@ type Config struct {
// GetOperationID returns operation id for a restful route. It is an optional function to customize operation IDs.
GetOperationID func(servePath string, r *restful.Route) (string, error)
// SecurityDefinitions is list of all security definitions for OpenAPI service. If this is not nil, the user of config
// is responsible to provide DefaultSecurity and (maybe) add unauthorized response to CommonResponses.
SecurityDefinitions *spec.SecurityDefinitions
// DefaultSecurity for all operations. This will pass as spec.SwaggerProps.Security to OpenAPI.
// For most cases, this will be list of acceptable definitions in SecurityDefinitions.
DefaultSecurity []map[string][]string
}
// This function is a reference for converting go (or any custom type) to a simple open API type,format pair. There are

12
pkg/genericapiserver/openapi/openapi.go
View File

@ -78,10 +78,17 @@ func (o *openAPI) init(webServices []*restful.WebService) error {
return r.Operation, nil
}
}
if o.config.CommonResponses == nil {
o.config.CommonResponses = map[int]spec.Response{}
}
err := o.buildPaths(webServices)
if err != nil {
return err
}
if o.config.SecurityDefinitions != nil {
o.swagger.SecurityDefinitions = *o.config.SecurityDefinitions
o.swagger.Security = o.config.DefaultSecurity
}
return nil
}
@ -227,6 +234,11 @@ func (o *openAPI) buildOperations(route restful.Route, inPathCommonParamsMap map
return ret, err
}
}
for code, resp := range o.config.CommonResponses {
if _, exists := ret.Responses.StatusCodeResponses[code]; !exists {
ret.Responses.StatusCodeResponses[code] = resp
}
}
// If there is still no response, use default response provided.
if len(ret.Responses.StatusCodeResponses) == 0 {
ret.Responses.Default = o.config.DefaultResponse