github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity

pkg/apis/rbac: make apiversion optional for subjects and fix validation

Browse Source
This commit is contained in:
Eric Chiang 2016-06-07 10:53:18 -07:00
parent 8bcecac12f
commit 88119903e5
3 changed files with 2 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/apis/rbac/v1alpha1/types.go
View File

@ -54,9 +54,8 @@ type Subject struct {
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
Kind string `json:"kind" protobuf:"bytes,1,opt,name=kind"`
// APIVersion holds the API group and version of the referenced object. For non-object references such as "Group" and "User" this is
// expected to be API version of this API group. For example "rbac/v1alpha1".
APIVersion string `json:"apiVersion" protobuf:"bytes,2,opt.name=apiVersion"`
// APIVersion holds the API group and version of the referenced object.
APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,2,opt.name=apiVersion"`
// Name of the object being referenced.
Name string `json:"name" protobuf:"bytes,3,opt,name=name"`
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty

3
pkg/apis/rbac/validation/validation.go
View File

@ -105,9 +105,6 @@ func validateRoleBindingSubject(subject rbac.Subject, isNamespaced bool, fldPath
if len(subject.Name) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("name"), ""))
}
if len(subject.APIVersion) != 0 {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("apiVersion"), subject.APIVersion))
}
switch subject.Kind {
case rbac.ServiceAccountKind:

9
pkg/apis/rbac/validation/validation_test.go
View File

@ -96,15 +96,6 @@ func TestValidateRoleBinding(t *testing.T) {
T: field.ErrorTypeInvalid,
F: "subjects[0].name",
},
"forbidden fields": {
A: rbac.RoleBinding{
ObjectMeta: api.ObjectMeta{Namespace: api.NamespaceDefault, Name: "master"},
RoleRef: api.ObjectReference{Namespace: "master", Name: "valid"},
Subjects: []rbac.Subject{{Name: "subject", Kind: rbac.ServiceAccountKind, APIVersion: "foo"}},
},
T: field.ErrorTypeForbidden,
F: "subjects[0].apiVersion",
},
"missing subject name": {
A: rbac.RoleBinding{
ObjectMeta: api.ObjectMeta{Namespace: api.NamespaceDefault, Name: "master"},