github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 14:37:00 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #84900 from MikeSpreitzer/add-namespace-to-rule

Browse Source 
Enable Priority and Fairness to discriminate on target namespace
This commit is contained in:
Kubernetes Prow Robot 2019-11-14 16:38:18 -08:00 committed by GitHub
commit 99e18f5ae9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 542 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
api/openapi-spec/swagger.json generated
View File

@ -14264,10 +14264,22 @@
"type": "object"
},
"io.k8s.api.flowcontrol.v1alpha1.ResourcePolicyRule": {
"description": "ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, and (c) at least one member of resources matches the request.",
"description": "ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) least one member of namespaces matches the request.",
"properties": {
"apiGroups": {
"description": "`apiGroups` is a list of matching API groups and may not be empty. \"*\" matches all api-groups. if it is present, it must be the only entry. Required.",
"description": "`apiGroups` is a list of matching API groups and may not be empty. \"*\" matches all API groups and, if present, must be the only entry. Required.",
"items": {
"type": "string"
},
"type": "array",
"x-kubernetes-list-type": "set"
},
"clusterScope": {
"description": "`clusterScope` indicates whether to match requests that do not specify a namespace (which happens either because the resource is not namespaced or the request targets all namespaces). If this field is omitted or false then the `namespaces` field must contain a non-empty list.",
"type": "boolean"
},
"namespaces": {
"description": "`namespaces` is a list of target namespaces that restricts matches. A request that specifies a target namespace matches only if either (a) this list contains that target namespace or (b) this list contains \"*\". Note that \"*\" matches any specified namespace but does not match a request that _does not specify_ a namespace (see the `clusterScope` field for that). This list may be empty, but only if `clusterScope` is true.",
"items": {
"type": "string"
},
@ -14275,7 +14287,7 @@
"x-kubernetes-list-type": "set"
},
"resources": {
"description": "`resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ \"services\", \"nodes/status\" ]. This list may not be empty. \"*\" matches all resources. if it is present, it must be the only entry. Required.",
"description": "`resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ \"services\", \"nodes/status\" ]. This list may not be empty. \"*\" matches all resources and, if present, must be the only entry. Required.",
"items": {
"type": "string"
},
@ -14283,7 +14295,7 @@
"x-kubernetes-list-type": "set"
},
"verbs": {
"description": "`verbs` is a list of matching verbs and may not be empty. \"*\" matches all verbs. if it is present, it must be the only entry. Required.",
"description": "`verbs` is a list of matching verbs and may not be empty. \"*\" matches all verbs and, if present, must be the only entry. Required.",
"items": {
"type": "string"
},

50
pkg/apis/flowcontrol/types.go
View File

@ -26,8 +26,9 @@ const (
ResourceAll = "*"
VerbAll = "*"
NonResourceAll = "*"
NameAll = "*"
NameAll = "*"
NamespaceEvery = "*" // matches every particular namespace
)
// System preset priority level names
@ -210,28 +211,53 @@ type ServiceAccountSubject struct {
Name string
}
// ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target
// resource. A ResourcePolicyRule matches a request if and only if: (a) at least one member
// of verbs matches the request, (b) at least one member of apiGroups matches the request, and (c) at least one member
// of resources matches the request.
// ResourcePolicyRule is a predicate that matches some resource
// requests, testing the request's verb and the target resource. A
// ResourcePolicyRule matches a resource request if and only if: (a)
// at least one member of verbs matches the request, (b) at least one
// member of apiGroups matches the request, (c) at least one member of
// resources matches the request, and (d) least one member of
// namespaces matches the request.
type ResourcePolicyRule struct {
// `verbs` is a list of matching verbs and may not be empty.
// "*" matches all verbs. if it is present, it must be the only entry.
// "*" matches all verbs and, if present, must be the only entry.
// +listType=set
// Required.
Verbs []string
// `apiGroups` is a list of matching API groups and may not be empty.
// "*" matches all api-groups. if it is present, it must be the only entry.
// "*" matches all API groups and, if present, must be the only entry.
// +listType=set
// Required.
APIGroups []string
// `resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource.
// For example, [ "services", "nodes/status" ].
// This list may not be empty.
// "*" matches all resources. if it is present, it must be the only entry.
// +listType=set
// `resources` is a list of matching resources (i.e., lowercase
// and plural) with, if desired, subresource. For example, [
// "services", "nodes/status" ]. This list may not be empty.
// "*" matches all resources and, if present, must be the only entry.
// Required.
// +listType=set
Resources []string
// `clusterScope` indicates whether to match requests that do not
// specify a namespace (which happens either because the resource
// is not namespaced or the request targets all namespaces).
// If this field is omitted or false then the `namespaces` field
// must contain a non-empty list.
// +optional
ClusterScope bool
// `namespaces` is a list of target namespaces that restricts
// matches. A request that specifies a target namespace matches
// only if either (a) this list contains that target namespace or
// (b) this list contains "*". Note that "*" matches any
// specified namespace but does not match a request that _does
// not specify_ a namespace (see the `clusterScope` field for
// that).
// This list may be empty, but only if `clusterScope` is true.
// +optional
// +listType=set
Namespaces []string
}
// NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the

4
pkg/apis/flowcontrol/v1alpha1/zz_generated.conversion.go generated
View File

@ -697,6 +697,8 @@ func autoConvert_v1alpha1_ResourcePolicyRule_To_flowcontrol_ResourcePolicyRule(i
out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs))
out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups))
out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources))
out.ClusterScope = in.ClusterScope
out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces))
return nil
}
@ -709,6 +711,8 @@ func autoConvert_flowcontrol_ResourcePolicyRule_To_v1alpha1_ResourcePolicyRule(i
out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs))
out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups))
out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources))
out.ClusterScope = in.ClusterScope
out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces))
return nil
}

24
pkg/apis/flowcontrol/validation/validation.go
View File

@ -245,9 +245,25 @@ func ValidateFlowSchemaResourcePolicyRule(rule *flowcontrol.ResourcePolicyRule,
allErrs = append(allErrs, field.Invalid(fldPath.Child("resources"), rule.Resources, "if '*' is present, must not specify other resources"))
}
if len(rule.Namespaces) == 0 && !rule.ClusterScope {
allErrs = append(allErrs, field.Required(fldPath.Child("namespaces"), "resource rules that are not cluster scoped must supply at least one namespace"))
} else if hasWildcard(rule.Namespaces) {
if len(rule.Namespaces) > 1 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("namespaces"), rule.Namespaces, "if '*' is present, must not specify other namespaces"))
}
} else {
for idx, tgtNS := range rule.Namespaces {
for _, msg := range apimachineryvalidation.ValidateNamespaceName(tgtNS, false) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("namespaces").Index(idx), tgtNS, nsErrIntro+msg))
}
}
}
return allErrs
}
const nsErrIntro = "each member of this list must be '*' or a DNS-1123 label; "
// ValidateFlowSchemaStatus validates status for the flow-schema.
func ValidateFlowSchemaStatus(status *flowcontrol.FlowSchemaStatus, fldPath *field.Path) field.ErrorList {
var allErrs field.ErrorList
@ -424,8 +440,12 @@ func ValidateNonResourceURLPath(path string, fldPath *field.Path) *field.Error {
}
func hasWildcard(operations []string) bool {
for _, o := range operations {
if o == "*" {
return memberInList("*", operations...)
}
func memberInList(seek string, a ...string) bool {
for _, ai := range a {
if ai == seek {
return true
}
}

223
pkg/apis/flowcontrol/validation/validation_test.go
View File

@ -34,7 +34,7 @@ func TestFlowSchemaValidation(t *testing.T) {
expectedErrors field.ErrorList
}{
{
name: "missing neither resource and non-resource policy-rule should fail",
name: "missing both resource and non-resource policy-rule should fail",
flowSchema: &flowcontrol.FlowSchema{
ObjectMeta: metav1.ObjectMeta{
Name: "system-foo",
@ -81,9 +81,10 @@ func TestFlowSchemaValidation(t *testing.T) {
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Namespaces: []string{flowcontrol.NamespaceEvery},
},
},
},
@ -113,9 +114,10 @@ func TestFlowSchemaValidation(t *testing.T) {
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{flowcontrol.VerbAll, "create"},
APIGroups: []string{flowcontrol.APIGroupAll, "tak"},
Resources: []string{flowcontrol.ResourceAll, "tok"},
Verbs: []string{flowcontrol.VerbAll, "create"},
APIGroups: []string{flowcontrol.APIGroupAll, "tak"},
Resources: []string{flowcontrol.ResourceAll, "tok"},
Namespaces: []string{flowcontrol.NamespaceEvery},
},
},
},
@ -149,9 +151,10 @@ func TestFlowSchemaValidation(t *testing.T) {
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Namespaces: []string{flowcontrol.NamespaceEvery},
},
},
NonResourceRules: []flowcontrol.NonResourcePolicyRule{
@ -252,9 +255,10 @@ func TestFlowSchemaValidation(t *testing.T) {
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{"feed"},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Verbs: []string{"feed"},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Namespaces: []string{flowcontrol.NamespaceEvery},
},
},
},
@ -286,9 +290,10 @@ func TestFlowSchemaValidation(t *testing.T) {
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Namespaces: []string{flowcontrol.NamespaceEvery},
},
},
},
@ -322,9 +327,10 @@ func TestFlowSchemaValidation(t *testing.T) {
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Namespaces: []string{flowcontrol.NamespaceEvery},
},
},
},
@ -355,9 +361,10 @@ func TestFlowSchemaValidation(t *testing.T) {
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Namespaces: []string{flowcontrol.NamespaceEvery},
},
},
},
@ -368,6 +375,178 @@ func TestFlowSchemaValidation(t *testing.T) {
field.NotSupported(field.NewPath("spec").Child("rules").Index(0).Child("subjects").Index(0).Child("kind"), flowcontrol.SubjectKind(""), supportedSubjectKinds.List()),
},
},
{
name: "Omitted ResourceRule.Namespaces should fail",
flowSchema: &flowcontrol.FlowSchema{
ObjectMeta: metav1.ObjectMeta{
Name: "system-foo",
},
Spec: flowcontrol.FlowSchemaSpec{
MatchingPrecedence: 50,
PriorityLevelConfiguration: flowcontrol.PriorityLevelConfigurationReference{
Name: "system-bar",
},
Rules: []flowcontrol.PolicyRulesWithSubjects{
{
Subjects: []flowcontrol.Subject{
{
Kind: flowcontrol.SubjectKindUser,
User: &flowcontrol.UserSubject{Name: "noxu"},
},
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Namespaces: nil,
},
},
},
},
},
},
expectedErrors: field.ErrorList{
field.Required(field.NewPath("spec").Child("rules").Index(0).Child("resourceRules").Index(0).Child("namespaces"), "resource rules that are not cluster scoped must supply at least one namespace"),
},
},
{
name: "ClusterScope is allowed, with no Namespaces",
flowSchema: &flowcontrol.FlowSchema{
ObjectMeta: metav1.ObjectMeta{
Name: "system-foo",
},
Spec: flowcontrol.FlowSchemaSpec{
MatchingPrecedence: 50,
PriorityLevelConfiguration: flowcontrol.PriorityLevelConfigurationReference{
Name: "system-bar",
},
Rules: []flowcontrol.PolicyRulesWithSubjects{
{
Subjects: []flowcontrol.Subject{
{
Kind: flowcontrol.SubjectKindUser,
User: &flowcontrol.UserSubject{Name: "noxu"},
},
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
ClusterScope: true,
},
},
},
},
},
},
expectedErrors: field.ErrorList{},
},
{
name: "ClusterScope is allowed with NamespaceEvery",
flowSchema: &flowcontrol.FlowSchema{
ObjectMeta: metav1.ObjectMeta{
Name: "system-foo",
},
Spec: flowcontrol.FlowSchemaSpec{
MatchingPrecedence: 50,
PriorityLevelConfiguration: flowcontrol.PriorityLevelConfigurationReference{
Name: "system-bar",
},
Rules: []flowcontrol.PolicyRulesWithSubjects{
{
Subjects: []flowcontrol.Subject{
{
Kind: flowcontrol.SubjectKindUser,
User: &flowcontrol.UserSubject{Name: "noxu"},
},
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
ClusterScope: true,
Namespaces: []string{flowcontrol.NamespaceEvery},
},
},
},
},
},
},
expectedErrors: field.ErrorList{},
},
{
name: "NamespaceEvery may not be combined with particulars",
flowSchema: &flowcontrol.FlowSchema{
ObjectMeta: metav1.ObjectMeta{
Name: "system-foo",
},
Spec: flowcontrol.FlowSchemaSpec{
MatchingPrecedence: 50,
PriorityLevelConfiguration: flowcontrol.PriorityLevelConfigurationReference{
Name: "system-bar",
},
Rules: []flowcontrol.PolicyRulesWithSubjects{
{
Subjects: []flowcontrol.Subject{
{
Kind: flowcontrol.SubjectKindUser,
User: &flowcontrol.UserSubject{Name: "noxu"},
},
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Namespaces: []string{"foo", flowcontrol.NamespaceEvery},
},
},
},
},
},
},
expectedErrors: field.ErrorList{
field.Invalid(field.NewPath("spec").Child("rules").Index(0).Child("resourceRules").Index(0).Child("namespaces"), []string{"foo", flowcontrol.NamespaceEvery}, "if '*' is present, must not specify other namespaces"),
},
},
{
name: "ResourceRule.Namespaces must be well formed",
flowSchema: &flowcontrol.FlowSchema{
ObjectMeta: metav1.ObjectMeta{
Name: "system-foo",
},
Spec: flowcontrol.FlowSchemaSpec{
MatchingPrecedence: 50,
PriorityLevelConfiguration: flowcontrol.PriorityLevelConfigurationReference{
Name: "system-bar",
},
Rules: []flowcontrol.PolicyRulesWithSubjects{
{
Subjects: []flowcontrol.Subject{
{
Kind: flowcontrol.SubjectKindUser,
User: &flowcontrol.UserSubject{Name: "noxu"},
},
},
ResourceRules: []flowcontrol.ResourcePolicyRule{
{
Verbs: []string{flowcontrol.VerbAll},
APIGroups: []string{flowcontrol.APIGroupAll},
Resources: []string{flowcontrol.ResourceAll},
Namespaces: []string{"-foo"},
},
},
},
},
},
},
expectedErrors: field.ErrorList{
field.Invalid(field.NewPath("spec").Child("rules").Index(0).Child("resourceRules").Index(0).Child("namespaces").Index(0), "-foo", nsErrIntro+`a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')`),
},
},
}
for _, testCase := range testCases {
t.Run(testCase.name, func(t *testing.T) {

5
pkg/apis/flowcontrol/zz_generated.deepcopy.go generated
View File

@ -459,6 +459,11 @@ func (in *ResourcePolicyRule) DeepCopyInto(out *ResourcePolicyRule) {
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Namespaces != nil {
in, out := &in.Namespaces, &out.Namespaces
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}

266
staging/src/k8s.io/api/flowcontrol/v1alpha1/generated.pb.go generated
View File

@ -689,99 +689,101 @@ func init() {
}
var fileDescriptor_45ba024d525b289b = []byte{
// 1459 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x57, 0x4d, 0x6f, 0x13, 0xc7,
0x1b, 0xcf, 0x3a, 0x76, 0x12, 0x4f, 0xc8, 0x0b, 0x93, 0x3f, 0x8a, 0x15, 0x24, 0x3b, 0xec, 0x5f,
0x2a, 0xb4, 0xc0, 0x2e, 0xa1, 0x40, 0xa9, 0x50, 0x85, 0xb2, 0xd0, 0xf2, 0x96, 0xa4, 0xc9, 0x04,
0xa8, 0x8a, 0xa8, 0xc4, 0x64, 0x3d, 0xb1, 0x87, 0xd8, 0xbb, 0xdb, 0x99, 0x5d, 0xd3, 0x54, 0x1c,
0x2a, 0xf5, 0x03, 0xb4, 0x1f, 0x80, 0x63, 0x0f, 0x3d, 0xf7, 0x13, 0xf4, 0x18, 0x55, 0x3d, 0x70,
0xe4, 0x64, 0x11, 0xf7, 0x5a, 0xf5, 0x5c, 0x71, 0xaa, 0x66, 0x76, 0x76, 0xd7, 0xeb, 0x77, 0x1a,
0x89, 0x53, 0x6f, 0xde, 0xe7, 0xe5, 0xf7, 0xbc, 0xcc, 0x33, 0xcf, 0xfc, 0x0c, 0x6e, 0xef, 0x5d,
0xe5, 0x06, 0x75, 0xcd, 0xbd, 0x60, 0x87, 0x30, 0x87, 0xf8, 0x84, 0x9b, 0x0d, 0xe2, 0x94, 0x5d,
0x66, 0x2a, 0x05, 0xf6, 0xa8, 0xb9, 0x5b, 0x73, 0x9f, 0xd9, 0xae, 0xe3, 0x33, 0xb7, 0x66, 0x36,
0x56, 0x70, 0xcd, 0xab, 0xe2, 0x15, 0xb3, 0x42, 0x1c, 0xc2, 0xb0, 0x4f, 0xca, 0x86, 0xc7, 0x5c,
0xdf, 0x85, 0xa5, 0xd0, 0xc1, 0xc0, 0x1e, 0x35, 0xda, 0x1c, 0x8c, 0xc8, 0x61, 0xe9, 0x7c, 0x85,
0xfa, 0xd5, 0x60, 0xc7, 0xb0, 0xdd, 0xba, 0x59, 0x71, 0x2b, 0xae, 0x29, 0xfd, 0x76, 0x82, 0x5d,
0xf9, 0x25, 0x3f, 0xe4, 0xaf, 0x10, 0x6f, 0xe9, 0x52, 0x92, 0x40, 0x1d, 0xdb, 0x55, 0xea, 0x10,
0xb6, 0x6f, 0x7a, 0x7b, 0x15, 0x21, 0xe0, 0x66, 0x9d, 0xf8, 0xd8, 0x6c, 0x74, 0x65, 0xb1, 0x64,
0xf6, 0xf3, 0x62, 0x81, 0xe3, 0xd3, 0x3a, 0xe9, 0x72, 0xb8, 0x32, 0xcc, 0x81, 0xdb, 0x55, 0x52,
0xc7, 0x9d, 0x7e, 0xfa, 0x23, 0xb0, 0xf8, 0x59, 0xcd, 0x7d, 0x76, 0x93, 0x72, 0x9f, 0x3a, 0x95,
0x80, 0xf2, 0x2a, 0x61, 0xeb, 0xc4, 0xaf, 0xba, 0x65, 0x78, 0x1d, 0x64, 0xfd, 0x7d, 0x8f, 0x14,
0xb4, 0x65, 0xed, 0x4c, 0xde, 0x3a, 0x7b, 0xd0, 0x2c, 0x8d, 0xb5, 0x9a, 0xa5, 0xec, 0xfd, 0x7d,
0x8f, 0xbc, 0x69, 0x96, 0x4e, 0xf6, 0x71, 0x13, 0x6a, 0x24, 0x1d, 0xf5, 0x17, 0x19, 0x00, 0x84,
0xd5, 0xb6, 0x0c, 0x0d, 0x9f, 0x80, 0x29, 0x51, 0x6e, 0x19, 0xfb, 0x58, 0x62, 0x4e, 0x5f, 0xbc,
0x60, 0x24, 0xcd, 0x8e, 0xb3, 0x36, 0xbc, 0xbd, 0x8a, 0x10, 0x70, 0x43, 0x58, 0x1b, 0x8d, 0x15,
0xe3, 0xf3, 0x9d, 0xa7, 0xc4, 0xf6, 0xd7, 0x89, 0x8f, 0x2d, 0xa8, 0xb2, 0x00, 0x89, 0x0c, 0xc5,
0xa8, 0x70, 0x0b, 0x64, 0xb9, 0x47, 0xec, 0x42, 0x46, 0xa2, 0x9b, 0xc6, 0x90, 0xa3, 0x34, 0x92,
0xe4, 0xb6, 0x3d, 0x62, 0x5b, 0xc7, 0xa2, 0x12, 0xc5, 0x17, 0x92, 0x50, 0xf0, 0x4b, 0x30, 0xc1,
0x7d, 0xec, 0x07, 0xbc, 0x30, 0x2e, 0x41, 0x57, 0xde, 0x06, 0x54, 0x3a, 0x5a, 0xb3, 0x0a, 0x76,
0x22, 0xfc, 0x46, 0x0a, 0x50, 0x7f, 0x95, 0x01, 0x0b, 0x89, 0xf1, 0x0d, 0xd7, 0x29, 0x53, 0x9f,
0xba, 0x0e, 0xbc, 0x96, 0xea, 0xfb, 0xe9, 0x8e, 0xbe, 0x2f, 0xf6, 0x70, 0x49, 0x7a, 0x0e, 0x3f,
0x8e, 0xf3, 0xcd, 0x48, 0xf7, 0x53, 0xe9, 0xe0, 0x6f, 0x9a, 0xa5, 0xb9, 0xd8, 0x2d, 0x9d, 0x0f,
0x6c, 0x00, 0x58, 0xc3, 0xdc, 0xbf, 0xcf, 0xb0, 0xc3, 0x43, 0x58, 0x5a, 0x27, 0xaa, 0xec, 0x0f,
0x46, 0x3b, 0x29, 0xe1, 0x61, 0x2d, 0xa9, 0x90, 0x70, 0xad, 0x0b, 0x0d, 0xf5, 0x88, 0x00, 0xdf,
0x03, 0x13, 0x8c, 0x60, 0xee, 0x3a, 0x85, 0xac, 0x4c, 0x39, 0xee, 0x17, 0x92, 0x52, 0xa4, 0xb4,
0xf0, 0x7d, 0x30, 0x59, 0x27, 0x9c, 0xe3, 0x0a, 0x29, 0xe4, 0xa4, 0xe1, 0x9c, 0x32, 0x9c, 0x5c,
0x0f, 0xc5, 0x28, 0xd2, 0xeb, 0xbf, 0x6a, 0x60, 0x36, 0xe9, 0xd3, 0x1a, 0xe5, 0x3e, 0x7c, 0xdc,
0x35, 0x7d, 0xc6, 0x68, 0x35, 0x09, 0x6f, 0x39, 0x7b, 0xf3, 0x2a, 0xdc, 0x54, 0x24, 0x69, 0x9b,
0xbc, 0x4d, 0x90, 0xa3, 0x3e, 0xa9, 0x8b, 0xae, 0x8f, 0x9f, 0x99, 0xbe, 0x78, 0xf6, 0x2d, 0xa6,
0xc4, 0x9a, 0x51, 0xb8, 0xb9, 0x3b, 0x02, 0x01, 0x85, 0x40, 0xfa, 0x9f, 0xe3, 0xed, 0x25, 0x88,
0x89, 0x84, 0x3f, 0x6b, 0x60, 0xc9, 0x63, 0xd4, 0x65, 0xd4, 0xdf, 0x5f, 0x23, 0x0d, 0x52, 0xbb,
0xe1, 0x3a, 0xbb, 0xb4, 0x12, 0x30, 0x2c, 0x7a, 0xa9, 0xaa, 0xba, 0x39, 0x34, 0xf4, 0x66, 0x5f,
0x08, 0x44, 0x76, 0x09, 0x23, 0x8e, 0x4d, 0x2c, 0x5d, 0xe5, 0xb4, 0x34, 0xc0, 0x78, 0x40, 0x2e,
0xf0, 0x2e, 0x80, 0x75, 0xec, 0x8b, 0x9e, 0x56, 0x36, 0x19, 0xb1, 0x49, 0x59, 0xa0, 0xca, 0x91,
0xcc, 0x25, 0xf3, 0xb1, 0xde, 0x65, 0x81, 0x7a, 0x78, 0xc1, 0xef, 0x35, 0xb0, 0x50, 0xee, 0x5e,
0x34, 0x6a, 0x32, 0xaf, 0x8e, 0xd4, 0xea, 0x1e, 0x8b, 0xca, 0x5a, 0x6c, 0x35, 0x4b, 0x0b, 0x3d,
0x14, 0xa8, 0x57, 0x34, 0xf8, 0x15, 0xc8, 0xb1, 0xa0, 0x46, 0x78, 0x21, 0x2b, 0x4f, 0x78, 0x78,
0xd8, 0x4d, 0xb7, 0x46, 0xed, 0x7d, 0x24, 0x7c, 0xbe, 0xa0, 0x7e, 0x75, 0x3b, 0x90, 0x1b, 0x8b,
0x27, 0xc7, 0x2d, 0x55, 0x28, 0x44, 0xd5, 0x9f, 0x83, 0xf9, 0xce, 0xc5, 0x01, 0xab, 0x00, 0xd8,
0xd1, 0x5d, 0xe5, 0x05, 0x4d, 0xc6, 0xbd, 0xf4, 0x16, 0x93, 0x15, 0x5f, 0xf4, 0x64, 0x6d, 0xc6,
0x22, 0x8e, 0xda, 0xb0, 0xf5, 0x0b, 0xe0, 0xd8, 0x2d, 0xe6, 0x06, 0x9e, 0x4a, 0x12, 0x2e, 0x83,
0xac, 0x83, 0xeb, 0xd1, 0x0a, 0x8a, 0xf7, 0xe2, 0x06, 0xae, 0x13, 0x24, 0x35, 0xfa, 0x4f, 0x1a,
0x98, 0x59, 0xa3, 0x75, 0xea, 0x23, 0xc2, 0x3d, 0xd7, 0xe1, 0x04, 0x5e, 0x4e, 0xad, 0xad, 0x53,
0x1d, 0x6b, 0xeb, 0x78, 0xca, 0xb8, 0x6d, 0x61, 0x3d, 0x06, 0x93, 0x5f, 0x07, 0x24, 0xa0, 0x4e,
0x45, 0xad, 0xed, 0xcb, 0x43, 0x2b, 0xdc, 0x0a, 0xed, 0x53, 0x13, 0x67, 0x4d, 0x8b, 0x45, 0xa0,
0x34, 0x28, 0x82, 0xd4, 0xff, 0xd2, 0xc0, 0x29, 0x19, 0x99, 0x94, 0xfb, 0x4f, 0x32, 0x7c, 0x0c,
0x0a, 0x98, 0xf3, 0x80, 0x91, 0xf2, 0x0d, 0xd7, 0xb1, 0x03, 0x26, 0xee, 0xc0, 0xfe, 0x76, 0x15,
0x33, 0xc2, 0x65, 0x39, 0x39, 0x6b, 0x59, 0x95, 0x53, 0x58, 0xed, 0x63, 0x87, 0xfa, 0x22, 0xc0,
0x3d, 0x30, 0x53, 0x6b, 0x2f, 0x5e, 0xd5, 0x69, 0x0c, 0xad, 0x33, 0xd5, 0x32, 0xeb, 0x84, 0x4a,
0x21, 0xdd, 0x76, 0x94, 0xc6, 0xd6, 0x9f, 0x81, 0x13, 0x1b, 0xe2, 0x22, 0x73, 0x37, 0x60, 0x36,
0x49, 0x66, 0x10, 0x96, 0x40, 0xae, 0x41, 0xd8, 0x4e, 0x38, 0x47, 0x79, 0x2b, 0x2f, 0x26, 0xf0,
0xa1, 0x10, 0xa0, 0x50, 0x0e, 0x3f, 0x01, 0x73, 0x4e, 0xe2, 0xf9, 0x00, 0xad, 0xf1, 0xc2, 0x84,
0x34, 0x5d, 0x68, 0x35, 0x4b, 0x73, 0x1b, 0x69, 0x15, 0xea, 0xb4, 0xd5, 0x0f, 0x33, 0x60, 0xb1,
0xcf, 0xc8, 0xc3, 0x87, 0x60, 0x8a, 0xab, 0xdf, 0x6a, 0x8c, 0xcf, 0x0c, 0x2d, 0x5e, 0x39, 0x27,
0x5b, 0x37, 0x42, 0x43, 0x31, 0x16, 0xf4, 0xc0, 0x0c, 0x53, 0x39, 0xc8, 0xa0, 0x6a, 0xfb, 0x7e,
0x38, 0x14, 0xbc, 0xbb, 0x3f, 0x49, 0x7b, 0x51, 0x3b, 0x22, 0x4a, 0x07, 0x80, 0xcf, 0xc1, 0x7c,
0x5b, 0xe1, 0x61, 0xd0, 0x71, 0x19, 0xf4, 0xca, 0xd0, 0xa0, 0x3d, 0xcf, 0xc5, 0x2a, 0xa8, 0xb8,
0xf3, 0x1b, 0x1d, 0xb8, 0xa8, 0x2b, 0x92, 0xfe, 0x7b, 0x06, 0x0c, 0x58, 0xc8, 0xef, 0x80, 0x60,
0xe1, 0x14, 0xc1, 0xba, 0x7e, 0x84, 0xa7, 0xa6, 0x2f, 0xe1, 0xa2, 0x1d, 0x84, 0x6b, 0xf5, 0x28,
0x41, 0x06, 0x13, 0xb0, 0xbf, 0x33, 0xe0, 0xff, 0xfd, 0x9d, 0x13, 0x42, 0x76, 0x2f, 0xb5, 0xd9,
0x3e, 0xea, 0xd8, 0x6c, 0xa7, 0x47, 0x80, 0xf8, 0x8f, 0xa0, 0x75, 0x10, 0xb4, 0xd7, 0x1a, 0x28,
0xf6, 0xef, 0xdb, 0x3b, 0x20, 0x6c, 0x4f, 0xd2, 0x84, 0xed, 0xda, 0x11, 0xa6, 0xac, 0x0f, 0x81,
0xbb, 0x35, 0x68, 0xb8, 0x62, 0xa6, 0x35, 0xc2, 0x53, 0x7b, 0x30, 0xb0, 0x57, 0x92, 0x19, 0x0e,
0xf9, 0xcb, 0x90, 0xf2, 0xfe, 0xd4, 0xc1, 0x3b, 0x35, 0x52, 0x27, 0x8e, 0xaf, 0x26, 0x92, 0x82,
0xc9, 0x5a, 0xf8, 0x44, 0xaa, 0x7b, 0x6d, 0x8d, 0xf6, 0x32, 0x0d, 0x7a, 0x52, 0xc3, 0xe7, 0x58,
0x99, 0xa1, 0x08, 0x5f, 0x7f, 0xa1, 0x81, 0xe5, 0x61, 0xd7, 0x15, 0x7e, 0xd3, 0x83, 0xf6, 0x1c,
0x85, 0xd5, 0x8e, 0x4e, 0x83, 0x7e, 0xd1, 0xc0, 0xff, 0x7a, 0x91, 0x0b, 0x71, 0x03, 0x04, 0xa3,
0x88, 0xe9, 0x40, 0x7c, 0x03, 0xb6, 0xa4, 0x14, 0x29, 0x2d, 0x3c, 0x07, 0xa6, 0xaa, 0xd8, 0x29,
0x6f, 0xd3, 0x6f, 0x23, 0xb2, 0x1b, 0xcf, 0xe0, 0x6d, 0x25, 0x47, 0xb1, 0x05, 0xbc, 0x09, 0xe6,
0xa5, 0xdf, 0x1a, 0x71, 0x2a, 0x7e, 0x55, 0x36, 0x4b, 0xde, 0xe6, 0x5c, 0xf2, 0x28, 0x6c, 0x75,
0xe8, 0x51, 0x97, 0x87, 0xfe, 0x83, 0x06, 0xe0, 0xbf, 0x79, 0xef, 0xcf, 0x82, 0x3c, 0xf6, 0xa8,
0xa4, 0x7d, 0xe1, 0x2d, 0xc8, 0x5b, 0x33, 0xad, 0x66, 0x29, 0xbf, 0xba, 0x79, 0x27, 0x14, 0xa2,
0x44, 0x2f, 0x8c, 0xa3, 0x87, 0x30, 0x7c, 0xf0, 0x94, 0x71, 0x14, 0x98, 0xa3, 0x44, 0xaf, 0x3f,
0x05, 0x27, 0xb6, 0x09, 0x6b, 0x50, 0x9b, 0xac, 0xda, 0xb6, 0x1b, 0x38, 0x7e, 0x44, 0x2b, 0x4d,
0x90, 0x17, 0x13, 0xcd, 0x3d, 0x6c, 0x47, 0xb3, 0x7a, 0x5c, 0x55, 0x9a, 0xdf, 0x88, 0x14, 0x28,
0xb1, 0x89, 0x2f, 0x47, 0xa6, 0xef, 0xe5, 0xf8, 0x2d, 0x03, 0x26, 0x13, 0xf8, 0xec, 0x1e, 0x75,
0xca, 0x0a, 0xf9, 0x64, 0x64, 0x7d, 0x8f, 0x3a, 0xe5, 0x37, 0xcd, 0xd2, 0xb4, 0x32, 0x13, 0x9f,
0x48, 0x1a, 0xc2, 0xbb, 0x20, 0x1b, 0x70, 0xc2, 0xd4, 0xd8, 0x9f, 0x1b, 0x3a, 0x63, 0x0f, 0x38,
0x61, 0x11, 0x2f, 0x99, 0x12, 0xd0, 0x42, 0x80, 0x24, 0x06, 0xdc, 0x00, 0xb9, 0x8a, 0xe8, 0x95,
0xda, 0xc7, 0xe7, 0x87, 0x82, 0xb5, 0x13, 0xee, 0xf0, 0x78, 0xa4, 0x04, 0x85, 0x30, 0x90, 0x81,
0x59, 0x9e, 0x6a, 0xa2, 0x5c, 0xbe, 0xa3, 0xf0, 0x8c, 0x9e, 0xbd, 0xb7, 0x60, 0xab, 0x59, 0x9a,
0x4d, 0xab, 0x50, 0x47, 0x04, 0xdd, 0x04, 0xd3, 0x6d, 0x25, 0x0e, 0x5f, 0x4d, 0x96, 0x71, 0x70,
0x58, 0x1c, 0x7b, 0x79, 0x58, 0x1c, 0x7b, 0x75, 0x58, 0x1c, 0xfb, 0xae, 0x55, 0xd4, 0x0e, 0x5a,
0x45, 0xed, 0x65, 0xab, 0xa8, 0xbd, 0x6a, 0x15, 0xb5, 0xd7, 0xad, 0xa2, 0xf6, 0xe3, 0x1f, 0xc5,
0xb1, 0x47, 0x53, 0x51, 0x6a, 0xff, 0x04, 0x00, 0x00, 0xff, 0xff, 0xcb, 0xe4, 0x65, 0x97, 0xa7,
0x13, 0x00, 0x00,
// 1502 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x57, 0x4d, 0x6f, 0xdb, 0x46,
0x13, 0x36, 0x65, 0xc9, 0xb6, 0xc6, 0x9f, 0x59, 0x27, 0xb0, 0xe0, 0x00, 0x92, 0xc3, 0x17, 0x78,
0x93, 0xf7, 0x4d, 0x42, 0xc6, 0x69, 0x92, 0xa6, 0x08, 0x8a, 0xc0, 0x74, 0xda, 0x7c, 0xd9, 0xae,
0xbd, 0x4e, 0x52, 0x34, 0x48, 0x81, 0xd0, 0xd4, 0x5a, 0xda, 0x58, 0x22, 0x59, 0x2e, 0xa9, 0xd4,
0x45, 0x0e, 0x05, 0xfa, 0x07, 0xfa, 0x03, 0x72, 0xec, 0xa1, 0xe7, 0xfe, 0x82, 0x1e, 0x8d, 0xa2,
0x87, 0x1c, 0x73, 0x12, 0x62, 0xf5, 0x5a, 0xf4, 0xdc, 0xe6, 0x54, 0xec, 0x72, 0x49, 0x8a, 0xfa,
0xb0, 0x94, 0x1a, 0xc8, 0xa9, 0x37, 0x71, 0x3e, 0x9e, 0xd9, 0x99, 0x9d, 0x99, 0x7d, 0x04, 0x77,
0xf6, 0xae, 0x33, 0x8d, 0x3a, 0xfa, 0x5e, 0xb0, 0x43, 0x3c, 0x9b, 0xf8, 0x84, 0xe9, 0x0d, 0x62,
0x97, 0x1d, 0x4f, 0x97, 0x0a, 0xd3, 0xa5, 0xfa, 0x6e, 0xcd, 0x79, 0x6e, 0x39, 0xb6, 0xef, 0x39,
0x35, 0xbd, 0xb1, 0x6c, 0xd6, 0xdc, 0xaa, 0xb9, 0xac, 0x57, 0x88, 0x4d, 0x3c, 0xd3, 0x27, 0x65,
0xcd, 0xf5, 0x1c, 0xdf, 0x41, 0xa5, 0xd0, 0x41, 0x33, 0x5d, 0xaa, 0xb5, 0x39, 0x68, 0x91, 0xc3,
0xe2, 0xc5, 0x0a, 0xf5, 0xab, 0xc1, 0x8e, 0x66, 0x39, 0x75, 0xbd, 0xe2, 0x54, 0x1c, 0x5d, 0xf8,
0xed, 0x04, 0xbb, 0xe2, 0x4b, 0x7c, 0x88, 0x5f, 0x21, 0xde, 0xe2, 0x95, 0xe4, 0x00, 0x75, 0xd3,
0xaa, 0x52, 0x9b, 0x78, 0xfb, 0xba, 0xbb, 0x57, 0xe1, 0x02, 0xa6, 0xd7, 0x89, 0x6f, 0xea, 0x8d,
0xae, 0x53, 0x2c, 0xea, 0xfd, 0xbc, 0xbc, 0xc0, 0xf6, 0x69, 0x9d, 0x74, 0x39, 0x5c, 0x1b, 0xe4,
0xc0, 0xac, 0x2a, 0xa9, 0x9b, 0x9d, 0x7e, 0xea, 0x63, 0x58, 0xf8, 0xb4, 0xe6, 0x3c, 0xbf, 0x45,
0x99, 0x4f, 0xed, 0x4a, 0x40, 0x59, 0x95, 0x78, 0xeb, 0xc4, 0xaf, 0x3a, 0x65, 0x74, 0x13, 0xb2,
0xfe, 0xbe, 0x4b, 0x0a, 0xca, 0x92, 0x72, 0x2e, 0x6f, 0x9c, 0x3f, 0x68, 0x96, 0x46, 0x5a, 0xcd,
0x52, 0xf6, 0xc1, 0xbe, 0x4b, 0xde, 0x36, 0x4b, 0xa7, 0xfb, 0xb8, 0x71, 0x35, 0x16, 0x8e, 0xea,
0xcb, 0x0c, 0x00, 0xb7, 0xda, 0x16, 0xa1, 0xd1, 0x53, 0x98, 0xe0, 0xe9, 0x96, 0x4d, 0xdf, 0x14,
0x98, 0x93, 0x97, 0x2f, 0x69, 0x49, 0xb1, 0xe3, 0x53, 0x6b, 0xee, 0x5e, 0x85, 0x0b, 0x98, 0xc6,
0xad, 0xb5, 0xc6, 0xb2, 0xf6, 0xd9, 0xce, 0x33, 0x62, 0xf9, 0xeb, 0xc4, 0x37, 0x0d, 0x24, 0x4f,
0x01, 0x89, 0x0c, 0xc7, 0xa8, 0x68, 0x0b, 0xb2, 0xcc, 0x25, 0x56, 0x21, 0x23, 0xd0, 0x75, 0x6d,
0xc0, 0x55, 0x6a, 0xc9, 0xe1, 0xb6, 0x5d, 0x62, 0x19, 0x53, 0x51, 0x8a, 0xfc, 0x0b, 0x0b, 0x28,
0xf4, 0x05, 0x8c, 0x31, 0xdf, 0xf4, 0x03, 0x56, 0x18, 0x15, 0xa0, 0xcb, 0xef, 0x02, 0x2a, 0x1c,
0x8d, 0x19, 0x09, 0x3b, 0x16, 0x7e, 0x63, 0x09, 0xa8, 0xbe, 0xce, 0xc0, 0x7c, 0x62, 0xbc, 0xea,
0xd8, 0x65, 0xea, 0x53, 0xc7, 0x46, 0x37, 0x52, 0x75, 0x3f, 0xdb, 0x51, 0xf7, 0x85, 0x1e, 0x2e,
0x49, 0xcd, 0xd1, 0x47, 0xf1, 0x79, 0x33, 0xc2, 0xfd, 0x4c, 0x3a, 0xf8, 0xdb, 0x66, 0x69, 0x36,
0x76, 0x4b, 0x9f, 0x07, 0x35, 0x00, 0xd5, 0x4c, 0xe6, 0x3f, 0xf0, 0x4c, 0x9b, 0x85, 0xb0, 0xb4,
0x4e, 0x64, 0xda, 0xff, 0x1f, 0xee, 0xa6, 0xb8, 0x87, 0xb1, 0x28, 0x43, 0xa2, 0xb5, 0x2e, 0x34,
0xdc, 0x23, 0x02, 0xfa, 0x2f, 0x8c, 0x79, 0xc4, 0x64, 0x8e, 0x5d, 0xc8, 0x8a, 0x23, 0xc7, 0xf5,
0xc2, 0x42, 0x8a, 0xa5, 0x16, 0xfd, 0x0f, 0xc6, 0xeb, 0x84, 0x31, 0xb3, 0x42, 0x0a, 0x39, 0x61,
0x38, 0x2b, 0x0d, 0xc7, 0xd7, 0x43, 0x31, 0x8e, 0xf4, 0xea, 0xcf, 0x0a, 0xcc, 0x24, 0x75, 0x5a,
0xa3, 0xcc, 0x47, 0x4f, 0xba, 0xba, 0x4f, 0x1b, 0x2e, 0x27, 0xee, 0x2d, 0x7a, 0x6f, 0x4e, 0x86,
0x9b, 0x88, 0x24, 0x6d, 0x9d, 0xb7, 0x09, 0x39, 0xea, 0x93, 0x3a, 0xaf, 0xfa, 0xe8, 0xb9, 0xc9,
0xcb, 0xe7, 0xdf, 0xa1, 0x4b, 0x8c, 0x69, 0x89, 0x9b, 0xbb, 0xcb, 0x11, 0x70, 0x08, 0xa4, 0xfe,
0x3e, 0xda, 0x9e, 0x02, 0xef, 0x48, 0xf4, 0xa3, 0x02, 0x8b, 0xae, 0x47, 0x1d, 0x8f, 0xfa, 0xfb,
0x6b, 0xa4, 0x41, 0x6a, 0xab, 0x8e, 0xbd, 0x4b, 0x2b, 0x81, 0x67, 0xf2, 0x5a, 0xca, 0xac, 0x6e,
0x0d, 0x0c, 0xbd, 0xd9, 0x17, 0x02, 0x93, 0x5d, 0xe2, 0x11, 0xdb, 0x22, 0x86, 0x2a, 0xcf, 0xb4,
0x78, 0x84, 0xf1, 0x11, 0x67, 0x41, 0xf7, 0x00, 0xd5, 0x4d, 0x9f, 0xd7, 0xb4, 0xb2, 0xe9, 0x11,
0x8b, 0x94, 0x39, 0xaa, 0x68, 0xc9, 0x5c, 0xd2, 0x1f, 0xeb, 0x5d, 0x16, 0xb8, 0x87, 0x17, 0xfa,
0x4e, 0x81, 0xf9, 0x72, 0xf7, 0xa2, 0x91, 0x9d, 0x79, 0x7d, 0xa8, 0x52, 0xf7, 0x58, 0x54, 0xc6,
0x42, 0xab, 0x59, 0x9a, 0xef, 0xa1, 0xc0, 0xbd, 0xa2, 0xa1, 0x2f, 0x21, 0xe7, 0x05, 0x35, 0xc2,
0x0a, 0x59, 0x71, 0xc3, 0x83, 0xc3, 0x6e, 0x3a, 0x35, 0x6a, 0xed, 0x63, 0xee, 0xf3, 0x39, 0xf5,
0xab, 0xdb, 0x81, 0xd8, 0x58, 0x2c, 0xb9, 0x6e, 0xa1, 0xc2, 0x21, 0xaa, 0xfa, 0x02, 0xe6, 0x3a,
0x17, 0x07, 0xaa, 0x02, 0x58, 0xd1, 0xac, 0xb2, 0x82, 0x22, 0xe2, 0x5e, 0x79, 0x87, 0xce, 0x8a,
0x07, 0x3d, 0x59, 0x9b, 0xb1, 0x88, 0xe1, 0x36, 0x6c, 0xf5, 0x12, 0x4c, 0xdd, 0xf6, 0x9c, 0xc0,
0x95, 0x87, 0x44, 0x4b, 0x90, 0xb5, 0xcd, 0x7a, 0xb4, 0x82, 0xe2, 0xbd, 0xb8, 0x61, 0xd6, 0x09,
0x16, 0x1a, 0xf5, 0x07, 0x05, 0xa6, 0xd7, 0x68, 0x9d, 0xfa, 0x98, 0x30, 0xd7, 0xb1, 0x19, 0x41,
0x57, 0x53, 0x6b, 0xeb, 0x4c, 0xc7, 0xda, 0x3a, 0x91, 0x32, 0x6e, 0x5b, 0x58, 0x4f, 0x60, 0xfc,
0xab, 0x80, 0x04, 0xd4, 0xae, 0xc8, 0xb5, 0x7d, 0x75, 0x60, 0x86, 0x5b, 0xa1, 0x7d, 0xaa, 0xe3,
0x8c, 0x49, 0xbe, 0x08, 0xa4, 0x06, 0x47, 0x90, 0xea, 0x1f, 0x0a, 0x9c, 0x11, 0x91, 0x49, 0xb9,
0x7f, 0x27, 0xa3, 0x27, 0x50, 0x30, 0x19, 0x0b, 0x3c, 0x52, 0x5e, 0x75, 0x6c, 0x2b, 0xf0, 0xf8,
0x0c, 0xec, 0x6f, 0x57, 0x4d, 0x8f, 0x30, 0x91, 0x4e, 0xce, 0x58, 0x92, 0xe9, 0x14, 0x56, 0xfa,
0xd8, 0xe1, 0xbe, 0x08, 0x68, 0x0f, 0xa6, 0x6b, 0xed, 0xc9, 0xcb, 0x3c, 0xb5, 0x81, 0x79, 0xa6,
0x4a, 0x66, 0x9c, 0x92, 0x47, 0x48, 0x97, 0x1d, 0xa7, 0xb1, 0xd5, 0xe7, 0x70, 0x6a, 0x83, 0x0f,
0x32, 0x73, 0x02, 0xcf, 0x22, 0x49, 0x0f, 0xa2, 0x12, 0xe4, 0x1a, 0xc4, 0xdb, 0x09, 0xfb, 0x28,
0x6f, 0xe4, 0x79, 0x07, 0x3e, 0xe2, 0x02, 0x1c, 0xca, 0xd1, 0xc7, 0x30, 0x6b, 0x27, 0x9e, 0x0f,
0xf1, 0x1a, 0x2b, 0x8c, 0x09, 0xd3, 0xf9, 0x56, 0xb3, 0x34, 0xbb, 0x91, 0x56, 0xe1, 0x4e, 0x5b,
0xf5, 0x30, 0x03, 0x0b, 0x7d, 0x5a, 0x1e, 0x3d, 0x82, 0x09, 0x26, 0x7f, 0xcb, 0x36, 0x3e, 0x37,
0x30, 0x79, 0xe9, 0x9c, 0x6c, 0xdd, 0x08, 0x0d, 0xc7, 0x58, 0xc8, 0x85, 0x69, 0x4f, 0x9e, 0x41,
0x04, 0x95, 0xdb, 0xf7, 0x83, 0x81, 0xe0, 0xdd, 0xf5, 0x49, 0xca, 0x8b, 0xdb, 0x11, 0x71, 0x3a,
0x00, 0x7a, 0x01, 0x73, 0x6d, 0x89, 0x87, 0x41, 0x47, 0x45, 0xd0, 0x6b, 0x03, 0x83, 0xf6, 0xbc,
0x17, 0xa3, 0x20, 0xe3, 0xce, 0x6d, 0x74, 0xe0, 0xe2, 0xae, 0x48, 0xea, 0xaf, 0x19, 0x38, 0x62,
0x21, 0xbf, 0x07, 0x82, 0x65, 0xa6, 0x08, 0xd6, 0xcd, 0x63, 0x3c, 0x35, 0x7d, 0x09, 0x17, 0xed,
0x20, 0x5c, 0x2b, 0xc7, 0x09, 0x72, 0x34, 0x01, 0xfb, 0x33, 0x03, 0xff, 0xe9, 0xef, 0x9c, 0x10,
0xb2, 0xfb, 0xa9, 0xcd, 0xf6, 0x61, 0xc7, 0x66, 0x3b, 0x3b, 0x04, 0xc4, 0xbf, 0x04, 0xad, 0x83,
0xa0, 0xbd, 0x51, 0xa0, 0xd8, 0xbf, 0x6e, 0xef, 0x81, 0xb0, 0x3d, 0x4d, 0x13, 0xb6, 0x1b, 0xc7,
0xe8, 0xb2, 0x3e, 0x04, 0xee, 0xf6, 0x51, 0xcd, 0x15, 0x33, 0xad, 0x21, 0x9e, 0xda, 0x83, 0x23,
0x6b, 0x25, 0x98, 0xe1, 0x80, 0xbf, 0x0c, 0x29, 0xef, 0x4f, 0x6c, 0x73, 0xa7, 0x46, 0xea, 0xc4,
0xf6, 0x65, 0x47, 0x52, 0x18, 0xaf, 0x85, 0x4f, 0xa4, 0x9c, 0x6b, 0x63, 0xb8, 0x97, 0xe9, 0xa8,
0x27, 0x35, 0x7c, 0x8e, 0xa5, 0x19, 0x8e, 0xf0, 0xd5, 0x97, 0x0a, 0x2c, 0x0d, 0x1a, 0x57, 0xf4,
0x75, 0x0f, 0xda, 0x73, 0x1c, 0x56, 0x3b, 0x3c, 0x0d, 0xfa, 0x49, 0x81, 0x93, 0xbd, 0xc8, 0x05,
0x9f, 0x00, 0xce, 0x28, 0x62, 0x3a, 0x10, 0x4f, 0xc0, 0x96, 0x90, 0x62, 0xa9, 0x45, 0x17, 0x60,
0xa2, 0x6a, 0xda, 0xe5, 0x6d, 0xfa, 0x4d, 0x44, 0x76, 0xe3, 0x1e, 0xbc, 0x23, 0xe5, 0x38, 0xb6,
0x40, 0xb7, 0x60, 0x4e, 0xf8, 0xad, 0x11, 0xbb, 0xe2, 0x57, 0x45, 0xb1, 0xc4, 0x34, 0xe7, 0x92,
0x47, 0x61, 0xab, 0x43, 0x8f, 0xbb, 0x3c, 0xd4, 0xbf, 0x14, 0x40, 0xff, 0xe4, 0xbd, 0x3f, 0x0f,
0x79, 0xd3, 0xa5, 0x82, 0xf6, 0x85, 0x53, 0x90, 0x37, 0xa6, 0x5b, 0xcd, 0x52, 0x7e, 0x65, 0xf3,
0x6e, 0x28, 0xc4, 0x89, 0x9e, 0x1b, 0x47, 0x0f, 0x61, 0xf8, 0xe0, 0x49, 0xe3, 0x28, 0x30, 0xc3,
0x89, 0x1e, 0x5d, 0x87, 0x29, 0xab, 0x16, 0x30, 0x9f, 0x78, 0xdb, 0x96, 0xe3, 0x12, 0xb1, 0x35,
0x26, 0x8c, 0x93, 0x32, 0xa7, 0xa9, 0xd5, 0x36, 0x1d, 0x4e, 0x59, 0x22, 0x0d, 0x80, 0xb7, 0x3c,
0x73, 0x4d, 0x1e, 0x27, 0x27, 0xe2, 0xcc, 0xf0, 0x0b, 0xdb, 0x88, 0xa5, 0xb8, 0xcd, 0x42, 0x7d,
0x06, 0xa7, 0xb6, 0x89, 0xd7, 0xa0, 0x16, 0x59, 0xb1, 0x2c, 0x27, 0xb0, 0xfd, 0x88, 0xc0, 0xea,
0x90, 0x8f, 0xcd, 0xe4, 0x54, 0x9c, 0x90, 0xf1, 0xf3, 0x31, 0x16, 0x4e, 0x6c, 0xe2, 0x31, 0xcc,
0xf4, 0x1d, 0xc3, 0x5f, 0x32, 0x30, 0x9e, 0xc0, 0x67, 0xf7, 0xa8, 0x5d, 0x96, 0xc8, 0xa7, 0x23,
0xeb, 0xfb, 0xd4, 0x2e, 0xbf, 0x6d, 0x96, 0x26, 0xa5, 0x19, 0xff, 0xc4, 0xc2, 0x10, 0xdd, 0x83,
0x6c, 0xc0, 0x88, 0x27, 0x07, 0xec, 0xc2, 0xc0, 0x6e, 0x7e, 0xc8, 0x88, 0x17, 0x31, 0xa0, 0x09,
0x0e, 0xcd, 0x05, 0x58, 0x60, 0xa0, 0x0d, 0xc8, 0x55, 0xf8, 0xad, 0xc8, 0xcd, 0x7f, 0x71, 0x20,
0x58, 0x3b, 0xb5, 0x0f, 0x1b, 0x41, 0x48, 0x70, 0x08, 0x83, 0x3c, 0x98, 0x61, 0xa9, 0x22, 0x8a,
0x0b, 0x1b, 0x86, 0xd1, 0xf4, 0xac, 0xbd, 0x81, 0x5a, 0xcd, 0xd2, 0x4c, 0x5a, 0x85, 0x3b, 0x22,
0xa8, 0x3a, 0x4c, 0xb6, 0xa5, 0x38, 0x78, 0x09, 0x1a, 0xda, 0xc1, 0x61, 0x71, 0xe4, 0xd5, 0x61,
0x71, 0xe4, 0xf5, 0x61, 0x71, 0xe4, 0xdb, 0x56, 0x51, 0x39, 0x68, 0x15, 0x95, 0x57, 0xad, 0xa2,
0xf2, 0xba, 0x55, 0x54, 0xde, 0xb4, 0x8a, 0xca, 0xf7, 0xbf, 0x15, 0x47, 0x1e, 0x4f, 0x44, 0x47,
0xfb, 0x3b, 0x00, 0x00, 0xff, 0xff, 0xe7, 0xb3, 0x17, 0x48, 0x11, 0x14, 0x00, 0x00,
}
func (m *FlowDistinguisherMethod) Marshal() (dAtA []byte, err error) {
@ -1584,6 +1586,23 @@ func (m *ResourcePolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
_ = i
var l int
_ = l
if len(m.Namespaces) > 0 {
for iNdEx := len(m.Namespaces) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Namespaces[iNdEx])
copy(dAtA[i:], m.Namespaces[iNdEx])
i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespaces[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
i--
if m.ClusterScope {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
if len(m.Resources) > 0 {
for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Resources[iNdEx])
@ -2063,6 +2082,13 @@ func (m *ResourcePolicyRule) Size() (n int) {
n += 1 + l + sovGenerated(uint64(l))
}
}
n += 2
if len(m.Namespaces) > 0 {
for _, s := range m.Namespaces {
l = len(s)
n += 1 + l + sovGenerated(uint64(l))
}
}
return n
}
@ -2372,6 +2398,8 @@ func (this *ResourcePolicyRule) String() string {
`Verbs:` + fmt.Sprintf("%v", this.Verbs) + `,`,
`APIGroups:` + fmt.Sprintf("%v", this.APIGroups) + `,`,
`Resources:` + fmt.Sprintf("%v", this.Resources) + `,`,
`ClusterScope:` + fmt.Sprintf("%v", this.ClusterScope) + `,`,
`Namespaces:` + fmt.Sprintf("%v", this.Namespaces) + `,`,
`}`,
}, "")
return s
@ -4848,6 +4876,58 @@ func (m *ResourcePolicyRule) Unmarshal(dAtA []byte) error {
}
m.Resources = append(m.Resources, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 4:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field ClusterScope", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
m.ClusterScope = bool(v != 0)
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Namespaces", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthGenerated
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Namespaces = append(m.Namespaces, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])

45
staging/src/k8s.io/api/flowcontrol/v1alpha1/generated.proto
View File

@ -349,30 +349,53 @@ message QueuingConfiguration {
optional int32 queueLengthLimit = 3;
}
// ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target
// resource. A ResourcePolicyRule matches a request if and only if: (a) at least one member
// of verbs matches the request, (b) at least one member of apiGroups matches the request, and (c) at least one member
// of resources matches the request.
// ResourcePolicyRule is a predicate that matches some resource
// requests, testing the request's verb and the target resource. A
// ResourcePolicyRule matches a resource request if and only if: (a)
// at least one member of verbs matches the request, (b) at least one
// member of apiGroups matches the request, (c) at least one member of
// resources matches the request, and (d) least one member of
// namespaces matches the request.
message ResourcePolicyRule {
// `verbs` is a list of matching verbs and may not be empty.
// "*" matches all verbs. if it is present, it must be the only entry.
// "*" matches all verbs and, if present, must be the only entry.
// +listType=set
// Required.
repeated string verbs = 1;
// `apiGroups` is a list of matching API groups and may not be empty.
// "*" matches all api-groups. if it is present, it must be the only entry.
// "*" matches all API groups and, if present, must be the only entry.
// +listType=set
// Required.
repeated string apiGroups = 2;
// `resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource.
// For example, [ "services", "nodes/status" ].
// This list may not be empty.
// "*" matches all resources. if it is present, it must be the only entry.
// +listType=set
// `resources` is a list of matching resources (i.e., lowercase
// and plural) with, if desired, subresource. For example, [
// "services", "nodes/status" ]. This list may not be empty.
// "*" matches all resources and, if present, must be the only entry.
// Required.
// +listType=set
repeated string resources = 3;
// `clusterScope` indicates whether to match requests that do not
// specify a namespace (which happens either because the resource
// is not namespaced or the request targets all namespaces).
// If this field is omitted or false then the `namespaces` field
// must contain a non-empty list.
// +optional
optional bool clusterScope = 4;
// `namespaces` is a list of target namespaces that restricts
// matches. A request that specifies a target namespace matches
// only if either (a) this list contains that target namespace or
// (b) this list contains "*". Note that "*" matches any
// specified namespace but does not match a request that _does
// not specify_ a namespace (see the `clusterScope` field for
// that).
// This list may be empty, but only if `clusterScope` is true.
// +optional
// +listType=set
repeated string namespaces = 5;
}
// ServiceAccountSubject holds detailed information for service-account-kind subject.

50
staging/src/k8s.io/api/flowcontrol/v1alpha1/types.go
View File

@ -26,8 +26,9 @@ const (
ResourceAll = "*"
VerbAll = "*"
NonResourceAll = "*"
NameAll = "*"
NameAll = "*"
NamespaceEvery = "*" // matches every particular namespace
)
// System preset priority level names
@ -210,28 +211,53 @@ type ServiceAccountSubject struct {
Name string `json:"name" protobuf:"bytes,2,opt,name=name"`
}
// ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target
// resource. A ResourcePolicyRule matches a request if and only if: (a) at least one member
// of verbs matches the request, (b) at least one member of apiGroups matches the request, and (c) at least one member
// of resources matches the request.
// ResourcePolicyRule is a predicate that matches some resource
// requests, testing the request's verb and the target resource. A
// ResourcePolicyRule matches a resource request if and only if: (a)
// at least one member of verbs matches the request, (b) at least one
// member of apiGroups matches the request, (c) at least one member of
// resources matches the request, and (d) least one member of
// namespaces matches the request.
type ResourcePolicyRule struct {
// `verbs` is a list of matching verbs and may not be empty.
// "*" matches all verbs. if it is present, it must be the only entry.
// "*" matches all verbs and, if present, must be the only entry.
// +listType=set
// Required.
Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"`
// `apiGroups` is a list of matching API groups and may not be empty.
// "*" matches all api-groups. if it is present, it must be the only entry.
// "*" matches all API groups and, if present, must be the only entry.
// +listType=set
// Required.
APIGroups []string `json:"apiGroups" protobuf:"bytes,2,rep,name=apiGroups"`
// `resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource.
// For example, [ "services", "nodes/status" ].
// This list may not be empty.
// "*" matches all resources. if it is present, it must be the only entry.
// +listType=set
// `resources` is a list of matching resources (i.e., lowercase
// and plural) with, if desired, subresource. For example, [
// "services", "nodes/status" ]. This list may not be empty.
// "*" matches all resources and, if present, must be the only entry.
// Required.
// +listType=set
Resources []string `json:"resources" protobuf:"bytes,3,rep,name=resources"`
// `clusterScope` indicates whether to match requests that do not
// specify a namespace (which happens either because the resource
// is not namespaced or the request targets all namespaces).
// If this field is omitted or false then the `namespaces` field
// must contain a non-empty list.
// +optional
ClusterScope bool `json:"clusterScope,omitempty" protobuf:"varint,4,opt,name=clusterScope"`
// `namespaces` is a list of target namespaces that restricts
// matches. A request that specifies a target namespace matches
// only if either (a) this list contains that target namespace or
// (b) this list contains "*". Note that "*" matches any
// specified namespace but does not match a request that _does
// not specify_ a namespace (see the `clusterScope` field for
// that).
// This list may be empty, but only if `clusterScope` is true.
// +optional
// +listType=set
Namespaces []string `json:"namespaces" protobuf:"bytes,5,rep,name=namespaces"`
}
// NonResourcePolicyRule is a predicate that matches non-resource requests according to their verb and the

10
staging/src/k8s.io/api/flowcontrol/v1alpha1/types_swagger_doc_generated.go generated
View File

@ -215,10 +215,12 @@ func (QueuingConfiguration) SwaggerDoc() map[string]string {
}
var map_ResourcePolicyRule = map[string]string{
"": "ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, and (c) at least one member of resources matches the request.",
"verbs": "`verbs` is a list of matching verbs and may not be empty. \"*\" matches all verbs. if it is present, it must be the only entry. Required.",
"apiGroups": "`apiGroups` is a list of matching API groups and may not be empty. \"*\" matches all api-groups. if it is present, it must be the only entry. Required.",
"resources": "`resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ \"services\", \"nodes/status\" ]. This list may not be empty. \"*\" matches all resources. if it is present, it must be the only entry. Required.",
"": "ResourcePolicyRule is a predicate that matches some resource requests, testing the request's verb and the target resource. A ResourcePolicyRule matches a resource request if and only if: (a) at least one member of verbs matches the request, (b) at least one member of apiGroups matches the request, (c) at least one member of resources matches the request, and (d) least one member of namespaces matches the request.",
"verbs": "`verbs` is a list of matching verbs and may not be empty. \"*\" matches all verbs and, if present, must be the only entry. Required.",
"apiGroups": "`apiGroups` is a list of matching API groups and may not be empty. \"*\" matches all API groups and, if present, must be the only entry. Required.",
"resources": "`resources` is a list of matching resources (i.e., lowercase and plural) with, if desired, subresource. For example, [ \"services\", \"nodes/status\" ]. This list may not be empty. \"*\" matches all resources and, if present, must be the only entry. Required.",
"clusterScope": "`clusterScope` indicates whether to match requests that do not specify a namespace (which happens either because the resource is not namespaced or the request targets all namespaces). If this field is omitted or false then the `namespaces` field must contain a non-empty list.",
"namespaces": "`namespaces` is a list of target namespaces that restricts matches. A request that specifies a target namespace matches only if either (a) this list contains that target namespace or (b) this list contains \"*\". Note that \"*\" matches any specified namespace but does not match a request that _does not specify_ a namespace (see the `clusterScope` field for that). This list may be empty, but only if `clusterScope` is true.",
}
func (ResourcePolicyRule) SwaggerDoc() map[string]string {

5
staging/src/k8s.io/api/flowcontrol/v1alpha1/zz_generated.deepcopy.go generated
View File

@ -459,6 +459,11 @@ func (in *ResourcePolicyRule) DeepCopyInto(out *ResourcePolicyRule) {
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.Namespaces != nil {
in, out := &in.Namespaces, &out.Namespaces
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}