mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-09-04 02:37:36 +00:00
Fix list_type_missing in api/authorization
This commit is contained in:
Tim Hockin
@@ -1,21 +1,3 @@
|
|||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1,NonResourceRule,NonResourceURLs
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1,NonResourceRule,Verbs
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1,ResourceRule,APIGroups
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1,ResourceRule,ResourceNames
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1,ResourceRule,Resources
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1,ResourceRule,Verbs
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1,SubjectAccessReviewSpec,Groups
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1,SubjectRulesReviewStatus,NonResourceRules
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1,SubjectRulesReviewStatus,ResourceRules
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1beta1,NonResourceRule,NonResourceURLs
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1beta1,NonResourceRule,Verbs
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1beta1,ResourceRule,APIGroups
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1beta1,ResourceRule,ResourceNames
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1beta1,ResourceRule,Resources
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1beta1,ResourceRule,Verbs
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1beta1,SubjectAccessReviewSpec,Groups
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1beta1,SubjectRulesReviewStatus,NonResourceRules
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/authorization/v1beta1,SubjectRulesReviewStatus,ResourceRules
|
|
||||||
API rule violation: list_type_missing,k8s.io/api/autoscaling/v2beta1,HorizontalPodAutoscalerSpec,Metrics
|
API rule violation: list_type_missing,k8s.io/api/autoscaling/v2beta1,HorizontalPodAutoscalerSpec,Metrics
|
||||||
API rule violation: list_type_missing,k8s.io/api/autoscaling/v2beta1,HorizontalPodAutoscalerStatus,Conditions
|
API rule violation: list_type_missing,k8s.io/api/autoscaling/v2beta1,HorizontalPodAutoscalerStatus,Conditions
|
||||||
API rule violation: list_type_missing,k8s.io/api/autoscaling/v2beta1,HorizontalPodAutoscalerStatus,CurrentMetrics
|
API rule violation: list_type_missing,k8s.io/api/autoscaling/v2beta1,HorizontalPodAutoscalerStatus,CurrentMetrics
|
||||||
|
|||||||
27
api/openapi-spec/swagger.json
generated
27
api/openapi-spec/swagger.json
generated
@@ -2895,14 +2895,16 @@
|
|||||||
"items": {
|
"items": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"verbs": {
|
"verbs": {
|
||||||
"description": "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.",
|
"description": "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.",
|
||||||
"items": {
|
"items": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"required": [
|
"required": [
|
||||||
@@ -2952,28 +2954,32 @@
|
|||||||
"items": {
|
"items": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"resourceNames": {
|
"resourceNames": {
|
||||||
"description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.",
|
"description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.",
|
||||||
"items": {
|
"items": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"resources": {
|
"resources": {
|
||||||
"description": "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.",
|
"description": "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.",
|
||||||
"items": {
|
"items": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"verbs": {
|
"verbs": {
|
||||||
"description": "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
|
"description": "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
|
||||||
"items": {
|
"items": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"required": [
|
"required": [
|
||||||
@@ -3131,7 +3137,8 @@
|
|||||||
"items": {
|
"items": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"nonResourceAttributes": {
|
"nonResourceAttributes": {
|
||||||
"$ref": "#/definitions/io.k8s.api.authorization.v1.NonResourceAttributes",
|
"$ref": "#/definitions/io.k8s.api.authorization.v1.NonResourceAttributes",
|
||||||
@@ -3193,14 +3200,16 @@
|
|||||||
"items": {
|
"items": {
|
||||||
"$ref": "#/definitions/io.k8s.api.authorization.v1.NonResourceRule"
|
"$ref": "#/definitions/io.k8s.api.authorization.v1.NonResourceRule"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"resourceRules": {
|
"resourceRules": {
|
||||||
"description": "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
"description": "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
||||||
"items": {
|
"items": {
|
||||||
"$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceRule"
|
"$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceRule"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"required": [
|
"required": [
|
||||||
|
|||||||
@@ -75,7 +75,8 @@
|
|||||||
"default": "",
|
"default": "",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"verbs": {
|
"verbs": {
|
||||||
"description": "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.",
|
"description": "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.",
|
||||||
@@ -83,7 +84,8 @@
|
|||||||
"default": "",
|
"default": "",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"required": [
|
"required": [
|
||||||
@@ -134,7 +136,8 @@
|
|||||||
"default": "",
|
"default": "",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"resourceNames": {
|
"resourceNames": {
|
||||||
"description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.",
|
"description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.",
|
||||||
@@ -142,7 +145,8 @@
|
|||||||
"default": "",
|
"default": "",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"resources": {
|
"resources": {
|
||||||
"description": "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.",
|
"description": "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.",
|
||||||
@@ -150,7 +154,8 @@
|
|||||||
"default": "",
|
"default": "",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"verbs": {
|
"verbs": {
|
||||||
"description": "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
|
"description": "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
|
||||||
@@ -158,7 +163,8 @@
|
|||||||
"default": "",
|
"default": "",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"required": [
|
"required": [
|
||||||
@@ -371,7 +377,8 @@
|
|||||||
"default": "",
|
"default": "",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"nonResourceAttributes": {
|
"nonResourceAttributes": {
|
||||||
"allOf": [
|
"allOf": [
|
||||||
@@ -448,7 +455,8 @@
|
|||||||
],
|
],
|
||||||
"default": {}
|
"default": {}
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
},
|
},
|
||||||
"resourceRules": {
|
"resourceRules": {
|
||||||
"description": "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
"description": "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
||||||
@@ -460,7 +468,8 @@
|
|||||||
],
|
],
|
||||||
"default": {}
|
"default": {}
|
||||||
},
|
},
|
||||||
"type": "array"
|
"type": "array",
|
||||||
|
"x-kubernetes-list-type": "atomic"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"required": [
|
"required": [
|
||||||
|
|||||||
90
pkg/generated/openapi/zz_generated.openapi.go
generated
90
pkg/generated/openapi/zz_generated.openapi.go
generated
@@ -10322,6 +10322,11 @@ func schema_k8sio_api_authorization_v1_NonResourceRule(ref common.ReferenceCallb
|
|||||||
Type: []string{"object"},
|
Type: []string{"object"},
|
||||||
Properties: map[string]spec.Schema{
|
Properties: map[string]spec.Schema{
|
||||||
"verbs": {
|
"verbs": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.",
|
Description: "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -10337,6 +10342,11 @@ func schema_k8sio_api_authorization_v1_NonResourceRule(ref common.ReferenceCallb
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"nonResourceURLs": {
|
"nonResourceURLs": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path. \"*\" means all.",
|
Description: "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path. \"*\" means all.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -10428,6 +10438,11 @@ func schema_k8sio_api_authorization_v1_ResourceRule(ref common.ReferenceCallback
|
|||||||
Type: []string{"object"},
|
Type: []string{"object"},
|
||||||
Properties: map[string]spec.Schema{
|
Properties: map[string]spec.Schema{
|
||||||
"verbs": {
|
"verbs": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
|
Description: "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -10443,6 +10458,11 @@ func schema_k8sio_api_authorization_v1_ResourceRule(ref common.ReferenceCallback
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"apiGroups": {
|
"apiGroups": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"*\" means all.",
|
Description: "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"*\" means all.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -10458,6 +10478,11 @@ func schema_k8sio_api_authorization_v1_ResourceRule(ref common.ReferenceCallback
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resources": {
|
"resources": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.",
|
Description: "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -10473,6 +10498,11 @@ func schema_k8sio_api_authorization_v1_ResourceRule(ref common.ReferenceCallback
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resourceNames": {
|
"resourceNames": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.",
|
Description: "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -10721,6 +10751,11 @@ func schema_k8sio_api_authorization_v1_SubjectAccessReviewSpec(ref common.Refere
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"groups": {
|
"groups": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "Groups is the groups you're testing for.",
|
Description: "Groups is the groups you're testing for.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -10824,6 +10859,11 @@ func schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref common.Refer
|
|||||||
Type: []string{"object"},
|
Type: []string{"object"},
|
||||||
Properties: map[string]spec.Schema{
|
Properties: map[string]spec.Schema{
|
||||||
"resourceRules": {
|
"resourceRules": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
Description: "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -10838,6 +10878,11 @@ func schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref common.Refer
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"nonResourceRules": {
|
"nonResourceRules": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
Description: "NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -10961,6 +11006,11 @@ func schema_k8sio_api_authorization_v1beta1_NonResourceRule(ref common.Reference
|
|||||||
Type: []string{"object"},
|
Type: []string{"object"},
|
||||||
Properties: map[string]spec.Schema{
|
Properties: map[string]spec.Schema{
|
||||||
"verbs": {
|
"verbs": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.",
|
Description: "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -10976,6 +11026,11 @@ func schema_k8sio_api_authorization_v1beta1_NonResourceRule(ref common.Reference
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"nonResourceURLs": {
|
"nonResourceURLs": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path. \"*\" means all.",
|
Description: "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path. \"*\" means all.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -11067,6 +11122,11 @@ func schema_k8sio_api_authorization_v1beta1_ResourceRule(ref common.ReferenceCal
|
|||||||
Type: []string{"object"},
|
Type: []string{"object"},
|
||||||
Properties: map[string]spec.Schema{
|
Properties: map[string]spec.Schema{
|
||||||
"verbs": {
|
"verbs": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
|
Description: "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -11082,6 +11142,11 @@ func schema_k8sio_api_authorization_v1beta1_ResourceRule(ref common.ReferenceCal
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"apiGroups": {
|
"apiGroups": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"*\" means all.",
|
Description: "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"*\" means all.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -11097,6 +11162,11 @@ func schema_k8sio_api_authorization_v1beta1_ResourceRule(ref common.ReferenceCal
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resources": {
|
"resources": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.",
|
Description: "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -11112,6 +11182,11 @@ func schema_k8sio_api_authorization_v1beta1_ResourceRule(ref common.ReferenceCal
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resourceNames": {
|
"resourceNames": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.",
|
Description: "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -11360,6 +11435,11 @@ func schema_k8sio_api_authorization_v1beta1_SubjectAccessReviewSpec(ref common.R
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"group": {
|
"group": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "Groups is the groups you're testing for.",
|
Description: "Groups is the groups you're testing for.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -11463,6 +11543,11 @@ func schema_k8sio_api_authorization_v1beta1_SubjectRulesReviewStatus(ref common.
|
|||||||
Type: []string{"object"},
|
Type: []string{"object"},
|
||||||
Properties: map[string]spec.Schema{
|
Properties: map[string]spec.Schema{
|
||||||
"resourceRules": {
|
"resourceRules": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
Description: "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
@@ -11477,6 +11562,11 @@ func schema_k8sio_api_authorization_v1beta1_SubjectRulesReviewStatus(ref common.
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
"nonResourceRules": {
|
"nonResourceRules": {
|
||||||
|
VendorExtensible: spec.VendorExtensible{
|
||||||
|
Extensions: spec.Extensions{
|
||||||
|
"x-kubernetes-list-type": "atomic",
|
||||||
|
},
|
||||||
|
},
|
||||||
SchemaProps: spec.SchemaProps{
|
SchemaProps: spec.SchemaProps{
|
||||||
Description: "NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
Description: "NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.",
|
||||||
Type: []string{"array"},
|
Type: []string{"array"},
|
||||||
|
|||||||
@@ -69,11 +69,13 @@ message NonResourceAttributes {
|
|||||||
// NonResourceRule holds information that describes a rule for the non-resource
|
// NonResourceRule holds information that describes a rule for the non-resource
|
||||||
message NonResourceRule {
|
message NonResourceRule {
|
||||||
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
|
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
|
||||||
|
// +listType=atomic
|
||||||
repeated string verbs = 1;
|
repeated string verbs = 1;
|
||||||
|
|
||||||
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
|
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
|
||||||
// final step in the path. "*" means all.
|
// final step in the path. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
repeated string nonResourceURLs = 2;
|
repeated string nonResourceURLs = 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -115,20 +117,24 @@ message ResourceAttributes {
|
|||||||
// may contain duplicates, and possibly be incomplete.
|
// may contain duplicates, and possibly be incomplete.
|
||||||
message ResourceRule {
|
message ResourceRule {
|
||||||
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
|
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
|
||||||
|
// +listType=atomic
|
||||||
repeated string verbs = 1;
|
repeated string verbs = 1;
|
||||||
|
|
||||||
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
||||||
// the enumerated resources in any API group will be allowed. "*" means all.
|
// the enumerated resources in any API group will be allowed. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
repeated string apiGroups = 2;
|
repeated string apiGroups = 2;
|
||||||
|
|
||||||
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
|
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
|
||||||
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
|
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
repeated string resources = 3;
|
repeated string resources = 3;
|
||||||
|
|
||||||
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
|
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
repeated string resourceNames = 4;
|
repeated string resourceNames = 4;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -220,6 +226,7 @@ message SubjectAccessReviewSpec {
|
|||||||
|
|
||||||
// Groups is the groups you're testing for.
|
// Groups is the groups you're testing for.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
repeated string groups = 4;
|
repeated string groups = 4;
|
||||||
|
|
||||||
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
|
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
|
||||||
@@ -262,10 +269,12 @@ message SubjectAccessReviewStatus {
|
|||||||
message SubjectRulesReviewStatus {
|
message SubjectRulesReviewStatus {
|
||||||
// ResourceRules is the list of actions the subject is allowed to perform on resources.
|
// ResourceRules is the list of actions the subject is allowed to perform on resources.
|
||||||
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
||||||
|
// +listType=atomic
|
||||||
repeated ResourceRule resourceRules = 1;
|
repeated ResourceRule resourceRules = 1;
|
||||||
|
|
||||||
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
|
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
|
||||||
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
||||||
|
// +listType=atomic
|
||||||
repeated NonResourceRule nonResourceRules = 2;
|
repeated NonResourceRule nonResourceRules = 2;
|
||||||
|
|
||||||
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
|
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
|
||||||
|
|||||||
@@ -143,6 +143,7 @@ type SubjectAccessReviewSpec struct {
|
|||||||
User string `json:"user,omitempty" protobuf:"bytes,3,opt,name=user"`
|
User string `json:"user,omitempty" protobuf:"bytes,3,opt,name=user"`
|
||||||
// Groups is the groups you're testing for.
|
// Groups is the groups you're testing for.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
Groups []string `json:"groups,omitempty" protobuf:"bytes,4,rep,name=groups"`
|
Groups []string `json:"groups,omitempty" protobuf:"bytes,4,rep,name=groups"`
|
||||||
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
|
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
|
||||||
// it needs a reflection here.
|
// it needs a reflection here.
|
||||||
@@ -232,9 +233,11 @@ type SelfSubjectRulesReviewSpec struct {
|
|||||||
type SubjectRulesReviewStatus struct {
|
type SubjectRulesReviewStatus struct {
|
||||||
// ResourceRules is the list of actions the subject is allowed to perform on resources.
|
// ResourceRules is the list of actions the subject is allowed to perform on resources.
|
||||||
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
||||||
|
// +listType=atomic
|
||||||
ResourceRules []ResourceRule `json:"resourceRules" protobuf:"bytes,1,rep,name=resourceRules"`
|
ResourceRules []ResourceRule `json:"resourceRules" protobuf:"bytes,1,rep,name=resourceRules"`
|
||||||
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
|
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
|
||||||
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
||||||
|
// +listType=atomic
|
||||||
NonResourceRules []NonResourceRule `json:"nonResourceRules" protobuf:"bytes,2,rep,name=nonResourceRules"`
|
NonResourceRules []NonResourceRule `json:"nonResourceRules" protobuf:"bytes,2,rep,name=nonResourceRules"`
|
||||||
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
|
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
|
||||||
// encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
|
// encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
|
||||||
@@ -250,28 +253,34 @@ type SubjectRulesReviewStatus struct {
|
|||||||
// may contain duplicates, and possibly be incomplete.
|
// may contain duplicates, and possibly be incomplete.
|
||||||
type ResourceRule struct {
|
type ResourceRule struct {
|
||||||
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
|
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
|
||||||
|
// +listType=atomic
|
||||||
Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"`
|
Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"`
|
||||||
|
|
||||||
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
||||||
// the enumerated resources in any API group will be allowed. "*" means all.
|
// the enumerated resources in any API group will be allowed. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
APIGroups []string `json:"apiGroups,omitempty" protobuf:"bytes,2,rep,name=apiGroups"`
|
APIGroups []string `json:"apiGroups,omitempty" protobuf:"bytes,2,rep,name=apiGroups"`
|
||||||
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
|
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
|
||||||
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
|
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
Resources []string `json:"resources,omitempty" protobuf:"bytes,3,rep,name=resources"`
|
Resources []string `json:"resources,omitempty" protobuf:"bytes,3,rep,name=resources"`
|
||||||
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
|
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,4,rep,name=resourceNames"`
|
ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,4,rep,name=resourceNames"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// NonResourceRule holds information that describes a rule for the non-resource
|
// NonResourceRule holds information that describes a rule for the non-resource
|
||||||
type NonResourceRule struct {
|
type NonResourceRule struct {
|
||||||
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
|
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
|
||||||
|
// +listType=atomic
|
||||||
Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"`
|
Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"`
|
||||||
|
|
||||||
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
|
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
|
||||||
// final step in the path. "*" means all.
|
// final step in the path. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,2,rep,name=nonResourceURLs"`
|
NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,2,rep,name=nonResourceURLs"`
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -69,11 +69,13 @@ message NonResourceAttributes {
|
|||||||
// NonResourceRule holds information that describes a rule for the non-resource
|
// NonResourceRule holds information that describes a rule for the non-resource
|
||||||
message NonResourceRule {
|
message NonResourceRule {
|
||||||
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
|
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
|
||||||
|
// +listType=atomic
|
||||||
repeated string verbs = 1;
|
repeated string verbs = 1;
|
||||||
|
|
||||||
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
|
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
|
||||||
// final step in the path. "*" means all.
|
// final step in the path. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
repeated string nonResourceURLs = 2;
|
repeated string nonResourceURLs = 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -115,20 +117,24 @@ message ResourceAttributes {
|
|||||||
// may contain duplicates, and possibly be incomplete.
|
// may contain duplicates, and possibly be incomplete.
|
||||||
message ResourceRule {
|
message ResourceRule {
|
||||||
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
|
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
|
||||||
|
// +listType=atomic
|
||||||
repeated string verbs = 1;
|
repeated string verbs = 1;
|
||||||
|
|
||||||
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
||||||
// the enumerated resources in any API group will be allowed. "*" means all.
|
// the enumerated resources in any API group will be allowed. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
repeated string apiGroups = 2;
|
repeated string apiGroups = 2;
|
||||||
|
|
||||||
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
|
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
|
||||||
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
|
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
repeated string resources = 3;
|
repeated string resources = 3;
|
||||||
|
|
||||||
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
|
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
repeated string resourceNames = 4;
|
repeated string resourceNames = 4;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -220,6 +226,7 @@ message SubjectAccessReviewSpec {
|
|||||||
|
|
||||||
// Groups is the groups you're testing for.
|
// Groups is the groups you're testing for.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
repeated string group = 4;
|
repeated string group = 4;
|
||||||
|
|
||||||
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
|
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
|
||||||
@@ -262,10 +269,12 @@ message SubjectAccessReviewStatus {
|
|||||||
message SubjectRulesReviewStatus {
|
message SubjectRulesReviewStatus {
|
||||||
// ResourceRules is the list of actions the subject is allowed to perform on resources.
|
// ResourceRules is the list of actions the subject is allowed to perform on resources.
|
||||||
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
||||||
|
// +listType=atomic
|
||||||
repeated ResourceRule resourceRules = 1;
|
repeated ResourceRule resourceRules = 1;
|
||||||
|
|
||||||
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
|
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
|
||||||
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
||||||
|
// +listType=atomic
|
||||||
repeated NonResourceRule nonResourceRules = 2;
|
repeated NonResourceRule nonResourceRules = 2;
|
||||||
|
|
||||||
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
|
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
|
||||||
|
|||||||
@@ -152,6 +152,7 @@ type SubjectAccessReviewSpec struct {
|
|||||||
User string `json:"user,omitempty" protobuf:"bytes,3,opt,name=user"`
|
User string `json:"user,omitempty" protobuf:"bytes,3,opt,name=user"`
|
||||||
// Groups is the groups you're testing for.
|
// Groups is the groups you're testing for.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
Groups []string `json:"group,omitempty" protobuf:"bytes,4,rep,name=group"`
|
Groups []string `json:"group,omitempty" protobuf:"bytes,4,rep,name=group"`
|
||||||
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
|
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
|
||||||
// it needs a reflection here.
|
// it needs a reflection here.
|
||||||
@@ -244,9 +245,11 @@ type SelfSubjectRulesReviewSpec struct {
|
|||||||
type SubjectRulesReviewStatus struct {
|
type SubjectRulesReviewStatus struct {
|
||||||
// ResourceRules is the list of actions the subject is allowed to perform on resources.
|
// ResourceRules is the list of actions the subject is allowed to perform on resources.
|
||||||
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
||||||
|
// +listType=atomic
|
||||||
ResourceRules []ResourceRule `json:"resourceRules" protobuf:"bytes,1,rep,name=resourceRules"`
|
ResourceRules []ResourceRule `json:"resourceRules" protobuf:"bytes,1,rep,name=resourceRules"`
|
||||||
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
|
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
|
||||||
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
|
||||||
|
// +listType=atomic
|
||||||
NonResourceRules []NonResourceRule `json:"nonResourceRules" protobuf:"bytes,2,rep,name=nonResourceRules"`
|
NonResourceRules []NonResourceRule `json:"nonResourceRules" protobuf:"bytes,2,rep,name=nonResourceRules"`
|
||||||
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
|
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
|
||||||
// encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
|
// encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
|
||||||
@@ -262,28 +265,34 @@ type SubjectRulesReviewStatus struct {
|
|||||||
// may contain duplicates, and possibly be incomplete.
|
// may contain duplicates, and possibly be incomplete.
|
||||||
type ResourceRule struct {
|
type ResourceRule struct {
|
||||||
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
|
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
|
||||||
|
// +listType=atomic
|
||||||
Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"`
|
Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"`
|
||||||
|
|
||||||
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
|
||||||
// the enumerated resources in any API group will be allowed. "*" means all.
|
// the enumerated resources in any API group will be allowed. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
APIGroups []string `json:"apiGroups,omitempty" protobuf:"bytes,2,rep,name=apiGroups"`
|
APIGroups []string `json:"apiGroups,omitempty" protobuf:"bytes,2,rep,name=apiGroups"`
|
||||||
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
|
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
|
||||||
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
|
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
Resources []string `json:"resources,omitempty" protobuf:"bytes,3,rep,name=resources"`
|
Resources []string `json:"resources,omitempty" protobuf:"bytes,3,rep,name=resources"`
|
||||||
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
|
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,4,rep,name=resourceNames"`
|
ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,4,rep,name=resourceNames"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// NonResourceRule holds information that describes a rule for the non-resource
|
// NonResourceRule holds information that describes a rule for the non-resource
|
||||||
type NonResourceRule struct {
|
type NonResourceRule struct {
|
||||||
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
|
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
|
||||||
|
// +listType=atomic
|
||||||
Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"`
|
Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"`
|
||||||
|
|
||||||
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
|
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
|
||||||
// final step in the path. "*" means all.
|
// final step in the path. "*" means all.
|
||||||
// +optional
|
// +optional
|
||||||
|
// +listType=atomic
|
||||||
NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,2,rep,name=nonResourceURLs"`
|
NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,2,rep,name=nonResourceURLs"`
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user