From 711b8e3a9a8c8975c3e6fdf88382eda1733a0bd1 Mon Sep 17 00:00:00 2001 From: Tim Allclair Date: Wed, 19 May 2021 11:51:50 -0700 Subject: [PATCH 1/6] Add staging directory for pod-security-standards subproject --- go.mod | 1 + staging/README.md | 1 + staging/publishing/import-restrictions.yaml | 9 + staging/publishing/rules.yaml | 8 + .../pod-security-standards/CONTRIBUTING.md | 7 + .../src/k8s.io/pod-security-standards/LICENSE | 201 ++++++++++++++++++ .../src/k8s.io/pod-security-standards/OWNERS | 10 + .../k8s.io/pod-security-standards/README.md | 26 +++ .../pod-security-standards/SECURITY_CONTACTS | 14 ++ .../pod-security-standards/code-of-conduct.md | 3 + .../src/k8s.io/pod-security-standards/go.mod | 7 + .../src/k8s.io/pod-security-standards/go.sum | 0 vendor/k8s.io/pod-security-standards | 1 + vendor/modules.txt | 1 + 14 files changed, 289 insertions(+) create mode 100644 staging/src/k8s.io/pod-security-standards/CONTRIBUTING.md create mode 100644 staging/src/k8s.io/pod-security-standards/LICENSE create mode 100644 staging/src/k8s.io/pod-security-standards/OWNERS create mode 100644 staging/src/k8s.io/pod-security-standards/README.md create mode 100644 staging/src/k8s.io/pod-security-standards/SECURITY_CONTACTS create mode 100644 staging/src/k8s.io/pod-security-standards/code-of-conduct.md create mode 100644 staging/src/k8s.io/pod-security-standards/go.mod create mode 100644 staging/src/k8s.io/pod-security-standards/go.sum create mode 120000 vendor/k8s.io/pod-security-standards diff --git a/go.mod b/go.mod index 8c74898a024..8c39f0bfac4 100644 --- a/go.mod +++ b/go.mod @@ -519,6 +519,7 @@ replace ( k8s.io/legacy-cloud-providers => ./staging/src/k8s.io/legacy-cloud-providers k8s.io/metrics => ./staging/src/k8s.io/metrics k8s.io/mount-utils => ./staging/src/k8s.io/mount-utils + k8s.io/pod-security-standards => ./staging/src/k8s.io/pod-security-standards k8s.io/sample-apiserver => ./staging/src/k8s.io/sample-apiserver k8s.io/sample-cli-plugin => ./staging/src/k8s.io/sample-cli-plugin k8s.io/sample-controller => ./staging/src/k8s.io/sample-controller diff --git a/staging/README.md b/staging/README.md index 4227e5862b6..fc969f448b2 100644 --- a/staging/README.md +++ b/staging/README.md @@ -29,6 +29,7 @@ Repositories currently staged here: - [`k8s.io/legacy-cloud-providers`](https://github.com/kubernetes/legacy-cloud-providers) - [`k8s.io/metrics`](https://github.com/kubernetes/metrics) - [`k8s.io/mount-utils`](https://github.com/kubernetes/mount-utils) +- [`k8s.io/pod-security-standards`](https://github.com/kubernetes/pod-security-standards) - [`k8s.io/sample-apiserver`](https://github.com/kubernetes/sample-apiserver) - [`k8s.io/sample-cli-plugin`](https://github.com/kubernetes/sample-cli-plugin) - [`k8s.io/sample-controller`](https://github.com/kubernetes/sample-controller) diff --git a/staging/publishing/import-restrictions.yaml b/staging/publishing/import-restrictions.yaml index e7664a78417..448ab8918af 100644 --- a/staging/publishing/import-restrictions.yaml +++ b/staging/publishing/import-restrictions.yaml @@ -261,3 +261,12 @@ - k8s.io/component-helpers - k8s.io/klog - k8s.io/utils + +- baseImportPath: "./vendor/k8s.io/pod-security-standards/" + allowedImports: + - k8s.io/api + - k8s.io/apimachinery + - k8s.io/client-go + - k8s.io/klog + - k8s.io/pod-security-standards + - k8s.io/utils diff --git a/staging/publishing/rules.yaml b/staging/publishing/rules.yaml index 32d0d02ddc5..df44053676f 100644 --- a/staging/publishing/rules.yaml +++ b/staging/publishing/rules.yaml @@ -1459,3 +1459,11 @@ rules: branch: release-1.21 dir: staging/src/k8s.io/mount-utils name: release-1.21 + +- destination: pod-security-standards + library: true + branches: + - source: + branch: master + dir: staging/src/k8s.io/pod-security-standards + name: master diff --git a/staging/src/k8s.io/pod-security-standards/CONTRIBUTING.md b/staging/src/k8s.io/pod-security-standards/CONTRIBUTING.md new file mode 100644 index 00000000000..6f80589ec78 --- /dev/null +++ b/staging/src/k8s.io/pod-security-standards/CONTRIBUTING.md @@ -0,0 +1,7 @@ +# Contributing guidelines + +Do not open pull requests directly against this repository, they will be ignored. Instead, please open pull requests against [kubernetes/kubernetes](https://git.k8s.io/kubernetes/). Please follow the same [contributing guide](https://git.k8s.io/kubernetes/CONTRIBUTING.md) you would follow for any other pull request made to kubernetes/kubernetes. + +This repository is published from [kubernetes/kubernetes/staging/src/k8s.io/kube-proxy](https://git.k8s.io/kubernetes/staging/src/k8s.io/kube-proxy) by the [kubernetes publishing-bot](https://git.k8s.io/publishing-bot). + +Please see [Staging Directory and Publishing](https://git.k8s.io/community/contributors/devel/sig-architecture/staging.md) for more information diff --git a/staging/src/k8s.io/pod-security-standards/LICENSE b/staging/src/k8s.io/pod-security-standards/LICENSE new file mode 100644 index 00000000000..8dada3edaf5 --- /dev/null +++ b/staging/src/k8s.io/pod-security-standards/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/staging/src/k8s.io/pod-security-standards/OWNERS b/staging/src/k8s.io/pod-security-standards/OWNERS new file mode 100644 index 00000000000..632552bef91 --- /dev/null +++ b/staging/src/k8s.io/pod-security-standards/OWNERS @@ -0,0 +1,10 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +approvers: +- liggitt +- tallclair +reviewers: +- liggitt +- tallclair +labels: +- sig/auth diff --git a/staging/src/k8s.io/pod-security-standards/README.md b/staging/src/k8s.io/pod-security-standards/README.md new file mode 100644 index 00000000000..442ff4b034c --- /dev/null +++ b/staging/src/k8s.io/pod-security-standards/README.md @@ -0,0 +1,26 @@ +# Pod Security Standards + + + +The **Pod Security Standards** are a set of best-practice profiles for running pods securely. + +This repository contains the codified profile definitions, the implementation for the +**PodSecurity** admission controller (library and webhook) that enforces the use of the standards, +and testing resources for validating enforcement of the standards. + +See https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2579-psp-replacement for more details. + +## Community, discussion, contribution, and support + +The Pod Security Standards are a sub-project of [SIG-Auth](https://github.com/kubernetes/community/tree/master/sig-auth). + +You can reach the maintainers of this project at: + +- Slack: [#sig-auth](https://kubernetes.slack.com/messages/sig-auth) +- Mailing List: [kubernetes-sig-auth](https://groups.google.com/forum/#!forum/kubernetes-sig-auth) + +Learn how to engage with the Kubernetes community on the [community page](http://kubernetes.io/community/). + +### Code of conduct + +Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md). diff --git a/staging/src/k8s.io/pod-security-standards/SECURITY_CONTACTS b/staging/src/k8s.io/pod-security-standards/SECURITY_CONTACTS new file mode 100644 index 00000000000..42942ec4f8e --- /dev/null +++ b/staging/src/k8s.io/pod-security-standards/SECURITY_CONTACTS @@ -0,0 +1,14 @@ +# Defined below are the security contacts for this repo. +# +# They are the contact point for the Product Security Committee to reach out +# to for triaging and handling of incoming issues. +# +# The below names agree to abide by the +# [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy) +# and will be removed and replaced if they violate that agreement. +# +# DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE +# INSTRUCTIONS AT https://kubernetes.io/security/ + +liggitt +tallclair diff --git a/staging/src/k8s.io/pod-security-standards/code-of-conduct.md b/staging/src/k8s.io/pod-security-standards/code-of-conduct.md new file mode 100644 index 00000000000..0d15c00cf32 --- /dev/null +++ b/staging/src/k8s.io/pod-security-standards/code-of-conduct.md @@ -0,0 +1,3 @@ +# Kubernetes Community Code of Conduct + +Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) diff --git a/staging/src/k8s.io/pod-security-standards/go.mod b/staging/src/k8s.io/pod-security-standards/go.mod new file mode 100644 index 00000000000..b0fe1f796d9 --- /dev/null +++ b/staging/src/k8s.io/pod-security-standards/go.mod @@ -0,0 +1,7 @@ +// This is a generated file. Do not edit directly. + +module k8s.io/pod-security-standards + +go 1.16 + +replace k8s.io/pod-security-standards => ../pod-security-standards diff --git a/staging/src/k8s.io/pod-security-standards/go.sum b/staging/src/k8s.io/pod-security-standards/go.sum new file mode 100644 index 00000000000..e69de29bb2d diff --git a/vendor/k8s.io/pod-security-standards b/vendor/k8s.io/pod-security-standards new file mode 120000 index 00000000000..8f93f52eed7 --- /dev/null +++ b/vendor/k8s.io/pod-security-standards @@ -0,0 +1 @@ +../../staging/src/k8s.io/pod-security-standards \ No newline at end of file diff --git a/vendor/modules.txt b/vendor/modules.txt index cd9c4eb130c..ee41eb9934d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2704,6 +2704,7 @@ sigs.k8s.io/yaml # k8s.io/legacy-cloud-providers => ./staging/src/k8s.io/legacy-cloud-providers # k8s.io/metrics => ./staging/src/k8s.io/metrics # k8s.io/mount-utils => ./staging/src/k8s.io/mount-utils +# k8s.io/pod-security-standards => ./staging/src/k8s.io/pod-security-standards # k8s.io/sample-apiserver => ./staging/src/k8s.io/sample-apiserver # k8s.io/sample-cli-plugin => ./staging/src/k8s.io/sample-cli-plugin # k8s.io/sample-controller => ./staging/src/k8s.io/sample-controller From c3d0a530eeb28a21108c2e0883aab1637e334acf Mon Sep 17 00:00:00 2001 From: Tim Allclair Date: Wed, 19 May 2021 15:56:01 -0700 Subject: [PATCH 2/6] Add placeholder doc.go --- .../src/k8s.io/pod-security-standards/doc.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 staging/src/k8s.io/pod-security-standards/doc.go diff --git a/staging/src/k8s.io/pod-security-standards/doc.go b/staging/src/k8s.io/pod-security-standards/doc.go new file mode 100644 index 00000000000..1ca0b018f48 --- /dev/null +++ b/staging/src/k8s.io/pod-security-standards/doc.go @@ -0,0 +1,19 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package podsecuritystandards is a placeholder until the initial podsecurity implementation is +// added. +package podsecuritystandards // import "k8s.io/pod-security-standards" From 5e6f0fe8d0b8125a6b2e94064a5499356ee2224b Mon Sep 17 00:00:00 2001 From: Tim Allclair Date: Wed, 19 May 2021 16:24:38 -0700 Subject: [PATCH 3/6] Use sig-auth-policy-* OWNERS alias --- staging/src/k8s.io/pod-security-standards/OWNERS | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/staging/src/k8s.io/pod-security-standards/OWNERS b/staging/src/k8s.io/pod-security-standards/OWNERS index 632552bef91..1844a856bdb 100644 --- a/staging/src/k8s.io/pod-security-standards/OWNERS +++ b/staging/src/k8s.io/pod-security-standards/OWNERS @@ -1,10 +1,8 @@ # See the OWNERS docs at https://go.k8s.io/owners approvers: -- liggitt -- tallclair +- sig-auth-policy-approvers reviewers: -- liggitt -- tallclair +- sig-auth-policy-reviewers labels: - sig/auth From 3115b65ce6ad310e27dfd7b431f23befbd0828b0 Mon Sep 17 00:00:00 2001 From: Tim Allclair Date: Wed, 19 May 2021 18:52:36 -0700 Subject: [PATCH 4/6] Add PULL_REQUEST_TEMPLATE.md --- .../pod-security-standards/.github/PULL_REQUEST_TEMPLATE.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 staging/src/k8s.io/pod-security-standards/.github/PULL_REQUEST_TEMPLATE.md diff --git a/staging/src/k8s.io/pod-security-standards/.github/PULL_REQUEST_TEMPLATE.md b/staging/src/k8s.io/pod-security-standards/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000000..e7e5eb834b2 --- /dev/null +++ b/staging/src/k8s.io/pod-security-standards/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,2 @@ +Sorry, we do not accept changes directly against this repository. Please see +CONTRIBUTING.md for information on where and how to contribute instead. From 0005c7228514e65633c60dccebb1b044583e4a23 Mon Sep 17 00:00:00 2001 From: Tim Allclair Date: Thu, 20 May 2021 17:28:57 -0700 Subject: [PATCH 5/6] s/standards/admission/ --- go.mod | 2 +- staging/README.md | 2 +- staging/publishing/import-restrictions.yaml | 4 ++-- staging/publishing/rules.yaml | 4 ++-- .../.github/PULL_REQUEST_TEMPLATE.md | 0 .../CONTRIBUTING.md | 0 .../LICENSE | 0 .../OWNERS | 0 .../README.md | 2 +- .../SECURITY_CONTACTS | 0 .../code-of-conduct.md | 0 .../doc.go | 4 ++-- staging/src/k8s.io/pod-security-admission/go.mod | 7 +++++++ .../go.sum | 0 staging/src/k8s.io/pod-security-standards/go.mod | 7 ------- vendor/k8s.io/pod-security-admission | 1 + vendor/k8s.io/pod-security-standards | 1 - vendor/modules.txt | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) rename staging/src/k8s.io/{pod-security-standards => pod-security-admission}/.github/PULL_REQUEST_TEMPLATE.md (100%) rename staging/src/k8s.io/{pod-security-standards => pod-security-admission}/CONTRIBUTING.md (100%) rename staging/src/k8s.io/{pod-security-standards => pod-security-admission}/LICENSE (100%) rename staging/src/k8s.io/{pod-security-standards => pod-security-admission}/OWNERS (100%) rename staging/src/k8s.io/{pod-security-standards => pod-security-admission}/README.md (97%) rename staging/src/k8s.io/{pod-security-standards => pod-security-admission}/SECURITY_CONTACTS (100%) rename staging/src/k8s.io/{pod-security-standards => pod-security-admission}/code-of-conduct.md (100%) rename staging/src/k8s.io/{pod-security-standards => pod-security-admission}/doc.go (81%) create mode 100644 staging/src/k8s.io/pod-security-admission/go.mod rename staging/src/k8s.io/{pod-security-standards => pod-security-admission}/go.sum (100%) delete mode 100644 staging/src/k8s.io/pod-security-standards/go.mod create mode 120000 vendor/k8s.io/pod-security-admission delete mode 120000 vendor/k8s.io/pod-security-standards diff --git a/go.mod b/go.mod index 8c39f0bfac4..b92bae78f4b 100644 --- a/go.mod +++ b/go.mod @@ -519,7 +519,7 @@ replace ( k8s.io/legacy-cloud-providers => ./staging/src/k8s.io/legacy-cloud-providers k8s.io/metrics => ./staging/src/k8s.io/metrics k8s.io/mount-utils => ./staging/src/k8s.io/mount-utils - k8s.io/pod-security-standards => ./staging/src/k8s.io/pod-security-standards + k8s.io/pod-security-admission => ./staging/src/k8s.io/pod-security-admission k8s.io/sample-apiserver => ./staging/src/k8s.io/sample-apiserver k8s.io/sample-cli-plugin => ./staging/src/k8s.io/sample-cli-plugin k8s.io/sample-controller => ./staging/src/k8s.io/sample-controller diff --git a/staging/README.md b/staging/README.md index fc969f448b2..517c181227d 100644 --- a/staging/README.md +++ b/staging/README.md @@ -29,7 +29,7 @@ Repositories currently staged here: - [`k8s.io/legacy-cloud-providers`](https://github.com/kubernetes/legacy-cloud-providers) - [`k8s.io/metrics`](https://github.com/kubernetes/metrics) - [`k8s.io/mount-utils`](https://github.com/kubernetes/mount-utils) -- [`k8s.io/pod-security-standards`](https://github.com/kubernetes/pod-security-standards) +- [`k8s.io/pod-security-admission`](https://github.com/kubernetes/pod-security-admission) - [`k8s.io/sample-apiserver`](https://github.com/kubernetes/sample-apiserver) - [`k8s.io/sample-cli-plugin`](https://github.com/kubernetes/sample-cli-plugin) - [`k8s.io/sample-controller`](https://github.com/kubernetes/sample-controller) diff --git a/staging/publishing/import-restrictions.yaml b/staging/publishing/import-restrictions.yaml index 448ab8918af..792e59d452f 100644 --- a/staging/publishing/import-restrictions.yaml +++ b/staging/publishing/import-restrictions.yaml @@ -262,11 +262,11 @@ - k8s.io/klog - k8s.io/utils -- baseImportPath: "./vendor/k8s.io/pod-security-standards/" +- baseImportPath: "./vendor/k8s.io/pod-security-admission/" allowedImports: - k8s.io/api - k8s.io/apimachinery - k8s.io/client-go - k8s.io/klog - - k8s.io/pod-security-standards + - k8s.io/pod-security-admission - k8s.io/utils diff --git a/staging/publishing/rules.yaml b/staging/publishing/rules.yaml index df44053676f..e3627530402 100644 --- a/staging/publishing/rules.yaml +++ b/staging/publishing/rules.yaml @@ -1460,10 +1460,10 @@ rules: dir: staging/src/k8s.io/mount-utils name: release-1.21 -- destination: pod-security-standards +- destination: pod-security-admission library: true branches: - source: branch: master - dir: staging/src/k8s.io/pod-security-standards + dir: staging/src/k8s.io/pod-security-admission name: master diff --git a/staging/src/k8s.io/pod-security-standards/.github/PULL_REQUEST_TEMPLATE.md b/staging/src/k8s.io/pod-security-admission/.github/PULL_REQUEST_TEMPLATE.md similarity index 100% rename from staging/src/k8s.io/pod-security-standards/.github/PULL_REQUEST_TEMPLATE.md rename to staging/src/k8s.io/pod-security-admission/.github/PULL_REQUEST_TEMPLATE.md diff --git a/staging/src/k8s.io/pod-security-standards/CONTRIBUTING.md b/staging/src/k8s.io/pod-security-admission/CONTRIBUTING.md similarity index 100% rename from staging/src/k8s.io/pod-security-standards/CONTRIBUTING.md rename to staging/src/k8s.io/pod-security-admission/CONTRIBUTING.md diff --git a/staging/src/k8s.io/pod-security-standards/LICENSE b/staging/src/k8s.io/pod-security-admission/LICENSE similarity index 100% rename from staging/src/k8s.io/pod-security-standards/LICENSE rename to staging/src/k8s.io/pod-security-admission/LICENSE diff --git a/staging/src/k8s.io/pod-security-standards/OWNERS b/staging/src/k8s.io/pod-security-admission/OWNERS similarity index 100% rename from staging/src/k8s.io/pod-security-standards/OWNERS rename to staging/src/k8s.io/pod-security-admission/OWNERS diff --git a/staging/src/k8s.io/pod-security-standards/README.md b/staging/src/k8s.io/pod-security-admission/README.md similarity index 97% rename from staging/src/k8s.io/pod-security-standards/README.md rename to staging/src/k8s.io/pod-security-admission/README.md index 442ff4b034c..1345382dc70 100644 --- a/staging/src/k8s.io/pod-security-standards/README.md +++ b/staging/src/k8s.io/pod-security-admission/README.md @@ -1,4 +1,4 @@ -# Pod Security Standards +# Pod Security Admission diff --git a/staging/src/k8s.io/pod-security-standards/SECURITY_CONTACTS b/staging/src/k8s.io/pod-security-admission/SECURITY_CONTACTS similarity index 100% rename from staging/src/k8s.io/pod-security-standards/SECURITY_CONTACTS rename to staging/src/k8s.io/pod-security-admission/SECURITY_CONTACTS diff --git a/staging/src/k8s.io/pod-security-standards/code-of-conduct.md b/staging/src/k8s.io/pod-security-admission/code-of-conduct.md similarity index 100% rename from staging/src/k8s.io/pod-security-standards/code-of-conduct.md rename to staging/src/k8s.io/pod-security-admission/code-of-conduct.md diff --git a/staging/src/k8s.io/pod-security-standards/doc.go b/staging/src/k8s.io/pod-security-admission/doc.go similarity index 81% rename from staging/src/k8s.io/pod-security-standards/doc.go rename to staging/src/k8s.io/pod-security-admission/doc.go index 1ca0b018f48..70175530663 100644 --- a/staging/src/k8s.io/pod-security-standards/doc.go +++ b/staging/src/k8s.io/pod-security-admission/doc.go @@ -14,6 +14,6 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Package podsecuritystandards is a placeholder until the initial podsecurity implementation is +// Package podsecurityadmission is a placeholder until the initial podsecurity implementation is // added. -package podsecuritystandards // import "k8s.io/pod-security-standards" +package podsecurityadmission // import "k8s.io/pod-security-admission" diff --git a/staging/src/k8s.io/pod-security-admission/go.mod b/staging/src/k8s.io/pod-security-admission/go.mod new file mode 100644 index 00000000000..e2ab1aaaba2 --- /dev/null +++ b/staging/src/k8s.io/pod-security-admission/go.mod @@ -0,0 +1,7 @@ +// This is a generated file. Do not edit directly. + +module k8s.io/pod-security-admission + +go 1.16 + +replace k8s.io/pod-security-admission => ../pod-security-admission diff --git a/staging/src/k8s.io/pod-security-standards/go.sum b/staging/src/k8s.io/pod-security-admission/go.sum similarity index 100% rename from staging/src/k8s.io/pod-security-standards/go.sum rename to staging/src/k8s.io/pod-security-admission/go.sum diff --git a/staging/src/k8s.io/pod-security-standards/go.mod b/staging/src/k8s.io/pod-security-standards/go.mod deleted file mode 100644 index b0fe1f796d9..00000000000 --- a/staging/src/k8s.io/pod-security-standards/go.mod +++ /dev/null @@ -1,7 +0,0 @@ -// This is a generated file. Do not edit directly. - -module k8s.io/pod-security-standards - -go 1.16 - -replace k8s.io/pod-security-standards => ../pod-security-standards diff --git a/vendor/k8s.io/pod-security-admission b/vendor/k8s.io/pod-security-admission new file mode 120000 index 00000000000..eb8d1870499 --- /dev/null +++ b/vendor/k8s.io/pod-security-admission @@ -0,0 +1 @@ +../../staging/src/k8s.io/pod-security-admission \ No newline at end of file diff --git a/vendor/k8s.io/pod-security-standards b/vendor/k8s.io/pod-security-standards deleted file mode 120000 index 8f93f52eed7..00000000000 --- a/vendor/k8s.io/pod-security-standards +++ /dev/null @@ -1 +0,0 @@ -../../staging/src/k8s.io/pod-security-standards \ No newline at end of file diff --git a/vendor/modules.txt b/vendor/modules.txt index ee41eb9934d..b17ea67216f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2704,7 +2704,7 @@ sigs.k8s.io/yaml # k8s.io/legacy-cloud-providers => ./staging/src/k8s.io/legacy-cloud-providers # k8s.io/metrics => ./staging/src/k8s.io/metrics # k8s.io/mount-utils => ./staging/src/k8s.io/mount-utils -# k8s.io/pod-security-standards => ./staging/src/k8s.io/pod-security-standards +# k8s.io/pod-security-admission => ./staging/src/k8s.io/pod-security-admission # k8s.io/sample-apiserver => ./staging/src/k8s.io/sample-apiserver # k8s.io/sample-cli-plugin => ./staging/src/k8s.io/sample-cli-plugin # k8s.io/sample-controller => ./staging/src/k8s.io/sample-controller From 908d25fac97205fc211e62da926dc4b9f4dfbc30 Mon Sep 17 00:00:00 2001 From: Tim Allclair Date: Thu, 20 May 2021 18:11:15 -0700 Subject: [PATCH 6/6] Fix copy-pasta --- staging/src/k8s.io/pod-security-admission/CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/staging/src/k8s.io/pod-security-admission/CONTRIBUTING.md b/staging/src/k8s.io/pod-security-admission/CONTRIBUTING.md index 6f80589ec78..67bf4123cec 100644 --- a/staging/src/k8s.io/pod-security-admission/CONTRIBUTING.md +++ b/staging/src/k8s.io/pod-security-admission/CONTRIBUTING.md @@ -2,6 +2,6 @@ Do not open pull requests directly against this repository, they will be ignored. Instead, please open pull requests against [kubernetes/kubernetes](https://git.k8s.io/kubernetes/). Please follow the same [contributing guide](https://git.k8s.io/kubernetes/CONTRIBUTING.md) you would follow for any other pull request made to kubernetes/kubernetes. -This repository is published from [kubernetes/kubernetes/staging/src/k8s.io/kube-proxy](https://git.k8s.io/kubernetes/staging/src/k8s.io/kube-proxy) by the [kubernetes publishing-bot](https://git.k8s.io/publishing-bot). +This repository is published from [kubernetes/kubernetes/staging/src/k8s.io/pod-security-admission](https://git.k8s.io/kubernetes/staging/src/k8s.io/pod-security-admission) by the [kubernetes publishing-bot](https://git.k8s.io/publishing-bot). Please see [Staging Directory and Publishing](https://git.k8s.io/community/contributors/devel/sig-architecture/staging.md) for more information