From f11a4ab9a7dbf079c3d0bf026172253640f3726d Mon Sep 17 00:00:00 2001 From: Paul Weil Date: Thu, 5 May 2016 15:44:30 -0400 Subject: [PATCH] generated code --- docs/admin/kube-apiserver.md | 4 +- pkg/apis/extensions/deep_copy_generated.go | 65 +- pkg/apis/extensions/types.generated.go | 1050 ++++++++++++++--- .../v1beta1/conversion_generated.go | 146 ++- .../extensions/v1beta1/deep_copy_generated.go | 65 +- pkg/apis/extensions/v1beta1/generated.pb.go | 683 +++++++++-- pkg/apis/extensions/v1beta1/generated.proto | 62 +- .../extensions/v1beta1/types.generated.go | 1050 ++++++++++++++--- .../v1beta1/types_swagger_doc_generated.go | 45 +- .../unversioned/extensions_client.go | 5 + .../fake/fake_extensions_client.go | 4 + .../fake/fake_podsecuritypolicy.go | 99 ++ .../unversioned/podsecuritypolicy.go | 127 ++ 13 files changed, 2995 insertions(+), 410 deletions(-) create mode 100644 pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/fake/fake_podsecuritypolicy.go create mode 100644 pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/podsecuritypolicy.go diff --git a/docs/admin/kube-apiserver.md b/docs/admin/kube-apiserver.md index 7b7b94d3148..b858f3603e1 100644 --- a/docs/admin/kube-apiserver.md +++ b/docs/admin/kube-apiserver.md @@ -51,7 +51,7 @@ kube-apiserver ### Options ``` - --admission-control="AlwaysAdmit": Ordered list of plug-ins to do admission control of resources into cluster. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, DenyEscalatingExec, DenyExecOnPrivileged, InitialResources, LimitPodHardAntiAffinityTopology, LimitRanger, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, PersistentVolumeLabel, ResourceQuota, SecurityContextDeny, ServiceAccount + --admission-control="AlwaysAdmit": Ordered list of plug-ins to do admission control of resources into cluster. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, DenyEscalatingExec, DenyExecOnPrivileged, InitialResources, LimitPodHardAntiAffinityTopology, LimitRanger, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, PersistentVolumeLabel, PodSecurityPolicy, ResourceQuota, SecurityContextDeny, ServiceAccount --admission-control-config-file="": File with admission control configuration. --advertise-address=: The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used. --allow-privileged[=false]: If true, allow privileged containers. @@ -119,7 +119,7 @@ kube-apiserver --watch-cache-sizes=[]: List of watch cache sizes for every resource (pods, nodes, etc.), comma separated. The individual override format: resource#size, where size is a number. It takes effect when watch-cache is enabled. ``` -###### Auto generated by spf13/cobra on 9-May-2016 +###### Auto generated by spf13/cobra on 10-May-2016 diff --git a/pkg/apis/extensions/deep_copy_generated.go b/pkg/apis/extensions/deep_copy_generated.go index 1f9608ee36f..835765e6d19 100644 --- a/pkg/apis/extensions/deep_copy_generated.go +++ b/pkg/apis/extensions/deep_copy_generated.go @@ -45,6 +45,7 @@ func init() { DeepCopy_extensions_DeploymentSpec, DeepCopy_extensions_DeploymentStatus, DeepCopy_extensions_DeploymentStrategy, + DeepCopy_extensions_FSGroupStrategyOptions, DeepCopy_extensions_HTTPIngressPath, DeepCopy_extensions_HTTPIngressRuleValue, DeepCopy_extensions_HostPortRange, @@ -72,6 +73,7 @@ func init() { DeepCopy_extensions_Scale, DeepCopy_extensions_ScaleSpec, DeepCopy_extensions_ScaleStatus, + DeepCopy_extensions_SupplementalGroupsStrategyOptions, DeepCopy_extensions_ThirdPartyResource, DeepCopy_extensions_ThirdPartyResourceData, DeepCopy_extensions_ThirdPartyResourceDataList, @@ -311,6 +313,22 @@ func DeepCopy_extensions_DeploymentStrategy(in DeploymentStrategy, out *Deployme return nil } +func DeepCopy_extensions_FSGroupStrategyOptions(in FSGroupStrategyOptions, out *FSGroupStrategyOptions, c *conversion.Cloner) error { + out.Rule = in.Rule + if in.Ranges != nil { + in, out := in.Ranges, &out.Ranges + *out = make([]IDRange, len(in)) + for i := range in { + if err := DeepCopy_extensions_IDRange(in[i], &(*out)[i], c); err != nil { + return err + } + } + } else { + out.Ranges = nil + } + return nil +} + func DeepCopy_extensions_HTTPIngressPath(in HTTPIngressPath, out *HTTPIngressPath, c *conversion.Cloner) error { out.Path = in.Path if err := DeepCopy_extensions_IngressBackend(in.Backend, &out.Backend, c); err != nil { @@ -502,14 +520,32 @@ func DeepCopy_extensions_PodSecurityPolicyList(in PodSecurityPolicyList, out *Po func DeepCopy_extensions_PodSecurityPolicySpec(in PodSecurityPolicySpec, out *PodSecurityPolicySpec, c *conversion.Cloner) error { out.Privileged = in.Privileged - if in.Capabilities != nil { - in, out := in.Capabilities, &out.Capabilities + if in.DefaultAddCapabilities != nil { + in, out := in.DefaultAddCapabilities, &out.DefaultAddCapabilities *out = make([]api.Capability, len(in)) for i := range in { (*out)[i] = in[i] } } else { - out.Capabilities = nil + out.DefaultAddCapabilities = nil + } + if in.RequiredDropCapabilities != nil { + in, out := in.RequiredDropCapabilities, &out.RequiredDropCapabilities + *out = make([]api.Capability, len(in)) + for i := range in { + (*out)[i] = in[i] + } + } else { + out.RequiredDropCapabilities = nil + } + if in.AllowedCapabilities != nil { + in, out := in.AllowedCapabilities, &out.AllowedCapabilities + *out = make([]api.Capability, len(in)) + for i := range in { + (*out)[i] = in[i] + } + } else { + out.AllowedCapabilities = nil } if in.Volumes != nil { in, out := in.Volumes, &out.Volumes @@ -540,6 +576,13 @@ func DeepCopy_extensions_PodSecurityPolicySpec(in PodSecurityPolicySpec, out *Po if err := DeepCopy_extensions_RunAsUserStrategyOptions(in.RunAsUser, &out.RunAsUser, c); err != nil { return err } + if err := DeepCopy_extensions_SupplementalGroupsStrategyOptions(in.SupplementalGroups, &out.SupplementalGroups, c); err != nil { + return err + } + if err := DeepCopy_extensions_FSGroupStrategyOptions(in.FSGroup, &out.FSGroup, c); err != nil { + return err + } + out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem return nil } @@ -691,6 +734,22 @@ func DeepCopy_extensions_ScaleStatus(in ScaleStatus, out *ScaleStatus, c *conver return nil } +func DeepCopy_extensions_SupplementalGroupsStrategyOptions(in SupplementalGroupsStrategyOptions, out *SupplementalGroupsStrategyOptions, c *conversion.Cloner) error { + out.Rule = in.Rule + if in.Ranges != nil { + in, out := in.Ranges, &out.Ranges + *out = make([]IDRange, len(in)) + for i := range in { + if err := DeepCopy_extensions_IDRange(in[i], &(*out)[i], c); err != nil { + return err + } + } + } else { + out.Ranges = nil + } + return nil +} + func DeepCopy_extensions_ThirdPartyResource(in ThirdPartyResource, out *ThirdPartyResource, c *conversion.Cloner) error { if err := unversioned.DeepCopy_unversioned_TypeMeta(in.TypeMeta, &out.TypeMeta, c); err != nil { return err diff --git a/pkg/apis/extensions/types.generated.go b/pkg/apis/extensions/types.generated.go index 9b20d0d7cd0..992cf3f4348 100644 --- a/pkg/apis/extensions/types.generated.go +++ b/pkg/apis/extensions/types.generated.go @@ -11221,23 +11221,24 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { yysep2 := !z.EncBinary() yy2arr2 := z.EncBasicHandle().StructToArray - var yyq2 [9]bool + var yyq2 [14]bool _, _, _ = yysep2, yyq2, yy2arr2 const yyr2 bool = false yyq2[0] = x.Privileged != false - yyq2[1] = len(x.Capabilities) != 0 - yyq2[2] = len(x.Volumes) != 0 - yyq2[3] = x.HostNetwork != false - yyq2[4] = len(x.HostPorts) != 0 - yyq2[5] = x.HostPID != false - yyq2[6] = x.HostIPC != false - yyq2[7] = true - yyq2[8] = true + yyq2[1] = len(x.DefaultAddCapabilities) != 0 + yyq2[2] = len(x.RequiredDropCapabilities) != 0 + yyq2[3] = len(x.AllowedCapabilities) != 0 + yyq2[4] = len(x.Volumes) != 0 + yyq2[5] = x.HostNetwork != false + yyq2[6] = len(x.HostPorts) != 0 + yyq2[7] = x.HostPID != false + yyq2[8] = x.HostIPC != false + yyq2[13] = x.ReadOnlyRootFilesystem != false var yynn2 int if yyr2 || yy2arr2 { - r.EncodeArrayStart(9) + r.EncodeArrayStart(14) } else { - yynn2 = 0 + yynn2 = 4 for _, b := range yyq2 { if b { yynn2++ @@ -11274,14 +11275,14 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) if yyq2[1] { - if x.Capabilities == nil { + if x.DefaultAddCapabilities == nil { r.EncodeNil() } else { yym7 := z.EncBinary() _ = yym7 if false { } else { - h.encSliceapi_Capability(([]pkg2_api.Capability)(x.Capabilities), e) + h.encSliceapi_Capability(([]pkg2_api.Capability)(x.DefaultAddCapabilities), e) } } } else { @@ -11290,16 +11291,16 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { if yyq2[1] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("capabilities")) + r.EncodeString(codecSelferC_UTF81234, string("defaultAddCapabilities")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - if x.Capabilities == nil { + if x.DefaultAddCapabilities == nil { r.EncodeNil() } else { yym8 := z.EncBinary() _ = yym8 if false { } else { - h.encSliceapi_Capability(([]pkg2_api.Capability)(x.Capabilities), e) + h.encSliceapi_Capability(([]pkg2_api.Capability)(x.DefaultAddCapabilities), e) } } } @@ -11307,14 +11308,14 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) if yyq2[2] { - if x.Volumes == nil { + if x.RequiredDropCapabilities == nil { r.EncodeNil() } else { yym10 := z.EncBinary() _ = yym10 if false { } else { - h.encSliceFSType(([]FSType)(x.Volumes), e) + h.encSliceapi_Capability(([]pkg2_api.Capability)(x.RequiredDropCapabilities), e) } } } else { @@ -11323,16 +11324,16 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { if yyq2[2] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("volumes")) + r.EncodeString(codecSelferC_UTF81234, string("requiredDropCapabilities")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - if x.Volumes == nil { + if x.RequiredDropCapabilities == nil { r.EncodeNil() } else { yym11 := z.EncBinary() _ = yym11 if false { } else { - h.encSliceFSType(([]FSType)(x.Volumes), e) + h.encSliceapi_Capability(([]pkg2_api.Capability)(x.RequiredDropCapabilities), e) } } } @@ -11340,39 +11341,47 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) if yyq2[3] { - yym13 := z.EncBinary() - _ = yym13 - if false { + if x.AllowedCapabilities == nil { + r.EncodeNil() } else { - r.EncodeBool(bool(x.HostNetwork)) + yym13 := z.EncBinary() + _ = yym13 + if false { + } else { + h.encSliceapi_Capability(([]pkg2_api.Capability)(x.AllowedCapabilities), e) + } } } else { - r.EncodeBool(false) + r.EncodeNil() } } else { if yyq2[3] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("hostNetwork")) + r.EncodeString(codecSelferC_UTF81234, string("allowedCapabilities")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym14 := z.EncBinary() - _ = yym14 - if false { + if x.AllowedCapabilities == nil { + r.EncodeNil() } else { - r.EncodeBool(bool(x.HostNetwork)) + yym14 := z.EncBinary() + _ = yym14 + if false { + } else { + h.encSliceapi_Capability(([]pkg2_api.Capability)(x.AllowedCapabilities), e) + } } } } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) if yyq2[4] { - if x.HostPorts == nil { + if x.Volumes == nil { r.EncodeNil() } else { yym16 := z.EncBinary() _ = yym16 if false { } else { - h.encSliceHostPortRange(([]HostPortRange)(x.HostPorts), e) + h.encSliceFSType(([]FSType)(x.Volumes), e) } } } else { @@ -11381,16 +11390,16 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { if yyq2[4] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("hostPorts")) + r.EncodeString(codecSelferC_UTF81234, string("volumes")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - if x.HostPorts == nil { + if x.Volumes == nil { r.EncodeNil() } else { yym17 := z.EncBinary() _ = yym17 if false { } else { - h.encSliceHostPortRange(([]HostPortRange)(x.HostPorts), e) + h.encSliceFSType(([]FSType)(x.Volumes), e) } } } @@ -11402,7 +11411,7 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { _ = yym19 if false { } else { - r.EncodeBool(bool(x.HostPID)) + r.EncodeBool(bool(x.HostNetwork)) } } else { r.EncodeBool(false) @@ -11410,11 +11419,69 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { if yyq2[5] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("hostPID")) + r.EncodeString(codecSelferC_UTF81234, string("hostNetwork")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym20 := z.EncBinary() _ = yym20 if false { + } else { + r.EncodeBool(bool(x.HostNetwork)) + } + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[6] { + if x.HostPorts == nil { + r.EncodeNil() + } else { + yym22 := z.EncBinary() + _ = yym22 + if false { + } else { + h.encSliceHostPortRange(([]HostPortRange)(x.HostPorts), e) + } + } + } else { + r.EncodeNil() + } + } else { + if yyq2[6] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("hostPorts")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + if x.HostPorts == nil { + r.EncodeNil() + } else { + yym23 := z.EncBinary() + _ = yym23 + if false { + } else { + h.encSliceHostPortRange(([]HostPortRange)(x.HostPorts), e) + } + } + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[7] { + yym25 := z.EncBinary() + _ = yym25 + if false { + } else { + r.EncodeBool(bool(x.HostPID)) + } + } else { + r.EncodeBool(false) + } + } else { + if yyq2[7] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("hostPID")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yym26 := z.EncBinary() + _ = yym26 + if false { } else { r.EncodeBool(bool(x.HostPID)) } @@ -11422,9 +11489,9 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq2[6] { - yym22 := z.EncBinary() - _ = yym22 + if yyq2[8] { + yym28 := z.EncBinary() + _ = yym28 if false { } else { r.EncodeBool(bool(x.HostIPC)) @@ -11433,12 +11500,12 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { r.EncodeBool(false) } } else { - if yyq2[6] { + if yyq2[8] { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("hostIPC")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym23 := z.EncBinary() - _ = yym23 + yym29 := z.EncBinary() + _ = yym29 if false { } else { r.EncodeBool(bool(x.HostIPC)) @@ -11447,36 +11514,71 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq2[7] { - yy25 := &x.SELinux - yy25.CodecEncodeSelf(e) - } else { - r.EncodeNil() - } + yy31 := &x.SELinux + yy31.CodecEncodeSelf(e) } else { - if yyq2[7] { - z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("seLinux")) - z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy27 := &x.SELinux - yy27.CodecEncodeSelf(e) - } + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("seLinux")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yy33 := &x.SELinux + yy33.CodecEncodeSelf(e) } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq2[8] { - yy30 := &x.RunAsUser - yy30.CodecEncodeSelf(e) + yy36 := &x.RunAsUser + yy36.CodecEncodeSelf(e) + } else { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("runAsUser")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yy38 := &x.RunAsUser + yy38.CodecEncodeSelf(e) + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy41 := &x.SupplementalGroups + yy41.CodecEncodeSelf(e) + } else { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("supplementalGroups")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yy43 := &x.SupplementalGroups + yy43.CodecEncodeSelf(e) + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy46 := &x.FSGroup + yy46.CodecEncodeSelf(e) + } else { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("fsGroup")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yy48 := &x.FSGroup + yy48.CodecEncodeSelf(e) + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[13] { + yym51 := z.EncBinary() + _ = yym51 + if false { + } else { + r.EncodeBool(bool(x.ReadOnlyRootFilesystem)) + } } else { - r.EncodeNil() + r.EncodeBool(false) } } else { - if yyq2[8] { + if yyq2[13] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("runAsUser")) + r.EncodeString(codecSelferC_UTF81234, string("readOnlyRootFilesystem")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy32 := &x.RunAsUser - yy32.CodecEncodeSelf(e) + yym52 := z.EncBinary() + _ = yym52 + if false { + } else { + r.EncodeBool(bool(x.ReadOnlyRootFilesystem)) + } } } if yyr2 || yy2arr2 { @@ -11546,11 +11648,11 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromMap(l int, d *codec1978.Decod } else { x.Privileged = bool(r.DecodeBool()) } - case "capabilities": + case "defaultAddCapabilities": if r.TryDecodeAsNil() { - x.Capabilities = nil + x.DefaultAddCapabilities = nil } else { - yyv5 := &x.Capabilities + yyv5 := &x.DefaultAddCapabilities yym6 := z.DecBinary() _ = yym6 if false { @@ -11558,16 +11660,40 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromMap(l int, d *codec1978.Decod h.decSliceapi_Capability((*[]pkg2_api.Capability)(yyv5), d) } } - case "volumes": + case "requiredDropCapabilities": if r.TryDecodeAsNil() { - x.Volumes = nil + x.RequiredDropCapabilities = nil } else { - yyv7 := &x.Volumes + yyv7 := &x.RequiredDropCapabilities yym8 := z.DecBinary() _ = yym8 if false { } else { - h.decSliceFSType((*[]FSType)(yyv7), d) + h.decSliceapi_Capability((*[]pkg2_api.Capability)(yyv7), d) + } + } + case "allowedCapabilities": + if r.TryDecodeAsNil() { + x.AllowedCapabilities = nil + } else { + yyv9 := &x.AllowedCapabilities + yym10 := z.DecBinary() + _ = yym10 + if false { + } else { + h.decSliceapi_Capability((*[]pkg2_api.Capability)(yyv9), d) + } + } + case "volumes": + if r.TryDecodeAsNil() { + x.Volumes = nil + } else { + yyv11 := &x.Volumes + yym12 := z.DecBinary() + _ = yym12 + if false { + } else { + h.decSliceFSType((*[]FSType)(yyv11), d) } } case "hostNetwork": @@ -11580,12 +11706,12 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromMap(l int, d *codec1978.Decod if r.TryDecodeAsNil() { x.HostPorts = nil } else { - yyv10 := &x.HostPorts - yym11 := z.DecBinary() - _ = yym11 + yyv14 := &x.HostPorts + yym15 := z.DecBinary() + _ = yym15 if false { } else { - h.decSliceHostPortRange((*[]HostPortRange)(yyv10), d) + h.decSliceHostPortRange((*[]HostPortRange)(yyv14), d) } } case "hostPID": @@ -11604,15 +11730,35 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromMap(l int, d *codec1978.Decod if r.TryDecodeAsNil() { x.SELinux = SELinuxStrategyOptions{} } else { - yyv14 := &x.SELinux - yyv14.CodecDecodeSelf(d) + yyv18 := &x.SELinux + yyv18.CodecDecodeSelf(d) } case "runAsUser": if r.TryDecodeAsNil() { x.RunAsUser = RunAsUserStrategyOptions{} } else { - yyv15 := &x.RunAsUser - yyv15.CodecDecodeSelf(d) + yyv19 := &x.RunAsUser + yyv19.CodecDecodeSelf(d) + } + case "supplementalGroups": + if r.TryDecodeAsNil() { + x.SupplementalGroups = SupplementalGroupsStrategyOptions{} + } else { + yyv20 := &x.SupplementalGroups + yyv20.CodecDecodeSelf(d) + } + case "fsGroup": + if r.TryDecodeAsNil() { + x.FSGroup = FSGroupStrategyOptions{} + } else { + yyv21 := &x.FSGroup + yyv21.CodecDecodeSelf(d) + } + case "readOnlyRootFilesystem": + if r.TryDecodeAsNil() { + x.ReadOnlyRootFilesystem = false + } else { + x.ReadOnlyRootFilesystem = bool(r.DecodeBool()) } default: z.DecStructFieldNotFound(-1, yys3) @@ -11625,16 +11771,16 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - var yyj16 int - var yyb16 bool - var yyhl16 bool = l >= 0 - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + var yyj23 int + var yyb23 bool + var yyhl23 bool = l >= 0 + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -11644,35 +11790,79 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec } else { x.Privileged = bool(r.DecodeBool()) } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } z.DecSendContainerState(codecSelfer_containerArrayElem1234) if r.TryDecodeAsNil() { - x.Capabilities = nil + x.DefaultAddCapabilities = nil } else { - yyv18 := &x.Capabilities - yym19 := z.DecBinary() - _ = yym19 + yyv25 := &x.DefaultAddCapabilities + yym26 := z.DecBinary() + _ = yym26 if false { } else { - h.decSliceapi_Capability((*[]pkg2_api.Capability)(yyv18), d) + h.decSliceapi_Capability((*[]pkg2_api.Capability)(yyv25), d) } } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.RequiredDropCapabilities = nil + } else { + yyv27 := &x.RequiredDropCapabilities + yym28 := z.DecBinary() + _ = yym28 + if false { + } else { + h.decSliceapi_Capability((*[]pkg2_api.Capability)(yyv27), d) + } + } + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l + } else { + yyb23 = r.CheckBreak() + } + if yyb23 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.AllowedCapabilities = nil + } else { + yyv29 := &x.AllowedCapabilities + yym30 := z.DecBinary() + _ = yym30 + if false { + } else { + h.decSliceapi_Capability((*[]pkg2_api.Capability)(yyv29), d) + } + } + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l + } else { + yyb23 = r.CheckBreak() + } + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -11680,21 +11870,21 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec if r.TryDecodeAsNil() { x.Volumes = nil } else { - yyv20 := &x.Volumes - yym21 := z.DecBinary() - _ = yym21 + yyv31 := &x.Volumes + yym32 := z.DecBinary() + _ = yym32 if false { } else { - h.decSliceFSType((*[]FSType)(yyv20), d) + h.decSliceFSType((*[]FSType)(yyv31), d) } } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -11704,13 +11894,13 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec } else { x.HostNetwork = bool(r.DecodeBool()) } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -11718,21 +11908,21 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec if r.TryDecodeAsNil() { x.HostPorts = nil } else { - yyv23 := &x.HostPorts - yym24 := z.DecBinary() - _ = yym24 + yyv34 := &x.HostPorts + yym35 := z.DecBinary() + _ = yym35 if false { } else { - h.decSliceHostPortRange((*[]HostPortRange)(yyv23), d) + h.decSliceHostPortRange((*[]HostPortRange)(yyv34), d) } } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -11742,13 +11932,13 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec } else { x.HostPID = bool(r.DecodeBool()) } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -11758,13 +11948,13 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec } else { x.HostIPC = bool(r.DecodeBool()) } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -11772,16 +11962,16 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec if r.TryDecodeAsNil() { x.SELinux = SELinuxStrategyOptions{} } else { - yyv27 := &x.SELinux - yyv27.CodecDecodeSelf(d) + yyv38 := &x.SELinux + yyv38.CodecDecodeSelf(d) } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -11789,21 +11979,71 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec if r.TryDecodeAsNil() { x.RunAsUser = RunAsUserStrategyOptions{} } else { - yyv28 := &x.RunAsUser - yyv28.CodecDecodeSelf(d) + yyv39 := &x.RunAsUser + yyv39.CodecDecodeSelf(d) + } + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l + } else { + yyb23 = r.CheckBreak() + } + if yyb23 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.SupplementalGroups = SupplementalGroupsStrategyOptions{} + } else { + yyv40 := &x.SupplementalGroups + yyv40.CodecDecodeSelf(d) + } + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l + } else { + yyb23 = r.CheckBreak() + } + if yyb23 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.FSGroup = FSGroupStrategyOptions{} + } else { + yyv41 := &x.FSGroup + yyv41.CodecDecodeSelf(d) + } + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l + } else { + yyb23 = r.CheckBreak() + } + if yyb23 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.ReadOnlyRootFilesystem = false + } else { + x.ReadOnlyRootFilesystem = bool(r.DecodeBool()) } for { - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { break } z.DecSendContainerState(codecSelfer_containerArrayElem1234) - z.DecStructFieldNotFound(yyj16-1, "") + z.DecStructFieldNotFound(yyj23-1, "") } z.DecSendContainerState(codecSelfer_containerArrayEnd1234) } @@ -12720,6 +12960,512 @@ func (x *RunAsUserStrategy) CodecDecodeSelf(d *codec1978.Decoder) { } } +func (x *FSGroupStrategyOptions) CodecEncodeSelf(e *codec1978.Encoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperEncoder(e) + _, _, _ = h, z, r + if x == nil { + r.EncodeNil() + } else { + yym1 := z.EncBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.EncExt(x) { + } else { + yysep2 := !z.EncBinary() + yy2arr2 := z.EncBasicHandle().StructToArray + var yyq2 [2]bool + _, _, _ = yysep2, yyq2, yy2arr2 + const yyr2 bool = false + yyq2[0] = x.Rule != "" + yyq2[1] = len(x.Ranges) != 0 + var yynn2 int + if yyr2 || yy2arr2 { + r.EncodeArrayStart(2) + } else { + yynn2 = 0 + for _, b := range yyq2 { + if b { + yynn2++ + } + } + r.EncodeMapStart(yynn2) + yynn2 = 0 + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[0] { + x.Rule.CodecEncodeSelf(e) + } else { + r.EncodeString(codecSelferC_UTF81234, "") + } + } else { + if yyq2[0] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("rule")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + x.Rule.CodecEncodeSelf(e) + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[1] { + if x.Ranges == nil { + r.EncodeNil() + } else { + yym7 := z.EncBinary() + _ = yym7 + if false { + } else { + h.encSliceIDRange(([]IDRange)(x.Ranges), e) + } + } + } else { + r.EncodeNil() + } + } else { + if yyq2[1] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("ranges")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + if x.Ranges == nil { + r.EncodeNil() + } else { + yym8 := z.EncBinary() + _ = yym8 + if false { + } else { + h.encSliceIDRange(([]IDRange)(x.Ranges), e) + } + } + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayEnd1234) + } else { + z.EncSendContainerState(codecSelfer_containerMapEnd1234) + } + } + } +} + +func (x *FSGroupStrategyOptions) CodecDecodeSelf(d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + yym1 := z.DecBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.DecExt(x) { + } else { + yyct2 := r.ContainerType() + if yyct2 == codecSelferValueTypeMap1234 { + yyl2 := r.ReadMapStart() + if yyl2 == 0 { + z.DecSendContainerState(codecSelfer_containerMapEnd1234) + } else { + x.codecDecodeSelfFromMap(yyl2, d) + } + } else if yyct2 == codecSelferValueTypeArray1234 { + yyl2 := r.ReadArrayStart() + if yyl2 == 0 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + } else { + x.codecDecodeSelfFromArray(yyl2, d) + } + } else { + panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234) + } + } +} + +func (x *FSGroupStrategyOptions) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + var yys3Slc = z.DecScratchBuffer() // default slice to decode into + _ = yys3Slc + var yyhl3 bool = l >= 0 + for yyj3 := 0; ; yyj3++ { + if yyhl3 { + if yyj3 >= l { + break + } + } else { + if r.CheckBreak() { + break + } + } + z.DecSendContainerState(codecSelfer_containerMapKey1234) + yys3Slc = r.DecodeBytes(yys3Slc, true, true) + yys3 := string(yys3Slc) + z.DecSendContainerState(codecSelfer_containerMapValue1234) + switch yys3 { + case "rule": + if r.TryDecodeAsNil() { + x.Rule = "" + } else { + x.Rule = FSGroupStrategyType(r.DecodeString()) + } + case "ranges": + if r.TryDecodeAsNil() { + x.Ranges = nil + } else { + yyv5 := &x.Ranges + yym6 := z.DecBinary() + _ = yym6 + if false { + } else { + h.decSliceIDRange((*[]IDRange)(yyv5), d) + } + } + default: + z.DecStructFieldNotFound(-1, yys3) + } // end switch yys3 + } // end for yyj3 + z.DecSendContainerState(codecSelfer_containerMapEnd1234) +} + +func (x *FSGroupStrategyOptions) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + var yyj7 int + var yyb7 bool + var yyhl7 bool = l >= 0 + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.Rule = "" + } else { + x.Rule = FSGroupStrategyType(r.DecodeString()) + } + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.Ranges = nil + } else { + yyv9 := &x.Ranges + yym10 := z.DecBinary() + _ = yym10 + if false { + } else { + h.decSliceIDRange((*[]IDRange)(yyv9), d) + } + } + for { + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + break + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + z.DecStructFieldNotFound(yyj7-1, "") + } + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) +} + +func (x FSGroupStrategyType) CodecEncodeSelf(e *codec1978.Encoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperEncoder(e) + _, _, _ = h, z, r + yym1 := z.EncBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.EncExt(x) { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x)) + } +} + +func (x *FSGroupStrategyType) CodecDecodeSelf(d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + yym1 := z.DecBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.DecExt(x) { + } else { + *((*string)(x)) = r.DecodeString() + } +} + +func (x *SupplementalGroupsStrategyOptions) CodecEncodeSelf(e *codec1978.Encoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperEncoder(e) + _, _, _ = h, z, r + if x == nil { + r.EncodeNil() + } else { + yym1 := z.EncBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.EncExt(x) { + } else { + yysep2 := !z.EncBinary() + yy2arr2 := z.EncBasicHandle().StructToArray + var yyq2 [2]bool + _, _, _ = yysep2, yyq2, yy2arr2 + const yyr2 bool = false + yyq2[0] = x.Rule != "" + yyq2[1] = len(x.Ranges) != 0 + var yynn2 int + if yyr2 || yy2arr2 { + r.EncodeArrayStart(2) + } else { + yynn2 = 0 + for _, b := range yyq2 { + if b { + yynn2++ + } + } + r.EncodeMapStart(yynn2) + yynn2 = 0 + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[0] { + x.Rule.CodecEncodeSelf(e) + } else { + r.EncodeString(codecSelferC_UTF81234, "") + } + } else { + if yyq2[0] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("rule")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + x.Rule.CodecEncodeSelf(e) + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[1] { + if x.Ranges == nil { + r.EncodeNil() + } else { + yym7 := z.EncBinary() + _ = yym7 + if false { + } else { + h.encSliceIDRange(([]IDRange)(x.Ranges), e) + } + } + } else { + r.EncodeNil() + } + } else { + if yyq2[1] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("ranges")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + if x.Ranges == nil { + r.EncodeNil() + } else { + yym8 := z.EncBinary() + _ = yym8 + if false { + } else { + h.encSliceIDRange(([]IDRange)(x.Ranges), e) + } + } + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayEnd1234) + } else { + z.EncSendContainerState(codecSelfer_containerMapEnd1234) + } + } + } +} + +func (x *SupplementalGroupsStrategyOptions) CodecDecodeSelf(d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + yym1 := z.DecBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.DecExt(x) { + } else { + yyct2 := r.ContainerType() + if yyct2 == codecSelferValueTypeMap1234 { + yyl2 := r.ReadMapStart() + if yyl2 == 0 { + z.DecSendContainerState(codecSelfer_containerMapEnd1234) + } else { + x.codecDecodeSelfFromMap(yyl2, d) + } + } else if yyct2 == codecSelferValueTypeArray1234 { + yyl2 := r.ReadArrayStart() + if yyl2 == 0 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + } else { + x.codecDecodeSelfFromArray(yyl2, d) + } + } else { + panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234) + } + } +} + +func (x *SupplementalGroupsStrategyOptions) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + var yys3Slc = z.DecScratchBuffer() // default slice to decode into + _ = yys3Slc + var yyhl3 bool = l >= 0 + for yyj3 := 0; ; yyj3++ { + if yyhl3 { + if yyj3 >= l { + break + } + } else { + if r.CheckBreak() { + break + } + } + z.DecSendContainerState(codecSelfer_containerMapKey1234) + yys3Slc = r.DecodeBytes(yys3Slc, true, true) + yys3 := string(yys3Slc) + z.DecSendContainerState(codecSelfer_containerMapValue1234) + switch yys3 { + case "rule": + if r.TryDecodeAsNil() { + x.Rule = "" + } else { + x.Rule = SupplementalGroupsStrategyType(r.DecodeString()) + } + case "ranges": + if r.TryDecodeAsNil() { + x.Ranges = nil + } else { + yyv5 := &x.Ranges + yym6 := z.DecBinary() + _ = yym6 + if false { + } else { + h.decSliceIDRange((*[]IDRange)(yyv5), d) + } + } + default: + z.DecStructFieldNotFound(-1, yys3) + } // end switch yys3 + } // end for yyj3 + z.DecSendContainerState(codecSelfer_containerMapEnd1234) +} + +func (x *SupplementalGroupsStrategyOptions) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + var yyj7 int + var yyb7 bool + var yyhl7 bool = l >= 0 + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.Rule = "" + } else { + x.Rule = SupplementalGroupsStrategyType(r.DecodeString()) + } + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.Ranges = nil + } else { + yyv9 := &x.Ranges + yym10 := z.DecBinary() + _ = yym10 + if false { + } else { + h.decSliceIDRange((*[]IDRange)(yyv9), d) + } + } + for { + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + break + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + z.DecStructFieldNotFound(yyj7-1, "") + } + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) +} + +func (x SupplementalGroupsStrategyType) CodecEncodeSelf(e *codec1978.Encoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperEncoder(e) + _, _, _ = h, z, r + yym1 := z.EncBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.EncExt(x) { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x)) + } +} + +func (x *SupplementalGroupsStrategyType) CodecDecodeSelf(d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + yym1 := z.DecBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.DecExt(x) { + } else { + *((*string)(x)) = r.DecodeString() + } +} + func (x *PodSecurityPolicyList) CodecEncodeSelf(e *codec1978.Encoder) { var h codecSelfer1234 z, r := codec1978.GenHelperEncoder(e) @@ -14990,7 +15736,7 @@ func (x codecSelfer1234) decSlicePodSecurityPolicy(v *[]PodSecurityPolicy, d *co yyrg1 := len(yyv1) > 0 yyv21 := yyv1 - yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 400) + yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 536) if yyrt1 { if yyrl1 <= cap(yyv1) { yyv1 = yyv1[:yyrl1] diff --git a/pkg/apis/extensions/v1beta1/conversion_generated.go b/pkg/apis/extensions/v1beta1/conversion_generated.go index 3e61862544b..4b8506a9d52 100644 --- a/pkg/apis/extensions/v1beta1/conversion_generated.go +++ b/pkg/apis/extensions/v1beta1/conversion_generated.go @@ -62,6 +62,8 @@ func init() { Convert_extensions_DeploymentStatus_To_v1beta1_DeploymentStatus, Convert_v1beta1_DeploymentStrategy_To_extensions_DeploymentStrategy, Convert_extensions_DeploymentStrategy_To_v1beta1_DeploymentStrategy, + Convert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions, + Convert_extensions_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions, Convert_v1beta1_HTTPIngressPath_To_extensions_HTTPIngressPath, Convert_extensions_HTTPIngressPath_To_v1beta1_HTTPIngressPath, Convert_v1beta1_HTTPIngressRuleValue_To_extensions_HTTPIngressRuleValue, @@ -138,6 +140,8 @@ func init() { Convert_extensions_ScaleSpec_To_v1beta1_ScaleSpec, Convert_v1beta1_ScaleStatus_To_extensions_ScaleStatus, Convert_extensions_ScaleStatus_To_v1beta1_ScaleStatus, + Convert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions, + Convert_extensions_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions, Convert_v1beta1_ThirdPartyResource_To_extensions_ThirdPartyResource, Convert_extensions_ThirdPartyResource_To_v1beta1_ThirdPartyResource, Convert_v1beta1_ThirdPartyResourceData_To_extensions_ThirdPartyResourceData, @@ -646,6 +650,46 @@ func autoConvert_extensions_DeploymentStrategy_To_v1beta1_DeploymentStrategy(in return nil } +func autoConvert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions(in *FSGroupStrategyOptions, out *extensions.FSGroupStrategyOptions, s conversion.Scope) error { + out.Rule = extensions.FSGroupStrategyType(in.Rule) + if in.Ranges != nil { + in, out := &in.Ranges, &out.Ranges + *out = make([]extensions.IDRange, len(*in)) + for i := range *in { + if err := Convert_v1beta1_IDRange_To_extensions_IDRange(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Ranges = nil + } + return nil +} + +func Convert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions(in *FSGroupStrategyOptions, out *extensions.FSGroupStrategyOptions, s conversion.Scope) error { + return autoConvert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions(in, out, s) +} + +func autoConvert_extensions_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in *extensions.FSGroupStrategyOptions, out *FSGroupStrategyOptions, s conversion.Scope) error { + out.Rule = FSGroupStrategyType(in.Rule) + if in.Ranges != nil { + in, out := &in.Ranges, &out.Ranges + *out = make([]IDRange, len(*in)) + for i := range *in { + if err := Convert_extensions_IDRange_To_v1beta1_IDRange(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Ranges = nil + } + return nil +} + +func Convert_extensions_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in *extensions.FSGroupStrategyOptions, out *FSGroupStrategyOptions, s conversion.Scope) error { + return autoConvert_extensions_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(in, out, s) +} + func autoConvert_v1beta1_HTTPIngressPath_To_extensions_HTTPIngressPath(in *HTTPIngressPath, out *extensions.HTTPIngressPath, s conversion.Scope) error { out.Path = in.Path if err := Convert_v1beta1_IngressBackend_To_extensions_IngressBackend(&in.Backend, &out.Backend, s); err != nil { @@ -1602,14 +1646,32 @@ func Convert_extensions_PodSecurityPolicyList_To_v1beta1_PodSecurityPolicyList(i func autoConvert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySpec(in *PodSecurityPolicySpec, out *extensions.PodSecurityPolicySpec, s conversion.Scope) error { out.Privileged = in.Privileged - if in.Capabilities != nil { - in, out := &in.Capabilities, &out.Capabilities + if in.DefaultAddCapabilities != nil { + in, out := &in.DefaultAddCapabilities, &out.DefaultAddCapabilities *out = make([]api.Capability, len(*in)) for i := range *in { (*out)[i] = api.Capability((*in)[i]) } } else { - out.Capabilities = nil + out.DefaultAddCapabilities = nil + } + if in.RequiredDropCapabilities != nil { + in, out := &in.RequiredDropCapabilities, &out.RequiredDropCapabilities + *out = make([]api.Capability, len(*in)) + for i := range *in { + (*out)[i] = api.Capability((*in)[i]) + } + } else { + out.RequiredDropCapabilities = nil + } + if in.AllowedCapabilities != nil { + in, out := &in.AllowedCapabilities, &out.AllowedCapabilities + *out = make([]api.Capability, len(*in)) + for i := range *in { + (*out)[i] = api.Capability((*in)[i]) + } + } else { + out.AllowedCapabilities = nil } if in.Volumes != nil { in, out := &in.Volumes, &out.Volumes @@ -1640,6 +1702,13 @@ func autoConvert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySp if err := Convert_v1beta1_RunAsUserStrategyOptions_To_extensions_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil { return err } + if err := Convert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil { + return err + } + if err := Convert_v1beta1_FSGroupStrategyOptions_To_extensions_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, s); err != nil { + return err + } + out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem return nil } @@ -1649,14 +1718,32 @@ func Convert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySpec(i func autoConvert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *extensions.PodSecurityPolicySpec, out *PodSecurityPolicySpec, s conversion.Scope) error { out.Privileged = in.Privileged - if in.Capabilities != nil { - in, out := &in.Capabilities, &out.Capabilities + if in.DefaultAddCapabilities != nil { + in, out := &in.DefaultAddCapabilities, &out.DefaultAddCapabilities *out = make([]v1.Capability, len(*in)) for i := range *in { (*out)[i] = v1.Capability((*in)[i]) } } else { - out.Capabilities = nil + out.DefaultAddCapabilities = nil + } + if in.RequiredDropCapabilities != nil { + in, out := &in.RequiredDropCapabilities, &out.RequiredDropCapabilities + *out = make([]v1.Capability, len(*in)) + for i := range *in { + (*out)[i] = v1.Capability((*in)[i]) + } + } else { + out.RequiredDropCapabilities = nil + } + if in.AllowedCapabilities != nil { + in, out := &in.AllowedCapabilities, &out.AllowedCapabilities + *out = make([]v1.Capability, len(*in)) + for i := range *in { + (*out)[i] = v1.Capability((*in)[i]) + } + } else { + out.AllowedCapabilities = nil } if in.Volumes != nil { in, out := &in.Volumes, &out.Volumes @@ -1687,6 +1774,13 @@ func autoConvert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySp if err := Convert_extensions_RunAsUserStrategyOptions_To_v1beta1_RunAsUserStrategyOptions(&in.RunAsUser, &out.RunAsUser, s); err != nil { return err } + if err := Convert_extensions_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(&in.SupplementalGroups, &out.SupplementalGroups, s); err != nil { + return err + } + if err := Convert_extensions_FSGroupStrategyOptions_To_v1beta1_FSGroupStrategyOptions(&in.FSGroup, &out.FSGroup, s); err != nil { + return err + } + out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem return nil } @@ -1987,6 +2081,46 @@ func Convert_extensions_ScaleSpec_To_v1beta1_ScaleSpec(in *extensions.ScaleSpec, return autoConvert_extensions_ScaleSpec_To_v1beta1_ScaleSpec(in, out, s) } +func autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions(in *SupplementalGroupsStrategyOptions, out *extensions.SupplementalGroupsStrategyOptions, s conversion.Scope) error { + out.Rule = extensions.SupplementalGroupsStrategyType(in.Rule) + if in.Ranges != nil { + in, out := &in.Ranges, &out.Ranges + *out = make([]extensions.IDRange, len(*in)) + for i := range *in { + if err := Convert_v1beta1_IDRange_To_extensions_IDRange(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Ranges = nil + } + return nil +} + +func Convert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions(in *SupplementalGroupsStrategyOptions, out *extensions.SupplementalGroupsStrategyOptions, s conversion.Scope) error { + return autoConvert_v1beta1_SupplementalGroupsStrategyOptions_To_extensions_SupplementalGroupsStrategyOptions(in, out, s) +} + +func autoConvert_extensions_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in *extensions.SupplementalGroupsStrategyOptions, out *SupplementalGroupsStrategyOptions, s conversion.Scope) error { + out.Rule = SupplementalGroupsStrategyType(in.Rule) + if in.Ranges != nil { + in, out := &in.Ranges, &out.Ranges + *out = make([]IDRange, len(*in)) + for i := range *in { + if err := Convert_extensions_IDRange_To_v1beta1_IDRange(&(*in)[i], &(*out)[i], s); err != nil { + return err + } + } + } else { + out.Ranges = nil + } + return nil +} + +func Convert_extensions_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in *extensions.SupplementalGroupsStrategyOptions, out *SupplementalGroupsStrategyOptions, s conversion.Scope) error { + return autoConvert_extensions_SupplementalGroupsStrategyOptions_To_v1beta1_SupplementalGroupsStrategyOptions(in, out, s) +} + func autoConvert_v1beta1_ThirdPartyResource_To_extensions_ThirdPartyResource(in *ThirdPartyResource, out *extensions.ThirdPartyResource, s conversion.Scope) error { if err := api.Convert_unversioned_TypeMeta_To_unversioned_TypeMeta(&in.TypeMeta, &out.TypeMeta, s); err != nil { return err diff --git a/pkg/apis/extensions/v1beta1/deep_copy_generated.go b/pkg/apis/extensions/v1beta1/deep_copy_generated.go index 4ffbb088917..7b359190e7e 100644 --- a/pkg/apis/extensions/v1beta1/deep_copy_generated.go +++ b/pkg/apis/extensions/v1beta1/deep_copy_generated.go @@ -48,6 +48,7 @@ func init() { DeepCopy_v1beta1_DeploymentStatus, DeepCopy_v1beta1_DeploymentStrategy, DeepCopy_v1beta1_ExportOptions, + DeepCopy_v1beta1_FSGroupStrategyOptions, DeepCopy_v1beta1_HTTPIngressPath, DeepCopy_v1beta1_HTTPIngressRuleValue, DeepCopy_v1beta1_HorizontalPodAutoscaler, @@ -88,6 +89,7 @@ func init() { DeepCopy_v1beta1_ScaleSpec, DeepCopy_v1beta1_ScaleStatus, DeepCopy_v1beta1_SubresourceReference, + DeepCopy_v1beta1_SupplementalGroupsStrategyOptions, DeepCopy_v1beta1_ThirdPartyResource, DeepCopy_v1beta1_ThirdPartyResourceData, DeepCopy_v1beta1_ThirdPartyResourceDataList, @@ -347,6 +349,22 @@ func DeepCopy_v1beta1_ExportOptions(in ExportOptions, out *ExportOptions, c *con return nil } +func DeepCopy_v1beta1_FSGroupStrategyOptions(in FSGroupStrategyOptions, out *FSGroupStrategyOptions, c *conversion.Cloner) error { + out.Rule = in.Rule + if in.Ranges != nil { + in, out := in.Ranges, &out.Ranges + *out = make([]IDRange, len(in)) + for i := range in { + if err := DeepCopy_v1beta1_IDRange(in[i], &(*out)[i], c); err != nil { + return err + } + } + } else { + out.Ranges = nil + } + return nil +} + func DeepCopy_v1beta1_HTTPIngressPath(in HTTPIngressPath, out *HTTPIngressPath, c *conversion.Cloner) error { out.Path = in.Path if err := DeepCopy_v1beta1_IngressBackend(in.Backend, &out.Backend, c); err != nil { @@ -814,14 +832,32 @@ func DeepCopy_v1beta1_PodSecurityPolicyList(in PodSecurityPolicyList, out *PodSe func DeepCopy_v1beta1_PodSecurityPolicySpec(in PodSecurityPolicySpec, out *PodSecurityPolicySpec, c *conversion.Cloner) error { out.Privileged = in.Privileged - if in.Capabilities != nil { - in, out := in.Capabilities, &out.Capabilities + if in.DefaultAddCapabilities != nil { + in, out := in.DefaultAddCapabilities, &out.DefaultAddCapabilities *out = make([]v1.Capability, len(in)) for i := range in { (*out)[i] = in[i] } } else { - out.Capabilities = nil + out.DefaultAddCapabilities = nil + } + if in.RequiredDropCapabilities != nil { + in, out := in.RequiredDropCapabilities, &out.RequiredDropCapabilities + *out = make([]v1.Capability, len(in)) + for i := range in { + (*out)[i] = in[i] + } + } else { + out.RequiredDropCapabilities = nil + } + if in.AllowedCapabilities != nil { + in, out := in.AllowedCapabilities, &out.AllowedCapabilities + *out = make([]v1.Capability, len(in)) + for i := range in { + (*out)[i] = in[i] + } + } else { + out.AllowedCapabilities = nil } if in.Volumes != nil { in, out := in.Volumes, &out.Volumes @@ -852,6 +888,13 @@ func DeepCopy_v1beta1_PodSecurityPolicySpec(in PodSecurityPolicySpec, out *PodSe if err := DeepCopy_v1beta1_RunAsUserStrategyOptions(in.RunAsUser, &out.RunAsUser, c); err != nil { return err } + if err := DeepCopy_v1beta1_SupplementalGroupsStrategyOptions(in.SupplementalGroups, &out.SupplementalGroups, c); err != nil { + return err + } + if err := DeepCopy_v1beta1_FSGroupStrategyOptions(in.FSGroup, &out.FSGroup, c); err != nil { + return err + } + out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem return nil } @@ -1030,6 +1073,22 @@ func DeepCopy_v1beta1_SubresourceReference(in SubresourceReference, out *Subreso return nil } +func DeepCopy_v1beta1_SupplementalGroupsStrategyOptions(in SupplementalGroupsStrategyOptions, out *SupplementalGroupsStrategyOptions, c *conversion.Cloner) error { + out.Rule = in.Rule + if in.Ranges != nil { + in, out := in.Ranges, &out.Ranges + *out = make([]IDRange, len(in)) + for i := range in { + if err := DeepCopy_v1beta1_IDRange(in[i], &(*out)[i], c); err != nil { + return err + } + } + } else { + out.Ranges = nil + } + return nil +} + func DeepCopy_v1beta1_ThirdPartyResource(in ThirdPartyResource, out *ThirdPartyResource, c *conversion.Cloner) error { if err := unversioned.DeepCopy_unversioned_TypeMeta(in.TypeMeta, &out.TypeMeta, c); err != nil { return err diff --git a/pkg/apis/extensions/v1beta1/generated.pb.go b/pkg/apis/extensions/v1beta1/generated.pb.go index 7e231b95e4f..70ea18bd5cd 100644 --- a/pkg/apis/extensions/v1beta1/generated.pb.go +++ b/pkg/apis/extensions/v1beta1/generated.pb.go @@ -42,6 +42,7 @@ limitations under the License. DeploymentStatus DeploymentStrategy ExportOptions + FSGroupStrategyOptions HTTPIngressPath HTTPIngressRuleValue HorizontalPodAutoscaler @@ -82,6 +83,7 @@ limitations under the License. ScaleSpec ScaleStatus SubresourceReference + SupplementalGroupsStrategyOptions ThirdPartyResource ThirdPartyResourceData ThirdPartyResourceDataList @@ -173,6 +175,10 @@ func (m *ExportOptions) Reset() { *m = ExportOptions{} } func (m *ExportOptions) String() string { return proto.CompactTextString(m) } func (*ExportOptions) ProtoMessage() {} +func (m *FSGroupStrategyOptions) Reset() { *m = FSGroupStrategyOptions{} } +func (m *FSGroupStrategyOptions) String() string { return proto.CompactTextString(m) } +func (*FSGroupStrategyOptions) ProtoMessage() {} + func (m *HTTPIngressPath) Reset() { *m = HTTPIngressPath{} } func (m *HTTPIngressPath) String() string { return proto.CompactTextString(m) } func (*HTTPIngressPath) ProtoMessage() {} @@ -333,6 +339,10 @@ func (m *SubresourceReference) Reset() { *m = SubresourceReference{} } func (m *SubresourceReference) String() string { return proto.CompactTextString(m) } func (*SubresourceReference) ProtoMessage() {} +func (m *SupplementalGroupsStrategyOptions) Reset() { *m = SupplementalGroupsStrategyOptions{} } +func (m *SupplementalGroupsStrategyOptions) String() string { return proto.CompactTextString(m) } +func (*SupplementalGroupsStrategyOptions) ProtoMessage() {} + func (m *ThirdPartyResource) Reset() { *m = ThirdPartyResource{} } func (m *ThirdPartyResource) String() string { return proto.CompactTextString(m) } func (*ThirdPartyResource) ProtoMessage() {} @@ -367,6 +377,7 @@ func init() { proto.RegisterType((*DeploymentStatus)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.DeploymentStatus") proto.RegisterType((*DeploymentStrategy)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.DeploymentStrategy") proto.RegisterType((*ExportOptions)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.ExportOptions") + proto.RegisterType((*FSGroupStrategyOptions)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.FSGroupStrategyOptions") proto.RegisterType((*HTTPIngressPath)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.HTTPIngressPath") proto.RegisterType((*HTTPIngressRuleValue)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.HTTPIngressRuleValue") proto.RegisterType((*HorizontalPodAutoscaler)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.HorizontalPodAutoscaler") @@ -407,6 +418,7 @@ func init() { proto.RegisterType((*ScaleSpec)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.ScaleSpec") proto.RegisterType((*ScaleStatus)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.ScaleStatus") proto.RegisterType((*SubresourceReference)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.SubresourceReference") + proto.RegisterType((*SupplementalGroupsStrategyOptions)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.SupplementalGroupsStrategyOptions") proto.RegisterType((*ThirdPartyResource)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.ThirdPartyResource") proto.RegisterType((*ThirdPartyResourceData)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.ThirdPartyResourceData") proto.RegisterType((*ThirdPartyResourceDataList)(nil), "k8s.io.kubernetes.pkg.apis.extensions.v1beta1.ThirdPartyResourceDataList") @@ -1019,6 +1031,40 @@ func (m *ExportOptions) MarshalTo(data []byte) (int, error) { return i, nil } +func (m *FSGroupStrategyOptions) Marshal() (data []byte, err error) { + size := m.Size() + data = make([]byte, size) + n, err := m.MarshalTo(data) + if err != nil { + return nil, err + } + return data[:n], nil +} + +func (m *FSGroupStrategyOptions) MarshalTo(data []byte) (int, error) { + var i int + _ = i + var l int + _ = l + data[i] = 0xa + i++ + i = encodeVarintGenerated(data, i, uint64(len(m.Rule))) + i += copy(data[i:], m.Rule) + if len(m.Ranges) > 0 { + for _, msg := range m.Ranges { + data[i] = 0x12 + i++ + i = encodeVarintGenerated(data, i, uint64(msg.Size())) + n, err := msg.MarshalTo(data[i:]) + if err != nil { + return 0, err + } + i += n + } + } + return i, nil +} + func (m *HTTPIngressPath) Marshal() (data []byte, err error) { size := m.Size() data = make([]byte, size) @@ -2054,8 +2100,8 @@ func (m *PodSecurityPolicySpec) MarshalTo(data []byte) (int, error) { data[i] = 0 } i++ - if len(m.Capabilities) > 0 { - for _, s := range m.Capabilities { + if len(m.DefaultAddCapabilities) > 0 { + for _, s := range m.DefaultAddCapabilities { data[i] = 0x12 i++ l = len(s) @@ -2069,9 +2115,39 @@ func (m *PodSecurityPolicySpec) MarshalTo(data []byte) (int, error) { i += copy(data[i:], s) } } + if len(m.RequiredDropCapabilities) > 0 { + for _, s := range m.RequiredDropCapabilities { + data[i] = 0x1a + i++ + l = len(s) + for l >= 1<<7 { + data[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + data[i] = uint8(l) + i++ + i += copy(data[i:], s) + } + } + if len(m.AllowedCapabilities) > 0 { + for _, s := range m.AllowedCapabilities { + data[i] = 0x22 + i++ + l = len(s) + for l >= 1<<7 { + data[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + data[i] = uint8(l) + i++ + i += copy(data[i:], s) + } + } if len(m.Volumes) > 0 { for _, s := range m.Volumes { - data[i] = 0x1a + data[i] = 0x2a i++ l = len(s) for l >= 1<<7 { @@ -2084,7 +2160,7 @@ func (m *PodSecurityPolicySpec) MarshalTo(data []byte) (int, error) { i += copy(data[i:], s) } } - data[i] = 0x20 + data[i] = 0x30 i++ if m.HostNetwork { data[i] = 1 @@ -2094,7 +2170,7 @@ func (m *PodSecurityPolicySpec) MarshalTo(data []byte) (int, error) { i++ if len(m.HostPorts) > 0 { for _, msg := range m.HostPorts { - data[i] = 0x2a + data[i] = 0x3a i++ i = encodeVarintGenerated(data, i, uint64(msg.Size())) n, err := msg.MarshalTo(data[i:]) @@ -2104,7 +2180,7 @@ func (m *PodSecurityPolicySpec) MarshalTo(data []byte) (int, error) { i += n } } - data[i] = 0x30 + data[i] = 0x40 i++ if m.HostPID { data[i] = 1 @@ -2112,7 +2188,7 @@ func (m *PodSecurityPolicySpec) MarshalTo(data []byte) (int, error) { data[i] = 0 } i++ - data[i] = 0x38 + data[i] = 0x48 i++ if m.HostIPC { data[i] = 1 @@ -2120,7 +2196,7 @@ func (m *PodSecurityPolicySpec) MarshalTo(data []byte) (int, error) { data[i] = 0 } i++ - data[i] = 0x42 + data[i] = 0x52 i++ i = encodeVarintGenerated(data, i, uint64(m.SELinux.Size())) n49, err := m.SELinux.MarshalTo(data[i:]) @@ -2128,7 +2204,7 @@ func (m *PodSecurityPolicySpec) MarshalTo(data []byte) (int, error) { return 0, err } i += n49 - data[i] = 0x4a + data[i] = 0x5a i++ i = encodeVarintGenerated(data, i, uint64(m.RunAsUser.Size())) n50, err := m.RunAsUser.MarshalTo(data[i:]) @@ -2136,6 +2212,30 @@ func (m *PodSecurityPolicySpec) MarshalTo(data []byte) (int, error) { return 0, err } i += n50 + data[i] = 0x62 + i++ + i = encodeVarintGenerated(data, i, uint64(m.SupplementalGroups.Size())) + n51, err := m.SupplementalGroups.MarshalTo(data[i:]) + if err != nil { + return 0, err + } + i += n51 + data[i] = 0x6a + i++ + i = encodeVarintGenerated(data, i, uint64(m.FSGroup.Size())) + n52, err := m.FSGroup.MarshalTo(data[i:]) + if err != nil { + return 0, err + } + i += n52 + data[i] = 0x70 + i++ + if m.ReadOnlyRootFilesystem { + data[i] = 1 + } else { + data[i] = 0 + } + i++ return i, nil } @@ -2157,27 +2257,27 @@ func (m *ReplicaSet) MarshalTo(data []byte) (int, error) { data[i] = 0xa i++ i = encodeVarintGenerated(data, i, uint64(m.ObjectMeta.Size())) - n51, err := m.ObjectMeta.MarshalTo(data[i:]) - if err != nil { - return 0, err - } - i += n51 - data[i] = 0x12 - i++ - i = encodeVarintGenerated(data, i, uint64(m.Spec.Size())) - n52, err := m.Spec.MarshalTo(data[i:]) - if err != nil { - return 0, err - } - i += n52 - data[i] = 0x1a - i++ - i = encodeVarintGenerated(data, i, uint64(m.Status.Size())) - n53, err := m.Status.MarshalTo(data[i:]) + n53, err := m.ObjectMeta.MarshalTo(data[i:]) if err != nil { return 0, err } i += n53 + data[i] = 0x12 + i++ + i = encodeVarintGenerated(data, i, uint64(m.Spec.Size())) + n54, err := m.Spec.MarshalTo(data[i:]) + if err != nil { + return 0, err + } + i += n54 + data[i] = 0x1a + i++ + i = encodeVarintGenerated(data, i, uint64(m.Status.Size())) + n55, err := m.Status.MarshalTo(data[i:]) + if err != nil { + return 0, err + } + i += n55 return i, nil } @@ -2199,11 +2299,11 @@ func (m *ReplicaSetList) MarshalTo(data []byte) (int, error) { data[i] = 0xa i++ i = encodeVarintGenerated(data, i, uint64(m.ListMeta.Size())) - n54, err := m.ListMeta.MarshalTo(data[i:]) + n56, err := m.ListMeta.MarshalTo(data[i:]) if err != nil { return 0, err } - i += n54 + i += n56 if len(m.Items) > 0 { for _, msg := range m.Items { data[i] = 0x12 @@ -2243,20 +2343,20 @@ func (m *ReplicaSetSpec) MarshalTo(data []byte) (int, error) { data[i] = 0x12 i++ i = encodeVarintGenerated(data, i, uint64(m.Selector.Size())) - n55, err := m.Selector.MarshalTo(data[i:]) + n57, err := m.Selector.MarshalTo(data[i:]) if err != nil { return 0, err } - i += n55 + i += n57 } data[i] = 0x1a i++ i = encodeVarintGenerated(data, i, uint64(m.Template.Size())) - n56, err := m.Template.MarshalTo(data[i:]) + n58, err := m.Template.MarshalTo(data[i:]) if err != nil { return 0, err } - i += n56 + i += n58 return i, nil } @@ -2345,21 +2445,21 @@ func (m *RollingUpdateDeployment) MarshalTo(data []byte) (int, error) { data[i] = 0xa i++ i = encodeVarintGenerated(data, i, uint64(m.MaxUnavailable.Size())) - n57, err := m.MaxUnavailable.MarshalTo(data[i:]) + n59, err := m.MaxUnavailable.MarshalTo(data[i:]) if err != nil { return 0, err } - i += n57 + i += n59 } if m.MaxSurge != nil { data[i] = 0x12 i++ i = encodeVarintGenerated(data, i, uint64(m.MaxSurge.Size())) - n58, err := m.MaxSurge.MarshalTo(data[i:]) + n60, err := m.MaxSurge.MarshalTo(data[i:]) if err != nil { return 0, err } - i += n58 + i += n60 } return i, nil } @@ -2421,11 +2521,11 @@ func (m *SELinuxStrategyOptions) MarshalTo(data []byte) (int, error) { data[i] = 0x12 i++ i = encodeVarintGenerated(data, i, uint64(m.SELinuxOptions.Size())) - n59, err := m.SELinuxOptions.MarshalTo(data[i:]) + n61, err := m.SELinuxOptions.MarshalTo(data[i:]) if err != nil { return 0, err } - i += n59 + i += n61 } return i, nil } @@ -2448,27 +2548,27 @@ func (m *Scale) MarshalTo(data []byte) (int, error) { data[i] = 0xa i++ i = encodeVarintGenerated(data, i, uint64(m.ObjectMeta.Size())) - n60, err := m.ObjectMeta.MarshalTo(data[i:]) - if err != nil { - return 0, err - } - i += n60 - data[i] = 0x12 - i++ - i = encodeVarintGenerated(data, i, uint64(m.Spec.Size())) - n61, err := m.Spec.MarshalTo(data[i:]) - if err != nil { - return 0, err - } - i += n61 - data[i] = 0x1a - i++ - i = encodeVarintGenerated(data, i, uint64(m.Status.Size())) - n62, err := m.Status.MarshalTo(data[i:]) + n62, err := m.ObjectMeta.MarshalTo(data[i:]) if err != nil { return 0, err } i += n62 + data[i] = 0x12 + i++ + i = encodeVarintGenerated(data, i, uint64(m.Spec.Size())) + n63, err := m.Spec.MarshalTo(data[i:]) + if err != nil { + return 0, err + } + i += n63 + data[i] = 0x1a + i++ + i = encodeVarintGenerated(data, i, uint64(m.Status.Size())) + n64, err := m.Status.MarshalTo(data[i:]) + if err != nil { + return 0, err + } + i += n64 return i, nil } @@ -2569,6 +2669,40 @@ func (m *SubresourceReference) MarshalTo(data []byte) (int, error) { return i, nil } +func (m *SupplementalGroupsStrategyOptions) Marshal() (data []byte, err error) { + size := m.Size() + data = make([]byte, size) + n, err := m.MarshalTo(data) + if err != nil { + return nil, err + } + return data[:n], nil +} + +func (m *SupplementalGroupsStrategyOptions) MarshalTo(data []byte) (int, error) { + var i int + _ = i + var l int + _ = l + data[i] = 0xa + i++ + i = encodeVarintGenerated(data, i, uint64(len(m.Rule))) + i += copy(data[i:], m.Rule) + if len(m.Ranges) > 0 { + for _, msg := range m.Ranges { + data[i] = 0x12 + i++ + i = encodeVarintGenerated(data, i, uint64(msg.Size())) + n, err := msg.MarshalTo(data[i:]) + if err != nil { + return 0, err + } + i += n + } + } + return i, nil +} + func (m *ThirdPartyResource) Marshal() (data []byte, err error) { size := m.Size() data = make([]byte, size) @@ -2587,11 +2721,11 @@ func (m *ThirdPartyResource) MarshalTo(data []byte) (int, error) { data[i] = 0xa i++ i = encodeVarintGenerated(data, i, uint64(m.ObjectMeta.Size())) - n63, err := m.ObjectMeta.MarshalTo(data[i:]) + n65, err := m.ObjectMeta.MarshalTo(data[i:]) if err != nil { return 0, err } - i += n63 + i += n65 data[i] = 0x12 i++ i = encodeVarintGenerated(data, i, uint64(len(m.Description))) @@ -2629,11 +2763,11 @@ func (m *ThirdPartyResourceData) MarshalTo(data []byte) (int, error) { data[i] = 0xa i++ i = encodeVarintGenerated(data, i, uint64(m.ObjectMeta.Size())) - n64, err := m.ObjectMeta.MarshalTo(data[i:]) + n66, err := m.ObjectMeta.MarshalTo(data[i:]) if err != nil { return 0, err } - i += n64 + i += n66 if m.Data != nil { data[i] = 0x12 i++ @@ -2661,11 +2795,11 @@ func (m *ThirdPartyResourceDataList) MarshalTo(data []byte) (int, error) { data[i] = 0xa i++ i = encodeVarintGenerated(data, i, uint64(m.ListMeta.Size())) - n65, err := m.ListMeta.MarshalTo(data[i:]) + n67, err := m.ListMeta.MarshalTo(data[i:]) if err != nil { return 0, err } - i += n65 + i += n67 if len(m.Items) > 0 { for _, msg := range m.Items { data[i] = 0x12 @@ -2699,11 +2833,11 @@ func (m *ThirdPartyResourceList) MarshalTo(data []byte) (int, error) { data[i] = 0xa i++ i = encodeVarintGenerated(data, i, uint64(m.ListMeta.Size())) - n66, err := m.ListMeta.MarshalTo(data[i:]) + n68, err := m.ListMeta.MarshalTo(data[i:]) if err != nil { return 0, err } - i += n66 + i += n68 if len(m.Items) > 0 { for _, msg := range m.Items { data[i] = 0x12 @@ -2953,6 +3087,20 @@ func (m *ExportOptions) Size() (n int) { return n } +func (m *FSGroupStrategyOptions) Size() (n int) { + var l int + _ = l + l = len(m.Rule) + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Ranges) > 0 { + for _, e := range m.Ranges { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + func (m *HTTPIngressPath) Size() (n int) { var l int _ = l @@ -3322,8 +3470,20 @@ func (m *PodSecurityPolicySpec) Size() (n int) { var l int _ = l n += 2 - if len(m.Capabilities) > 0 { - for _, s := range m.Capabilities { + if len(m.DefaultAddCapabilities) > 0 { + for _, s := range m.DefaultAddCapabilities { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.RequiredDropCapabilities) > 0 { + for _, s := range m.RequiredDropCapabilities { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.AllowedCapabilities) > 0 { + for _, s := range m.AllowedCapabilities { l = len(s) n += 1 + l + sovGenerated(uint64(l)) } @@ -3347,6 +3507,11 @@ func (m *PodSecurityPolicySpec) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = m.RunAsUser.Size() n += 1 + l + sovGenerated(uint64(l)) + l = m.SupplementalGroups.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.FSGroup.Size() + n += 1 + l + sovGenerated(uint64(l)) + n += 2 return n } @@ -3503,6 +3668,20 @@ func (m *SubresourceReference) Size() (n int) { return n } +func (m *SupplementalGroupsStrategyOptions) Size() (n int) { + var l int + _ = l + l = len(m.Rule) + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Ranges) > 0 { + for _, e := range m.Ranges { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + func (m *ThirdPartyResource) Size() (n int) { var l int _ = l @@ -5644,6 +5823,116 @@ func (m *ExportOptions) Unmarshal(data []byte) error { } return nil } +func (m *FSGroupStrategyOptions) Unmarshal(data []byte) error { + l := len(data) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: FSGroupStrategyOptions: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: FSGroupStrategyOptions: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Rule", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Rule = FSGroupStrategyType(data[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Ranges", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Ranges = append(m.Ranges, IDRange{}) + if err := m.Ranges[len(m.Ranges)-1].Unmarshal(data[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(data[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *HTTPIngressPath) Unmarshal(data []byte) error { l := len(data) iNdEx := 0 @@ -9112,7 +9401,7 @@ func (m *PodSecurityPolicySpec) Unmarshal(data []byte) error { m.Privileged = bool(v != 0) case 2: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Capabilities", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field DefaultAddCapabilities", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -9137,9 +9426,67 @@ func (m *PodSecurityPolicySpec) Unmarshal(data []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Capabilities = append(m.Capabilities, k8s_io_kubernetes_pkg_api_v1.Capability(data[iNdEx:postIndex])) + m.DefaultAddCapabilities = append(m.DefaultAddCapabilities, k8s_io_kubernetes_pkg_api_v1.Capability(data[iNdEx:postIndex])) iNdEx = postIndex case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RequiredDropCapabilities", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RequiredDropCapabilities = append(m.RequiredDropCapabilities, k8s_io_kubernetes_pkg_api_v1.Capability(data[iNdEx:postIndex])) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AllowedCapabilities", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AllowedCapabilities = append(m.AllowedCapabilities, k8s_io_kubernetes_pkg_api_v1.Capability(data[iNdEx:postIndex])) + iNdEx = postIndex + case 5: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Volumes", wireType) } @@ -9168,7 +9515,7 @@ func (m *PodSecurityPolicySpec) Unmarshal(data []byte) error { } m.Volumes = append(m.Volumes, FSType(data[iNdEx:postIndex])) iNdEx = postIndex - case 4: + case 6: if wireType != 0 { return fmt.Errorf("proto: wrong wireType = %d for field HostNetwork", wireType) } @@ -9188,7 +9535,7 @@ func (m *PodSecurityPolicySpec) Unmarshal(data []byte) error { } } m.HostNetwork = bool(v != 0) - case 5: + case 7: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field HostPorts", wireType) } @@ -9219,7 +9566,7 @@ func (m *PodSecurityPolicySpec) Unmarshal(data []byte) error { return err } iNdEx = postIndex - case 6: + case 8: if wireType != 0 { return fmt.Errorf("proto: wrong wireType = %d for field HostPID", wireType) } @@ -9239,7 +9586,7 @@ func (m *PodSecurityPolicySpec) Unmarshal(data []byte) error { } } m.HostPID = bool(v != 0) - case 7: + case 9: if wireType != 0 { return fmt.Errorf("proto: wrong wireType = %d for field HostIPC", wireType) } @@ -9259,7 +9606,7 @@ func (m *PodSecurityPolicySpec) Unmarshal(data []byte) error { } } m.HostIPC = bool(v != 0) - case 8: + case 10: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field SELinux", wireType) } @@ -9289,7 +9636,7 @@ func (m *PodSecurityPolicySpec) Unmarshal(data []byte) error { return err } iNdEx = postIndex - case 9: + case 11: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field RunAsUser", wireType) } @@ -9319,6 +9666,86 @@ func (m *PodSecurityPolicySpec) Unmarshal(data []byte) error { return err } iNdEx = postIndex + case 12: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SupplementalGroups", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.SupplementalGroups.Unmarshal(data[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field FSGroup", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.FSGroup.Unmarshal(data[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 14: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field ReadOnlyRootFilesystem", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + v |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + m.ReadOnlyRootFilesystem = bool(v != 0) default: iNdEx = preIndex skippy, err := skipGenerated(data[iNdEx:]) @@ -10872,6 +11299,116 @@ func (m *SubresourceReference) Unmarshal(data []byte) error { } return nil } +func (m *SupplementalGroupsStrategyOptions) Unmarshal(data []byte) error { + l := len(data) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SupplementalGroupsStrategyOptions: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SupplementalGroupsStrategyOptions: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Rule", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Rule = SupplementalGroupsStrategyType(data[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Ranges", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := data[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Ranges = append(m.Ranges, IDRange{}) + if err := m.Ranges[len(m.Ranges)-1].Unmarshal(data[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(data[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *ThirdPartyResource) Unmarshal(data []byte) error { l := len(data) iNdEx := 0 diff --git a/pkg/apis/extensions/v1beta1/generated.proto b/pkg/apis/extensions/v1beta1/generated.proto index e8af4854ccd..a16b98b2fd5 100644 --- a/pkg/apis/extensions/v1beta1/generated.proto +++ b/pkg/apis/extensions/v1beta1/generated.proto @@ -235,6 +235,16 @@ message ExportOptions { optional bool exact = 2; } +// FSGroupStrategyOptions defines the strategy type and options used to create the strategy. +message FSGroupStrategyOptions { + // Rule is the strategy that will dictate what FSGroup is used in the SecurityContext. + optional string rule = 1; + + // Ranges are the allowed ranges of fs groups. If you would like to force a single + // fs group then supply a single range with the same start and end. + repeated IDRange ranges = 2; +} + // HTTPIngressPath associates a path regex with a backend. Incoming urls matching // the path are forwarded to the backend. message HTTPIngressPath { @@ -641,30 +651,54 @@ message PodSecurityPolicySpec { // privileged determines if a pod can request to be run as privileged. optional bool privileged = 1; - // capabilities is a list of capabilities that can be added. - repeated string capabilities = 2; + // DefaultAddCapabilities is the default set of capabilities that will be added to the container + // unless the pod spec specifically drops the capability. You may not list a capabiility in both + // DefaultAddCapabilities and RequiredDropCapabilities. + repeated string defaultAddCapabilities = 2; + + // RequiredDropCapabilities are the capabilities that will be dropped from the container. These + // are required to be dropped and cannot be added. + repeated string requiredDropCapabilities = 3; + + // AllowedCapabilities is a list of capabilities that can be requested to add to the container. + // Capabilities in this field may be added at the pod author's discretion. + // You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. + repeated string allowedCapabilities = 4; // volumes is a white list of allowed volume plugins. Empty indicates that all plugins // may be used. - repeated string volumes = 3; + repeated string volumes = 5; // hostNetwork determines if the policy allows the use of HostNetwork in the pod spec. - optional bool hostNetwork = 4; + optional bool hostNetwork = 6; // hostPorts determines which host port ranges are allowed to be exposed. - repeated HostPortRange hostPorts = 5; + repeated HostPortRange hostPorts = 7; // hostPID determines if the policy allows the use of HostPID in the pod spec. - optional bool hostPID = 6; + optional bool hostPID = 8; // hostIPC determines if the policy allows the use of HostIPC in the pod spec. - optional bool hostIPC = 7; + optional bool hostIPC = 9; // seLinux is the strategy that will dictate the allowable labels that may be set. - optional SELinuxStrategyOptions seLinux = 8; + optional SELinuxStrategyOptions seLinux = 10; // runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set. - optional RunAsUserStrategyOptions runAsUser = 9; + optional RunAsUserStrategyOptions runAsUser = 11; + + // SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. + optional SupplementalGroupsStrategyOptions supplementalGroups = 12; + + // FSGroup is the strategy that will dictate what fs group is used by the SecurityContext. + optional FSGroupStrategyOptions fsGroup = 13; + + // ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file + // system. If the container specifically requests to run with a non-read only root file system + // the PSP should deny the pod. + // If set to false the container may run with a read only root file system if it wishes but it + // will not be forced to. + optional bool readOnlyRootFilesystem = 14; } // ReplicaSet represents the configuration of a ReplicaSet. @@ -836,6 +870,16 @@ message SubresourceReference { optional string subresource = 4; } +// SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy. +message SupplementalGroupsStrategyOptions { + // Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext. + optional string rule = 1; + + // Ranges are the allowed ranges of supplemental groups. If you would like to force a single + // supplemental group then supply a single range with the same start and end. + repeated IDRange ranges = 2; +} + // A ThirdPartyResource is a generic representation of a resource, it is used by add-ons and plugins to add new resource // types to the API. It consists of one or more Versions of the api. message ThirdPartyResource { diff --git a/pkg/apis/extensions/v1beta1/types.generated.go b/pkg/apis/extensions/v1beta1/types.generated.go index 7f82d21e7a8..0c5b16fbf53 100644 --- a/pkg/apis/extensions/v1beta1/types.generated.go +++ b/pkg/apis/extensions/v1beta1/types.generated.go @@ -16765,23 +16765,24 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { yysep2 := !z.EncBinary() yy2arr2 := z.EncBasicHandle().StructToArray - var yyq2 [9]bool + var yyq2 [14]bool _, _, _ = yysep2, yyq2, yy2arr2 const yyr2 bool = false yyq2[0] = x.Privileged != false - yyq2[1] = len(x.Capabilities) != 0 - yyq2[2] = len(x.Volumes) != 0 - yyq2[3] = x.HostNetwork != false - yyq2[4] = len(x.HostPorts) != 0 - yyq2[5] = x.HostPID != false - yyq2[6] = x.HostIPC != false - yyq2[7] = true - yyq2[8] = true + yyq2[1] = len(x.DefaultAddCapabilities) != 0 + yyq2[2] = len(x.RequiredDropCapabilities) != 0 + yyq2[3] = len(x.AllowedCapabilities) != 0 + yyq2[4] = len(x.Volumes) != 0 + yyq2[5] = x.HostNetwork != false + yyq2[6] = len(x.HostPorts) != 0 + yyq2[7] = x.HostPID != false + yyq2[8] = x.HostIPC != false + yyq2[13] = x.ReadOnlyRootFilesystem != false var yynn2 int if yyr2 || yy2arr2 { - r.EncodeArrayStart(9) + r.EncodeArrayStart(14) } else { - yynn2 = 0 + yynn2 = 4 for _, b := range yyq2 { if b { yynn2++ @@ -16818,14 +16819,14 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) if yyq2[1] { - if x.Capabilities == nil { + if x.DefaultAddCapabilities == nil { r.EncodeNil() } else { yym7 := z.EncBinary() _ = yym7 if false { } else { - h.encSlicev1_Capability(([]pkg2_v1.Capability)(x.Capabilities), e) + h.encSlicev1_Capability(([]pkg2_v1.Capability)(x.DefaultAddCapabilities), e) } } } else { @@ -16834,16 +16835,16 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { if yyq2[1] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("capabilities")) + r.EncodeString(codecSelferC_UTF81234, string("defaultAddCapabilities")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - if x.Capabilities == nil { + if x.DefaultAddCapabilities == nil { r.EncodeNil() } else { yym8 := z.EncBinary() _ = yym8 if false { } else { - h.encSlicev1_Capability(([]pkg2_v1.Capability)(x.Capabilities), e) + h.encSlicev1_Capability(([]pkg2_v1.Capability)(x.DefaultAddCapabilities), e) } } } @@ -16851,14 +16852,14 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) if yyq2[2] { - if x.Volumes == nil { + if x.RequiredDropCapabilities == nil { r.EncodeNil() } else { yym10 := z.EncBinary() _ = yym10 if false { } else { - h.encSliceFSType(([]FSType)(x.Volumes), e) + h.encSlicev1_Capability(([]pkg2_v1.Capability)(x.RequiredDropCapabilities), e) } } } else { @@ -16867,16 +16868,16 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { if yyq2[2] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("volumes")) + r.EncodeString(codecSelferC_UTF81234, string("requiredDropCapabilities")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - if x.Volumes == nil { + if x.RequiredDropCapabilities == nil { r.EncodeNil() } else { yym11 := z.EncBinary() _ = yym11 if false { } else { - h.encSliceFSType(([]FSType)(x.Volumes), e) + h.encSlicev1_Capability(([]pkg2_v1.Capability)(x.RequiredDropCapabilities), e) } } } @@ -16884,39 +16885,47 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) if yyq2[3] { - yym13 := z.EncBinary() - _ = yym13 - if false { + if x.AllowedCapabilities == nil { + r.EncodeNil() } else { - r.EncodeBool(bool(x.HostNetwork)) + yym13 := z.EncBinary() + _ = yym13 + if false { + } else { + h.encSlicev1_Capability(([]pkg2_v1.Capability)(x.AllowedCapabilities), e) + } } } else { - r.EncodeBool(false) + r.EncodeNil() } } else { if yyq2[3] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("hostNetwork")) + r.EncodeString(codecSelferC_UTF81234, string("allowedCapabilities")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym14 := z.EncBinary() - _ = yym14 - if false { + if x.AllowedCapabilities == nil { + r.EncodeNil() } else { - r.EncodeBool(bool(x.HostNetwork)) + yym14 := z.EncBinary() + _ = yym14 + if false { + } else { + h.encSlicev1_Capability(([]pkg2_v1.Capability)(x.AllowedCapabilities), e) + } } } } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) if yyq2[4] { - if x.HostPorts == nil { + if x.Volumes == nil { r.EncodeNil() } else { yym16 := z.EncBinary() _ = yym16 if false { } else { - h.encSliceHostPortRange(([]HostPortRange)(x.HostPorts), e) + h.encSliceFSType(([]FSType)(x.Volumes), e) } } } else { @@ -16925,16 +16934,16 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { if yyq2[4] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("hostPorts")) + r.EncodeString(codecSelferC_UTF81234, string("volumes")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - if x.HostPorts == nil { + if x.Volumes == nil { r.EncodeNil() } else { yym17 := z.EncBinary() _ = yym17 if false { } else { - h.encSliceHostPortRange(([]HostPortRange)(x.HostPorts), e) + h.encSliceFSType(([]FSType)(x.Volumes), e) } } } @@ -16946,7 +16955,7 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { _ = yym19 if false { } else { - r.EncodeBool(bool(x.HostPID)) + r.EncodeBool(bool(x.HostNetwork)) } } else { r.EncodeBool(false) @@ -16954,11 +16963,69 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } else { if yyq2[5] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("hostPID")) + r.EncodeString(codecSelferC_UTF81234, string("hostNetwork")) z.EncSendContainerState(codecSelfer_containerMapValue1234) yym20 := z.EncBinary() _ = yym20 if false { + } else { + r.EncodeBool(bool(x.HostNetwork)) + } + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[6] { + if x.HostPorts == nil { + r.EncodeNil() + } else { + yym22 := z.EncBinary() + _ = yym22 + if false { + } else { + h.encSliceHostPortRange(([]HostPortRange)(x.HostPorts), e) + } + } + } else { + r.EncodeNil() + } + } else { + if yyq2[6] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("hostPorts")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + if x.HostPorts == nil { + r.EncodeNil() + } else { + yym23 := z.EncBinary() + _ = yym23 + if false { + } else { + h.encSliceHostPortRange(([]HostPortRange)(x.HostPorts), e) + } + } + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[7] { + yym25 := z.EncBinary() + _ = yym25 + if false { + } else { + r.EncodeBool(bool(x.HostPID)) + } + } else { + r.EncodeBool(false) + } + } else { + if yyq2[7] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("hostPID")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yym26 := z.EncBinary() + _ = yym26 + if false { } else { r.EncodeBool(bool(x.HostPID)) } @@ -16966,9 +17033,9 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq2[6] { - yym22 := z.EncBinary() - _ = yym22 + if yyq2[8] { + yym28 := z.EncBinary() + _ = yym28 if false { } else { r.EncodeBool(bool(x.HostIPC)) @@ -16977,12 +17044,12 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { r.EncodeBool(false) } } else { - if yyq2[6] { + if yyq2[8] { z.EncSendContainerState(codecSelfer_containerMapKey1234) r.EncodeString(codecSelferC_UTF81234, string("hostIPC")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yym23 := z.EncBinary() - _ = yym23 + yym29 := z.EncBinary() + _ = yym29 if false { } else { r.EncodeBool(bool(x.HostIPC)) @@ -16991,36 +17058,71 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) { } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq2[7] { - yy25 := &x.SELinux - yy25.CodecEncodeSelf(e) - } else { - r.EncodeNil() - } + yy31 := &x.SELinux + yy31.CodecEncodeSelf(e) } else { - if yyq2[7] { - z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("seLinux")) - z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy27 := &x.SELinux - yy27.CodecEncodeSelf(e) - } + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("seLinux")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yy33 := &x.SELinux + yy33.CodecEncodeSelf(e) } if yyr2 || yy2arr2 { z.EncSendContainerState(codecSelfer_containerArrayElem1234) - if yyq2[8] { - yy30 := &x.RunAsUser - yy30.CodecEncodeSelf(e) + yy36 := &x.RunAsUser + yy36.CodecEncodeSelf(e) + } else { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("runAsUser")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yy38 := &x.RunAsUser + yy38.CodecEncodeSelf(e) + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy41 := &x.SupplementalGroups + yy41.CodecEncodeSelf(e) + } else { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("supplementalGroups")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yy43 := &x.SupplementalGroups + yy43.CodecEncodeSelf(e) + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + yy46 := &x.FSGroup + yy46.CodecEncodeSelf(e) + } else { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("fsGroup")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + yy48 := &x.FSGroup + yy48.CodecEncodeSelf(e) + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[13] { + yym51 := z.EncBinary() + _ = yym51 + if false { + } else { + r.EncodeBool(bool(x.ReadOnlyRootFilesystem)) + } } else { - r.EncodeNil() + r.EncodeBool(false) } } else { - if yyq2[8] { + if yyq2[13] { z.EncSendContainerState(codecSelfer_containerMapKey1234) - r.EncodeString(codecSelferC_UTF81234, string("runAsUser")) + r.EncodeString(codecSelferC_UTF81234, string("readOnlyRootFilesystem")) z.EncSendContainerState(codecSelfer_containerMapValue1234) - yy32 := &x.RunAsUser - yy32.CodecEncodeSelf(e) + yym52 := z.EncBinary() + _ = yym52 + if false { + } else { + r.EncodeBool(bool(x.ReadOnlyRootFilesystem)) + } } } if yyr2 || yy2arr2 { @@ -17090,11 +17192,11 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromMap(l int, d *codec1978.Decod } else { x.Privileged = bool(r.DecodeBool()) } - case "capabilities": + case "defaultAddCapabilities": if r.TryDecodeAsNil() { - x.Capabilities = nil + x.DefaultAddCapabilities = nil } else { - yyv5 := &x.Capabilities + yyv5 := &x.DefaultAddCapabilities yym6 := z.DecBinary() _ = yym6 if false { @@ -17102,16 +17204,40 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromMap(l int, d *codec1978.Decod h.decSlicev1_Capability((*[]pkg2_v1.Capability)(yyv5), d) } } - case "volumes": + case "requiredDropCapabilities": if r.TryDecodeAsNil() { - x.Volumes = nil + x.RequiredDropCapabilities = nil } else { - yyv7 := &x.Volumes + yyv7 := &x.RequiredDropCapabilities yym8 := z.DecBinary() _ = yym8 if false { } else { - h.decSliceFSType((*[]FSType)(yyv7), d) + h.decSlicev1_Capability((*[]pkg2_v1.Capability)(yyv7), d) + } + } + case "allowedCapabilities": + if r.TryDecodeAsNil() { + x.AllowedCapabilities = nil + } else { + yyv9 := &x.AllowedCapabilities + yym10 := z.DecBinary() + _ = yym10 + if false { + } else { + h.decSlicev1_Capability((*[]pkg2_v1.Capability)(yyv9), d) + } + } + case "volumes": + if r.TryDecodeAsNil() { + x.Volumes = nil + } else { + yyv11 := &x.Volumes + yym12 := z.DecBinary() + _ = yym12 + if false { + } else { + h.decSliceFSType((*[]FSType)(yyv11), d) } } case "hostNetwork": @@ -17124,12 +17250,12 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromMap(l int, d *codec1978.Decod if r.TryDecodeAsNil() { x.HostPorts = nil } else { - yyv10 := &x.HostPorts - yym11 := z.DecBinary() - _ = yym11 + yyv14 := &x.HostPorts + yym15 := z.DecBinary() + _ = yym15 if false { } else { - h.decSliceHostPortRange((*[]HostPortRange)(yyv10), d) + h.decSliceHostPortRange((*[]HostPortRange)(yyv14), d) } } case "hostPID": @@ -17148,15 +17274,35 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromMap(l int, d *codec1978.Decod if r.TryDecodeAsNil() { x.SELinux = SELinuxStrategyOptions{} } else { - yyv14 := &x.SELinux - yyv14.CodecDecodeSelf(d) + yyv18 := &x.SELinux + yyv18.CodecDecodeSelf(d) } case "runAsUser": if r.TryDecodeAsNil() { x.RunAsUser = RunAsUserStrategyOptions{} } else { - yyv15 := &x.RunAsUser - yyv15.CodecDecodeSelf(d) + yyv19 := &x.RunAsUser + yyv19.CodecDecodeSelf(d) + } + case "supplementalGroups": + if r.TryDecodeAsNil() { + x.SupplementalGroups = SupplementalGroupsStrategyOptions{} + } else { + yyv20 := &x.SupplementalGroups + yyv20.CodecDecodeSelf(d) + } + case "fsGroup": + if r.TryDecodeAsNil() { + x.FSGroup = FSGroupStrategyOptions{} + } else { + yyv21 := &x.FSGroup + yyv21.CodecDecodeSelf(d) + } + case "readOnlyRootFilesystem": + if r.TryDecodeAsNil() { + x.ReadOnlyRootFilesystem = false + } else { + x.ReadOnlyRootFilesystem = bool(r.DecodeBool()) } default: z.DecStructFieldNotFound(-1, yys3) @@ -17169,16 +17315,16 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec var h codecSelfer1234 z, r := codec1978.GenHelperDecoder(d) _, _, _ = h, z, r - var yyj16 int - var yyb16 bool - var yyhl16 bool = l >= 0 - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + var yyj23 int + var yyb23 bool + var yyhl23 bool = l >= 0 + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -17188,35 +17334,79 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec } else { x.Privileged = bool(r.DecodeBool()) } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } z.DecSendContainerState(codecSelfer_containerArrayElem1234) if r.TryDecodeAsNil() { - x.Capabilities = nil + x.DefaultAddCapabilities = nil } else { - yyv18 := &x.Capabilities - yym19 := z.DecBinary() - _ = yym19 + yyv25 := &x.DefaultAddCapabilities + yym26 := z.DecBinary() + _ = yym26 if false { } else { - h.decSlicev1_Capability((*[]pkg2_v1.Capability)(yyv18), d) + h.decSlicev1_Capability((*[]pkg2_v1.Capability)(yyv25), d) } } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.RequiredDropCapabilities = nil + } else { + yyv27 := &x.RequiredDropCapabilities + yym28 := z.DecBinary() + _ = yym28 + if false { + } else { + h.decSlicev1_Capability((*[]pkg2_v1.Capability)(yyv27), d) + } + } + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l + } else { + yyb23 = r.CheckBreak() + } + if yyb23 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.AllowedCapabilities = nil + } else { + yyv29 := &x.AllowedCapabilities + yym30 := z.DecBinary() + _ = yym30 + if false { + } else { + h.decSlicev1_Capability((*[]pkg2_v1.Capability)(yyv29), d) + } + } + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l + } else { + yyb23 = r.CheckBreak() + } + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -17224,21 +17414,21 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec if r.TryDecodeAsNil() { x.Volumes = nil } else { - yyv20 := &x.Volumes - yym21 := z.DecBinary() - _ = yym21 + yyv31 := &x.Volumes + yym32 := z.DecBinary() + _ = yym32 if false { } else { - h.decSliceFSType((*[]FSType)(yyv20), d) + h.decSliceFSType((*[]FSType)(yyv31), d) } } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -17248,13 +17438,13 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec } else { x.HostNetwork = bool(r.DecodeBool()) } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -17262,21 +17452,21 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec if r.TryDecodeAsNil() { x.HostPorts = nil } else { - yyv23 := &x.HostPorts - yym24 := z.DecBinary() - _ = yym24 + yyv34 := &x.HostPorts + yym35 := z.DecBinary() + _ = yym35 if false { } else { - h.decSliceHostPortRange((*[]HostPortRange)(yyv23), d) + h.decSliceHostPortRange((*[]HostPortRange)(yyv34), d) } } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -17286,13 +17476,13 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec } else { x.HostPID = bool(r.DecodeBool()) } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -17302,13 +17492,13 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec } else { x.HostIPC = bool(r.DecodeBool()) } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -17316,16 +17506,16 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec if r.TryDecodeAsNil() { x.SELinux = SELinuxStrategyOptions{} } else { - yyv27 := &x.SELinux - yyv27.CodecDecodeSelf(d) + yyv38 := &x.SELinux + yyv38.CodecDecodeSelf(d) } - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { z.DecSendContainerState(codecSelfer_containerArrayEnd1234) return } @@ -17333,21 +17523,71 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec if r.TryDecodeAsNil() { x.RunAsUser = RunAsUserStrategyOptions{} } else { - yyv28 := &x.RunAsUser - yyv28.CodecDecodeSelf(d) + yyv39 := &x.RunAsUser + yyv39.CodecDecodeSelf(d) + } + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l + } else { + yyb23 = r.CheckBreak() + } + if yyb23 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.SupplementalGroups = SupplementalGroupsStrategyOptions{} + } else { + yyv40 := &x.SupplementalGroups + yyv40.CodecDecodeSelf(d) + } + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l + } else { + yyb23 = r.CheckBreak() + } + if yyb23 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.FSGroup = FSGroupStrategyOptions{} + } else { + yyv41 := &x.FSGroup + yyv41.CodecDecodeSelf(d) + } + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l + } else { + yyb23 = r.CheckBreak() + } + if yyb23 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.ReadOnlyRootFilesystem = false + } else { + x.ReadOnlyRootFilesystem = bool(r.DecodeBool()) } for { - yyj16++ - if yyhl16 { - yyb16 = yyj16 > l + yyj23++ + if yyhl23 { + yyb23 = yyj23 > l } else { - yyb16 = r.CheckBreak() + yyb23 = r.CheckBreak() } - if yyb16 { + if yyb23 { break } z.DecSendContainerState(codecSelfer_containerArrayElem1234) - z.DecStructFieldNotFound(yyj16-1, "") + z.DecStructFieldNotFound(yyj23-1, "") } z.DecSendContainerState(codecSelfer_containerArrayEnd1234) } @@ -18264,6 +18504,512 @@ func (x *RunAsUserStrategy) CodecDecodeSelf(d *codec1978.Decoder) { } } +func (x *FSGroupStrategyOptions) CodecEncodeSelf(e *codec1978.Encoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperEncoder(e) + _, _, _ = h, z, r + if x == nil { + r.EncodeNil() + } else { + yym1 := z.EncBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.EncExt(x) { + } else { + yysep2 := !z.EncBinary() + yy2arr2 := z.EncBasicHandle().StructToArray + var yyq2 [2]bool + _, _, _ = yysep2, yyq2, yy2arr2 + const yyr2 bool = false + yyq2[0] = x.Rule != "" + yyq2[1] = len(x.Ranges) != 0 + var yynn2 int + if yyr2 || yy2arr2 { + r.EncodeArrayStart(2) + } else { + yynn2 = 0 + for _, b := range yyq2 { + if b { + yynn2++ + } + } + r.EncodeMapStart(yynn2) + yynn2 = 0 + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[0] { + x.Rule.CodecEncodeSelf(e) + } else { + r.EncodeString(codecSelferC_UTF81234, "") + } + } else { + if yyq2[0] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("rule")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + x.Rule.CodecEncodeSelf(e) + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[1] { + if x.Ranges == nil { + r.EncodeNil() + } else { + yym7 := z.EncBinary() + _ = yym7 + if false { + } else { + h.encSliceIDRange(([]IDRange)(x.Ranges), e) + } + } + } else { + r.EncodeNil() + } + } else { + if yyq2[1] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("ranges")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + if x.Ranges == nil { + r.EncodeNil() + } else { + yym8 := z.EncBinary() + _ = yym8 + if false { + } else { + h.encSliceIDRange(([]IDRange)(x.Ranges), e) + } + } + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayEnd1234) + } else { + z.EncSendContainerState(codecSelfer_containerMapEnd1234) + } + } + } +} + +func (x *FSGroupStrategyOptions) CodecDecodeSelf(d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + yym1 := z.DecBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.DecExt(x) { + } else { + yyct2 := r.ContainerType() + if yyct2 == codecSelferValueTypeMap1234 { + yyl2 := r.ReadMapStart() + if yyl2 == 0 { + z.DecSendContainerState(codecSelfer_containerMapEnd1234) + } else { + x.codecDecodeSelfFromMap(yyl2, d) + } + } else if yyct2 == codecSelferValueTypeArray1234 { + yyl2 := r.ReadArrayStart() + if yyl2 == 0 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + } else { + x.codecDecodeSelfFromArray(yyl2, d) + } + } else { + panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234) + } + } +} + +func (x *FSGroupStrategyOptions) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + var yys3Slc = z.DecScratchBuffer() // default slice to decode into + _ = yys3Slc + var yyhl3 bool = l >= 0 + for yyj3 := 0; ; yyj3++ { + if yyhl3 { + if yyj3 >= l { + break + } + } else { + if r.CheckBreak() { + break + } + } + z.DecSendContainerState(codecSelfer_containerMapKey1234) + yys3Slc = r.DecodeBytes(yys3Slc, true, true) + yys3 := string(yys3Slc) + z.DecSendContainerState(codecSelfer_containerMapValue1234) + switch yys3 { + case "rule": + if r.TryDecodeAsNil() { + x.Rule = "" + } else { + x.Rule = FSGroupStrategyType(r.DecodeString()) + } + case "ranges": + if r.TryDecodeAsNil() { + x.Ranges = nil + } else { + yyv5 := &x.Ranges + yym6 := z.DecBinary() + _ = yym6 + if false { + } else { + h.decSliceIDRange((*[]IDRange)(yyv5), d) + } + } + default: + z.DecStructFieldNotFound(-1, yys3) + } // end switch yys3 + } // end for yyj3 + z.DecSendContainerState(codecSelfer_containerMapEnd1234) +} + +func (x *FSGroupStrategyOptions) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + var yyj7 int + var yyb7 bool + var yyhl7 bool = l >= 0 + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.Rule = "" + } else { + x.Rule = FSGroupStrategyType(r.DecodeString()) + } + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.Ranges = nil + } else { + yyv9 := &x.Ranges + yym10 := z.DecBinary() + _ = yym10 + if false { + } else { + h.decSliceIDRange((*[]IDRange)(yyv9), d) + } + } + for { + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + break + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + z.DecStructFieldNotFound(yyj7-1, "") + } + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) +} + +func (x FSGroupStrategyType) CodecEncodeSelf(e *codec1978.Encoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperEncoder(e) + _, _, _ = h, z, r + yym1 := z.EncBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.EncExt(x) { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x)) + } +} + +func (x *FSGroupStrategyType) CodecDecodeSelf(d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + yym1 := z.DecBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.DecExt(x) { + } else { + *((*string)(x)) = r.DecodeString() + } +} + +func (x *SupplementalGroupsStrategyOptions) CodecEncodeSelf(e *codec1978.Encoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperEncoder(e) + _, _, _ = h, z, r + if x == nil { + r.EncodeNil() + } else { + yym1 := z.EncBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.EncExt(x) { + } else { + yysep2 := !z.EncBinary() + yy2arr2 := z.EncBasicHandle().StructToArray + var yyq2 [2]bool + _, _, _ = yysep2, yyq2, yy2arr2 + const yyr2 bool = false + yyq2[0] = x.Rule != "" + yyq2[1] = len(x.Ranges) != 0 + var yynn2 int + if yyr2 || yy2arr2 { + r.EncodeArrayStart(2) + } else { + yynn2 = 0 + for _, b := range yyq2 { + if b { + yynn2++ + } + } + r.EncodeMapStart(yynn2) + yynn2 = 0 + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[0] { + x.Rule.CodecEncodeSelf(e) + } else { + r.EncodeString(codecSelferC_UTF81234, "") + } + } else { + if yyq2[0] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("rule")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + x.Rule.CodecEncodeSelf(e) + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayElem1234) + if yyq2[1] { + if x.Ranges == nil { + r.EncodeNil() + } else { + yym7 := z.EncBinary() + _ = yym7 + if false { + } else { + h.encSliceIDRange(([]IDRange)(x.Ranges), e) + } + } + } else { + r.EncodeNil() + } + } else { + if yyq2[1] { + z.EncSendContainerState(codecSelfer_containerMapKey1234) + r.EncodeString(codecSelferC_UTF81234, string("ranges")) + z.EncSendContainerState(codecSelfer_containerMapValue1234) + if x.Ranges == nil { + r.EncodeNil() + } else { + yym8 := z.EncBinary() + _ = yym8 + if false { + } else { + h.encSliceIDRange(([]IDRange)(x.Ranges), e) + } + } + } + } + if yyr2 || yy2arr2 { + z.EncSendContainerState(codecSelfer_containerArrayEnd1234) + } else { + z.EncSendContainerState(codecSelfer_containerMapEnd1234) + } + } + } +} + +func (x *SupplementalGroupsStrategyOptions) CodecDecodeSelf(d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + yym1 := z.DecBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.DecExt(x) { + } else { + yyct2 := r.ContainerType() + if yyct2 == codecSelferValueTypeMap1234 { + yyl2 := r.ReadMapStart() + if yyl2 == 0 { + z.DecSendContainerState(codecSelfer_containerMapEnd1234) + } else { + x.codecDecodeSelfFromMap(yyl2, d) + } + } else if yyct2 == codecSelferValueTypeArray1234 { + yyl2 := r.ReadArrayStart() + if yyl2 == 0 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + } else { + x.codecDecodeSelfFromArray(yyl2, d) + } + } else { + panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234) + } + } +} + +func (x *SupplementalGroupsStrategyOptions) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + var yys3Slc = z.DecScratchBuffer() // default slice to decode into + _ = yys3Slc + var yyhl3 bool = l >= 0 + for yyj3 := 0; ; yyj3++ { + if yyhl3 { + if yyj3 >= l { + break + } + } else { + if r.CheckBreak() { + break + } + } + z.DecSendContainerState(codecSelfer_containerMapKey1234) + yys3Slc = r.DecodeBytes(yys3Slc, true, true) + yys3 := string(yys3Slc) + z.DecSendContainerState(codecSelfer_containerMapValue1234) + switch yys3 { + case "rule": + if r.TryDecodeAsNil() { + x.Rule = "" + } else { + x.Rule = SupplementalGroupsStrategyType(r.DecodeString()) + } + case "ranges": + if r.TryDecodeAsNil() { + x.Ranges = nil + } else { + yyv5 := &x.Ranges + yym6 := z.DecBinary() + _ = yym6 + if false { + } else { + h.decSliceIDRange((*[]IDRange)(yyv5), d) + } + } + default: + z.DecStructFieldNotFound(-1, yys3) + } // end switch yys3 + } // end for yyj3 + z.DecSendContainerState(codecSelfer_containerMapEnd1234) +} + +func (x *SupplementalGroupsStrategyOptions) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + var yyj7 int + var yyb7 bool + var yyhl7 bool = l >= 0 + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.Rule = "" + } else { + x.Rule = SupplementalGroupsStrategyType(r.DecodeString()) + } + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) + return + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + if r.TryDecodeAsNil() { + x.Ranges = nil + } else { + yyv9 := &x.Ranges + yym10 := z.DecBinary() + _ = yym10 + if false { + } else { + h.decSliceIDRange((*[]IDRange)(yyv9), d) + } + } + for { + yyj7++ + if yyhl7 { + yyb7 = yyj7 > l + } else { + yyb7 = r.CheckBreak() + } + if yyb7 { + break + } + z.DecSendContainerState(codecSelfer_containerArrayElem1234) + z.DecStructFieldNotFound(yyj7-1, "") + } + z.DecSendContainerState(codecSelfer_containerArrayEnd1234) +} + +func (x SupplementalGroupsStrategyType) CodecEncodeSelf(e *codec1978.Encoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperEncoder(e) + _, _, _ = h, z, r + yym1 := z.EncBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.EncExt(x) { + } else { + r.EncodeString(codecSelferC_UTF81234, string(x)) + } +} + +func (x *SupplementalGroupsStrategyType) CodecDecodeSelf(d *codec1978.Decoder) { + var h codecSelfer1234 + z, r := codec1978.GenHelperDecoder(d) + _, _, _ = h, z, r + yym1 := z.DecBinary() + _ = yym1 + if false { + } else if z.HasExtensions() && z.DecExt(x) { + } else { + *((*string)(x)) = r.DecodeString() + } +} + func (x *PodSecurityPolicyList) CodecEncodeSelf(e *codec1978.Encoder) { var h codecSelfer1234 z, r := codec1978.GenHelperEncoder(e) @@ -21010,7 +21756,7 @@ func (x codecSelfer1234) decSlicePodSecurityPolicy(v *[]PodSecurityPolicy, d *co yyrg1 := len(yyv1) > 0 yyv21 := yyv1 - yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 400) + yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 536) if yyrt1 { if yyrl1 <= cap(yyv1) { yyv1 = yyv1[:yyrl1] diff --git a/pkg/apis/extensions/v1beta1/types_swagger_doc_generated.go b/pkg/apis/extensions/v1beta1/types_swagger_doc_generated.go index c6bc14c5507..e39e19cefd6 100644 --- a/pkg/apis/extensions/v1beta1/types_swagger_doc_generated.go +++ b/pkg/apis/extensions/v1beta1/types_swagger_doc_generated.go @@ -186,6 +186,16 @@ func (ExportOptions) SwaggerDoc() map[string]string { return map_ExportOptions } +var map_FSGroupStrategyOptions = map[string]string{ + "": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.", + "rule": "Rule is the strategy that will dictate what FSGroup is used in the SecurityContext.", + "ranges": "Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.", +} + +func (FSGroupStrategyOptions) SwaggerDoc() map[string]string { + return map_FSGroupStrategyOptions +} + var map_HTTPIngressPath = map[string]string{ "": "HTTPIngressPath associates a path regex with a backend. Incoming urls matching the path are forwarded to the backend.", "path": "Path is a extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend.", @@ -467,16 +477,21 @@ func (PodSecurityPolicyList) SwaggerDoc() map[string]string { } var map_PodSecurityPolicySpec = map[string]string{ - "": "Pod Security Policy Spec defines the policy enforced.", - "privileged": "privileged determines if a pod can request to be run as privileged.", - "capabilities": "capabilities is a list of capabilities that can be added.", - "volumes": "volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.", - "hostNetwork": "hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.", - "hostPorts": "hostPorts determines which host port ranges are allowed to be exposed.", - "hostPID": "hostPID determines if the policy allows the use of HostPID in the pod spec.", - "hostIPC": "hostIPC determines if the policy allows the use of HostIPC in the pod spec.", - "seLinux": "seLinux is the strategy that will dictate the allowable labels that may be set.", - "runAsUser": "runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.", + "": "Pod Security Policy Spec defines the policy enforced.", + "privileged": "privileged determines if a pod can request to be run as privileged.", + "defaultAddCapabilities": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.", + "requiredDropCapabilities": "RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.", + "allowedCapabilities": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.", + "volumes": "volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used.", + "hostNetwork": "hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.", + "hostPorts": "hostPorts determines which host port ranges are allowed to be exposed.", + "hostPID": "hostPID determines if the policy allows the use of HostPID in the pod spec.", + "hostIPC": "hostIPC determines if the policy allows the use of HostIPC in the pod spec.", + "seLinux": "seLinux is the strategy that will dictate the allowable labels that may be set.", + "runAsUser": "runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.", + "supplementalGroups": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.", + "fsGroup": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.", + "readOnlyRootFilesystem": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.", } func (PodSecurityPolicySpec) SwaggerDoc() map[string]string { @@ -615,6 +630,16 @@ func (SubresourceReference) SwaggerDoc() map[string]string { return map_SubresourceReference } +var map_SupplementalGroupsStrategyOptions = map[string]string{ + "": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.", + "rule": "Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.", + "ranges": "Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end.", +} + +func (SupplementalGroupsStrategyOptions) SwaggerDoc() map[string]string { + return map_SupplementalGroupsStrategyOptions +} + var map_ThirdPartyResource = map[string]string{ "": "A ThirdPartyResource is a generic representation of a resource, it is used by add-ons and plugins to add new resource types to the API. It consists of one or more Versions of the api.", "metadata": "Standard object metadata", diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/extensions_client.go b/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/extensions_client.go index 3ced862a351..9b9f4749a64 100644 --- a/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/extensions_client.go +++ b/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/extensions_client.go @@ -27,6 +27,7 @@ type ExtensionsInterface interface { DaemonSetsGetter DeploymentsGetter IngressesGetter + PodSecurityPoliciesGetter ReplicaSetsGetter ScalesGetter ThirdPartyResourcesGetter @@ -49,6 +50,10 @@ func (c *ExtensionsClient) Ingresses(namespace string) IngressInterface { return newIngresses(c, namespace) } +func (c *ExtensionsClient) PodSecurityPolicies() PodSecurityPolicyInterface { + return newPodSecurityPolicies(c) +} + func (c *ExtensionsClient) ReplicaSets(namespace string) ReplicaSetInterface { return newReplicaSets(c, namespace) } diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/fake/fake_extensions_client.go b/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/fake/fake_extensions_client.go index 37553041c43..7c2fa08518a 100644 --- a/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/fake/fake_extensions_client.go +++ b/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/fake/fake_extensions_client.go @@ -38,6 +38,10 @@ func (c *FakeExtensions) Ingresses(namespace string) unversioned.IngressInterfac return &FakeIngresses{c, namespace} } +func (c *FakeExtensions) PodSecurityPolicies() unversioned.PodSecurityPolicyInterface { + return &FakePodSecurityPolicies{c} +} + func (c *FakeExtensions) ReplicaSets(namespace string) unversioned.ReplicaSetInterface { return &FakeReplicaSets{c, namespace} } diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/fake/fake_podsecuritypolicy.go b/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/fake/fake_podsecuritypolicy.go new file mode 100644 index 00000000000..52b6f3acd16 --- /dev/null +++ b/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/fake/fake_podsecuritypolicy.go @@ -0,0 +1,99 @@ +/* +Copyright 2016 The Kubernetes Authors All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package fake + +import ( + api "k8s.io/kubernetes/pkg/api" + unversioned "k8s.io/kubernetes/pkg/api/unversioned" + extensions "k8s.io/kubernetes/pkg/apis/extensions" + core "k8s.io/kubernetes/pkg/client/testing/core" + labels "k8s.io/kubernetes/pkg/labels" + watch "k8s.io/kubernetes/pkg/watch" +) + +// FakePodSecurityPolicies implements PodSecurityPolicyInterface +type FakePodSecurityPolicies struct { + Fake *FakeExtensions +} + +var podsecuritypoliciesResource = unversioned.GroupVersionResource{Group: "extensions", Version: "", Resource: "podsecuritypolicies"} + +func (c *FakePodSecurityPolicies) Create(podSecurityPolicy *extensions.PodSecurityPolicy) (result *extensions.PodSecurityPolicy, err error) { + obj, err := c.Fake. + Invokes(core.NewRootCreateAction(podsecuritypoliciesResource, podSecurityPolicy), &extensions.PodSecurityPolicy{}) + if obj == nil { + return nil, err + } + return obj.(*extensions.PodSecurityPolicy), err +} + +func (c *FakePodSecurityPolicies) Update(podSecurityPolicy *extensions.PodSecurityPolicy) (result *extensions.PodSecurityPolicy, err error) { + obj, err := c.Fake. + Invokes(core.NewRootUpdateAction(podsecuritypoliciesResource, podSecurityPolicy), &extensions.PodSecurityPolicy{}) + if obj == nil { + return nil, err + } + return obj.(*extensions.PodSecurityPolicy), err +} + +func (c *FakePodSecurityPolicies) Delete(name string, options *api.DeleteOptions) error { + _, err := c.Fake. + Invokes(core.NewRootDeleteAction(podsecuritypoliciesResource, name), &extensions.PodSecurityPolicy{}) + return err +} + +func (c *FakePodSecurityPolicies) DeleteCollection(options *api.DeleteOptions, listOptions api.ListOptions) error { + action := core.NewRootDeleteCollectionAction(podsecuritypoliciesResource, listOptions) + + _, err := c.Fake.Invokes(action, &extensions.PodSecurityPolicyList{}) + return err +} + +func (c *FakePodSecurityPolicies) Get(name string) (result *extensions.PodSecurityPolicy, err error) { + obj, err := c.Fake. + Invokes(core.NewRootGetAction(podsecuritypoliciesResource, name), &extensions.PodSecurityPolicy{}) + if obj == nil { + return nil, err + } + return obj.(*extensions.PodSecurityPolicy), err +} + +func (c *FakePodSecurityPolicies) List(opts api.ListOptions) (result *extensions.PodSecurityPolicyList, err error) { + obj, err := c.Fake. + Invokes(core.NewRootListAction(podsecuritypoliciesResource, opts), &extensions.PodSecurityPolicyList{}) + if obj == nil { + return nil, err + } + + label := opts.LabelSelector + if label == nil { + label = labels.Everything() + } + list := &extensions.PodSecurityPolicyList{} + for _, item := range obj.(*extensions.PodSecurityPolicyList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested podSecurityPolicies. +func (c *FakePodSecurityPolicies) Watch(opts api.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(core.NewRootWatchAction(podsecuritypoliciesResource, opts)) +} diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/podsecuritypolicy.go b/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/podsecuritypolicy.go new file mode 100644 index 00000000000..06a7908f467 --- /dev/null +++ b/pkg/client/clientset_generated/internalclientset/typed/extensions/unversioned/podsecuritypolicy.go @@ -0,0 +1,127 @@ +/* +Copyright 2016 The Kubernetes Authors All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package unversioned + +import ( + api "k8s.io/kubernetes/pkg/api" + extensions "k8s.io/kubernetes/pkg/apis/extensions" + watch "k8s.io/kubernetes/pkg/watch" +) + +// PodSecurityPoliciesGetter has a method to return a PodSecurityPolicyInterface. +// A group's client should implement this interface. +type PodSecurityPoliciesGetter interface { + PodSecurityPolicies() PodSecurityPolicyInterface +} + +// PodSecurityPolicyInterface has methods to work with PodSecurityPolicy resources. +type PodSecurityPolicyInterface interface { + Create(*extensions.PodSecurityPolicy) (*extensions.PodSecurityPolicy, error) + Update(*extensions.PodSecurityPolicy) (*extensions.PodSecurityPolicy, error) + Delete(name string, options *api.DeleteOptions) error + DeleteCollection(options *api.DeleteOptions, listOptions api.ListOptions) error + Get(name string) (*extensions.PodSecurityPolicy, error) + List(opts api.ListOptions) (*extensions.PodSecurityPolicyList, error) + Watch(opts api.ListOptions) (watch.Interface, error) + PodSecurityPolicyExpansion +} + +// podSecurityPolicies implements PodSecurityPolicyInterface +type podSecurityPolicies struct { + client *ExtensionsClient +} + +// newPodSecurityPolicies returns a PodSecurityPolicies +func newPodSecurityPolicies(c *ExtensionsClient) *podSecurityPolicies { + return &podSecurityPolicies{ + client: c, + } +} + +// Create takes the representation of a podSecurityPolicy and creates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any. +func (c *podSecurityPolicies) Create(podSecurityPolicy *extensions.PodSecurityPolicy) (result *extensions.PodSecurityPolicy, err error) { + result = &extensions.PodSecurityPolicy{} + err = c.client.Post(). + Resource("podsecuritypolicies"). + Body(podSecurityPolicy). + Do(). + Into(result) + return +} + +// Update takes the representation of a podSecurityPolicy and updates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any. +func (c *podSecurityPolicies) Update(podSecurityPolicy *extensions.PodSecurityPolicy) (result *extensions.PodSecurityPolicy, err error) { + result = &extensions.PodSecurityPolicy{} + err = c.client.Put(). + Resource("podsecuritypolicies"). + Name(podSecurityPolicy.Name). + Body(podSecurityPolicy). + Do(). + Into(result) + return +} + +// Delete takes name of the podSecurityPolicy and deletes it. Returns an error if one occurs. +func (c *podSecurityPolicies) Delete(name string, options *api.DeleteOptions) error { + return c.client.Delete(). + Resource("podsecuritypolicies"). + Name(name). + Body(options). + Do(). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *podSecurityPolicies) DeleteCollection(options *api.DeleteOptions, listOptions api.ListOptions) error { + return c.client.Delete(). + Resource("podsecuritypolicies"). + VersionedParams(&listOptions, api.ParameterCodec). + Body(options). + Do(). + Error() +} + +// Get takes name of the podSecurityPolicy, and returns the corresponding podSecurityPolicy object, and an error if there is any. +func (c *podSecurityPolicies) Get(name string) (result *extensions.PodSecurityPolicy, err error) { + result = &extensions.PodSecurityPolicy{} + err = c.client.Get(). + Resource("podsecuritypolicies"). + Name(name). + Do(). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of PodSecurityPolicies that match those selectors. +func (c *podSecurityPolicies) List(opts api.ListOptions) (result *extensions.PodSecurityPolicyList, err error) { + result = &extensions.PodSecurityPolicyList{} + err = c.client.Get(). + Resource("podsecuritypolicies"). + VersionedParams(&opts, api.ParameterCodec). + Do(). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested podSecurityPolicies. +func (c *podSecurityPolicies) Watch(opts api.ListOptions) (watch.Interface, error) { + return c.client.Get(). + Prefix("watch"). + Resource("podsecuritypolicies"). + VersionedParams(&opts, api.ParameterCodec). + Watch() +}