vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

vendor: remove dep and use vndr

Browse source 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
Antonio Murdaca 2017-06-06 09:19:04 +02:00
parent 16f44674a4
commit 148e72d81e
No known key found for this signature in database
GPG key ID: B2BEAD150DE936B9
16131 changed files with 73815 additions and 4235138 deletions
Download patch file Download diff file Expand all files Collapse all files

46
vendor/k8s.io/kubernetes/pkg/apis/rbac/BUILD generated vendored
View file

@ -1,46 +0,0 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_library",
)
go_library(
name = "go_default_library",
srcs = [
"doc.go",
"helpers.go",
"register.go",
"types.go",
"zz_generated.deepcopy.go",
],
tags = ["automanaged"],
deps = [
"//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
"//vendor:k8s.io/apimachinery/pkg/conversion",
"//vendor:k8s.io/apimachinery/pkg/runtime",
"//vendor:k8s.io/apimachinery/pkg/runtime/schema",
"//vendor:k8s.io/apimachinery/pkg/util/sets",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [
":package-srcs",
"//pkg/apis/rbac/install:all-srcs",
"//pkg/apis/rbac/v1alpha1:all-srcs",
"//pkg/apis/rbac/v1beta1:all-srcs",
"//pkg/apis/rbac/validation:all-srcs",
],
tags = ["automanaged"],
)

16
vendor/k8s.io/kubernetes/pkg/apis/rbac/OWNERS generated vendored
View file

@ -1,16 +0,0 @@
reviewers:
- thockin
- lavalamp
- smarterclayton
- deads2k
- sttts
- ncdc
- timothysc
- dims
- krousey
- mml
- mbohlool
- david-mcmahon
- ericchiang
- lixiaobing10051267
- jianhuiz

91
vendor/k8s.io/kubernetes/pkg/apis/rbac/helpers.go generated vendored
View file

@ -220,14 +220,14 @@ func NewClusterBinding(clusterRoleName string) *ClusterRoleBindingBuilder {
func (r *ClusterRoleBindingBuilder) Groups(groups ...string) *ClusterRoleBindingBuilder {
for _, group := range groups {
r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, Subject{Kind: GroupKind, Name: group})
r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, Subject{Kind: GroupKind, APIGroup: GroupName, Name: group})
}
return r
}
func (r *ClusterRoleBindingBuilder) Users(users ...string) *ClusterRoleBindingBuilder {
for _, user := range users {
r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, Subject{Kind: UserKind, Name: user})
r.ClusterRoleBinding.Subjects = append(r.ClusterRoleBinding.Subjects, Subject{Kind: UserKind, APIGroup: GroupName, Name: user})
}
return r
}
@ -254,3 +254,90 @@ func (r *ClusterRoleBindingBuilder) Binding() (ClusterRoleBinding, error) {
return r.ClusterRoleBinding, nil
}
// +k8s:deepcopy-gen=false
// RoleBindingBuilder let's us attach methods. It is similar to
// ClusterRoleBindingBuilder above.
type RoleBindingBuilder struct {
RoleBinding RoleBinding
}
// NewRoleBinding creates a RoleBinding builder that can be used
// to define the subjects of a role binding. At least one of
// the `Groups`, `Users` or `SAs` method must be called before
// calling the `Binding*` methods.
func NewRoleBinding(roleName, namespace string) *RoleBindingBuilder {
return &RoleBindingBuilder{
RoleBinding: RoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: roleName,
Namespace: namespace,
},
RoleRef: RoleRef{
APIGroup: GroupName,
Kind: "Role",
Name: roleName,
},
},
}
}
func NewRoleBindingForClusterRole(roleName, namespace string) *RoleBindingBuilder {
return &RoleBindingBuilder{
RoleBinding: RoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: roleName,
Namespace: namespace,
},
RoleRef: RoleRef{
APIGroup: GroupName,
Kind: "ClusterRole",
Name: roleName,
},
},
}
}
// Groups adds the specified groups as the subjects of the RoleBinding.
func (r *RoleBindingBuilder) Groups(groups ...string) *RoleBindingBuilder {
for _, group := range groups {
r.RoleBinding.Subjects = append(r.RoleBinding.Subjects, Subject{Kind: GroupKind, Name: group})
}
return r
}
// Users adds the specified users as the subjects of the RoleBinding.
func (r *RoleBindingBuilder) Users(users ...string) *RoleBindingBuilder {
for _, user := range users {
r.RoleBinding.Subjects = append(r.RoleBinding.Subjects, Subject{Kind: UserKind, Name: user})
}
return r
}
// SAs adds the specified service accounts as the subjects of the
// RoleBinding.
func (r *RoleBindingBuilder) SAs(namespace string, serviceAccountNames ...string) *RoleBindingBuilder {
for _, saName := range serviceAccountNames {
r.RoleBinding.Subjects = append(r.RoleBinding.Subjects, Subject{Kind: ServiceAccountKind, Namespace: namespace, Name: saName})
}
return r
}
// BindingOrDie calls the binding method and panics if there is an error.
func (r *RoleBindingBuilder) BindingOrDie() RoleBinding {
ret, err := r.Binding()
if err != nil {
panic(err)
}
return ret
}
// Binding builds and returns the RoleBinding API object from the builder
// object.
func (r *RoleBindingBuilder) Binding() (RoleBinding, error) {
if len(r.RoleBinding.Subjects) == 0 {
return RoleBinding{}, fmt.Errorf("subjects are required: %#v", r.RoleBinding)
}
return r.RoleBinding, nil
}

37
vendor/k8s.io/kubernetes/pkg/apis/rbac/install/BUILD generated vendored
View file

@ -1,37 +0,0 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_library",
)
go_library(
name = "go_default_library",
srcs = ["install.go"],
tags = ["automanaged"],
deps = [
"//pkg/api:go_default_library",
"//pkg/apis/rbac:go_default_library",
"//pkg/apis/rbac/v1alpha1:go_default_library",
"//pkg/apis/rbac/v1beta1:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/apimachinery/announced",
"//vendor:k8s.io/apimachinery/pkg/apimachinery/registered",
"//vendor:k8s.io/apimachinery/pkg/runtime",
"//vendor:k8s.io/apimachinery/pkg/util/sets",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
)

2
vendor/k8s.io/kubernetes/pkg/apis/rbac/register.go generated vendored
View file

@ -17,7 +17,6 @@ limitations under the License.
package rbac
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
@ -55,6 +54,5 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&ClusterRoleBindingList{},
&ClusterRoleList{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

10
vendor/k8s.io/kubernetes/pkg/apis/rbac/types.go generated vendored
View file

@ -34,6 +34,9 @@ const (
GroupKind = "Group"
ServiceAccountKind = "ServiceAccount"
UserKind = "User"
// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false"
AutoUpdateAnnotationKey = "rbac.authorization.kubernetes.io/autoupdate"
)
// PolicyRule holds information that describes a policy rule, but does not contain information
@ -63,9 +66,10 @@ type Subject struct {
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
Kind string
// APIVersion holds the API group and version of the referenced object. For non-object references such as "Group" and "User" this is
// expected to be API version of this API group. For example, "rbac/v1alpha1".
APIVersion string
// APIGroup holds the API group of the referenced subject.
// Defaults to "" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
APIGroup string
// Name of the object being referenced.
Name string
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty

63
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/BUILD generated vendored
View file

@ -1,63 +0,0 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_library",
"go_test",
)
go_library(
name = "go_default_library",
srcs = [
"conversion.go",
"defaults.go",
"doc.go",
"generated.pb.go",
"helpers.go",
"register.go",
"types.generated.go",
"types.go",
"types_swagger_doc_generated.go",
"zz_generated.conversion.go",
"zz_generated.deepcopy.go",
"zz_generated.defaults.go",
],
tags = ["automanaged"],
deps = [
"//pkg/apis/rbac:go_default_library",
"//vendor:github.com/gogo/protobuf/proto",
"//vendor:github.com/ugorji/go/codec",
"//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
"//vendor:k8s.io/apimachinery/pkg/conversion",
"//vendor:k8s.io/apimachinery/pkg/runtime",
"//vendor:k8s.io/apimachinery/pkg/runtime/schema",
"//vendor:k8s.io/apimachinery/pkg/types",
],
)
go_test(
name = "go_default_xtest",
srcs = ["conversion_test.go"],
tags = ["automanaged"],
deps = [
"//pkg/api:go_default_library",
"//pkg/apis/rbac:go_default_library",
"//pkg/apis/rbac/install:go_default_library",
"//pkg/apis/rbac/v1alpha1:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
)

41
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/conversion.go generated vendored
View file

@ -18,6 +18,7 @@ package v1alpha1
import (
"k8s.io/apimachinery/pkg/conversion"
"k8s.io/apimachinery/pkg/runtime/schema"
api "k8s.io/kubernetes/pkg/apis/rbac"
)
@ -30,13 +31,51 @@ func Convert_v1alpha1_Subject_To_rbac_Subject(in *Subject, out *api.Subject, s c
return err
}
// specifically set the APIGroup for the three subjects recognized in v1alpha1
switch {
case in.Kind == ServiceAccountKind:
out.APIGroup = ""
case in.Kind == UserKind:
out.APIGroup = GroupName
case in.Kind == GroupKind:
out.APIGroup = GroupName
default:
// For unrecognized kinds, use the group portion of the APIVersion if we can get it
if gv, err := schema.ParseGroupVersion(in.APIVersion); err == nil {
out.APIGroup = gv.Group
}
}
// User * in v1alpha1 will only match all authenticated users
// This is only for compatibility with old RBAC bindings
// Special treatment for * should not be included in v1beta1
if out.Kind == UserKind && out.Name == "*" {
if out.Kind == UserKind && out.APIGroup == GroupName && out.Name == "*" {
out.Kind = GroupKind
out.Name = allAuthenticated
}
return nil
}
func Convert_rbac_Subject_To_v1alpha1_Subject(in *api.Subject, out *Subject, s conversion.Scope) error {
if err := autoConvert_rbac_Subject_To_v1alpha1_Subject(in, out, s); err != nil {
return err
}
switch {
case in.Kind == ServiceAccountKind && in.APIGroup == "":
// Make service accounts v1
out.APIVersion = "v1"
case in.Kind == UserKind && in.APIGroup == GroupName:
// users in the rbac API group get v1alpha
out.APIVersion = SchemeGroupVersion.String()
case in.Kind == GroupKind && in.APIGroup == GroupName:
// groups in the rbac API group get v1alpha
out.APIVersion = SchemeGroupVersion.String()
default:
// otherwise, they get an unspecified version of a group
out.APIVersion = schema.GroupVersion{Group: in.APIGroup}.String()
}
return nil
}

64
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/conversion_test.go generated vendored
View file

@ -1,64 +0,0 @@
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1_test
import (
"reflect"
"testing"
"k8s.io/kubernetes/pkg/api"
rbacapi "k8s.io/kubernetes/pkg/apis/rbac"
_ "k8s.io/kubernetes/pkg/apis/rbac/install"
"k8s.io/kubernetes/pkg/apis/rbac/v1alpha1"
)
func TestConversion(t *testing.T) {
testcases := map[string]struct {
old *v1alpha1.RoleBinding
expected *rbacapi.RoleBinding
}{
"specific user": {
old: &v1alpha1.RoleBinding{
RoleRef: v1alpha1.RoleRef{Name: "foo", APIGroup: v1alpha1.GroupName},
Subjects: []v1alpha1.Subject{{Kind: "User", Name: "bob"}},
},
expected: &rbacapi.RoleBinding{
RoleRef: rbacapi.RoleRef{Name: "foo", APIGroup: v1alpha1.GroupName},
Subjects: []rbacapi.Subject{{Kind: "User", Name: "bob"}},
},
},
"wildcard user matches authenticated": {
old: &v1alpha1.RoleBinding{
RoleRef: v1alpha1.RoleRef{Name: "foo", APIGroup: v1alpha1.GroupName},
Subjects: []v1alpha1.Subject{{Kind: "User", Name: "*"}},
},
expected: &rbacapi.RoleBinding{
RoleRef: rbacapi.RoleRef{Name: "foo", APIGroup: v1alpha1.GroupName},
Subjects: []rbacapi.Subject{{Kind: "Group", Name: "system:authenticated"}},
},
},
}
for k, tc := range testcases {
internal := &rbacapi.RoleBinding{}
if err := api.Scheme.Convert(tc.old, internal, nil); err != nil {
t.Errorf("%s: unexpected error: %v", k, err)
}
if !reflect.DeepEqual(internal, tc.expected) {
t.Errorf("%s: expected\n\t%#v, got \n\t%#v", k, tc.expected, internal)
}
}
}

13
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/defaults.go generated vendored
View file

@ -25,6 +25,7 @@ func addDefaultingFuncs(scheme *runtime.Scheme) error {
return scheme.AddDefaultingFuncs(
SetDefaults_ClusterRoleBinding,
SetDefaults_RoleBinding,
SetDefaults_Subject,
)
}
@ -38,3 +39,15 @@ func SetDefaults_RoleBinding(obj *RoleBinding) {
obj.RoleRef.APIGroup = GroupName
}
}
func SetDefaults_Subject(obj *Subject) {
if len(obj.APIVersion) == 0 {
switch obj.Kind {
case ServiceAccountKind:
obj.APIVersion = "v1"
case UserKind:
obj.APIVersion = SchemeGroupVersion.String()
case GroupKind:
obj.APIVersion = SchemeGroupVersion.String()
}
}
}

108
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/generated.pb.go generated vendored
View file

@ -2760,58 +2760,58 @@ var (
)
var fileDescriptorGenerated = []byte{
// 840 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xec, 0x54, 0xcf, 0x6b, 0x24, 0x45,
0x14, 0x9e, 0x4a, 0x66, 0xcc, 0xcc, 0x8b, 0x21, 0xa6, 0x04, 0x69, 0x73, 0xe8, 0x09, 0x7d, 0x0a,
0xba, 0x76, 0x3b, 0x61, 0xd5, 0x3d, 0xe8, 0x61, 0xdb, 0x83, 0x04, 0xd7, 0x18, 0x6a, 0x71, 0xc1,
0x65, 0x41, 0x6b, 0x7a, 0x6a, 0x67, 0xca, 0xe9, 0x5f, 0x54, 0x75, 0x07, 0x16, 0x11, 0x3c, 0x7a,
0xf4, 0xaf, 0xf0, 0xe8, 0x41, 0xf0, 0xe8, 0xc9, 0x4b, 0xd0, 0xcb, 0x1e, 0xf5, 0x32, 0x98, 0xf6,
0x0f, 0x51, 0xba, 0xba, 0xfa, 0x47, 0xd2, 0x13, 0xf2, 0x43, 0x18, 0x10, 0xf6, 0x34, 0x53, 0xef,
0x7d, 0xdf, 0xab, 0xf7, 0xbd, 0x57, 0xfd, 0xc1, 0xbd, 0xf9, 0x3d, 0x69, 0xf3, 0xc8, 0x99, 0xa7,
0x63, 0x26, 0x42, 0x96, 0x30, 0xe9, 0xc4, 0xf3, 0xa9, 0x43, 0x63, 0x2e, 0x1d, 0x31, 0xa6, 0x9e,
0x73, 0x32, 0xa2, 0x7e, 0x3c, 0xa3, 0x23, 0x67, 0xca, 0x42, 0x26, 0x68, 0xc2, 0x26, 0x76, 0x2c,
0xa2, 0x24, 0xc2, 0xfb, 0x05, 0xd3, 0xae, 0x99, 0x76, 0x3c, 0x9f, 0xda, 0x39, 0xd3, 0xce, 0x99,
0x76, 0xc9, 0xdc, 0x7d, 0x6b, 0xca, 0x93, 0x59, 0x3a, 0xb6, 0xbd, 0x28, 0x70, 0xa6, 0xd1, 0x34,
0x72, 0x54, 0x81, 0x71, 0xfa, 0x54, 0x9d, 0xd4, 0x41, 0xfd, 0x2b, 0x0a, 0xef, 0xde, 0xd5, 0x2d,
0xd1, 0x98, 0x07, 0xd4, 0x9b, 0xf1, 0x90, 0x89, 0x67, 0x75, 0x53, 0x01, 0x4b, 0xa8, 0x73, 0xd2,
0x6a, 0x67, 0xd7, 0xb9, 0x8c, 0x25, 0xd2, 0x30, 0xe1, 0x01, 0x6b, 0x11, 0xde, 0xbd, 0x8a, 0x20,
0xbd, 0x19, 0x0b, 0x68, 0x8b, 0x77, 0x70, 0xe9, 0xc4, 0x1c, 0xc1, 0x64, 0x94, 0x0a, 0xaf, 0x7d,
0xd7, 0x9d, 0xcb, 0x39, 0x4b, 0xa4, 0x8c, 0x96, 0xa3, 0xd3, 0x84, 0xfb, 0x0e, 0x0f, 0x13, 0x99,
0x88, 0x8b, 0x14, 0xeb, 0x37, 0x04, 0x9b, 0x1f, 0xfa, 0xa9, 0x4c, 0x98, 0x20, 0x91, 0xcf, 0xf0,
0x97, 0xd0, 0xcf, 0x07, 0x35, 0xa1, 0x09, 0x35, 0xd0, 0x1e, 0xda, 0xdf, 0x3c, 0x78, 0xdb, 0xd6,
0xfb, 0x6a, 0xea, 0xad, 0x37, 0x96, 0xa3, 0xed, 0x93, 0x91, 0xfd, 0xe9, 0xf8, 0x2b, 0xe6, 0x25,
0x9f, 0xb0, 0x84, 0xba, 0xf8, 0x74, 0x31, 0xec, 0x64, 0x8b, 0x21, 0xd4, 0x31, 0x52, 0x55, 0xc5,
0x9f, 0x43, 0x4f, 0xa4, 0x3e, 0x93, 0xc6, 0xda, 0xde, 0xfa, 0xfe, 0xe6, 0xc1, 0x5d, 0xfb, 0xba,
0xcf, 0xc1, 0x3e, 0x8e, 0x7c, 0xee, 0x3d, 0x23, 0xa9, 0xcf, 0xdc, 0x2d, 0x7d, 0x45, 0x2f, 0x3f,
0x49, 0x52, 0x54, 0xb4, 0x7e, 0x5e, 0x03, 0xdc, 0x10, 0xe3, 0xf2, 0x70, 0xc2, 0xc3, 0xe9, 0x0a,
0x34, 0x7d, 0x01, 0x7d, 0x99, 0xaa, 0x44, 0x29, 0x6b, 0x74, 0x7d, 0x59, 0x0f, 0x0b, 0xa6, 0xfb,
0x8a, 0xbe, 0xa2, 0xaf, 0x03, 0x92, 0x54, 0x45, 0xf1, 0x13, 0xd8, 0x10, 0x91, 0xcf, 0x08, 0x7b,
0x6a, 0xac, 0x2b, 0x05, 0x37, 0xa8, 0x4f, 0x0a, 0xa2, 0xbb, 0xad, 0xeb, 0x6f, 0xe8, 0x00, 0x29,
0x4b, 0x5a, 0x3f, 0x20, 0x78, 0xbd, 0x3d, 0x37, 0x37, 0xe5, 0xfe, 0x84, 0x09, 0xfc, 0x1d, 0x02,
0xec, 0xb5, 0xb2, 0x7a, 0x92, 0xef, 0x5f, 0xbf, 0x8f, 0x25, 0x37, 0xec, 0xea, 0x96, 0x96, 0x6c,
0x8d, 0x2c, 0xb9, 0xd3, 0xfa, 0x13, 0xc1, 0x6b, 0x6d, 0xe8, 0x03, 0x2e, 0x13, 0xfc, 0xa4, 0xb5,
0x64, 0xfb, 0x7a, 0x4b, 0xce, 0xd9, 0x6a, 0xc5, 0xd5, 0xfc, 0xcb, 0x48, 0x63, 0xc1, 0x14, 0x7a,
0x3c, 0x61, 0x41, 0xb9, 0xdd, 0xff, 0xa6, 0xba, 0x7a, 0xbc, 0x87, 0x79, 0x49, 0x52, 0x54, 0xb6,
0x7e, 0x47, 0xb0, 0xdd, 0x00, 0xaf, 0x40, 0xd4, 0xe3, 0xf3, 0xa2, 0xde, 0xb9, 0x9d, 0xa8, 0xe5,
0x6a, 0xfe, 0x41, 0x00, 0xf5, 0xf7, 0x8a, 0x87, 0xd0, 0x3b, 0x61, 0x62, 0x2c, 0x0d, 0xb4, 0xb7,
0xbe, 0x3f, 0x70, 0x07, 0x39, 0xfe, 0x51, 0x1e, 0x20, 0x45, 0x1c, 0xbf, 0x09, 0x03, 0x1a, 0xf3,
0x8f, 0x44, 0x94, 0xc6, 0xd2, 0x58, 0x57, 0xa0, 0xad, 0x6c, 0x31, 0x1c, 0xdc, 0x3f, 0x3e, 0x2c,
0x82, 0xa4, 0xce, 0xe7, 0xe0, 0xd2, 0x31, 0xa5, 0xd1, 0xad, 0xc1, 0xa4, 0x0c, 0x92, 0x3a, 0x8f,
0xdf, 0x83, 0xad, 0xf2, 0x70, 0x44, 0x03, 0x26, 0x8d, 0x9e, 0x22, 0xec, 0x64, 0x8b, 0xe1, 0x16,
0x69, 0x26, 0xc8, 0x79, 0x1c, 0xfe, 0x00, 0xb6, 0xc3, 0x28, 0x2c, 0x21, 0x9f, 0x91, 0x07, 0xd2,
0x78, 0x49, 0x51, 0x5f, 0xcd, 0x16, 0xc3, 0xed, 0xa3, 0xf3, 0x29, 0x72, 0x11, 0x6b, 0x7d, 0x03,
0x3b, 0x0d, 0xc3, 0xd2, 0xdf, 0xd2, 0x0c, 0x20, 0xae, 0x82, 0x7a, 0xa5, 0xb7, 0x73, 0xc0, 0xca,
0x90, 0xea, 0x18, 0x69, 0xd4, 0xb6, 0x7e, 0x45, 0xd0, 0xfd, 0xff, 0x3b, 0xfa, 0x8f, 0x6b, 0xb0,
0xf9, 0xc2, 0xca, 0x6f, 0x60, 0xe5, 0xb9, 0x8b, 0xac, 0xd6, 0x1a, 0x6f, 0xef, 0x22, 0x57, 0x7b,
0xe2, 0x2f, 0x08, 0xfa, 0x2b, 0x32, 0xc3, 0x87, 0xe7, 0x65, 0xd8, 0x37, 0x94, 0xb1, 0xbc, 0xff,
0xaf, 0xa1, 0xdc, 0x10, 0xbe, 0x03, 0xfd, 0xd2, 0xc0, 0x54, 0xf7, 0x83, 0xba, 0x9b, 0xd2, 0xe3,
0x48, 0x85, 0xc0, 0x7b, 0xd0, 0x9d, 0xf3, 0x70, 0x62, 0xac, 0x29, 0xe4, 0xcb, 0x1a, 0xd9, 0xfd,
0x98, 0x87, 0x13, 0xa2, 0x32, 0x39, 0x22, 0xa4, 0x01, 0x53, 0x6f, 0xa8, 0x81, 0xc8, 0xad, 0x8b,
0xa8, 0x8c, 0xf5, 0x13, 0x82, 0x0d, 0xfd, 0xfe, 0xaa, 0x7a, 0xe8, 0xd2, 0x7a, 0x07, 0x00, 0x34,
0xe6, 0x8f, 0x98, 0x90, 0x3c, 0x0a, 0xf5, 0xbd, 0xd5, 0x97, 0x72, 0xff, 0xf8, 0x50, 0x67, 0x48,
0x03, 0x75, 0x75, 0x0f, 0xd8, 0x81, 0x41, 0xfe, 0x2b, 0x63, 0xea, 0x31, 0xa3, 0xab, 0x60, 0x3b,
0x1a, 0x36, 0x38, 0x2a, 0x13, 0xa4, 0xc6, 0xb8, 0x6f, 0x9c, 0x9e, 0x99, 0x9d, 0xe7, 0x67, 0x66,
0xe7, 0x8f, 0x33, 0xb3, 0xf3, 0x6d, 0x66, 0xa2, 0xd3, 0xcc, 0x44, 0xcf, 0x33, 0x13, 0xfd, 0x95,
0x99, 0xe8, 0xfb, 0xbf, 0xcd, 0xce, 0xe3, 0x7e, 0x39, 0xf8, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff,
0x57, 0x75, 0x75, 0xfb, 0x83, 0x0c, 0x00, 0x00,
// 847 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xec, 0x54, 0xcf, 0x6f, 0xe3, 0x44,
0x14, 0xce, 0xb4, 0x09, 0x4d, 0x5e, 0xa9, 0x4a, 0x07, 0x09, 0x99, 0x1e, 0x9c, 0xca, 0xa7, 0x0a,
0x16, 0x9b, 0x96, 0x05, 0xf6, 0x00, 0x87, 0x35, 0x07, 0x54, 0xb1, 0x94, 0x6a, 0x56, 0xac, 0xc4,
0x6a, 0x25, 0x98, 0x38, 0xb3, 0xc9, 0x10, 0xff, 0xd2, 0x8c, 0x1d, 0xb1, 0x42, 0x48, 0x1c, 0x39,
0xf2, 0x57, 0x70, 0xe4, 0x80, 0xc4, 0x91, 0x13, 0x97, 0x0a, 0x2e, 0x3d, 0xc2, 0x25, 0xa2, 0xe6,
0x0f, 0x01, 0x79, 0x3c, 0xfe, 0x51, 0x9c, 0xaa, 0x3f, 0x90, 0x22, 0x21, 0x71, 0x4a, 0xfc, 0xde,
0xf7, 0x7d, 0xf3, 0xbe, 0x79, 0xf6, 0x07, 0xf7, 0x66, 0xf7, 0xa4, 0xcd, 0x23, 0x67, 0x96, 0x8e,
0x98, 0x08, 0x59, 0xc2, 0xa4, 0x13, 0xcf, 0x26, 0x0e, 0x8d, 0xb9, 0x74, 0xc4, 0x88, 0x7a, 0xce,
0xfc, 0x80, 0xfa, 0xf1, 0x94, 0x1e, 0x38, 0x13, 0x16, 0x32, 0x41, 0x13, 0x36, 0xb6, 0x63, 0x11,
0x25, 0x11, 0xde, 0x2f, 0x98, 0x76, 0xcd, 0xb4, 0xe3, 0xd9, 0xc4, 0xce, 0x99, 0x76, 0xce, 0xb4,
0x4b, 0xe6, 0xee, 0x6b, 0x13, 0x9e, 0x4c, 0xd3, 0x91, 0xed, 0x45, 0x81, 0x33, 0x89, 0x26, 0x91,
0xa3, 0x04, 0x46, 0xe9, 0x53, 0xf5, 0xa4, 0x1e, 0xd4, 0xbf, 0x42, 0x78, 0xf7, 0xae, 0x1e, 0x89,
0xc6, 0x3c, 0xa0, 0xde, 0x94, 0x87, 0x4c, 0x3c, 0xab, 0x87, 0x0a, 0x58, 0x42, 0x9d, 0x79, 0x6b,
0x9c, 0x5d, 0xe7, 0x32, 0x96, 0x48, 0xc3, 0x84, 0x07, 0xac, 0x45, 0x78, 0xeb, 0x2a, 0x82, 0xf4,
0xa6, 0x2c, 0xa0, 0x2d, 0xde, 0x1b, 0x97, 0xf1, 0xd2, 0x84, 0xfb, 0x0e, 0x0f, 0x13, 0x99, 0x88,
0x16, 0xa9, 0xe1, 0x49, 0x32, 0x31, 0x67, 0xa2, 0x36, 0xc4, 0xbe, 0xa0, 0x41, 0xec, 0xb3, 0x65,
0x9e, 0xee, 0x5c, 0xba, 0x9c, 0x25, 0x68, 0xeb, 0x17, 0x04, 0x9b, 0xef, 0xf9, 0xa9, 0x4c, 0x98,
0x20, 0x91, 0xcf, 0xf0, 0x67, 0xd0, 0xcf, 0x2f, 0x6b, 0x4c, 0x13, 0x6a, 0xa0, 0x3d, 0xb4, 0xbf,
0x79, 0xf8, 0xba, 0xad, 0x77, 0xd6, 0x9c, 0xbd, 0xde, 0x5a, 0x8e, 0xb6, 0xe7, 0x07, 0xf6, 0x47,
0xa3, 0xcf, 0x99, 0x97, 0x7c, 0xc8, 0x12, 0xea, 0xe2, 0xd3, 0xc5, 0xb0, 0x93, 0x2d, 0x86, 0x50,
0xd7, 0x48, 0xa5, 0x8a, 0x3f, 0x81, 0x9e, 0x48, 0x7d, 0x26, 0x8d, 0xb5, 0xbd, 0xf5, 0xfd, 0xcd,
0xc3, 0xbb, 0xf6, 0x75, 0x5f, 0x09, 0xfb, 0x24, 0xf2, 0xb9, 0xf7, 0x8c, 0xa4, 0x3e, 0x73, 0xb7,
0xf4, 0x11, 0xbd, 0xfc, 0x49, 0x92, 0x42, 0xd1, 0xfa, 0x71, 0x0d, 0x70, 0xc3, 0x8c, 0xcb, 0xc3,
0x31, 0x0f, 0x27, 0x2b, 0xf0, 0xf4, 0x29, 0xf4, 0x65, 0xaa, 0x1a, 0xa5, 0xad, 0x83, 0xeb, 0xdb,
0x7a, 0x58, 0x30, 0xdd, 0x17, 0xf4, 0x11, 0x7d, 0x5d, 0x90, 0xa4, 0x12, 0xc5, 0x4f, 0x60, 0x43,
0x44, 0x3e, 0x23, 0xec, 0xa9, 0xb1, 0xae, 0x1c, 0xdc, 0x40, 0x9f, 0x14, 0x44, 0x77, 0x5b, 0xeb,
0x6f, 0xe8, 0x02, 0x29, 0x25, 0xad, 0xef, 0x10, 0xbc, 0xdc, 0xbe, 0x37, 0x37, 0xe5, 0xfe, 0x98,
0x09, 0xfc, 0x0d, 0x02, 0xec, 0xb5, 0xba, 0xfa, 0x26, 0xdf, 0xb9, 0xfe, 0x1c, 0x4b, 0x4e, 0xd8,
0xd5, 0x23, 0x2d, 0xd9, 0x1a, 0x59, 0x72, 0xa6, 0xf5, 0x3b, 0x82, 0x97, 0xda, 0xd0, 0x07, 0x5c,
0x26, 0xf8, 0x49, 0x6b, 0xc9, 0xf6, 0xf5, 0x96, 0x9c, 0xb3, 0xd5, 0x8a, 0xab, 0xfb, 0x2f, 0x2b,
0x8d, 0x05, 0x53, 0xe8, 0xf1, 0x84, 0x05, 0xe5, 0x76, 0xff, 0x9d, 0xeb, 0xea, 0xe5, 0x3d, 0xca,
0x25, 0x49, 0xa1, 0x6c, 0xfd, 0x8a, 0x60, 0xbb, 0x01, 0x5e, 0x81, 0xa9, 0xc7, 0x17, 0x4d, 0xbd,
0x79, 0x3b, 0x53, 0xcb, 0xdd, 0xfc, 0x85, 0x00, 0xea, 0xef, 0x15, 0x0f, 0xa1, 0x37, 0x67, 0x62,
0x24, 0x0d, 0xb4, 0xb7, 0xbe, 0x3f, 0x70, 0x07, 0x39, 0xfe, 0x51, 0x5e, 0x20, 0x45, 0x1d, 0xbf,
0x0a, 0x03, 0x1a, 0xf3, 0xf7, 0x45, 0x94, 0xc6, 0xd2, 0x58, 0x57, 0xa0, 0xad, 0x6c, 0x31, 0x1c,
0xdc, 0x3f, 0x39, 0x2a, 0x8a, 0xa4, 0xee, 0xe7, 0x60, 0xc1, 0x64, 0x94, 0x0a, 0x8f, 0x49, 0xa3,
0x5b, 0x83, 0x49, 0x59, 0x24, 0x75, 0x1f, 0xbf, 0x0d, 0x5b, 0xe5, 0xc3, 0x31, 0x0d, 0x98, 0x34,
0x7a, 0x8a, 0xb0, 0x93, 0x2d, 0x86, 0x5b, 0xa4, 0xd9, 0x20, 0x17, 0x71, 0xf8, 0x5d, 0xd8, 0x0e,
0xa3, 0xb0, 0x84, 0x7c, 0x4c, 0x1e, 0x48, 0xe3, 0x39, 0x45, 0x7d, 0x31, 0x5b, 0x0c, 0xb7, 0x8f,
0x2f, 0xb6, 0xc8, 0x3f, 0xb1, 0xd6, 0x57, 0xb0, 0xd3, 0x08, 0x2c, 0xfd, 0x2d, 0x4d, 0x01, 0xe2,
0xaa, 0xa8, 0x57, 0x7a, 0xbb, 0x04, 0xac, 0x02, 0xa9, 0xae, 0x91, 0x86, 0xb6, 0xf5, 0x33, 0x82,
0xee, 0x7f, 0x3f, 0xd1, 0xbf, 0x5f, 0x83, 0xcd, 0xff, 0xa3, 0xfc, 0x06, 0x51, 0x9e, 0xa7, 0xc8,
0x6a, 0xa3, 0xf1, 0xf6, 0x29, 0x72, 0x75, 0x26, 0xfe, 0x84, 0xa0, 0xbf, 0xa2, 0x30, 0x7c, 0x78,
0xd1, 0x86, 0x7d, 0x43, 0x1b, 0xcb, 0xe7, 0xff, 0x12, 0xca, 0x0d, 0xe1, 0x3b, 0xd0, 0x2f, 0x03,
0x4c, 0x4d, 0x3f, 0xa8, 0xa7, 0x29, 0x33, 0x8e, 0x54, 0x08, 0xbc, 0x07, 0xdd, 0x19, 0x0f, 0xc7,
0xc6, 0x9a, 0x42, 0x3e, 0xaf, 0x91, 0xdd, 0x0f, 0x78, 0x38, 0x26, 0xaa, 0x93, 0x23, 0x42, 0x1a,
0x30, 0xf5, 0x0e, 0x35, 0x10, 0x79, 0x74, 0x11, 0xd5, 0xb1, 0x7e, 0x40, 0xb0, 0xa1, 0xdf, 0xbf,
0x4a, 0x0f, 0x5d, 0xaa, 0x77, 0x08, 0x40, 0x63, 0xfe, 0x88, 0x09, 0xc9, 0xa3, 0x50, 0x9f, 0x5b,
0x7d, 0x29, 0xf7, 0x4f, 0x8e, 0x74, 0x87, 0x34, 0x50, 0x57, 0xcf, 0x80, 0x1d, 0x18, 0xe4, 0xbf,
0x32, 0xa6, 0x1e, 0x33, 0xba, 0x0a, 0xb6, 0xa3, 0x61, 0x83, 0xe3, 0xb2, 0x41, 0x6a, 0x8c, 0xfb,
0xca, 0xe9, 0xb9, 0xd9, 0x39, 0x3b, 0x37, 0x3b, 0xbf, 0x9d, 0x9b, 0x9d, 0xaf, 0x33, 0x13, 0x9d,
0x66, 0x26, 0x3a, 0xcb, 0x4c, 0xf4, 0x47, 0x66, 0xa2, 0x6f, 0xff, 0x34, 0x3b, 0x8f, 0xfb, 0xe5,
0xc5, 0xff, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x53, 0x64, 0x1d, 0x0e, 0x87, 0x0c, 0x00, 0x00,
}

9
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/generated.proto generated vendored
View file

@ -24,9 +24,9 @@ package k8s.io.kubernetes.pkg.apis.rbac.v1alpha1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/kubernetes/pkg/api/resource/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
import "k8s.io/apiserver/pkg/apis/example/v1/generated.proto";
import "k8s.io/kubernetes/pkg/api/v1/generated.proto";
import "k8s.io/kubernetes/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1alpha1";
@ -184,7 +184,10 @@ message Subject {
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
optional string kind = 1;
// APIVersion holds the API group and version of the referenced object.
// APIVersion holds the API group and version of the referenced subject.
// Defaults to "v1" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io/v1alpha1" for User and Group subjects.
// +k8s:conversion-gen=false
// +optional
optional string apiVersion = 2;

8
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/types.go generated vendored
View file

@ -34,6 +34,9 @@ const (
GroupKind = "Group"
ServiceAccountKind = "ServiceAccount"
UserKind = "User"
// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false"
AutoUpdateAnnotationKey = "rbac.authorization.kubernetes.io/autoupdate"
)
// Authorization is calculated against
@ -72,7 +75,10 @@ type Subject struct {
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
Kind string `json:"kind" protobuf:"bytes,1,opt,name=kind"`
// APIVersion holds the API group and version of the referenced object.
// APIVersion holds the API group and version of the referenced subject.
// Defaults to "v1" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io/v1alpha1" for User and Group subjects.
// +k8s:conversion-gen=false
// +optional
APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,2,opt.name=apiVersion"`
// Name of the object being referenced.

2
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/types_swagger_doc_generated.go generated vendored
View file

@ -136,7 +136,7 @@ func (RoleRef) SwaggerDoc() map[string]string {
var map_Subject = map[string]string{
"": "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.",
"kind": "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\". If the Authorizer does not recognized the kind value, the Authorizer should report an error.",
"apiVersion": "APIVersion holds the API group and version of the referenced object.",
"apiVersion": "APIVersion holds the API group and version of the referenced subject. Defaults to \"v1\" for ServiceAccount subjects. Defaults to \"rbac.authorization.k8s.io/v1alpha1\" for User and Group subjects.",
"name": "Name of the object being referenced.",
"namespace": "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty the Authorizer should report an error.",
}

46
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/zz_generated.conversion.go generated vendored
View file

@ -76,7 +76,11 @@ func Convert_v1alpha1_ClusterRole_To_rbac_ClusterRole(in *ClusterRole, out *rbac
func autoConvert_rbac_ClusterRole_To_v1alpha1_ClusterRole(in *rbac.ClusterRole, out *ClusterRole, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules))
if in.Rules == nil {
out.Rules = make([]PolicyRule, 0)
} else {
out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules))
}
return nil
}
@ -118,7 +122,7 @@ func autoConvert_rbac_ClusterRoleBinding_To_v1alpha1_ClusterRoleBinding(in *rbac
}
}
} else {
out.Subjects = nil
out.Subjects = make([]Subject, 0)
}
if err := Convert_rbac_RoleRef_To_v1alpha1_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil {
return err
@ -183,7 +187,7 @@ func autoConvert_rbac_ClusterRoleBindingList_To_v1alpha1_ClusterRoleBindingList(
}
}
} else {
out.Items = nil
out.Items = make([]ClusterRoleBinding, 0)
}
return nil
}
@ -204,7 +208,11 @@ func Convert_v1alpha1_ClusterRoleList_To_rbac_ClusterRoleList(in *ClusterRoleLis
func autoConvert_rbac_ClusterRoleList_To_v1alpha1_ClusterRoleList(in *rbac.ClusterRoleList, out *ClusterRoleList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]ClusterRole)(unsafe.Pointer(&in.Items))
if in.Items == nil {
out.Items = make([]ClusterRole, 0)
} else {
out.Items = *(*[]ClusterRole)(unsafe.Pointer(&in.Items))
}
return nil
}
@ -226,7 +234,11 @@ func Convert_v1alpha1_PolicyRule_To_rbac_PolicyRule(in *PolicyRule, out *rbac.Po
}
func autoConvert_rbac_PolicyRule_To_v1alpha1_PolicyRule(in *rbac.PolicyRule, out *PolicyRule, s conversion.Scope) error {
out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs))
if in.Verbs == nil {
out.Verbs = make([]string, 0)
} else {
out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs))
}
out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups))
out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources))
out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames))
@ -272,7 +284,11 @@ func Convert_v1alpha1_Role_To_rbac_Role(in *Role, out *rbac.Role, s conversion.S
func autoConvert_rbac_Role_To_v1alpha1_Role(in *rbac.Role, out *Role, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules))
if in.Rules == nil {
out.Rules = make([]PolicyRule, 0)
} else {
out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules))
}
return nil
}
@ -314,7 +330,7 @@ func autoConvert_rbac_RoleBinding_To_v1alpha1_RoleBinding(in *rbac.RoleBinding,
}
}
} else {
out.Subjects = nil
out.Subjects = make([]Subject, 0)
}
if err := Convert_rbac_RoleRef_To_v1alpha1_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil {
return err
@ -357,7 +373,7 @@ func autoConvert_rbac_RoleBindingList_To_v1alpha1_RoleBindingList(in *rbac.RoleB
}
}
} else {
out.Items = nil
out.Items = make([]RoleBinding, 0)
}
return nil
}
@ -378,7 +394,11 @@ func Convert_v1alpha1_RoleList_To_rbac_RoleList(in *RoleList, out *rbac.RoleList
func autoConvert_rbac_RoleList_To_v1alpha1_RoleList(in *rbac.RoleList, out *RoleList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]Role)(unsafe.Pointer(&in.Items))
if in.Items == nil {
out.Items = make([]Role, 0)
} else {
out.Items = *(*[]Role)(unsafe.Pointer(&in.Items))
}
return nil
}
@ -410,7 +430,7 @@ func Convert_rbac_RoleRef_To_v1alpha1_RoleRef(in *rbac.RoleRef, out *RoleRef, s
func autoConvert_v1alpha1_Subject_To_rbac_Subject(in *Subject, out *rbac.Subject, s conversion.Scope) error {
out.Kind = in.Kind
out.APIVersion = in.APIVersion
// INFO: in.APIVersion opted out of conversion generation
out.Name = in.Name
out.Namespace = in.Namespace
return nil
@ -418,12 +438,8 @@ func autoConvert_v1alpha1_Subject_To_rbac_Subject(in *Subject, out *rbac.Subject
func autoConvert_rbac_Subject_To_v1alpha1_Subject(in *rbac.Subject, out *Subject, s conversion.Scope) error {
out.Kind = in.Kind
out.APIVersion = in.APIVersion
// WARNING: in.APIGroup requires manual conversion: does not exist in peer-type
out.Name = in.Name
out.Namespace = in.Namespace
return nil
}
func Convert_rbac_Subject_To_v1alpha1_Subject(in *rbac.Subject, out *Subject, s conversion.Scope) error {
return autoConvert_rbac_Subject_To_v1alpha1_Subject(in, out, s)
}

8
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1alpha1/zz_generated.defaults.go generated vendored
View file

@ -37,6 +37,10 @@ func RegisterDefaults(scheme *runtime.Scheme) error {
func SetObjectDefaults_ClusterRoleBinding(in *ClusterRoleBinding) {
SetDefaults_ClusterRoleBinding(in)
for i := range in.Subjects {
a := &in.Subjects[i]
SetDefaults_Subject(a)
}
}
func SetObjectDefaults_ClusterRoleBindingList(in *ClusterRoleBindingList) {
@ -48,6 +52,10 @@ func SetObjectDefaults_ClusterRoleBindingList(in *ClusterRoleBindingList) {
func SetObjectDefaults_RoleBinding(in *RoleBinding) {
SetDefaults_RoleBinding(in)
for i := range in.Subjects {
a := &in.Subjects[i]
SetDefaults_Subject(a)
}
}
func SetObjectDefaults_RoleBindingList(in *RoleBindingList) {

49
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/BUILD generated vendored
View file

@ -1,49 +0,0 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_library",
)
go_library(
name = "go_default_library",
srcs = [
"defaults.go",
"doc.go",
"generated.pb.go",
"helpers.go",
"register.go",
"types.generated.go",
"types.go",
"types_swagger_doc_generated.go",
"zz_generated.conversion.go",
"zz_generated.deepcopy.go",
"zz_generated.defaults.go",
],
tags = ["automanaged"],
deps = [
"//pkg/apis/rbac:go_default_library",
"//vendor:github.com/gogo/protobuf/proto",
"//vendor:github.com/ugorji/go/codec",
"//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
"//vendor:k8s.io/apimachinery/pkg/conversion",
"//vendor:k8s.io/apimachinery/pkg/runtime",
"//vendor:k8s.io/apimachinery/pkg/runtime/schema",
"//vendor:k8s.io/apimachinery/pkg/types",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
)

13
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/defaults.go generated vendored
View file

@ -25,6 +25,7 @@ func addDefaultingFuncs(scheme *runtime.Scheme) error {
return scheme.AddDefaultingFuncs(
SetDefaults_ClusterRoleBinding,
SetDefaults_RoleBinding,
SetDefaults_Subject,
)
}
@ -38,3 +39,15 @@ func SetDefaults_RoleBinding(obj *RoleBinding) {
obj.RoleRef.APIGroup = GroupName
}
}
func SetDefaults_Subject(obj *Subject) {
if len(obj.APIGroup) == 0 {
switch obj.Kind {
case ServiceAccountKind:
obj.APIGroup = ""
case UserKind:
obj.APIGroup = GroupName
case GroupKind:
obj.APIGroup = GroupName
}
}
}

119
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/generated.pb.go generated vendored
View file

@ -644,8 +644,8 @@ func (m *Subject) MarshalTo(data []byte) (int, error) {
i += copy(data[i:], m.Kind)
data[i] = 0x12
i++
i = encodeVarintGenerated(data, i, uint64(len(m.APIVersion)))
i += copy(data[i:], m.APIVersion)
i = encodeVarintGenerated(data, i, uint64(len(m.APIGroup)))
i += copy(data[i:], m.APIGroup)
data[i] = 0x1a
i++
i = encodeVarintGenerated(data, i, uint64(len(m.Name)))
@ -869,7 +869,7 @@ func (m *Subject) Size() (n int) {
_ = l
l = len(m.Kind)
n += 1 + l + sovGenerated(uint64(l))
l = len(m.APIVersion)
l = len(m.APIGroup)
n += 1 + l + sovGenerated(uint64(l))
l = len(m.Name)
n += 1 + l + sovGenerated(uint64(l))
@ -1033,7 +1033,7 @@ func (this *Subject) String() string {
}
s := strings.Join([]string{`&Subject{`,
`Kind:` + fmt.Sprintf("%v", this.Kind) + `,`,
`APIVersion:` + fmt.Sprintf("%v", this.APIVersion) + `,`,
`APIGroup:` + fmt.Sprintf("%v", this.APIGroup) + `,`,
`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
`Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`,
`}`,
@ -2548,7 +2548,7 @@ func (m *Subject) Unmarshal(data []byte) error {
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field APIVersion", wireType)
return fmt.Errorf("proto: wrong wireType = %d for field APIGroup", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
@ -2573,7 +2573,7 @@ func (m *Subject) Unmarshal(data []byte) error {
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.APIVersion = string(data[iNdEx:postIndex])
m.APIGroup = string(data[iNdEx:postIndex])
iNdEx = postIndex
case 3:
if wireType != 2 {
@ -2760,58 +2760,57 @@ var (
)
var fileDescriptorGenerated = []byte{
// 838 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xec, 0x54, 0xbf, 0x6f, 0xe4, 0x44,
0x14, 0xde, 0x49, 0x76, 0x95, 0xdd, 0x17, 0xa2, 0x90, 0x41, 0x42, 0x26, 0x85, 0x37, 0x72, 0x43,
0x10, 0x77, 0xf6, 0x25, 0x9c, 0x38, 0x24, 0x44, 0x71, 0xa6, 0x40, 0x11, 0x47, 0x88, 0x06, 0x71,
0xe2, 0x97, 0xd0, 0xcd, 0x7a, 0xe7, 0x9c, 0x61, 0xfd, 0x4b, 0x33, 0xe3, 0x48, 0x27, 0x28, 0xe8,
0x68, 0xf9, 0x27, 0xe8, 0xa8, 0xa0, 0xa5, 0xa2, 0x0a, 0x54, 0x57, 0x5e, 0xb5, 0x22, 0xe6, 0x0f,
0x01, 0xd9, 0x1e, 0xff, 0xd8, 0xf3, 0x46, 0x59, 0x82, 0x14, 0x09, 0x89, 0x6a, 0x77, 0xde, 0xfb,
0xbe, 0x37, 0xef, 0x7b, 0x6f, 0xfc, 0xc1, 0xbd, 0xd9, 0x5b, 0xd2, 0xe6, 0xb1, 0x33, 0x4b, 0x27,
0x4c, 0x44, 0x4c, 0x31, 0xe9, 0x24, 0x33, 0xdf, 0xa1, 0x09, 0x97, 0x8e, 0x98, 0x50, 0xcf, 0x39,
0x3b, 0x98, 0x30, 0x45, 0x0f, 0x1c, 0x9f, 0x45, 0x4c, 0x50, 0xc5, 0xa6, 0x76, 0x22, 0x62, 0x15,
0xe3, 0x57, 0x4b, 0xa2, 0xdd, 0x10, 0xed, 0x64, 0xe6, 0xdb, 0x39, 0xd1, 0xce, 0x89, 0xb6, 0x26,
0xee, 0xde, 0xf6, 0xb9, 0x3a, 0x4d, 0x27, 0xb6, 0x17, 0x87, 0x8e, 0x1f, 0xfb, 0xb1, 0x53, 0xf0,
0x27, 0xe9, 0xe3, 0xe2, 0x54, 0x1c, 0x8a, 0x7f, 0x65, 0xdd, 0xdd, 0xbb, 0xba, 0x21, 0x9a, 0xf0,
0x90, 0x7a, 0xa7, 0x3c, 0x62, 0xe2, 0x49, 0xd3, 0x52, 0xc8, 0x14, 0x75, 0xce, 0x3a, 0xdd, 0xec,
0x3a, 0x97, 0xb1, 0x44, 0x1a, 0x29, 0x1e, 0xb2, 0x0e, 0xe1, 0xcd, 0xab, 0x08, 0xd2, 0x3b, 0x65,
0x21, 0xed, 0xf0, 0x0e, 0x2f, 0x9d, 0x97, 0x23, 0x98, 0x8c, 0x53, 0xe1, 0x75, 0xef, 0xba, 0x75,
0x39, 0x67, 0x89, 0x94, 0x83, 0xe5, 0xe8, 0x54, 0xf1, 0xc0, 0xe1, 0x91, 0x92, 0x4a, 0x3c, 0x4f,
0xb1, 0x7e, 0x43, 0xb0, 0xf9, 0x6e, 0x90, 0x4a, 0xc5, 0x04, 0x89, 0x03, 0x86, 0x1f, 0xc1, 0x30,
0x1f, 0xd4, 0x94, 0x2a, 0x6a, 0xa0, 0x3d, 0xb4, 0xbf, 0x79, 0x78, 0xc7, 0xd6, 0xeb, 0x6a, 0xeb,
0x6d, 0x16, 0x96, 0xa3, 0xed, 0xb3, 0x03, 0xfb, 0xc3, 0xc9, 0x57, 0xcc, 0x53, 0x1f, 0x30, 0x45,
0x5d, 0x7c, 0x3e, 0x1f, 0xf7, 0xb2, 0xf9, 0x18, 0x9a, 0x18, 0xa9, 0xab, 0xe2, 0x4f, 0x60, 0x20,
0xd2, 0x80, 0x49, 0x63, 0x6d, 0x6f, 0x7d, 0x7f, 0xf3, 0xf0, 0x0d, 0x7b, 0xc5, 0xd7, 0x60, 0x9f,
0xc4, 0x01, 0xf7, 0x9e, 0x90, 0x34, 0x60, 0xee, 0x96, 0xbe, 0x61, 0x90, 0x9f, 0x24, 0x29, 0x0b,
0x5a, 0x3f, 0xaf, 0x01, 0x6e, 0x69, 0x71, 0x79, 0x34, 0xe5, 0x91, 0x7f, 0x03, 0x92, 0xbe, 0x84,
0xa1, 0x4c, 0x8b, 0x44, 0xa5, 0xea, 0xce, 0xca, 0xaa, 0x3e, 0x2a, 0x89, 0xee, 0x8b, 0xfa, 0x86,
0xa1, 0x0e, 0x48, 0x52, 0xd7, 0xc4, 0x9f, 0xc3, 0x86, 0x88, 0x03, 0x46, 0xd8, 0x63, 0x63, 0x7d,
0x51, 0xc0, 0x95, 0xe5, 0x49, 0xc9, 0x73, 0xb7, 0x75, 0xf9, 0x0d, 0x1d, 0x20, 0x55, 0x45, 0xeb,
0x07, 0x04, 0xaf, 0x74, 0xa7, 0xe6, 0xa6, 0x3c, 0x98, 0x32, 0x81, 0xbf, 0x43, 0x80, 0xbd, 0x4e,
0x56, 0xcf, 0xf1, 0xed, 0x95, 0xdb, 0x58, 0x72, 0xc1, 0xae, 0xee, 0x68, 0xc9, 0xca, 0xc8, 0x92,
0x2b, 0xad, 0x67, 0x08, 0x5e, 0xee, 0x42, 0x1f, 0x70, 0xa9, 0xf0, 0x17, 0x9d, 0x0d, 0xdb, 0xab,
0x6d, 0x38, 0x67, 0x17, 0xfb, 0xad, 0xa7, 0x5f, 0x45, 0x5a, 0xdb, 0x7d, 0x04, 0x03, 0xae, 0x58,
0x58, 0xad, 0xf6, 0x5f, 0x89, 0xae, 0x1f, 0xee, 0x51, 0x5e, 0x91, 0x94, 0x85, 0xad, 0xdf, 0x11,
0x6c, 0xb7, 0xc0, 0x37, 0xa0, 0xe9, 0xd3, 0x45, 0x4d, 0x77, 0xaf, 0xa5, 0x69, 0xb9, 0x98, 0xbf,
0x10, 0x40, 0xf3, 0xa9, 0xe2, 0x31, 0x0c, 0xce, 0x98, 0x98, 0x48, 0x03, 0xed, 0xad, 0xef, 0x8f,
0xdc, 0x51, 0x8e, 0x7f, 0x98, 0x07, 0x48, 0x19, 0xc7, 0xaf, 0xc3, 0x88, 0x26, 0xfc, 0x3d, 0x11,
0xa7, 0x49, 0xd9, 0xce, 0xc8, 0xdd, 0xca, 0xe6, 0xe3, 0xd1, 0xfd, 0x93, 0xa3, 0x32, 0x48, 0x9a,
0x7c, 0x0e, 0xae, 0xbc, 0x52, 0x1a, 0xeb, 0x0d, 0x98, 0x54, 0x41, 0xd2, 0xe4, 0xf1, 0x3d, 0xd8,
0xaa, 0x0e, 0xc7, 0x34, 0x64, 0xd2, 0xe8, 0x17, 0x84, 0x9d, 0x6c, 0x3e, 0xde, 0x22, 0xed, 0x04,
0x59, 0xc4, 0xe1, 0x77, 0x60, 0x3b, 0x8a, 0xa3, 0x0a, 0xf2, 0x31, 0x79, 0x20, 0x8d, 0x41, 0x41,
0x7d, 0x29, 0x9b, 0x8f, 0xb7, 0x8f, 0x17, 0x53, 0xe4, 0x79, 0xac, 0xf5, 0x0d, 0xec, 0xb4, 0xbc,
0x4a, 0x7f, 0x48, 0x3e, 0x40, 0x52, 0x07, 0xf5, 0x46, 0xaf, 0xe5, 0x7d, 0xb5, 0x15, 0x35, 0x31,
0xd2, 0x2a, 0x6d, 0xfd, 0x8a, 0xa0, 0xff, 0x9f, 0xb7, 0xf2, 0x1f, 0xd7, 0x60, 0xf3, 0x7f, 0x0f,
0x5f, 0xd9, 0xc3, 0x73, 0x03, 0xb9, 0x59, 0x53, 0xbc, 0xb6, 0x81, 0x5c, 0xed, 0x86, 0xbf, 0x20,
0x18, 0xde, 0x90, 0x0d, 0x92, 0x45, 0x15, 0xb7, 0xff, 0x99, 0x8a, 0xe5, 0xed, 0x7f, 0x0d, 0xd5,
0x7e, 0xf0, 0x2d, 0x18, 0x56, 0xd6, 0x55, 0x34, 0x3f, 0x6a, 0x9a, 0xa9, 0xdc, 0x8d, 0xd4, 0x08,
0xbc, 0x07, 0xfd, 0x19, 0x8f, 0xa6, 0xc6, 0x5a, 0x81, 0x7c, 0x41, 0x23, 0xfb, 0xef, 0xf3, 0x68,
0x4a, 0x8a, 0x4c, 0x8e, 0x88, 0x68, 0xc8, 0x8a, 0x07, 0xd4, 0x42, 0xe4, 0xa6, 0x45, 0x8a, 0x8c,
0xf5, 0x13, 0x82, 0x0d, 0xfd, 0xf8, 0xea, 0x7a, 0xe8, 0xd2, 0x7a, 0x87, 0x00, 0x34, 0xe1, 0x0f,
0x99, 0x90, 0x3c, 0x8e, 0xf4, 0xbd, 0xf5, 0x57, 0x72, 0xff, 0xe4, 0x48, 0x67, 0x48, 0x0b, 0x75,
0x75, 0x0f, 0xd8, 0x81, 0x51, 0xfe, 0x2b, 0x13, 0xea, 0x31, 0xa3, 0x5f, 0xc0, 0x76, 0x34, 0x6c,
0x74, 0x5c, 0x25, 0x48, 0x83, 0x71, 0x5f, 0x3b, 0xbf, 0x30, 0x7b, 0x4f, 0x2f, 0xcc, 0xde, 0xb3,
0x0b, 0xb3, 0xf7, 0x6d, 0x66, 0xa2, 0xf3, 0xcc, 0x44, 0x4f, 0x33, 0x13, 0xfd, 0x91, 0x99, 0xe8,
0xfb, 0x3f, 0xcd, 0xde, 0x67, 0x1b, 0x7a, 0xee, 0x7f, 0x07, 0x00, 0x00, 0xff, 0xff, 0x2f, 0x1d,
0x32, 0x0f, 0x74, 0x0c, 0x00, 0x00,
// 830 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xec, 0x54, 0xbf, 0x8f, 0xe3, 0x44,
0x14, 0xce, 0x64, 0x13, 0x6d, 0x3c, 0xcb, 0x2a, 0xec, 0x20, 0x21, 0x93, 0xc2, 0x89, 0xdc, 0xb0,
0x88, 0x3b, 0xfb, 0xf6, 0xee, 0xc4, 0x21, 0x21, 0x0a, 0x4c, 0x81, 0x4e, 0x1c, 0xcb, 0x69, 0x10,
0x88, 0x5f, 0x42, 0x37, 0x71, 0xe6, 0xbc, 0x43, 0xfc, 0x4b, 0x33, 0xe3, 0x88, 0x13, 0x14, 0x74,
0xb4, 0xfc, 0x13, 0x74, 0xd7, 0xd1, 0x52, 0x51, 0x2d, 0x54, 0x57, 0x6e, 0x15, 0xb1, 0xe6, 0x0f,
0x01, 0xd9, 0x1e, 0xff, 0x08, 0x4e, 0xd8, 0xb0, 0x48, 0x91, 0x90, 0xa8, 0x92, 0x79, 0xef, 0xfb,
0xde, 0xbc, 0xef, 0xbd, 0xf1, 0x07, 0xef, 0xcd, 0x5f, 0x17, 0x16, 0x8b, 0xec, 0x79, 0x32, 0xa5,
0x3c, 0xa4, 0x92, 0x0a, 0x3b, 0x9e, 0x7b, 0x36, 0x89, 0x99, 0xb0, 0xf9, 0x94, 0xb8, 0xf6, 0xe2,
0x64, 0x4a, 0x25, 0x39, 0xb1, 0x3d, 0x1a, 0x52, 0x4e, 0x24, 0x9d, 0x59, 0x31, 0x8f, 0x64, 0x84,
0x5e, 0x2e, 0x88, 0x56, 0x4d, 0xb4, 0xe2, 0xb9, 0x67, 0x65, 0x44, 0x2b, 0x23, 0x5a, 0x8a, 0x38,
0xba, 0xe9, 0x31, 0x79, 0x96, 0x4c, 0x2d, 0x37, 0x0a, 0x6c, 0x2f, 0xf2, 0x22, 0x3b, 0xe7, 0x4f,
0x93, 0xc7, 0xf9, 0x29, 0x3f, 0xe4, 0xff, 0x8a, 0xba, 0xa3, 0xbb, 0xaa, 0x21, 0x12, 0xb3, 0x80,
0xb8, 0x67, 0x2c, 0xa4, 0xfc, 0x49, 0xdd, 0x52, 0x40, 0x25, 0xb1, 0x17, 0xad, 0x6e, 0x46, 0xf6,
0x26, 0x16, 0x4f, 0x42, 0xc9, 0x02, 0xda, 0x22, 0xbc, 0x76, 0x15, 0x41, 0xb8, 0x67, 0x34, 0x20,
0x2d, 0xde, 0x9d, 0x4d, 0xbc, 0x44, 0x32, 0xdf, 0x66, 0xa1, 0x14, 0x92, 0xb7, 0x48, 0x0d, 0x4d,
0x82, 0xf2, 0x05, 0xe5, 0xb5, 0x20, 0xfa, 0x15, 0x09, 0x62, 0x9f, 0xae, 0xd3, 0x74, 0x63, 0xe3,
0x6a, 0xd6, 0xa0, 0xcd, 0x5f, 0x00, 0x3c, 0x78, 0xdb, 0x4f, 0x84, 0xa4, 0x1c, 0x47, 0x3e, 0x45,
0x8f, 0xe0, 0x20, 0x1b, 0xd6, 0x8c, 0x48, 0xa2, 0x83, 0x09, 0x38, 0x3e, 0xb8, 0x7d, 0xcb, 0x52,
0x2b, 0x6b, 0xf6, 0x5e, 0x2f, 0x2d, 0x43, 0x5b, 0x8b, 0x13, 0xeb, 0xfd, 0xe9, 0x97, 0xd4, 0x95,
0xef, 0x51, 0x49, 0x1c, 0x74, 0xbe, 0x1c, 0x77, 0xd2, 0xe5, 0x18, 0xd6, 0x31, 0x5c, 0x55, 0x45,
0x1f, 0xc3, 0x3e, 0x4f, 0x7c, 0x2a, 0xf4, 0xee, 0x64, 0xef, 0xf8, 0xe0, 0xf6, 0x1d, 0x6b, 0xcb,
0x17, 0x61, 0x3d, 0x8c, 0x7c, 0xe6, 0x3e, 0xc1, 0x89, 0x4f, 0x9d, 0x43, 0x75, 0x43, 0x3f, 0x3b,
0x09, 0x5c, 0x14, 0x34, 0x7f, 0xec, 0x42, 0xd4, 0xd0, 0xe2, 0xb0, 0x70, 0xc6, 0x42, 0x6f, 0x07,
0x92, 0xbe, 0x80, 0x03, 0x91, 0xe4, 0x89, 0x52, 0xd5, 0xad, 0xad, 0x55, 0x7d, 0x50, 0x10, 0x9d,
0xe7, 0xd5, 0x0d, 0x03, 0x15, 0x10, 0xb8, 0xaa, 0x89, 0x3e, 0x83, 0xfb, 0x3c, 0xf2, 0x29, 0xa6,
0x8f, 0xf5, 0xbd, 0x55, 0x01, 0x57, 0x96, 0xc7, 0x05, 0xcf, 0x19, 0xaa, 0xf2, 0xfb, 0x2a, 0x80,
0xcb, 0x8a, 0xe6, 0x0f, 0x00, 0xbe, 0xd4, 0x9e, 0x9a, 0x93, 0x30, 0x7f, 0x46, 0x39, 0xfa, 0x0e,
0x40, 0xe4, 0xb6, 0xb2, 0x6a, 0x8e, 0x6f, 0x6c, 0xdd, 0xc6, 0x9a, 0x0b, 0x46, 0xaa, 0xa3, 0x35,
0x2b, 0xc3, 0x6b, 0xae, 0x34, 0x2f, 0x00, 0x7c, 0xb1, 0x0d, 0x7d, 0xc0, 0x84, 0x44, 0x9f, 0xb7,
0x36, 0x6c, 0x6d, 0xb7, 0xe1, 0x8c, 0x9d, 0xef, 0xb7, 0x9a, 0x7e, 0x19, 0x69, 0x6c, 0xf7, 0x11,
0xec, 0x33, 0x49, 0x83, 0x72, 0xb5, 0xff, 0x4a, 0x74, 0xf5, 0x70, 0xef, 0x67, 0x15, 0x71, 0x51,
0xd8, 0xfc, 0x15, 0xc0, 0x61, 0x03, 0xbc, 0x03, 0x4d, 0x9f, 0xac, 0x6a, 0xba, 0x7b, 0x2d, 0x4d,
0xeb, 0xc5, 0xfc, 0x01, 0x20, 0xac, 0x3f, 0x55, 0x34, 0x86, 0xfd, 0x05, 0xe5, 0x53, 0xa1, 0x83,
0xc9, 0xde, 0xb1, 0xe6, 0x68, 0x19, 0xfe, 0xa3, 0x2c, 0x80, 0x8b, 0x38, 0x7a, 0x15, 0x6a, 0x24,
0x66, 0xef, 0xf0, 0x28, 0x89, 0x8b, 0x76, 0x34, 0xe7, 0x30, 0x5d, 0x8e, 0xb5, 0xb7, 0x1e, 0xde,
0x2f, 0x82, 0xb8, 0xce, 0x67, 0x60, 0x4e, 0x45, 0x94, 0x70, 0x97, 0x0a, 0x7d, 0xaf, 0x06, 0xe3,
0x32, 0x88, 0xeb, 0x3c, 0xba, 0x07, 0x0f, 0xcb, 0xc3, 0x29, 0x09, 0xa8, 0xd0, 0x7b, 0x39, 0xe1,
0x28, 0x5d, 0x8e, 0x0f, 0x71, 0x33, 0x81, 0x57, 0x71, 0xe8, 0x4d, 0x38, 0x0c, 0xa3, 0xb0, 0x84,
0x7c, 0x88, 0x1f, 0x08, 0xbd, 0x9f, 0x53, 0x5f, 0x48, 0x97, 0xe3, 0xe1, 0xe9, 0x6a, 0x0a, 0xff,
0x15, 0x6b, 0x7e, 0x03, 0x8f, 0x1a, 0x5e, 0xa5, 0x3e, 0x24, 0x0f, 0xc2, 0xb8, 0x0a, 0xaa, 0x8d,
0x5e, 0xcb, 0xfb, 0x2a, 0x2b, 0xaa, 0x63, 0xb8, 0x51, 0xda, 0xfc, 0x19, 0xc0, 0xde, 0x7f, 0xde,
0xca, 0x9f, 0x76, 0xe1, 0xc1, 0xff, 0x1e, 0xbe, 0xb5, 0x87, 0x67, 0x06, 0xb2, 0x5b, 0x53, 0xbc,
0xb6, 0x81, 0x5c, 0xed, 0x86, 0x3f, 0x01, 0x38, 0xd8, 0x91, 0x0d, 0xe2, 0x55, 0x15, 0x37, 0xff,
0x99, 0x8a, 0xf5, 0xed, 0x7f, 0x0d, 0xcb, 0xfd, 0xa0, 0x1b, 0x70, 0x50, 0x5a, 0x57, 0xde, 0xbc,
0x56, 0x37, 0x53, 0xba, 0x1b, 0xae, 0x10, 0x68, 0x02, 0x7b, 0x73, 0x16, 0xce, 0xf4, 0x6e, 0x8e,
0x7c, 0x4e, 0x21, 0x7b, 0xef, 0xb2, 0x70, 0x86, 0xf3, 0x4c, 0x86, 0x08, 0x49, 0x40, 0xf3, 0x07,
0xd4, 0x40, 0x64, 0xa6, 0x85, 0xf3, 0x8c, 0xf9, 0x14, 0xc0, 0x7d, 0xf5, 0xf8, 0xaa, 0x7a, 0x60,
0x63, 0xbd, 0x66, 0x7f, 0xdd, 0x6d, 0xfa, 0xfb, 0xfb, 0xdb, 0x91, 0x0d, 0xb5, 0xec, 0x57, 0xc4,
0xc4, 0xa5, 0x7a, 0x2f, 0x87, 0x1d, 0x29, 0x98, 0x76, 0x5a, 0x26, 0x70, 0x8d, 0x71, 0x5e, 0x39,
0xbf, 0x34, 0x3a, 0xcf, 0x2e, 0x8d, 0xce, 0xc5, 0xa5, 0xd1, 0xf9, 0x36, 0x35, 0xc0, 0x79, 0x6a,
0x80, 0x67, 0xa9, 0x01, 0x7e, 0x4b, 0x0d, 0xf0, 0xfd, 0xef, 0x46, 0xe7, 0xd3, 0x7d, 0x35, 0xf1,
0x3f, 0x03, 0x00, 0x00, 0xff, 0xff, 0xcc, 0x96, 0xa1, 0xd4, 0x72, 0x0c, 0x00, 0x00,
}

10
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/generated.proto generated vendored
View file

@ -24,9 +24,9 @@ package k8s.io.kubernetes.pkg.apis.rbac.v1beta1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/kubernetes/pkg/api/resource/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
import "k8s.io/apiserver/pkg/apis/example/v1/generated.proto";
import "k8s.io/kubernetes/pkg/api/v1/generated.proto";
import "k8s.io/kubernetes/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1beta1";
@ -183,9 +183,11 @@ message Subject {
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
optional string kind = 1;
// APIVersion holds the API group and version of the referenced object.
// APIGroup holds the API group of the referenced subject.
// Defaults to "" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
// +optional
optional string apiVersion = 2;
optional string apiGroup = 2;
// Name of the object being referenced.
optional string name = 3;

18
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/types.generated.go generated vendored
View file

@ -540,7 +540,7 @@ func (x *Subject) CodecEncodeSelf(e *codec1978.Encoder) {
var yyq2 [4]bool
_, _, _ = yysep2, yyq2, yy2arr2
const yyr2 bool = false
yyq2[1] = x.APIVersion != ""
yyq2[1] = x.APIGroup != ""
yyq2[3] = x.Namespace != ""
var yynn2 int
if yyr2 || yy2arr2 {
@ -581,7 +581,7 @@ func (x *Subject) CodecEncodeSelf(e *codec1978.Encoder) {
_ = yym7
if false {
} else {
r.EncodeString(codecSelferC_UTF81234, string(x.APIVersion))
r.EncodeString(codecSelferC_UTF81234, string(x.APIGroup))
}
} else {
r.EncodeString(codecSelferC_UTF81234, "")
@ -589,13 +589,13 @@ func (x *Subject) CodecEncodeSelf(e *codec1978.Encoder) {
} else {
if yyq2[1] {
z.EncSendContainerState(codecSelfer_containerMapKey1234)
r.EncodeString(codecSelferC_UTF81234, string("apiVersion"))
r.EncodeString(codecSelferC_UTF81234, string("apiGroup"))
z.EncSendContainerState(codecSelfer_containerMapValue1234)
yym8 := z.EncBinary()
_ = yym8
if false {
} else {
r.EncodeString(codecSelferC_UTF81234, string(x.APIVersion))
r.EncodeString(codecSelferC_UTF81234, string(x.APIGroup))
}
}
}
@ -716,11 +716,11 @@ func (x *Subject) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
*((*string)(yyv4)) = r.DecodeString()
}
}
case "apiVersion":
case "apiGroup":
if r.TryDecodeAsNil() {
x.APIVersion = ""
x.APIGroup = ""
} else {
yyv6 := &x.APIVersion
yyv6 := &x.APIGroup
yym7 := z.DecBinary()
_ = yym7
if false {
@ -800,9 +800,9 @@ func (x *Subject) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
if r.TryDecodeAsNil() {
x.APIVersion = ""
x.APIGroup = ""
} else {
yyv15 := &x.APIVersion
yyv15 := &x.APIGroup
yym16 := z.DecBinary()
_ = yym16
if false {

9
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/types.go generated vendored
View file

@ -34,6 +34,9 @@ const (
GroupKind = "Group"
ServiceAccountKind = "ServiceAccount"
UserKind = "User"
// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false"
AutoUpdateAnnotationKey = "rbac.authorization.kubernetes.io/autoupdate"
)
// Authorization is calculated against
@ -71,9 +74,11 @@ type Subject struct {
// Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the Authorizer does not recognized the kind value, the Authorizer should report an error.
Kind string `json:"kind" protobuf:"bytes,1,opt,name=kind"`
// APIVersion holds the API group and version of the referenced object.
// APIGroup holds the API group of the referenced subject.
// Defaults to "" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
// +optional
APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,2,opt.name=apiVersion"`
APIGroup string `json:"apiGroup,omitempty" protobuf:"bytes,2,opt.name=apiGroup"`
// Name of the object being referenced.
Name string `json:"name" protobuf:"bytes,3,opt,name=name"`
// Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty

10
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/types_swagger_doc_generated.go generated vendored
View file

@ -134,11 +134,11 @@ func (RoleRef) SwaggerDoc() map[string]string {
}
var map_Subject = map[string]string{
"": "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.",
"kind": "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\". If the Authorizer does not recognized the kind value, the Authorizer should report an error.",
"apiVersion": "APIVersion holds the API group and version of the referenced object.",
"name": "Name of the object being referenced.",
"namespace": "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty the Authorizer should report an error.",
"": "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.",
"kind": "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\". If the Authorizer does not recognized the kind value, the Authorizer should report an error.",
"apiGroup": "APIGroup holds the API group of the referenced subject. Defaults to \"\" for ServiceAccount subjects. Defaults to \"rbac.authorization.k8s.io\" for User and Group subjects.",
"name": "Name of the object being referenced.",
"namespace": "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty the Authorizer should report an error.",
}
func (Subject) SwaggerDoc() map[string]string {

58
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/zz_generated.conversion.go generated vendored
View file

@ -76,7 +76,11 @@ func Convert_v1beta1_ClusterRole_To_rbac_ClusterRole(in *ClusterRole, out *rbac.
func autoConvert_rbac_ClusterRole_To_v1beta1_ClusterRole(in *rbac.ClusterRole, out *ClusterRole, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules))
if in.Rules == nil {
out.Rules = make([]PolicyRule, 0)
} else {
out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules))
}
return nil
}
@ -99,7 +103,11 @@ func Convert_v1beta1_ClusterRoleBinding_To_rbac_ClusterRoleBinding(in *ClusterRo
func autoConvert_rbac_ClusterRoleBinding_To_v1beta1_ClusterRoleBinding(in *rbac.ClusterRoleBinding, out *ClusterRoleBinding, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
out.Subjects = *(*[]Subject)(unsafe.Pointer(&in.Subjects))
if in.Subjects == nil {
out.Subjects = make([]Subject, 0)
} else {
out.Subjects = *(*[]Subject)(unsafe.Pointer(&in.Subjects))
}
if err := Convert_rbac_RoleRef_To_v1beta1_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil {
return err
}
@ -144,7 +152,11 @@ func Convert_v1beta1_ClusterRoleBindingList_To_rbac_ClusterRoleBindingList(in *C
func autoConvert_rbac_ClusterRoleBindingList_To_v1beta1_ClusterRoleBindingList(in *rbac.ClusterRoleBindingList, out *ClusterRoleBindingList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]ClusterRoleBinding)(unsafe.Pointer(&in.Items))
if in.Items == nil {
out.Items = make([]ClusterRoleBinding, 0)
} else {
out.Items = *(*[]ClusterRoleBinding)(unsafe.Pointer(&in.Items))
}
return nil
}
@ -164,7 +176,11 @@ func Convert_v1beta1_ClusterRoleList_To_rbac_ClusterRoleList(in *ClusterRoleList
func autoConvert_rbac_ClusterRoleList_To_v1beta1_ClusterRoleList(in *rbac.ClusterRoleList, out *ClusterRoleList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]ClusterRole)(unsafe.Pointer(&in.Items))
if in.Items == nil {
out.Items = make([]ClusterRole, 0)
} else {
out.Items = *(*[]ClusterRole)(unsafe.Pointer(&in.Items))
}
return nil
}
@ -186,7 +202,11 @@ func Convert_v1beta1_PolicyRule_To_rbac_PolicyRule(in *PolicyRule, out *rbac.Pol
}
func autoConvert_rbac_PolicyRule_To_v1beta1_PolicyRule(in *rbac.PolicyRule, out *PolicyRule, s conversion.Scope) error {
out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs))
if in.Verbs == nil {
out.Verbs = make([]string, 0)
} else {
out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs))
}
out.APIGroups = *(*[]string)(unsafe.Pointer(&in.APIGroups))
out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources))
out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames))
@ -232,7 +252,11 @@ func Convert_v1beta1_Role_To_rbac_Role(in *Role, out *rbac.Role, s conversion.Sc
func autoConvert_rbac_Role_To_v1beta1_Role(in *rbac.Role, out *Role, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules))
if in.Rules == nil {
out.Rules = make([]PolicyRule, 0)
} else {
out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules))
}
return nil
}
@ -255,7 +279,11 @@ func Convert_v1beta1_RoleBinding_To_rbac_RoleBinding(in *RoleBinding, out *rbac.
func autoConvert_rbac_RoleBinding_To_v1beta1_RoleBinding(in *rbac.RoleBinding, out *RoleBinding, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
out.Subjects = *(*[]Subject)(unsafe.Pointer(&in.Subjects))
if in.Subjects == nil {
out.Subjects = make([]Subject, 0)
} else {
out.Subjects = *(*[]Subject)(unsafe.Pointer(&in.Subjects))
}
if err := Convert_rbac_RoleRef_To_v1beta1_RoleRef(&in.RoleRef, &out.RoleRef, s); err != nil {
return err
}
@ -278,7 +306,11 @@ func Convert_v1beta1_RoleBindingList_To_rbac_RoleBindingList(in *RoleBindingList
func autoConvert_rbac_RoleBindingList_To_v1beta1_RoleBindingList(in *rbac.RoleBindingList, out *RoleBindingList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]RoleBinding)(unsafe.Pointer(&in.Items))
if in.Items == nil {
out.Items = make([]RoleBinding, 0)
} else {
out.Items = *(*[]RoleBinding)(unsafe.Pointer(&in.Items))
}
return nil
}
@ -298,7 +330,11 @@ func Convert_v1beta1_RoleList_To_rbac_RoleList(in *RoleList, out *rbac.RoleList,
func autoConvert_rbac_RoleList_To_v1beta1_RoleList(in *rbac.RoleList, out *RoleList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]Role)(unsafe.Pointer(&in.Items))
if in.Items == nil {
out.Items = make([]Role, 0)
} else {
out.Items = *(*[]Role)(unsafe.Pointer(&in.Items))
}
return nil
}
@ -330,7 +366,7 @@ func Convert_rbac_RoleRef_To_v1beta1_RoleRef(in *rbac.RoleRef, out *RoleRef, s c
func autoConvert_v1beta1_Subject_To_rbac_Subject(in *Subject, out *rbac.Subject, s conversion.Scope) error {
out.Kind = in.Kind
out.APIVersion = in.APIVersion
out.APIGroup = in.APIGroup
out.Name = in.Name
out.Namespace = in.Namespace
return nil
@ -342,7 +378,7 @@ func Convert_v1beta1_Subject_To_rbac_Subject(in *Subject, out *rbac.Subject, s c
func autoConvert_rbac_Subject_To_v1beta1_Subject(in *rbac.Subject, out *Subject, s conversion.Scope) error {
out.Kind = in.Kind
out.APIVersion = in.APIVersion
out.APIGroup = in.APIGroup
out.Name = in.Name
out.Namespace = in.Namespace
return nil

8
vendor/k8s.io/kubernetes/pkg/apis/rbac/v1beta1/zz_generated.defaults.go generated vendored
View file

@ -37,6 +37,10 @@ func RegisterDefaults(scheme *runtime.Scheme) error {
func SetObjectDefaults_ClusterRoleBinding(in *ClusterRoleBinding) {
SetDefaults_ClusterRoleBinding(in)
for i := range in.Subjects {
a := &in.Subjects[i]
SetDefaults_Subject(a)
}
}
func SetObjectDefaults_ClusterRoleBindingList(in *ClusterRoleBindingList) {
@ -48,6 +52,10 @@ func SetObjectDefaults_ClusterRoleBindingList(in *ClusterRoleBindingList) {
func SetObjectDefaults_RoleBinding(in *RoleBinding) {
SetDefaults_RoleBinding(in)
for i := range in.Subjects {
a := &in.Subjects[i]
SetDefaults_Subject(a)
}
}
func SetObjectDefaults_RoleBindingList(in *RoleBindingList) {

46
vendor/k8s.io/kubernetes/pkg/apis/rbac/validation/BUILD generated vendored
View file

@ -1,46 +0,0 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_library",
"go_test",
)
go_library(
name = "go_default_library",
srcs = ["validation.go"],
tags = ["automanaged"],
deps = [
"//pkg/api/validation:go_default_library",
"//pkg/api/validation/path:go_default_library",
"//pkg/apis/rbac:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/util/validation/field",
],
)
go_test(
name = "go_default_test",
srcs = ["validation_test.go"],
library = ":go_default_library",
tags = ["automanaged"],
deps = [
"//pkg/apis/rbac:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
"//vendor:k8s.io/apimachinery/pkg/util/validation/field",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
)

225
vendor/k8s.io/kubernetes/pkg/apis/rbac/validation/validation.go generated vendored
View file

@ -1,225 +0,0 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/kubernetes/pkg/api/validation"
"k8s.io/kubernetes/pkg/api/validation/path"
"k8s.io/kubernetes/pkg/apis/rbac"
)
// Minimal validation of names for roles and bindings. Identical to the validation for Openshift. See:
// * https://github.com/kubernetes/kubernetes/blob/60db50/pkg/api/validation/name.go
// * https://github.com/openshift/origin/blob/388478/pkg/api/helpers.go
func minimalNameRequirements(name string, prefix bool) []string {
return path.IsValidPathSegmentName(name)
}
func ValidateRole(role *rbac.Role) field.ErrorList {
allErrs := field.ErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMeta(&role.ObjectMeta, true, minimalNameRequirements, field.NewPath("metadata"))...)
for i, rule := range role.Rules {
if err := validatePolicyRule(rule, true, field.NewPath("rules").Index(i)); err != nil {
allErrs = append(allErrs, err...)
}
}
if len(allErrs) != 0 {
return allErrs
}
return nil
}
func ValidateRoleUpdate(role *rbac.Role, oldRole *rbac.Role) field.ErrorList {
allErrs := ValidateRole(role)
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&role.ObjectMeta, &oldRole.ObjectMeta, field.NewPath("metadata"))...)
return allErrs
}
func ValidateClusterRole(role *rbac.ClusterRole) field.ErrorList {
allErrs := field.ErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMeta(&role.ObjectMeta, false, minimalNameRequirements, field.NewPath("metadata"))...)
for i, rule := range role.Rules {
if err := validatePolicyRule(rule, false, field.NewPath("rules").Index(i)); err != nil {
allErrs = append(allErrs, err...)
}
}
if len(allErrs) != 0 {
return allErrs
}
return nil
}
func ValidateClusterRoleUpdate(role *rbac.ClusterRole, oldRole *rbac.ClusterRole) field.ErrorList {
allErrs := ValidateClusterRole(role)
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&role.ObjectMeta, &oldRole.ObjectMeta, field.NewPath("metadata"))...)
return allErrs
}
func validatePolicyRule(rule rbac.PolicyRule, isNamespaced bool, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
if len(rule.Verbs) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("verbs"), "verbs must contain at least one value"))
}
if len(rule.NonResourceURLs) > 0 {
if isNamespaced {
allErrs = append(allErrs, field.Invalid(fldPath.Child("nonResourceURLs"), rule.NonResourceURLs, "namespaced rules cannot apply to non-resource URLs"))
}
if len(rule.APIGroups) > 0 || len(rule.Resources) > 0 || len(rule.ResourceNames) > 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("nonResourceURLs"), rule.NonResourceURLs, "rules cannot apply to both regular resources and non-resource URLs"))
}
return allErrs
}
if len(rule.APIGroups) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("apiGroups"), "resource rules must supply at least one api group"))
}
if len(rule.Resources) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("resources"), "resource rules must supply at least one resource"))
}
return allErrs
}
func ValidateRoleBinding(roleBinding *rbac.RoleBinding) field.ErrorList {
allErrs := field.ErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, true, minimalNameRequirements, field.NewPath("metadata"))...)
// TODO allow multiple API groups. For now, restrict to one, but I can envision other experimental roles in other groups taking
// advantage of the binding infrastructure
if roleBinding.RoleRef.APIGroup != rbac.GroupName {
allErrs = append(allErrs, field.NotSupported(field.NewPath("roleRef", "apiGroup"), roleBinding.RoleRef.APIGroup, []string{rbac.GroupName}))
}
switch roleBinding.RoleRef.Kind {
case "Role", "ClusterRole":
default:
allErrs = append(allErrs, field.NotSupported(field.NewPath("roleRef", "kind"), roleBinding.RoleRef.Kind, []string{"Role", "ClusterRole"}))
}
if len(roleBinding.RoleRef.Name) == 0 {
allErrs = append(allErrs, field.Required(field.NewPath("roleRef", "name"), ""))
} else {
for _, msg := range minimalNameRequirements(roleBinding.RoleRef.Name, false) {
allErrs = append(allErrs, field.Invalid(field.NewPath("roleRef", "name"), roleBinding.RoleRef.Name, msg))
}
}
subjectsPath := field.NewPath("subjects")
for i, subject := range roleBinding.Subjects {
allErrs = append(allErrs, validateRoleBindingSubject(subject, true, subjectsPath.Index(i))...)
}
return allErrs
}
func ValidateRoleBindingUpdate(roleBinding *rbac.RoleBinding, oldRoleBinding *rbac.RoleBinding) field.ErrorList {
allErrs := ValidateRoleBinding(roleBinding)
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&roleBinding.ObjectMeta, &oldRoleBinding.ObjectMeta, field.NewPath("metadata"))...)
if oldRoleBinding.RoleRef != roleBinding.RoleRef {
allErrs = append(allErrs, field.Invalid(field.NewPath("roleRef"), roleBinding.RoleRef, "cannot change roleRef"))
}
return allErrs
}
func ValidateClusterRoleBinding(roleBinding *rbac.ClusterRoleBinding) field.ErrorList {
allErrs := field.ErrorList{}
allErrs = append(allErrs, validation.ValidateObjectMeta(&roleBinding.ObjectMeta, false, minimalNameRequirements, field.NewPath("metadata"))...)
// TODO allow multiple API groups. For now, restrict to one, but I can envision other experimental roles in other groups taking
// advantage of the binding infrastructure
if roleBinding.RoleRef.APIGroup != rbac.GroupName {
allErrs = append(allErrs, field.NotSupported(field.NewPath("roleRef", "apiGroup"), roleBinding.RoleRef.APIGroup, []string{rbac.GroupName}))
}
switch roleBinding.RoleRef.Kind {
case "ClusterRole":
default:
allErrs = append(allErrs, field.NotSupported(field.NewPath("roleRef", "kind"), roleBinding.RoleRef.Kind, []string{"ClusterRole"}))
}
if len(roleBinding.RoleRef.Name) == 0 {
allErrs = append(allErrs, field.Required(field.NewPath("roleRef", "name"), ""))
} else {
for _, msg := range minimalNameRequirements(roleBinding.RoleRef.Name, false) {
allErrs = append(allErrs, field.Invalid(field.NewPath("roleRef", "name"), roleBinding.RoleRef.Name, msg))
}
}
subjectsPath := field.NewPath("subjects")
for i, subject := range roleBinding.Subjects {
allErrs = append(allErrs, validateRoleBindingSubject(subject, false, subjectsPath.Index(i))...)
}
return allErrs
}
func ValidateClusterRoleBindingUpdate(roleBinding *rbac.ClusterRoleBinding, oldRoleBinding *rbac.ClusterRoleBinding) field.ErrorList {
allErrs := ValidateClusterRoleBinding(roleBinding)
allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&roleBinding.ObjectMeta, &oldRoleBinding.ObjectMeta, field.NewPath("metadata"))...)
if oldRoleBinding.RoleRef != roleBinding.RoleRef {
allErrs = append(allErrs, field.Invalid(field.NewPath("roleRef"), roleBinding.RoleRef, "cannot change roleRef"))
}
return allErrs
}
func validateRoleBindingSubject(subject rbac.Subject, isNamespaced bool, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
if len(subject.Name) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("name"), ""))
}
switch subject.Kind {
case rbac.ServiceAccountKind:
if len(subject.Name) > 0 {
for _, msg := range validation.ValidateServiceAccountName(subject.Name, false) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), subject.Name, msg))
}
}
if !isNamespaced && len(subject.Namespace) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("namespace"), ""))
}
case rbac.UserKind:
// TODO(ericchiang): What other restrictions on user name are there?
if len(subject.Name) == 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), subject.Name, "user name cannot be empty"))
}
case rbac.GroupKind:
// TODO(ericchiang): What other restrictions on group name are there?
if len(subject.Name) == 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("name"), subject.Name, "group name cannot be empty"))
}
default:
allErrs = append(allErrs, field.NotSupported(fldPath.Child("kind"), subject.Kind, []string{rbac.ServiceAccountKind, rbac.UserKind, rbac.GroupKind}))
}
return allErrs
}

535
vendor/k8s.io/kubernetes/pkg/apis/rbac/validation/validation_test.go generated vendored
View file

@ -1,535 +0,0 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"testing"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/kubernetes/pkg/apis/rbac"
)
func TestValidateClusterRoleBinding(t *testing.T) {
errs := ValidateClusterRoleBinding(
&rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{Name: "master"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "ClusterRole", Name: "valid"},
Subjects: []rbac.Subject{
{Name: "validsaname", Namespace: "foo", Kind: rbac.ServiceAccountKind},
{Name: "valid@username", Kind: rbac.UserKind},
{Name: "valid@groupname", Kind: rbac.GroupKind},
},
},
)
if len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
errorCases := map[string]struct {
A rbac.ClusterRoleBinding
T field.ErrorType
F string
}{
"bad group": {
A: rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{Name: "default"},
RoleRef: rbac.RoleRef{APIGroup: "rbac.GroupName", Kind: "ClusterRole", Name: "valid"},
},
T: field.ErrorTypeNotSupported,
F: "roleRef.apiGroup",
},
"bad kind": {
A: rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{Name: "default"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Type", Name: "valid"},
},
T: field.ErrorTypeNotSupported,
F: "roleRef.kind",
},
"reference role": {
A: rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{Name: "default"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Role", Name: "valid"},
},
T: field.ErrorTypeNotSupported,
F: "roleRef.kind",
},
"zero-length name": {
A: rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "ClusterRole", Name: "valid"},
},
T: field.ErrorTypeRequired,
F: "metadata.name",
},
"bad role": {
A: rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{Name: "default"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "ClusterRole"},
},
T: field.ErrorTypeRequired,
F: "roleRef.name",
},
"bad subject kind": {
A: rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{Name: "master"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "ClusterRole", Name: "valid"},
Subjects: []rbac.Subject{{Name: "subject"}},
},
T: field.ErrorTypeNotSupported,
F: "subjects[0].kind",
},
"bad subject name": {
A: rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{Name: "master"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "ClusterRole", Name: "valid"},
Subjects: []rbac.Subject{{Namespace: "foo", Name: "subject:bad", Kind: rbac.ServiceAccountKind}},
},
T: field.ErrorTypeInvalid,
F: "subjects[0].name",
},
"missing SA namespace": {
A: rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{Name: "master"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "ClusterRole", Name: "valid"},
Subjects: []rbac.Subject{{Name: "good", Kind: rbac.ServiceAccountKind}},
},
T: field.ErrorTypeRequired,
F: "subjects[0].namespace",
},
"missing subject name": {
A: rbac.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{Name: "master"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "ClusterRole", Name: "valid"},
Subjects: []rbac.Subject{{Namespace: "foo", Kind: rbac.ServiceAccountKind}},
},
T: field.ErrorTypeRequired,
F: "subjects[0].name",
},
}
for k, v := range errorCases {
errs := ValidateClusterRoleBinding(&v.A)
if len(errs) == 0 {
t.Errorf("expected failure %s for %v", k, v.A)
continue
}
for i := range errs {
if errs[i].Type != v.T {
t.Errorf("%s: expected errors to have type %s: %v", k, v.T, errs[i])
}
if errs[i].Field != v.F {
t.Errorf("%s: expected errors to have field %s: %v", k, v.F, errs[i])
}
}
}
}
func TestValidateRoleBinding(t *testing.T) {
errs := ValidateRoleBinding(
&rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceDefault, Name: "master"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Role", Name: "valid"},
Subjects: []rbac.Subject{
{Name: "validsaname", Kind: rbac.ServiceAccountKind},
{Name: "valid@username", Kind: rbac.UserKind},
{Name: "valid@groupname", Kind: rbac.GroupKind},
},
},
)
if len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
errorCases := map[string]struct {
A rbac.RoleBinding
T field.ErrorType
F string
}{
"bad group": {
A: rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceDefault, Name: "default"},
RoleRef: rbac.RoleRef{APIGroup: "rbac.GroupName", Kind: "ClusterRole", Name: "valid"},
},
T: field.ErrorTypeNotSupported,
F: "roleRef.apiGroup",
},
"bad kind": {
A: rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceDefault, Name: "default"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Type", Name: "valid"},
},
T: field.ErrorTypeNotSupported,
F: "roleRef.kind",
},
"zero-length namespace": {
A: rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Name: "default"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Role", Name: "valid"},
},
T: field.ErrorTypeRequired,
F: "metadata.namespace",
},
"zero-length name": {
A: rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceDefault},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Role", Name: "valid"},
},
T: field.ErrorTypeRequired,
F: "metadata.name",
},
"bad role": {
A: rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceDefault, Name: "default"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Role"},
},
T: field.ErrorTypeRequired,
F: "roleRef.name",
},
"bad subject kind": {
A: rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceDefault, Name: "master"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Role", Name: "valid"},
Subjects: []rbac.Subject{{Name: "subject"}},
},
T: field.ErrorTypeNotSupported,
F: "subjects[0].kind",
},
"bad subject name": {
A: rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceDefault, Name: "master"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Role", Name: "valid"},
Subjects: []rbac.Subject{{Name: "subject:bad", Kind: rbac.ServiceAccountKind}},
},
T: field.ErrorTypeInvalid,
F: "subjects[0].name",
},
"missing subject name": {
A: rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceDefault, Name: "master"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Role", Name: "valid"},
Subjects: []rbac.Subject{{Kind: rbac.ServiceAccountKind}},
},
T: field.ErrorTypeRequired,
F: "subjects[0].name",
},
}
for k, v := range errorCases {
errs := ValidateRoleBinding(&v.A)
if len(errs) == 0 {
t.Errorf("expected failure %s for %v", k, v.A)
continue
}
for i := range errs {
if errs[i].Type != v.T {
t.Errorf("%s: expected errors to have type %s: %v", k, v.T, errs[i])
}
if errs[i].Field != v.F {
t.Errorf("%s: expected errors to have field %s: %v", k, v.F, errs[i])
}
}
}
}
func TestValidateRoleBindingUpdate(t *testing.T) {
old := &rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceDefault, Name: "master", ResourceVersion: "1"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Role", Name: "valid"},
}
errs := ValidateRoleBindingUpdate(
&rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceDefault, Name: "master", ResourceVersion: "1"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Role", Name: "valid"},
},
old,
)
if len(errs) != 0 {
t.Errorf("expected success: %v", errs)
}
errorCases := map[string]struct {
A rbac.RoleBinding
T field.ErrorType
F string
}{
"changedRef": {
A: rbac.RoleBinding{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceDefault, Name: "master", ResourceVersion: "1"},
RoleRef: rbac.RoleRef{APIGroup: rbac.GroupName, Kind: "Role", Name: "changed"},
},
T: field.ErrorTypeInvalid,
F: "roleRef",
},
}
for k, v := range errorCases {
errs := ValidateRoleBindingUpdate(&v.A, old)
if len(errs) == 0 {
t.Errorf("expected failure %s for %v", k, v.A)
continue
}
for i := range errs {
if errs[i].Type != v.T {
t.Errorf("%s: expected errors to have type %s: %v", k, v.T, errs[i])
}
if errs[i].Field != v.F {
t.Errorf("%s: expected errors to have field %s: %v", k, v.F, errs[i])
}
}
}
}
type ValidateRoleTest struct {
role rbac.Role
wantErr bool
errType field.ErrorType
field string
}
func (v ValidateRoleTest) test(t *testing.T) {
errs := ValidateRole(&v.role)
if len(errs) == 0 {
if v.wantErr {
t.Fatal("expected validation error")
}
return
}
if !v.wantErr {
t.Errorf("didn't expect error, got %v", errs)
return
}
for i := range errs {
if errs[i].Type != v.errType {
t.Errorf("expected errors to have type %s: %v", v.errType, errs[i])
}
if errs[i].Field != v.field {
t.Errorf("expected errors to have field %s: %v", v.field, errs[i])
}
}
}
type ValidateClusterRoleTest struct {
role rbac.ClusterRole
wantErr bool
errType field.ErrorType
field string
}
func (v ValidateClusterRoleTest) test(t *testing.T) {
errs := ValidateClusterRole(&v.role)
if len(errs) == 0 {
if v.wantErr {
t.Fatal("expected validation error")
}
return
}
if !v.wantErr {
t.Errorf("didn't expect error, got %v", errs)
return
}
for i := range errs {
if errs[i].Type != v.errType {
t.Errorf("expected errors to have type %s: %v", v.errType, errs[i])
}
if errs[i].Field != v.field {
t.Errorf("expected errors to have field %s: %v", v.field, errs[i])
}
}
}
func TestValidateRoleZeroLengthNamespace(t *testing.T) {
ValidateRoleTest{
role: rbac.Role{
ObjectMeta: metav1.ObjectMeta{Name: "default"},
},
wantErr: true,
errType: field.ErrorTypeRequired,
field: "metadata.namespace",
}.test(t)
}
func TestValidateRoleZeroLengthName(t *testing.T) {
ValidateRoleTest{
role: rbac.Role{
ObjectMeta: metav1.ObjectMeta{Namespace: "default"},
},
wantErr: true,
errType: field.ErrorTypeRequired,
field: "metadata.name",
}.test(t)
}
func TestValidateRoleValidRole(t *testing.T) {
ValidateRoleTest{
role: rbac.Role{
ObjectMeta: metav1.ObjectMeta{
Namespace: "default",
Name: "default",
},
},
wantErr: false,
}.test(t)
}
func TestValidateRoleValidRoleNoNamespace(t *testing.T) {
ValidateClusterRoleTest{
role: rbac.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
Name: "default",
},
},
wantErr: false,
}.test(t)
}
func TestValidateRoleNonResourceURL(t *testing.T) {
ValidateClusterRoleTest{
role: rbac.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
Name: "default",
},
Rules: []rbac.PolicyRule{
{
Verbs: []string{"get"},
NonResourceURLs: []string{"/*"},
},
},
},
wantErr: false,
}.test(t)
}
func TestValidateRoleNamespacedNonResourceURL(t *testing.T) {
ValidateRoleTest{
role: rbac.Role{
ObjectMeta: metav1.ObjectMeta{
Namespace: "default",
Name: "default",
},
Rules: []rbac.PolicyRule{
{
// non-resource URLs are invalid for namespaced rules
Verbs: []string{"get"},
NonResourceURLs: []string{"/*"},
},
},
},
wantErr: true,
errType: field.ErrorTypeInvalid,
field: "rules[0].nonResourceURLs",
}.test(t)
}
func TestValidateRoleNonResourceURLNoVerbs(t *testing.T) {
ValidateClusterRoleTest{
role: rbac.ClusterRole{
ObjectMeta: metav1.ObjectMeta{
Name: "default",
},
Rules: []rbac.PolicyRule{
{
Verbs: []string{},
NonResourceURLs: []string{"/*"},
},
},
},
wantErr: true,
errType: field.ErrorTypeRequired,
field: "rules[0].verbs",
}.test(t)
}
func TestValidateRoleMixedNonResourceAndResource(t *testing.T) {
ValidateRoleTest{
role: rbac.Role{
ObjectMeta: metav1.ObjectMeta{
Name: "default",
Namespace: "default",
},
Rules: []rbac.PolicyRule{
{
Verbs: []string{"get"},
NonResourceURLs: []string{"/*"},
APIGroups: []string{"v1"},
Resources: []string{"pods"},
},
},
},
wantErr: true,
errType: field.ErrorTypeInvalid,
field: "rules[0].nonResourceURLs",
}.test(t)
}
func TestValidateRoleValidResource(t *testing.T) {
ValidateRoleTest{
role: rbac.Role{
ObjectMeta: metav1.ObjectMeta{
Name: "default",
Namespace: "default",
},
Rules: []rbac.PolicyRule{
{
Verbs: []string{"get"},
APIGroups: []string{"v1"},
Resources: []string{"pods"},
},
},
},
wantErr: false,
}.test(t)
}
func TestValidateRoleNoAPIGroup(t *testing.T) {
ValidateRoleTest{
role: rbac.Role{
ObjectMeta: metav1.ObjectMeta{
Name: "default",
Namespace: "default",
},
Rules: []rbac.PolicyRule{
{
Verbs: []string{"get"},
Resources: []string{"pods"},
},
},
},
wantErr: true,
errType: field.ErrorTypeRequired,
field: "rules[0].apiGroups",
}.test(t)
}
func TestValidateRoleNoResources(t *testing.T) {
ValidateRoleTest{
role: rbac.Role{
ObjectMeta: metav1.ObjectMeta{
Name: "default",
Namespace: "default",
},
Rules: []rbac.PolicyRule{
{
Verbs: []string{"get"},
APIGroups: []string{"v1"},
},
},
},
wantErr: true,
errType: field.ErrorTypeRequired,
field: "rules[0].resources",
}.test(t)
}