DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update dependencies to K8s 1.8

Browse source
This commit is contained in:
Nick Sardo 2017-09-29 10:12:14 -07:00
parent ba6c89672d
commit 6a59f4c9a2
1114 changed files with 160955 additions and 262845 deletions
Download patch file Download diff file Expand all files Collapse all files

82
vendor/k8s.io/api/authorization/v1/generated.proto generated vendored
View file

@ -65,6 +65,17 @@ message NonResourceAttributes {
optional string verb = 2;
}
// NonResourceRule holds information that describes a rule for the non-resource
message NonResourceRule {
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
repeated string verbs = 1;
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
// final step in the path. "*" means all.
// +optional
repeated string nonResourceURLs = 2;
}
// ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
message ResourceAttributes {
// Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces
@ -99,6 +110,26 @@ message ResourceAttributes {
optional string name = 7;
}
// ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant,
// may contain duplicates, and possibly be incomplete.
message ResourceRule {
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
repeated string verbs = 1;
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// the enumerated resources in any API group will be allowed. "*" means all.
// +optional
repeated string apiGroups = 2;
// Resources is a list of resources this rule applies to. ResourceAll represents all resources. "*" means all.
// +optional
repeated string resources = 3;
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
// +optional
repeated string resourceNames = 4;
}
// SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a
// spec.namespace means "in all namespaces". Self is a special case, because users should always be able
// to check whether they can perform an action
@ -126,6 +157,29 @@ message SelfSubjectAccessReviewSpec {
optional NonResourceAttributes nonResourceAttributes = 2;
}
// SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace.
// The returned list of actions may be incomplete depending on the server's authorization mode,
// and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions,
// or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to
// drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns.
// SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.
message SelfSubjectRulesReview {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated.
optional SelfSubjectRulesReviewSpec spec = 2;
// Status is filled in by the server and indicates the set of actions a user can perform.
// +optional
optional SubjectRulesReviewStatus status = 3;
}
message SelfSubjectRulesReviewSpec {
// Namespace to evaluate rules for. Required.
optional string namespace = 1;
}
// SubjectAccessReview checks whether or not a user or group can perform an action.
message SubjectAccessReview {
// +optional
@ -163,6 +217,10 @@ message SubjectAccessReviewSpec {
// it needs a reflection here.
// +optional
map<string, ExtraValue> extra = 5;
// UID information about the requesting user.
// +optional
optional string uid = 6;
}
// SubjectAccessReviewStatus
@ -181,3 +239,27 @@ message SubjectAccessReviewStatus {
optional string evaluationError = 3;
}
// SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on
// the set of authorizers the server is configured with and any errors experienced during evaluation.
// Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission,
// even if that list is incomplete.
message SubjectRulesReviewStatus {
// ResourceRules is the list of actions the subject is allowed to perform on resources.
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
repeated ResourceRule resourceRules = 1;
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
repeated NonResourceRule nonResourceRules = 2;
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
// encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
optional bool incomplete = 3;
// EvaluationError can appear in combination with Rules. It indicates an error occurred during
// rule evaluation, such as an authorizer that doesn't support rule evaluation, and that
// ResourceRules and/or NonResourceRules may be incomplete.
// +optional
optional string evaluationError = 4;
}