diff options
author | Matthew Heon <matthew.heon@gmail.com> | 2017-11-01 11:24:59 -0400 |
---|---|---|
committer | Matthew Heon <matthew.heon@gmail.com> | 2017-11-01 11:24:59 -0400 |
commit | a031b83a09a8628435317a03f199cdc18b78262f (patch) | |
tree | bc017a96769ce6de33745b8b0b1304ccf38e9df0 /vendor/k8s.io/client-go/pkg/apis/rbac/v1alpha1/conversion.go | |
parent | 2b74391cd5281f6fdf391ff8ad50fd1490f6bf89 (diff) | |
download | podman-a031b83a09a8628435317a03f199cdc18b78262f.tar.gz podman-a031b83a09a8628435317a03f199cdc18b78262f.tar.bz2 podman-a031b83a09a8628435317a03f199cdc18b78262f.zip |
Initial checkin from CRI-O repo
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Diffstat (limited to 'vendor/k8s.io/client-go/pkg/apis/rbac/v1alpha1/conversion.go')
-rw-r--r-- | vendor/k8s.io/client-go/pkg/apis/rbac/v1alpha1/conversion.go | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/vendor/k8s.io/client-go/pkg/apis/rbac/v1alpha1/conversion.go b/vendor/k8s.io/client-go/pkg/apis/rbac/v1alpha1/conversion.go new file mode 100644 index 000000000..22b3c4076 --- /dev/null +++ b/vendor/k8s.io/client-go/pkg/apis/rbac/v1alpha1/conversion.go @@ -0,0 +1,81 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/conversion" + "k8s.io/apimachinery/pkg/runtime/schema" + api "k8s.io/client-go/pkg/apis/rbac" +) + +// allAuthenticated matches k8s.io/apiserver/pkg/authentication/user.AllAuthenticated, +// but we don't want an client library (which must include types), depending on a server library +const allAuthenticated = "system:authenticated" + +func Convert_v1alpha1_Subject_To_rbac_Subject(in *Subject, out *api.Subject, s conversion.Scope) error { + if err := autoConvert_v1alpha1_Subject_To_rbac_Subject(in, out, s); err != nil { + return err + } + + // specifically set the APIGroup for the three subjects recognized in v1alpha1 + switch { + case in.Kind == ServiceAccountKind: + out.APIGroup = "" + case in.Kind == UserKind: + out.APIGroup = GroupName + case in.Kind == GroupKind: + out.APIGroup = GroupName + default: + // For unrecognized kinds, use the group portion of the APIVersion if we can get it + if gv, err := schema.ParseGroupVersion(in.APIVersion); err == nil { + out.APIGroup = gv.Group + } + } + + // User * in v1alpha1 will only match all authenticated users + // This is only for compatibility with old RBAC bindings + // Special treatment for * should not be included in v1beta1 + if out.Kind == UserKind && out.APIGroup == GroupName && out.Name == "*" { + out.Kind = GroupKind + out.Name = allAuthenticated + } + + return nil +} + +func Convert_rbac_Subject_To_v1alpha1_Subject(in *api.Subject, out *Subject, s conversion.Scope) error { + if err := autoConvert_rbac_Subject_To_v1alpha1_Subject(in, out, s); err != nil { + return err + } + + switch { + case in.Kind == ServiceAccountKind && in.APIGroup == "": + // Make service accounts v1 + out.APIVersion = "v1" + case in.Kind == UserKind && in.APIGroup == GroupName: + // users in the rbac API group get v1alpha + out.APIVersion = SchemeGroupVersion.String() + case in.Kind == GroupKind && in.APIGroup == GroupName: + // groups in the rbac API group get v1alpha + out.APIVersion = SchemeGroupVersion.String() + default: + // otherwise, they get an unspecified version of a group + out.APIVersion = schema.GroupVersion{Group: in.APIGroup}.String() + } + + return nil +} |