diff options
Diffstat (limited to 'vendor/k8s.io/api/rbac/v1beta1/types.go')
-rw-r--r-- | vendor/k8s.io/api/rbac/v1beta1/types.go | 233 |
1 files changed, 0 insertions, 233 deletions
diff --git a/vendor/k8s.io/api/rbac/v1beta1/types.go b/vendor/k8s.io/api/rbac/v1beta1/types.go deleted file mode 100644 index 091fc1dc9..000000000 --- a/vendor/k8s.io/api/rbac/v1beta1/types.go +++ /dev/null @@ -1,233 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// Authorization is calculated against -// 1. evaluation of ClusterRoleBindings - short circuit on match -// 2. evaluation of RoleBindings in the namespace requested - short circuit on match -// 3. deny by default - -const ( - APIGroupAll = "*" - ResourceAll = "*" - VerbAll = "*" - NonResourceAll = "*" - - GroupKind = "Group" - ServiceAccountKind = "ServiceAccount" - UserKind = "User" - - // AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false" - AutoUpdateAnnotationKey = "rbac.authorization.kubernetes.io/autoupdate" -) - -// Authorization is calculated against -// 1. evaluation of ClusterRoleBindings - short circuit on match -// 2. evaluation of RoleBindings in the namespace requested - short circuit on match -// 3. deny by default - -// PolicyRule holds information that describes a policy rule, but does not contain information -// about who the rule applies to or which namespace the rule applies to. -type PolicyRule struct { - // Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. - Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"` - - // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of - // the enumerated resources in any API group will be allowed. - // +optional - APIGroups []string `json:"apiGroups,omitempty" protobuf:"bytes,2,rep,name=apiGroups"` - // Resources is a list of resources this rule applies to. '*' represents all resources in the specified apiGroups. - // '*/foo' represents the subresource 'foo' for all resources in the specified apiGroups. - // +optional - Resources []string `json:"resources,omitempty" protobuf:"bytes,3,rep,name=resources"` - // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - // +optional - ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,4,rep,name=resourceNames"` - - // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path - // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. - // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - // +optional - NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,5,rep,name=nonResourceURLs"` -} - -// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, -// or a value for non-objects such as user and group names. -type Subject struct { - // Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". - // If the Authorizer does not recognized the kind value, the Authorizer should report an error. - Kind string `json:"kind" protobuf:"bytes,1,opt,name=kind"` - // APIGroup holds the API group of the referenced subject. - // Defaults to "" for ServiceAccount subjects. - // Defaults to "rbac.authorization.k8s.io" for User and Group subjects. - // +optional - APIGroup string `json:"apiGroup,omitempty" protobuf:"bytes,2,opt.name=apiGroup"` - // Name of the object being referenced. - Name string `json:"name" protobuf:"bytes,3,opt,name=name"` - // Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty - // the Authorizer should report an error. - // +optional - Namespace string `json:"namespace,omitempty" protobuf:"bytes,4,opt,name=namespace"` -} - -// RoleRef contains information that points to the role being used -type RoleRef struct { - // APIGroup is the group for the resource being referenced - APIGroup string `json:"apiGroup" protobuf:"bytes,1,opt,name=apiGroup"` - // Kind is the type of resource being referenced - Kind string `json:"kind" protobuf:"bytes,2,opt,name=kind"` - // Name is the name of resource being referenced - Name string `json:"name" protobuf:"bytes,3,opt,name=name"` -} - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding. -type Role struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // +optional - metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - // Rules holds all the PolicyRules for this Role - Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"` -} - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. -// It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given -// namespace only have effect in that namespace. -type RoleBinding struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // +optional - metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - // Subjects holds references to the objects the role applies to. - Subjects []Subject `json:"subjects" protobuf:"bytes,2,rep,name=subjects"` - - // RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - RoleRef RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// RoleBindingList is a collection of RoleBindings -type RoleBindingList struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // +optional - metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - // Items is a list of RoleBindings - Items []RoleBinding `json:"items" protobuf:"bytes,2,rep,name=items"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// RoleList is a collection of Roles -type RoleList struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // +optional - metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - // Items is a list of Roles - Items []Role `json:"items" protobuf:"bytes,2,rep,name=items"` -} - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding. -type ClusterRole struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // +optional - metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - // Rules holds all the PolicyRules for this ClusterRole - Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"` - // AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. - // If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be - // stomped by the controller. - // +optional - AggregationRule *AggregationRule `json:"aggregationRule,omitempty" protobuf:"bytes,3,opt,name=aggregationRule"` -} - -// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole -type AggregationRule struct { - // ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. - // If any of the selectors match, then the ClusterRole's permissions will be added - // +optional - ClusterRoleSelectors []metav1.LabelSelector `json:"clusterRoleSelectors,omitempty" protobuf:"bytes,1,rep,name=clusterRoleSelectors"` -} - -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, -// and adds who information via Subject. -type ClusterRoleBinding struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // +optional - metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - // Subjects holds references to the objects the role applies to. - Subjects []Subject `json:"subjects" protobuf:"bytes,2,rep,name=subjects"` - - // RoleRef can only reference a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - RoleRef RoleRef `json:"roleRef" protobuf:"bytes,3,opt,name=roleRef"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterRoleBindingList is a collection of ClusterRoleBindings -type ClusterRoleBindingList struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // +optional - metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - // Items is a list of ClusterRoleBindings - Items []ClusterRoleBinding `json:"items" protobuf:"bytes,2,rep,name=items"` -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterRoleList is a collection of ClusterRoles -type ClusterRoleList struct { - metav1.TypeMeta `json:",inline"` - // Standard object's metadata. - // +optional - metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` - - // Items is a list of ClusterRoles - Items []ClusterRole `json:"items" protobuf:"bytes,2,rep,name=items"` -} |