vendor files

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/BUILD

@@ -0,0 +1,50 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "conversion.go",
+        "doc.go",
+        "register.go",
+        "types.go",
+        "zz_generated.deepcopy.go",
+    ],
+    importpath = "k8s.io/kubernetes/pkg/apis/abac/v0",
+    deps = [
+        "//pkg/apis/abac:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/conversion:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_xtest",
+    srcs = ["conversion_test.go"],
+    importpath = "k8s.io/kubernetes/pkg/apis/abac/v0_test",
+    deps = [
+        ":go_default_library",
+        "//pkg/apis/abac:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/authentication/user:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/conversion.go

@@ -0,0 +1,68 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v0
+
+import (
+	"k8s.io/apimachinery/pkg/conversion"
+	"k8s.io/apimachinery/pkg/runtime"
+	api "k8s.io/kubernetes/pkg/apis/abac"
+)
+
+// allAuthenticated matches k8s.io/apiserver/pkg/authentication/user.AllAuthenticated,
+// but we don't want an client library (which must include types), depending on a server library
+const allAuthenticated = "system:authenticated"
+
+func addConversionFuncs(scheme *runtime.Scheme) error {
+	return scheme.AddConversionFuncs(
+		func(in *Policy, out *api.Policy, s conversion.Scope) error {
+			// Begin by copying all fields
+			out.Spec.User = in.User
+			out.Spec.Group = in.Group
+			out.Spec.Namespace = in.Namespace
+			out.Spec.Resource = in.Resource
+			out.Spec.Readonly = in.Readonly
+
+			// In v0, unspecified user and group matches all authenticated subjects
+			if len(in.User) == 0 && len(in.Group) == 0 {
+				out.Spec.Group = allAuthenticated
+			}
+			// In v0, user or group of * matches all authenticated subjects
+			if in.User == "*" || in.Group == "*" {
+				out.Spec.Group = allAuthenticated
+				out.Spec.User = ""
+			}
+
+			// In v0, leaving namespace empty matches all namespaces
+			if len(in.Namespace) == 0 {
+				out.Spec.Namespace = "*"
+			}
+			// In v0, leaving resource empty matches all resources
+			if len(in.Resource) == 0 {
+				out.Spec.Resource = "*"
+			}
+			// Any rule in v0 should match all API groups
+			out.Spec.APIGroup = "*"
+
+			// In v0, leaving namespace and resource blank allows non-resource paths
+			if len(in.Namespace) == 0 && len(in.Resource) == 0 {
+				out.Spec.NonResourcePath = "*"
+			}
+
+			return nil
+		},
+	)
+}

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/conversion_test.go

@@ -0,0 +1,88 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v0_test
+
+import (
+	"reflect"
+	"testing"
+
+	"k8s.io/apiserver/pkg/authentication/user"
+	"k8s.io/kubernetes/pkg/apis/abac"
+	"k8s.io/kubernetes/pkg/apis/abac/v0"
+)
+
+func TestV0Conversion(t *testing.T) {
+	testcases := map[string]struct {
+		old      *v0.Policy
+		expected *abac.Policy
+	}{
+		// a completely empty policy rule allows everything to all users
+		"empty": {
+			old:      &v0.Policy{},
+			expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
+		},
+
+		// specifying a user is preserved
+		"user": {
+			old:      &v0.Policy{User: "bob"},
+			expected: &abac.Policy{Spec: abac.PolicySpec{User: "bob", Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
+		},
+
+		// specifying a group is preserved (and no longer matches all users)
+		"group": {
+			old:      &v0.Policy{Group: "mygroup"},
+			expected: &abac.Policy{Spec: abac.PolicySpec{Group: "mygroup", Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
+		},
+
+		// specifying * for user or group maps to all authenticated subjects
+		"* user": {
+			old:      &v0.Policy{User: "*"},
+			expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
+		},
+		"* group": {
+			old:      &v0.Policy{Group: "*"},
+			expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
+		},
+
+		// specifying a namespace removes the * match on non-resource path
+		"namespace": {
+			old:      &v0.Policy{Namespace: "myns"},
+			expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "", Namespace: "myns", Resource: "*", APIGroup: "*"}},
+		},
+
+		// specifying a resource removes the * match on non-resource path
+		"resource": {
+			old:      &v0.Policy{Resource: "myresource"},
+			expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "", Namespace: "*", Resource: "myresource", APIGroup: "*"}},
+		},
+
+		// specifying a namespace+resource removes the * match on non-resource path
+		"namespace+resource": {
+			old:      &v0.Policy{Namespace: "myns", Resource: "myresource"},
+			expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "", Namespace: "myns", Resource: "myresource", APIGroup: "*"}},
+		},
+	}
+	for k, tc := range testcases {
+		internal := &abac.Policy{}
+		if err := abac.Scheme.Convert(tc.old, internal, nil); err != nil {
+			t.Errorf("%s: unexpected error: %v", k, err)
+		}
+		if !reflect.DeepEqual(internal, tc.expected) {
+			t.Errorf("%s: expected\n\t%#v, got \n\t%#v", k, tc.expected, internal)
+		}
+	}
+}

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/doc.go

@@ -0,0 +1,20 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:deepcopy-gen=package
+
+// +groupName=abac.authorization.kubernetes.io
+package v0 // import "k8s.io/kubernetes/pkg/apis/abac/v0"

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/register.go

@@ -0,0 +1,62 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v0
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/kubernetes/pkg/apis/abac"
+)
+
+const GroupName = "abac.authorization.kubernetes.io"
+
+// GroupVersion is the API group and version for abac v0
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v0"}
+
+func init() {
+	// TODO: Delete this init function, abac should not have its own scheme.
+	if err := addKnownTypes(abac.Scheme); err != nil {
+		// Programmer error.
+		panic(err)
+	}
+	if err := addConversionFuncs(abac.Scheme); err != nil {
+		// Programmer error.
+		panic(err)
+	}
+}
+
+var (
+	// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api.
+	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	AddToScheme        = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+	// We only register manually written functions here. The registration of the
+	// generated functions takes place in the generated files. The separation
+	// makes the code compile even when the generated files are missing.
+	localSchemeBuilder.Register(addKnownTypes, addConversionFuncs)
+}
+
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&Policy{},
+	)
+	return nil
+}

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/types.go

@@ -0,0 +1,55 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:openapi-gen=true
+package v0
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// Policy contains a single ABAC policy rule
+type Policy struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// User is the username this rule applies to.
+	// Either user or group is required to match the request.
+	// "*" matches all users.
+	// +optional
+	User string `json:"user,omitempty"`
+
+	// Group is the group this rule applies to.
+	// Either user or group is required to match the request.
+	// "*" matches all groups.
+	// +optional
+	Group string `json:"group,omitempty"`
+
+	// Readonly matches readonly requests when true, and all requests when false
+	// +optional
+	Readonly bool `json:"readonly,omitempty"`
+
+	// Resource is the name of a resource
+	// "*" matches all resources
+	// +optional
+	Resource string `json:"resource,omitempty"`
+
+	// Namespace is the name of a namespace
+	// "*" matches all namespaces (including unnamespaced requests)
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
+}

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/zz_generated.deepcopy.go

@@ -0,0 +1,51 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// This file was autogenerated by deepcopy-gen. Do not edit it manually!
+
+package v0
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Policy) DeepCopyInto(out *Policy) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
+func (in *Policy) DeepCopy() *Policy {
+	if in == nil {
+		return nil
+	}
+	out := new(Policy)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *Policy) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	} else {
+		return nil
+	}
+}