mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-13 18:43:34 +00:00
vendor update for CSI 0.3.0
This commit is contained in:
gman
10
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/BUILD
generated
vendored
10
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/BUILD
generated
vendored
@ -15,7 +15,7 @@ go_test(
|
||||
embed = [":go_default_library"],
|
||||
deps = [
|
||||
"//pkg/apis/core/helper:go_default_library",
|
||||
"//pkg/apis/rbac:go_default_library",
|
||||
"//vendor/k8s.io/api/rbac/v1:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/util/diff:go_default_library",
|
||||
],
|
||||
@ -34,16 +34,16 @@ go_library(
|
||||
],
|
||||
importpath = "k8s.io/kubernetes/pkg/registry/rbac/reconciliation",
|
||||
deps = [
|
||||
"//pkg/apis/core:go_default_library",
|
||||
"//pkg/apis/rbac:go_default_library",
|
||||
"//pkg/client/clientset_generated/internalclientset/typed/core/internalversion:go_default_library",
|
||||
"//pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion:go_default_library",
|
||||
"//pkg/registry/rbac/validation:go_default_library",
|
||||
"//vendor/k8s.io/api/core/v1:go_default_library",
|
||||
"//vendor/k8s.io/api/rbac/v1:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/api/equality:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
|
||||
"//vendor/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",
|
||||
"//vendor/k8s.io/client-go/kubernetes/typed/rbac/v1:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
|
||||
16
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/clusterrole_interfaces.go
generated
vendored
16
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/clusterrole_interfaces.go
generated
vendored
@ -17,17 +17,17 @@ limitations under the License.
|
||||
package reconciliation
|
||||
|
||||
import (
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/kubernetes/pkg/apis/rbac"
|
||||
"k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion"
|
||||
rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1"
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RuleOwner
|
||||
// +k8s:deepcopy-gen:nonpointer-interfaces=true
|
||||
type ClusterRoleRuleOwner struct {
|
||||
ClusterRole *rbac.ClusterRole
|
||||
ClusterRole *rbacv1.ClusterRole
|
||||
}
|
||||
|
||||
func (o ClusterRoleRuleOwner) GetObject() runtime.Object {
|
||||
@ -58,24 +58,24 @@ func (o ClusterRoleRuleOwner) SetAnnotations(in map[string]string) {
|
||||
o.ClusterRole.Annotations = in
|
||||
}
|
||||
|
||||
func (o ClusterRoleRuleOwner) GetRules() []rbac.PolicyRule {
|
||||
func (o ClusterRoleRuleOwner) GetRules() []rbacv1.PolicyRule {
|
||||
return o.ClusterRole.Rules
|
||||
}
|
||||
|
||||
func (o ClusterRoleRuleOwner) SetRules(in []rbac.PolicyRule) {
|
||||
func (o ClusterRoleRuleOwner) SetRules(in []rbacv1.PolicyRule) {
|
||||
o.ClusterRole.Rules = in
|
||||
}
|
||||
|
||||
func (o ClusterRoleRuleOwner) GetAggregationRule() *rbac.AggregationRule {
|
||||
func (o ClusterRoleRuleOwner) GetAggregationRule() *rbacv1.AggregationRule {
|
||||
return o.ClusterRole.AggregationRule
|
||||
}
|
||||
|
||||
func (o ClusterRoleRuleOwner) SetAggregationRule(in *rbac.AggregationRule) {
|
||||
func (o ClusterRoleRuleOwner) SetAggregationRule(in *rbacv1.AggregationRule) {
|
||||
o.ClusterRole.AggregationRule = in
|
||||
}
|
||||
|
||||
type ClusterRoleModifier struct {
|
||||
Client internalversion.ClusterRoleInterface
|
||||
Client rbacv1client.ClusterRoleInterface
|
||||
}
|
||||
|
||||
func (c ClusterRoleModifier) Get(namespace, name string) (RuleOwner, error) {
|
||||
|
||||
@ -17,18 +17,18 @@ limitations under the License.
|
||||
package reconciliation
|
||||
|
||||
import (
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/kubernetes/pkg/apis/rbac"
|
||||
"k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion"
|
||||
rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1"
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RoleBinding
|
||||
// +k8s:deepcopy-gen:nonpointer-interfaces=true
|
||||
type ClusterRoleBindingAdapter struct {
|
||||
ClusterRoleBinding *rbac.ClusterRoleBinding
|
||||
ClusterRoleBinding *rbacv1.ClusterRoleBinding
|
||||
}
|
||||
|
||||
func (o ClusterRoleBindingAdapter) GetObject() runtime.Object {
|
||||
@ -63,20 +63,20 @@ func (o ClusterRoleBindingAdapter) SetAnnotations(in map[string]string) {
|
||||
o.ClusterRoleBinding.Annotations = in
|
||||
}
|
||||
|
||||
func (o ClusterRoleBindingAdapter) GetRoleRef() rbac.RoleRef {
|
||||
func (o ClusterRoleBindingAdapter) GetRoleRef() rbacv1.RoleRef {
|
||||
return o.ClusterRoleBinding.RoleRef
|
||||
}
|
||||
|
||||
func (o ClusterRoleBindingAdapter) GetSubjects() []rbac.Subject {
|
||||
func (o ClusterRoleBindingAdapter) GetSubjects() []rbacv1.Subject {
|
||||
return o.ClusterRoleBinding.Subjects
|
||||
}
|
||||
|
||||
func (o ClusterRoleBindingAdapter) SetSubjects(in []rbac.Subject) {
|
||||
func (o ClusterRoleBindingAdapter) SetSubjects(in []rbacv1.Subject) {
|
||||
o.ClusterRoleBinding.Subjects = in
|
||||
}
|
||||
|
||||
type ClusterRoleBindingClientAdapter struct {
|
||||
Client internalversion.ClusterRoleBindingInterface
|
||||
Client rbacv1client.ClusterRoleBindingInterface
|
||||
}
|
||||
|
||||
func (c ClusterRoleBindingClientAdapter) Get(namespace, name string) (RoleBinding, error) {
|
||||
|
||||
27
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_role.go
generated
vendored
27
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_role.go
generated
vendored
@ -20,11 +20,11 @@ import (
|
||||
"fmt"
|
||||
"reflect"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
"k8s.io/apimachinery/pkg/api/equality"
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/kubernetes/pkg/apis/rbac"
|
||||
"k8s.io/kubernetes/pkg/registry/rbac/validation"
|
||||
)
|
||||
|
||||
@ -51,10 +51,10 @@ type RuleOwner interface {
|
||||
SetLabels(map[string]string)
|
||||
GetAnnotations() map[string]string
|
||||
SetAnnotations(map[string]string)
|
||||
GetRules() []rbac.PolicyRule
|
||||
SetRules([]rbac.PolicyRule)
|
||||
GetAggregationRule() *rbac.AggregationRule
|
||||
SetAggregationRule(*rbac.AggregationRule)
|
||||
GetRules() []rbacv1.PolicyRule
|
||||
SetRules([]rbacv1.PolicyRule)
|
||||
GetAggregationRule() *rbacv1.AggregationRule
|
||||
SetAggregationRule(*rbacv1.AggregationRule)
|
||||
DeepCopyRuleOwner() RuleOwner
|
||||
}
|
||||
|
||||
@ -75,9 +75,9 @@ type ReconcileClusterRoleResult struct {
|
||||
Role RuleOwner
|
||||
|
||||
// MissingRules contains expected rules that were missing from the currently persisted role
|
||||
MissingRules []rbac.PolicyRule
|
||||
MissingRules []rbacv1.PolicyRule
|
||||
// ExtraRules contains extra permissions the currently persisted role had
|
||||
ExtraRules []rbac.PolicyRule
|
||||
ExtraRules []rbacv1.PolicyRule
|
||||
|
||||
// MissingAggregationRuleSelectors contains expected selectors that were missing from the currently persisted role
|
||||
MissingAggregationRuleSelectors []metav1.LabelSelector
|
||||
@ -112,7 +112,7 @@ func (o *ReconcileRoleOptions) run(attempts int) (*ReconcileClusterRoleResult, e
|
||||
case errors.IsNotFound(err):
|
||||
aggregationRule := o.Role.GetAggregationRule()
|
||||
if aggregationRule == nil {
|
||||
aggregationRule = &rbac.AggregationRule{}
|
||||
aggregationRule = &rbacv1.AggregationRule{}
|
||||
}
|
||||
result = &ReconcileClusterRoleResult{
|
||||
Role: o.Role,
|
||||
@ -178,7 +178,7 @@ func (o *ReconcileRoleOptions) run(attempts int) (*ReconcileClusterRoleResult, e
|
||||
func computeReconciledRole(existing, expected RuleOwner, removeExtraPermissions bool) (*ReconcileClusterRoleResult, error) {
|
||||
result := &ReconcileClusterRoleResult{Operation: ReconcileNone}
|
||||
|
||||
result.Protected = (existing.GetAnnotations()[rbac.AutoUpdateAnnotationKey] == "false")
|
||||
result.Protected = (existing.GetAnnotations()[rbacv1.AutoUpdateAnnotationKey] == "false")
|
||||
|
||||
// Start with a copy of the existing object
|
||||
result.Role = existing.DeepCopyRuleOwner()
|
||||
@ -214,11 +214,16 @@ func computeReconciledRole(existing, expected RuleOwner, removeExtraPermissions
|
||||
_, result.MissingAggregationRuleSelectors = aggregationRuleCovers(existing.GetAggregationRule(), expected.GetAggregationRule())
|
||||
|
||||
switch {
|
||||
case expected.GetAggregationRule() == nil && existing.GetAggregationRule() != nil:
|
||||
// we didn't expect this to be an aggregated role at all, remove the existing aggregation
|
||||
result.Role.SetAggregationRule(nil)
|
||||
result.Operation = ReconcileUpdate
|
||||
|
||||
case !removeExtraPermissions && len(result.MissingAggregationRuleSelectors) > 0:
|
||||
// add missing rules in the union case
|
||||
aggregationRule := result.Role.GetAggregationRule()
|
||||
if aggregationRule == nil {
|
||||
aggregationRule = &rbac.AggregationRule{}
|
||||
aggregationRule = &rbacv1.AggregationRule{}
|
||||
}
|
||||
aggregationRule.ClusterRoleSelectors = append(aggregationRule.ClusterRoleSelectors, result.MissingAggregationRuleSelectors...)
|
||||
result.Role.SetAggregationRule(aggregationRule)
|
||||
@ -249,7 +254,7 @@ func merge(maps ...map[string]string) map[string]string {
|
||||
// aggregationRuleCovers determines whether or not the ownerSelectors cover the servantSelectors in terms of semantically
|
||||
// equal label selectors.
|
||||
// It returns whether or not the ownerSelectors cover and a list of the rules that the ownerSelectors do not cover.
|
||||
func aggregationRuleCovers(ownerRule, servantRule *rbac.AggregationRule) (bool, []metav1.LabelSelector) {
|
||||
func aggregationRuleCovers(ownerRule, servantRule *rbacv1.AggregationRule) (bool, []metav1.LabelSelector) {
|
||||
switch {
|
||||
case ownerRule == nil && servantRule == nil:
|
||||
return true, []metav1.LabelSelector{}
|
||||
|
||||
64
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_role_test.go
generated
vendored
64
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_role_test.go
generated
vendored
@ -19,23 +19,23 @@ package reconciliation
|
||||
import (
|
||||
"testing"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/util/diff"
|
||||
"k8s.io/kubernetes/pkg/apis/core/helper"
|
||||
"k8s.io/kubernetes/pkg/apis/rbac"
|
||||
)
|
||||
|
||||
func role(rules []rbac.PolicyRule, labels map[string]string, annotations map[string]string) *rbac.ClusterRole {
|
||||
return &rbac.ClusterRole{
|
||||
func role(rules []rbacv1.PolicyRule, labels map[string]string, annotations map[string]string) *rbacv1.ClusterRole {
|
||||
return &rbacv1.ClusterRole{
|
||||
Rules: rules,
|
||||
ObjectMeta: metav1.ObjectMeta{Labels: labels, Annotations: annotations},
|
||||
}
|
||||
}
|
||||
|
||||
func rules(resources ...string) []rbac.PolicyRule {
|
||||
r := []rbac.PolicyRule{}
|
||||
func rules(resources ...string) []rbacv1.PolicyRule {
|
||||
r := []rbacv1.PolicyRule{}
|
||||
for _, resource := range resources {
|
||||
r = append(r, rbac.PolicyRule{APIGroups: []string{""}, Verbs: []string{"get"}, Resources: []string{resource}})
|
||||
r = append(r, rbacv1.PolicyRule{APIGroups: []string{""}, Verbs: []string{"get"}, Resources: []string{resource}})
|
||||
}
|
||||
return r
|
||||
}
|
||||
@ -44,11 +44,11 @@ type ss map[string]string
|
||||
|
||||
func TestComputeReconciledRoleRules(t *testing.T) {
|
||||
tests := map[string]struct {
|
||||
expectedRole *rbac.ClusterRole
|
||||
actualRole *rbac.ClusterRole
|
||||
expectedRole *rbacv1.ClusterRole
|
||||
actualRole *rbacv1.ClusterRole
|
||||
removeExtraPermissions bool
|
||||
|
||||
expectedReconciledRole *rbac.ClusterRole
|
||||
expectedReconciledRole *rbacv1.ClusterRole
|
||||
expectedReconciliationNeeded bool
|
||||
}{
|
||||
"empty": {
|
||||
@ -278,14 +278,14 @@ func TestComputeReconciledRoleRules(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func aggregatedRole(aggregationRule *rbac.AggregationRule) *rbac.ClusterRole {
|
||||
return &rbac.ClusterRole{
|
||||
func aggregatedRole(aggregationRule *rbacv1.AggregationRule) *rbacv1.ClusterRole {
|
||||
return &rbacv1.ClusterRole{
|
||||
AggregationRule: aggregationRule,
|
||||
}
|
||||
}
|
||||
|
||||
func aggregationrule(selectors []map[string]string) *rbac.AggregationRule {
|
||||
ret := &rbac.AggregationRule{}
|
||||
func aggregationrule(selectors []map[string]string) *rbacv1.AggregationRule {
|
||||
ret := &rbacv1.AggregationRule{}
|
||||
for _, selector := range selectors {
|
||||
ret.ClusterRoleSelectors = append(ret.ClusterRoleSelectors,
|
||||
metav1.LabelSelector{MatchLabels: selector})
|
||||
@ -295,15 +295,15 @@ func aggregationrule(selectors []map[string]string) *rbac.AggregationRule {
|
||||
|
||||
func TestComputeReconciledRoleAggregationRules(t *testing.T) {
|
||||
tests := map[string]struct {
|
||||
expectedRole *rbac.ClusterRole
|
||||
actualRole *rbac.ClusterRole
|
||||
expectedRole *rbacv1.ClusterRole
|
||||
actualRole *rbacv1.ClusterRole
|
||||
removeExtraPermissions bool
|
||||
|
||||
expectedReconciledRole *rbac.ClusterRole
|
||||
expectedReconciledRole *rbacv1.ClusterRole
|
||||
expectedReconciliationNeeded bool
|
||||
}{
|
||||
"empty": {
|
||||
expectedRole: aggregatedRole(&rbac.AggregationRule{}),
|
||||
expectedRole: aggregatedRole(&rbacv1.AggregationRule{}),
|
||||
actualRole: aggregatedRole(nil),
|
||||
removeExtraPermissions: true,
|
||||
|
||||
@ -311,8 +311,8 @@ func TestComputeReconciledRoleAggregationRules(t *testing.T) {
|
||||
expectedReconciliationNeeded: false,
|
||||
},
|
||||
"empty-2": {
|
||||
expectedRole: aggregatedRole(&rbac.AggregationRule{}),
|
||||
actualRole: aggregatedRole(&rbac.AggregationRule{}),
|
||||
expectedRole: aggregatedRole(&rbacv1.AggregationRule{}),
|
||||
actualRole: aggregatedRole(&rbacv1.AggregationRule{}),
|
||||
removeExtraPermissions: true,
|
||||
|
||||
expectedReconciledRole: nil,
|
||||
@ -350,6 +350,32 @@ func TestComputeReconciledRoleAggregationRules(t *testing.T) {
|
||||
expectedReconciledRole: aggregatedRole(aggregationrule([]map[string]string{{"alpha": "bravo"}, {"foo": "bar"}})),
|
||||
expectedReconciliationNeeded: true,
|
||||
},
|
||||
"unexpected aggregation": {
|
||||
// desired role is not aggregated
|
||||
expectedRole: role(rules("pods", "nodes", "secrets"), nil, nil),
|
||||
// existing role is aggregated
|
||||
actualRole: aggregatedRole(aggregationrule([]map[string]string{{"alpha": "bravo"}})),
|
||||
removeExtraPermissions: false,
|
||||
|
||||
// reconciled role should have desired permissions and not be aggregated
|
||||
expectedReconciledRole: role(rules("pods", "nodes", "secrets"), nil, nil),
|
||||
expectedReconciliationNeeded: true,
|
||||
},
|
||||
"unexpected aggregation with differing permissions": {
|
||||
// desired role is not aggregated
|
||||
expectedRole: role(rules("pods", "nodes", "secrets"), nil, nil),
|
||||
// existing role is aggregated and has other permissions
|
||||
actualRole: func() *rbacv1.ClusterRole {
|
||||
r := aggregatedRole(aggregationrule([]map[string]string{{"alpha": "bravo"}}))
|
||||
r.Rules = rules("deployments")
|
||||
return r
|
||||
}(),
|
||||
removeExtraPermissions: false,
|
||||
|
||||
// reconciled role should have aggregation removed, preserve differing permissions, and include desired permissions
|
||||
expectedReconciledRole: role(rules("deployments", "pods", "nodes", "secrets"), nil, nil),
|
||||
expectedReconciliationNeeded: true,
|
||||
},
|
||||
}
|
||||
|
||||
for k, tc := range tests {
|
||||
|
||||
18
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_rolebindings.go
generated
vendored
18
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_rolebindings.go
generated
vendored
@ -20,10 +20,10 @@ import (
|
||||
"fmt"
|
||||
"reflect"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"k8s.io/kubernetes/pkg/apis/rbac"
|
||||
)
|
||||
|
||||
type RoleBindingModifier interface {
|
||||
@ -42,9 +42,9 @@ type RoleBinding interface {
|
||||
SetLabels(map[string]string)
|
||||
GetAnnotations() map[string]string
|
||||
SetAnnotations(map[string]string)
|
||||
GetRoleRef() rbac.RoleRef
|
||||
GetSubjects() []rbac.Subject
|
||||
SetSubjects([]rbac.Subject)
|
||||
GetRoleRef() rbacv1.RoleRef
|
||||
GetSubjects() []rbacv1.Subject
|
||||
SetSubjects([]rbacv1.Subject)
|
||||
DeepCopyRoleBinding() RoleBinding
|
||||
}
|
||||
|
||||
@ -67,9 +67,9 @@ type ReconcileClusterRoleBindingResult struct {
|
||||
RoleBinding RoleBinding
|
||||
|
||||
// MissingSubjects contains expected subjects that were missing from the currently persisted rolebinding
|
||||
MissingSubjects []rbac.Subject
|
||||
MissingSubjects []rbacv1.Subject
|
||||
// ExtraSubjects contains extra subjects the currently persisted rolebinding had
|
||||
ExtraSubjects []rbac.Subject
|
||||
ExtraSubjects []rbacv1.Subject
|
||||
|
||||
// Operation is the API operation required to reconcile.
|
||||
// If no reconciliation was needed, it is set to ReconcileNone.
|
||||
@ -176,7 +176,7 @@ func (o *ReconcileRoleBindingOptions) run(attempts int) (*ReconcileClusterRoleBi
|
||||
func computeReconciledRoleBinding(existing, expected RoleBinding, removeExtraSubjects bool) (*ReconcileClusterRoleBindingResult, error) {
|
||||
result := &ReconcileClusterRoleBindingResult{Operation: ReconcileNone}
|
||||
|
||||
result.Protected = (existing.GetAnnotations()[rbac.AutoUpdateAnnotationKey] == "false")
|
||||
result.Protected = (existing.GetAnnotations()[rbacv1.AutoUpdateAnnotationKey] == "false")
|
||||
|
||||
// Reset the binding completely if the roleRef is different
|
||||
if expected.GetRoleRef() != existing.GetRoleRef() {
|
||||
@ -216,7 +216,7 @@ func computeReconciledRoleBinding(existing, expected RoleBinding, removeExtraSub
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func contains(list []rbac.Subject, item rbac.Subject) bool {
|
||||
func contains(list []rbacv1.Subject, item rbacv1.Subject) bool {
|
||||
for _, listItem := range list {
|
||||
if listItem == item {
|
||||
return true
|
||||
@ -229,7 +229,7 @@ func contains(list []rbac.Subject, item rbac.Subject) bool {
|
||||
// list1Only = list1 - list2
|
||||
// list2Only = list2 - list1
|
||||
// if both returned lists are empty, the provided lists are equal
|
||||
func diffSubjectLists(list1 []rbac.Subject, list2 []rbac.Subject) (list1Only []rbac.Subject, list2Only []rbac.Subject) {
|
||||
func diffSubjectLists(list1 []rbacv1.Subject, list2 []rbacv1.Subject) (list1Only []rbacv1.Subject, list2Only []rbacv1.Subject) {
|
||||
for _, list1Item := range list1 {
|
||||
if !contains(list2, list1Item) {
|
||||
if !contains(list1Only, list1Item) {
|
||||
|
||||
32
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_rolebindings_test.go
generated
vendored
32
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_rolebindings_test.go
generated
vendored
@ -19,24 +19,24 @@ package reconciliation
|
||||
import (
|
||||
"testing"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
"k8s.io/kubernetes/pkg/apis/core/helper"
|
||||
"k8s.io/kubernetes/pkg/apis/rbac"
|
||||
)
|
||||
|
||||
func binding(roleRef rbac.RoleRef, subjects []rbac.Subject) *rbac.ClusterRoleBinding {
|
||||
return &rbac.ClusterRoleBinding{RoleRef: roleRef, Subjects: subjects}
|
||||
func binding(roleRef rbacv1.RoleRef, subjects []rbacv1.Subject) *rbacv1.ClusterRoleBinding {
|
||||
return &rbacv1.ClusterRoleBinding{RoleRef: roleRef, Subjects: subjects}
|
||||
}
|
||||
|
||||
func ref(name string) rbac.RoleRef {
|
||||
return rbac.RoleRef{Name: name}
|
||||
func ref(name string) rbacv1.RoleRef {
|
||||
return rbacv1.RoleRef{Name: name}
|
||||
}
|
||||
|
||||
func subject(name string) rbac.Subject {
|
||||
return rbac.Subject{Name: name}
|
||||
func subject(name string) rbacv1.Subject {
|
||||
return rbacv1.Subject{Name: name}
|
||||
}
|
||||
|
||||
func subjects(names ...string) []rbac.Subject {
|
||||
r := []rbac.Subject{}
|
||||
func subjects(names ...string) []rbacv1.Subject {
|
||||
r := []rbacv1.Subject{}
|
||||
for _, name := range names {
|
||||
r = append(r, subject(name))
|
||||
}
|
||||
@ -45,10 +45,10 @@ func subjects(names ...string) []rbac.Subject {
|
||||
|
||||
func TestDiffObjectReferenceLists(t *testing.T) {
|
||||
tests := map[string]struct {
|
||||
A []rbac.Subject
|
||||
B []rbac.Subject
|
||||
ExpectedOnlyA []rbac.Subject
|
||||
ExpectedOnlyB []rbac.Subject
|
||||
A []rbacv1.Subject
|
||||
B []rbacv1.Subject
|
||||
ExpectedOnlyA []rbacv1.Subject
|
||||
ExpectedOnlyB []rbacv1.Subject
|
||||
}{
|
||||
"empty": {},
|
||||
|
||||
@ -92,11 +92,11 @@ func TestDiffObjectReferenceLists(t *testing.T) {
|
||||
|
||||
func TestComputeUpdate(t *testing.T) {
|
||||
tests := map[string]struct {
|
||||
ExpectedBinding *rbac.ClusterRoleBinding
|
||||
ActualBinding *rbac.ClusterRoleBinding
|
||||
ExpectedBinding *rbacv1.ClusterRoleBinding
|
||||
ActualBinding *rbacv1.ClusterRoleBinding
|
||||
RemoveExtraSubjects bool
|
||||
|
||||
ExpectedUpdatedBinding *rbac.ClusterRoleBinding
|
||||
ExpectedUpdatedBinding *rbacv1.ClusterRoleBinding
|
||||
ExpectedUpdateNeeded bool
|
||||
}{
|
||||
"match without union": {
|
||||
|
||||
24
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/role_interfaces.go
generated
vendored
24
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/role_interfaces.go
generated
vendored
@ -17,20 +17,20 @@ limitations under the License.
|
||||
package reconciliation
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
api "k8s.io/kubernetes/pkg/apis/core"
|
||||
"k8s.io/kubernetes/pkg/apis/rbac"
|
||||
core "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/internalversion"
|
||||
"k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion"
|
||||
corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1"
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RuleOwner
|
||||
// +k8s:deepcopy-gen:nonpointer-interfaces=true
|
||||
type RoleRuleOwner struct {
|
||||
Role *rbac.Role
|
||||
Role *rbacv1.Role
|
||||
}
|
||||
|
||||
func (o RoleRuleOwner) GetObject() runtime.Object {
|
||||
@ -61,24 +61,24 @@ func (o RoleRuleOwner) SetAnnotations(in map[string]string) {
|
||||
o.Role.Annotations = in
|
||||
}
|
||||
|
||||
func (o RoleRuleOwner) GetRules() []rbac.PolicyRule {
|
||||
func (o RoleRuleOwner) GetRules() []rbacv1.PolicyRule {
|
||||
return o.Role.Rules
|
||||
}
|
||||
|
||||
func (o RoleRuleOwner) SetRules(in []rbac.PolicyRule) {
|
||||
func (o RoleRuleOwner) SetRules(in []rbacv1.PolicyRule) {
|
||||
o.Role.Rules = in
|
||||
}
|
||||
|
||||
func (o RoleRuleOwner) GetAggregationRule() *rbac.AggregationRule {
|
||||
func (o RoleRuleOwner) GetAggregationRule() *rbacv1.AggregationRule {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (o RoleRuleOwner) SetAggregationRule(in *rbac.AggregationRule) {
|
||||
func (o RoleRuleOwner) SetAggregationRule(in *rbacv1.AggregationRule) {
|
||||
}
|
||||
|
||||
type RoleModifier struct {
|
||||
Client internalversion.RolesGetter
|
||||
NamespaceClient core.NamespaceInterface
|
||||
Client rbacv1client.RolesGetter
|
||||
NamespaceClient corev1client.NamespaceInterface
|
||||
}
|
||||
|
||||
func (c RoleModifier) Get(namespace, name string) (RuleOwner, error) {
|
||||
@ -90,7 +90,7 @@ func (c RoleModifier) Get(namespace, name string) (RuleOwner, error) {
|
||||
}
|
||||
|
||||
func (c RoleModifier) Create(in RuleOwner) (RuleOwner, error) {
|
||||
ns := &api.Namespace{ObjectMeta: metav1.ObjectMeta{Name: in.GetNamespace()}}
|
||||
ns := &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: in.GetNamespace()}}
|
||||
if _, err := c.NamespaceClient.Create(ns); err != nil && !apierrors.IsAlreadyExists(err) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
22
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/rolebinding_interfaces.go
generated
vendored
22
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/rolebinding_interfaces.go
generated
vendored
@ -17,21 +17,21 @@ limitations under the License.
|
||||
package reconciliation
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
api "k8s.io/kubernetes/pkg/apis/core"
|
||||
"k8s.io/kubernetes/pkg/apis/rbac"
|
||||
core "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/internalversion"
|
||||
"k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion"
|
||||
corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1"
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RoleBinding
|
||||
// +k8s:deepcopy-gen:nonpointer-interfaces=true
|
||||
type RoleBindingAdapter struct {
|
||||
RoleBinding *rbac.RoleBinding
|
||||
RoleBinding *rbacv1.RoleBinding
|
||||
}
|
||||
|
||||
func (o RoleBindingAdapter) GetObject() runtime.Object {
|
||||
@ -66,21 +66,21 @@ func (o RoleBindingAdapter) SetAnnotations(in map[string]string) {
|
||||
o.RoleBinding.Annotations = in
|
||||
}
|
||||
|
||||
func (o RoleBindingAdapter) GetRoleRef() rbac.RoleRef {
|
||||
func (o RoleBindingAdapter) GetRoleRef() rbacv1.RoleRef {
|
||||
return o.RoleBinding.RoleRef
|
||||
}
|
||||
|
||||
func (o RoleBindingAdapter) GetSubjects() []rbac.Subject {
|
||||
func (o RoleBindingAdapter) GetSubjects() []rbacv1.Subject {
|
||||
return o.RoleBinding.Subjects
|
||||
}
|
||||
|
||||
func (o RoleBindingAdapter) SetSubjects(in []rbac.Subject) {
|
||||
func (o RoleBindingAdapter) SetSubjects(in []rbacv1.Subject) {
|
||||
o.RoleBinding.Subjects = in
|
||||
}
|
||||
|
||||
type RoleBindingClientAdapter struct {
|
||||
Client internalversion.RoleBindingsGetter
|
||||
NamespaceClient core.NamespaceInterface
|
||||
Client rbacv1client.RoleBindingsGetter
|
||||
NamespaceClient corev1client.NamespaceInterface
|
||||
}
|
||||
|
||||
func (c RoleBindingClientAdapter) Get(namespace, name string) (RoleBinding, error) {
|
||||
@ -92,7 +92,7 @@ func (c RoleBindingClientAdapter) Get(namespace, name string) (RoleBinding, erro
|
||||
}
|
||||
|
||||
func (c RoleBindingClientAdapter) Create(in RoleBinding) (RoleBinding, error) {
|
||||
ns := &api.Namespace{ObjectMeta: metav1.ObjectMeta{Name: in.GetNamespace()}}
|
||||
ns := &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: in.GetNamespace()}}
|
||||
if _, err := c.NamespaceClient.Create(ns); err != nil && !apierrors.IsAlreadyExists(err) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
12
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/zz_generated.deepcopy.go
generated
vendored
12
vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/zz_generated.deepcopy.go
generated
vendored
@ -1,7 +1,7 @@
|
||||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright 2018 The Kubernetes Authors.
|
||||
Copyright The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
@ -21,7 +21,7 @@ limitations under the License.
|
||||
package reconciliation
|
||||
|
||||
import (
|
||||
rbac "k8s.io/kubernetes/pkg/apis/rbac"
|
||||
v1 "k8s.io/api/rbac/v1"
|
||||
)
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
@ -32,7 +32,7 @@ func (in *ClusterRoleBindingAdapter) DeepCopyInto(out *ClusterRoleBindingAdapter
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(rbac.ClusterRoleBinding)
|
||||
*out = new(v1.ClusterRoleBinding)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
}
|
||||
@ -62,7 +62,7 @@ func (in *ClusterRoleRuleOwner) DeepCopyInto(out *ClusterRoleRuleOwner) {
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(rbac.ClusterRole)
|
||||
*out = new(v1.ClusterRole)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
}
|
||||
@ -92,7 +92,7 @@ func (in *RoleBindingAdapter) DeepCopyInto(out *RoleBindingAdapter) {
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(rbac.RoleBinding)
|
||||
*out = new(v1.RoleBinding)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
}
|
||||
@ -122,7 +122,7 @@ func (in *RoleRuleOwner) DeepCopyInto(out *RoleRuleOwner) {
|
||||
if *in == nil {
|
||||
*out = nil
|
||||
} else {
|
||||
*out = new(rbac.Role)
|
||||
*out = new(v1.Role)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user