mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-14 18:53:35 +00:00
vendor update for CSI 0.3.0
This commit is contained in:
gman
4
vendor/k8s.io/kubernetes/pkg/registry/rbac/role/BUILD
generated
vendored
4
vendor/k8s.io/kubernetes/pkg/registry/rbac/role/BUILD
generated
vendored
@ -16,12 +16,12 @@ go_library(
|
||||
deps = [
|
||||
"//pkg/api/legacyscheme:go_default_library",
|
||||
"//pkg/apis/rbac:go_default_library",
|
||||
"//pkg/apis/rbac/v1:go_default_library",
|
||||
"//pkg/apis/rbac/validation:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion:go_default_library",
|
||||
"//vendor/k8s.io/api/rbac/v1:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/watch:go_default_library",
|
||||
"//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
|
||||
"//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library",
|
||||
"//vendor/k8s.io/apiserver/pkg/storage/names:go_default_library",
|
||||
|
||||
1
vendor/k8s.io/kubernetes/pkg/registry/rbac/role/policybased/BUILD
generated
vendored
1
vendor/k8s.io/kubernetes/pkg/registry/rbac/role/policybased/BUILD
generated
vendored
@ -16,7 +16,6 @@ go_library(
|
||||
"//pkg/registry/rbac/validation:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
|
||||
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||
"//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
|
||||
"//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
17
vendor/k8s.io/kubernetes/pkg/registry/rbac/role/policybased/storage.go
generated
vendored
17
vendor/k8s.io/kubernetes/pkg/registry/rbac/role/policybased/storage.go
generated
vendored
@ -18,9 +18,10 @@ limitations under the License.
|
||||
package policybased
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
kapihelper "k8s.io/kubernetes/pkg/apis/core/helper"
|
||||
"k8s.io/kubernetes/pkg/apis/rbac"
|
||||
@ -40,25 +41,29 @@ func NewStorage(s rest.StandardStorage, ruleResolver rbacregistryvalidation.Auth
|
||||
return &Storage{s, ruleResolver}
|
||||
}
|
||||
|
||||
func (s *Storage) Create(ctx genericapirequest.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, includeUninitialized bool) (runtime.Object, error) {
|
||||
func (r *Storage) NamespaceScoped() bool {
|
||||
return true
|
||||
}
|
||||
|
||||
func (s *Storage) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, includeUninitialized bool) (runtime.Object, error) {
|
||||
if rbacregistry.EscalationAllowed(ctx) {
|
||||
return s.StandardStorage.Create(ctx, obj, createValidation, includeUninitialized)
|
||||
}
|
||||
|
||||
role := obj.(*rbac.Role)
|
||||
rules := role.Rules
|
||||
if err := rbacregistryvalidation.ConfirmNoEscalation(ctx, s.ruleResolver, rules); err != nil {
|
||||
if err := rbacregistryvalidation.ConfirmNoEscalationInternal(ctx, s.ruleResolver, rules); err != nil {
|
||||
return nil, errors.NewForbidden(groupResource, role.Name, err)
|
||||
}
|
||||
return s.StandardStorage.Create(ctx, obj, createValidation, includeUninitialized)
|
||||
}
|
||||
|
||||
func (s *Storage) Update(ctx genericapirequest.Context, name string, obj rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc) (runtime.Object, bool, error) {
|
||||
func (s *Storage) Update(ctx context.Context, name string, obj rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc) (runtime.Object, bool, error) {
|
||||
if rbacregistry.EscalationAllowed(ctx) {
|
||||
return s.StandardStorage.Update(ctx, name, obj, createValidation, updateValidation)
|
||||
}
|
||||
|
||||
nonEscalatingInfo := rest.WrapUpdatedObjectInfo(obj, func(ctx genericapirequest.Context, obj runtime.Object, oldObj runtime.Object) (runtime.Object, error) {
|
||||
nonEscalatingInfo := rest.WrapUpdatedObjectInfo(obj, func(ctx context.Context, obj runtime.Object, oldObj runtime.Object) (runtime.Object, error) {
|
||||
role := obj.(*rbac.Role)
|
||||
|
||||
// if we're only mutating fields needed for the GC to eventually delete this obj, return
|
||||
@ -67,7 +72,7 @@ func (s *Storage) Update(ctx genericapirequest.Context, name string, obj rest.Up
|
||||
}
|
||||
|
||||
rules := role.Rules
|
||||
if err := rbacregistryvalidation.ConfirmNoEscalation(ctx, s.ruleResolver, rules); err != nil {
|
||||
if err := rbacregistryvalidation.ConfirmNoEscalationInternal(ctx, s.ruleResolver, rules); err != nil {
|
||||
return nil, errors.NewForbidden(groupResource, role.Name, err)
|
||||
}
|
||||
return obj, nil
|
||||
|
||||
53
vendor/k8s.io/kubernetes/pkg/registry/rbac/role/registry.go
generated
vendored
53
vendor/k8s.io/kubernetes/pkg/registry/rbac/role/registry.go
generated
vendored
@ -17,27 +17,24 @@ limitations under the License.
|
||||
package role
|
||||
|
||||
import (
|
||||
metainternalversion "k8s.io/apimachinery/pkg/apis/meta/internalversion"
|
||||
"context"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/watch"
|
||||
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
"k8s.io/kubernetes/pkg/apis/rbac"
|
||||
rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1"
|
||||
)
|
||||
|
||||
// Registry is an interface for things that know how to store Roles.
|
||||
type Registry interface {
|
||||
ListRoles(ctx genericapirequest.Context, options *metainternalversion.ListOptions) (*rbac.RoleList, error)
|
||||
CreateRole(ctx genericapirequest.Context, role *rbac.Role, createValidation rest.ValidateObjectFunc) error
|
||||
UpdateRole(ctx genericapirequest.Context, role *rbac.Role, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc) error
|
||||
GetRole(ctx genericapirequest.Context, name string, options *metav1.GetOptions) (*rbac.Role, error)
|
||||
DeleteRole(ctx genericapirequest.Context, name string) error
|
||||
WatchRoles(ctx genericapirequest.Context, options *metainternalversion.ListOptions) (watch.Interface, error)
|
||||
GetRole(ctx context.Context, name string, options *metav1.GetOptions) (*rbacv1.Role, error)
|
||||
}
|
||||
|
||||
// storage puts strong typing around storage calls
|
||||
type storage struct {
|
||||
rest.StandardStorage
|
||||
rest.Getter
|
||||
}
|
||||
|
||||
// NewRegistry returns a new Registry interface for the given Storage. Any mismatched
|
||||
@ -46,41 +43,17 @@ func NewRegistry(s rest.StandardStorage) Registry {
|
||||
return &storage{s}
|
||||
}
|
||||
|
||||
func (s *storage) ListRoles(ctx genericapirequest.Context, options *metainternalversion.ListOptions) (*rbac.RoleList, error) {
|
||||
obj, err := s.List(ctx, options)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return obj.(*rbac.RoleList), nil
|
||||
}
|
||||
|
||||
func (s *storage) CreateRole(ctx genericapirequest.Context, role *rbac.Role, createValidation rest.ValidateObjectFunc) error {
|
||||
_, err := s.Create(ctx, role, createValidation, false)
|
||||
return err
|
||||
}
|
||||
|
||||
func (s *storage) UpdateRole(ctx genericapirequest.Context, role *rbac.Role, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc) error {
|
||||
// TODO: any admission?
|
||||
_, _, err := s.Update(ctx, role.Name, rest.DefaultUpdatedObjectInfo(role), createValidation, updateValidation)
|
||||
return err
|
||||
}
|
||||
|
||||
func (s *storage) WatchRoles(ctx genericapirequest.Context, options *metainternalversion.ListOptions) (watch.Interface, error) {
|
||||
return s.Watch(ctx, options)
|
||||
}
|
||||
|
||||
func (s *storage) GetRole(ctx genericapirequest.Context, name string, options *metav1.GetOptions) (*rbac.Role, error) {
|
||||
func (s *storage) GetRole(ctx context.Context, name string, options *metav1.GetOptions) (*rbacv1.Role, error) {
|
||||
obj, err := s.Get(ctx, name, options)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return obj.(*rbac.Role), nil
|
||||
}
|
||||
|
||||
func (s *storage) DeleteRole(ctx genericapirequest.Context, name string) error {
|
||||
_, _, err := s.Delete(ctx, name, nil)
|
||||
return err
|
||||
ret := &rbacv1.Role{}
|
||||
if err := rbacv1helpers.Convert_rbac_Role_To_v1_Role(obj.(*rbac.Role), ret, nil); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return ret, nil
|
||||
}
|
||||
|
||||
// AuthorizerAdapter adapts the registry to the authorizer interface
|
||||
@ -88,6 +61,6 @@ type AuthorizerAdapter struct {
|
||||
Registry Registry
|
||||
}
|
||||
|
||||
func (a AuthorizerAdapter) GetRole(namespace, name string) (*rbac.Role, error) {
|
||||
func (a AuthorizerAdapter) GetRole(namespace, name string) (*rbacv1.Role, error) {
|
||||
return a.Registry.GetRole(genericapirequest.WithNamespace(genericapirequest.NewContext(), namespace), name, &metav1.GetOptions{})
|
||||
}
|
||||
|
||||
11
vendor/k8s.io/kubernetes/pkg/registry/rbac/role/strategy.go
generated
vendored
11
vendor/k8s.io/kubernetes/pkg/registry/rbac/role/strategy.go
generated
vendored
@ -17,9 +17,10 @@ limitations under the License.
|
||||
package role
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/validation/field"
|
||||
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
"k8s.io/apiserver/pkg/storage/names"
|
||||
"k8s.io/kubernetes/pkg/api/legacyscheme"
|
||||
@ -55,12 +56,12 @@ func (strategy) AllowCreateOnUpdate() bool {
|
||||
|
||||
// PrepareForCreate clears fields that are not allowed to be set by end users
|
||||
// on creation.
|
||||
func (strategy) PrepareForCreate(ctx genericapirequest.Context, obj runtime.Object) {
|
||||
func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
|
||||
_ = obj.(*rbac.Role)
|
||||
}
|
||||
|
||||
// PrepareForUpdate clears fields that are not allowed to be set by end users on update.
|
||||
func (strategy) PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime.Object) {
|
||||
func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
|
||||
newRole := obj.(*rbac.Role)
|
||||
oldRole := old.(*rbac.Role)
|
||||
|
||||
@ -68,7 +69,7 @@ func (strategy) PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime
|
||||
}
|
||||
|
||||
// Validate validates a new Role. Validation must check for a correct signature.
|
||||
func (strategy) Validate(ctx genericapirequest.Context, obj runtime.Object) field.ErrorList {
|
||||
func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
|
||||
role := obj.(*rbac.Role)
|
||||
return validation.ValidateRole(role)
|
||||
}
|
||||
@ -79,7 +80,7 @@ func (strategy) Canonicalize(obj runtime.Object) {
|
||||
}
|
||||
|
||||
// ValidateUpdate is the default update validation for an end user.
|
||||
func (strategy) ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList {
|
||||
func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
|
||||
newObj := obj.(*rbac.Role)
|
||||
errorList := validation.ValidateRole(newObj)
|
||||
return append(errorList, validation.ValidateRoleUpdate(newObj, old.(*rbac.Role))...)
|
||||
|
||||
Reference in New Issue
Block a user