kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix list_type_missing in k8s.io/apiserver 

Kubernetes-commit: eddf65849dfa1b3c351597d7018a2700371d8955
This commit is contained in:
Tim Hockin 2023-11-17 11:46:28 -08:00 committed by Kubernetes Publisher
parent 9863f526b5
commit 7674c1a859
2 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/apis/audit/v1/generated.proto
View File

@ -62,6 +62,7 @@ message Event {
// IP in the list up to here (X-Forwarded-For or X-Real-Ip).
// Note: All but the last IP can be arbitrarily set by the client.
// +optional
// +listType=atomic
repeated string sourceIPs = 8;
// UserAgent records the user agent string reported by the client.
@ -140,12 +141,14 @@ message GroupResources {
//
// An empty list implies all resources and subresources in this API groups apply.
// +optional
// +listType=atomic
repeated string resources = 2;
// ResourceNames is a list of resource instance names that the policy matches.
// Using this field requires Resources to be specified.
// An empty list implies that every instance of the resource is matched.
// +optional
// +listType=atomic
repeated string resourceNames = 3;
}
@ -190,11 +193,13 @@ message Policy {
// A request may match multiple rules, in which case the FIRST matching rule is used.
// The default audit level is None, but can be overridden by a catch-all rule at the end of the list.
// PolicyRules are strictly ordered.
// +listType=atomic
repeated PolicyRule rules = 2;
// OmitStages is a list of stages for which no events are created. Note that this can also
// be specified per rule in which case the union of both are omitted.
// +optional
// +listType=atomic
repeated string omitStages = 3;
// OmitManagedFields indicates whether to omit the managed fields of the request
@ -224,27 +229,32 @@ message PolicyRule {
// The users (by authenticated user name) this rule applies to.
// An empty list implies every user.
// +optional
// +listType=atomic
repeated string users = 2;
// The user groups this rule applies to. A user is considered matching
// if it is a member of any of the UserGroups.
// An empty list implies every user group.
// +optional
// +listType=atomic
repeated string userGroups = 3;
// The verbs that match this rule.
// An empty list implies every verb.
// +optional
// +listType=atomic
repeated string verbs = 4;
// Resources that this rule matches. An empty list implies all kinds in all API groups.
// +optional
// +listType=atomic
repeated GroupResources resources = 5;
// Namespaces that this rule matches.
// The empty string "" matches non-namespaced resources.
// An empty list implies every namespace.
// +optional
// +listType=atomic
repeated string namespaces = 6;
// NonResourceURLs is a set of URL paths that should be audited.
@ -253,12 +263,14 @@ message PolicyRule {
// - `/metrics` - Log requests for apiserver metrics
// - `/healthz*` - Log all health checks
// +optional
// +listType=atomic
repeated string nonResourceURLs = 7;
// OmitStages is a list of stages for which no events are created. Note that this can also
// be specified policy wide in which case the union of both are omitted.
// An empty list means no restrictions will apply.
// +optional
// +listType=atomic
repeated string omitStages = 8;
// OmitManagedFields indicates whether to omit the managed fields of the request

12
pkg/apis/audit/v1/types.go
View File

@ -98,6 +98,7 @@ type Event struct {
// IP in the list up to here (X-Forwarded-For or X-Real-Ip).
// Note: All but the last IP can be arbitrarily set by the client.
// +optional
// +listType=atomic
SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,8,rep,name=sourceIPs"`
// UserAgent records the user agent string reported by the client.
// Note that the UserAgent is provided by the client, and must not be trusted.
@ -166,11 +167,13 @@ type Policy struct {
// A request may match multiple rules, in which case the FIRST matching rule is used.
// The default audit level is None, but can be overridden by a catch-all rule at the end of the list.
// PolicyRules are strictly ordered.
// +listType=atomic
Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"`
// OmitStages is a list of stages for which no events are created. Note that this can also
// be specified per rule in which case the union of both are omitted.
// +optional
// +listType=atomic
OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,3,rep,name=omitStages"`
// OmitManagedFields indicates whether to omit the managed fields of the request
@ -203,16 +206,19 @@ type PolicyRule struct {
// The users (by authenticated user name) this rule applies to.
// An empty list implies every user.
// +optional
// +listType=atomic
Users []string `json:"users,omitempty" protobuf:"bytes,2,rep,name=users"`
// The user groups this rule applies to. A user is considered matching
// if it is a member of any of the UserGroups.
// An empty list implies every user group.
// +optional
// +listType=atomic
UserGroups []string `json:"userGroups,omitempty" protobuf:"bytes,3,rep,name=userGroups"`
// The verbs that match this rule.
// An empty list implies every verb.
// +optional
// +listType=atomic
Verbs []string `json:"verbs,omitempty" protobuf:"bytes,4,rep,name=verbs"`
// Rules can apply to API resources (such as "pods" or "secrets"),
@ -221,11 +227,13 @@ type PolicyRule struct {
// Resources that this rule matches. An empty list implies all kinds in all API groups.
// +optional
// +listType=atomic
Resources []GroupResources `json:"resources,omitempty" protobuf:"bytes,5,rep,name=resources"`
// Namespaces that this rule matches.
// The empty string "" matches non-namespaced resources.
// An empty list implies every namespace.
// +optional
// +listType=atomic
Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,6,rep,name=namespaces"`
// NonResourceURLs is a set of URL paths that should be audited.
@ -234,12 +242,14 @@ type PolicyRule struct {
// - `/metrics` - Log requests for apiserver metrics
// - `/healthz*` - Log all health checks
// +optional
// +listType=atomic
NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,7,rep,name=nonResourceURLs"`
// OmitStages is a list of stages for which no events are created. Note that this can also
// be specified policy wide in which case the union of both are omitted.
// An empty list means no restrictions will apply.
// +optional
// +listType=atomic
OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"`
// OmitManagedFields indicates whether to omit the managed fields of the request
@ -274,11 +284,13 @@ type GroupResources struct {
//
// An empty list implies all resources and subresources in this API groups apply.
// +optional
// +listType=atomic
Resources []string `json:"resources,omitempty" protobuf:"bytes,2,rep,name=resources"`
// ResourceNames is a list of resource instance names that the policy matches.
// Using this field requires Resources to be specified.
// An empty list implies that every instance of the resource is matched.
// +optional
// +listType=atomic
ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,3,rep,name=resourceNames"`
}