Merge pull request #1357 from justinsb/authn_flags

Add authz flags
2017-01-21 11:36:46 -07:00 · 2017-01-21 11:36:46 -07:00 · 97afdf9f97
parent 92dfa71968 33884d232c
commit 97afdf9f97
4 changed files with 13 additions and 0 deletions
--- a/pkg/apis/kops/componentconfig.go
+++ b/pkg/apis/kops/componentconfig.go
@ -412,6 +412,9 @@ type KubeAPIServerConfig struct {
 	// If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file
 	// otherwise the host's root CA set will be used.
 	OIDCCAFile *string `json:"oidcCAFile,omitempty" flag:"oidc-ca-file"`
+
+	AuthorizationMode          *string `json:"authorizationMode,omitempty" flag:"authorization-mode"`
+	AuthorizationRBACSuperUser *string `json:"authorizationRbacSuperUser,omitempty" flag:"authorization-rbac-super-user"`
 }

 type KubeControllerManagerConfig struct {
--- a/pkg/apis/kops/v1alpha1/componentconfig.go
+++ b/pkg/apis/kops/v1alpha1/componentconfig.go
@ -408,6 +408,9 @@ type KubeAPIServerConfig struct {
 	// If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file
 	// otherwise the host's root CA set will be used.
 	OIDCCAFile *string `json:"oidcCAFile,omitempty" flag:"oidc-ca-file"`
+
+	AuthorizationMode          *string `json:"authorizationMode,omitempty" flag:"authorization-mode"`
+	AuthorizationRBACSuperUser *string `json:"authorizationRbacSuperUser,omitempty" flag:"authorization-rbac-super-user"`
 }

 type KubeControllerManagerConfig struct {
--- a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
@ -964,6 +964,8 @@ func autoConvert_v1alpha1_KubeAPIServerConfig_To_kops_KubeAPIServerConfig(in *Ku
 	out.OIDCIssuerURL = in.OIDCIssuerURL
 	out.OIDCClientID = in.OIDCClientID
 	out.OIDCCAFile = in.OIDCCAFile
+	out.AuthorizationMode = in.AuthorizationMode
+	out.AuthorizationRBACSuperUser = in.AuthorizationRBACSuperUser
 	return nil
 }

@ -999,6 +1001,8 @@ func autoConvert_kops_KubeAPIServerConfig_To_v1alpha1_KubeAPIServerConfig(in *ko
 	out.OIDCIssuerURL = in.OIDCIssuerURL
 	out.OIDCClientID = in.OIDCClientID
 	out.OIDCCAFile = in.OIDCCAFile
+	out.AuthorizationMode = in.AuthorizationMode
+	out.AuthorizationRBACSuperUser = in.AuthorizationRBACSuperUser
 	return nil
 }

--- a/pkg/apis/kops/v1alpha2/componentconfig.go
+++ b/pkg/apis/kops/v1alpha2/componentconfig.go
@ -176,6 +176,9 @@ type KubeAPIServerConfig struct {
 	// If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file
 	// otherwise the host's root CA set will be used.
 	OIDCCAFile *string `json:"oidcCAFile,omitempty" flag:"oidc-ca-file"`
+
+	AuthorizationMode          *string `json:"authorizationMode,omitempty" flag:"authorization-mode"`
+	AuthorizationRBACSuperUser *string `json:"authorizationRbacSuperUser,omitempty" flag:"authorization-rbac-super-user"`
 }

 type KubeControllerManagerConfig struct {