From 33884d232c05b3b9b233e4d76fe27e42846a6aa3 Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Wed, 4 Jan 2017 22:43:54 -0500 Subject: [PATCH] Add authz flags We aren't wiring them up now, but this unblocks people that want to have a go. --- pkg/apis/kops/componentconfig.go | 3 +++ pkg/apis/kops/v1alpha1/componentconfig.go | 3 +++ pkg/apis/kops/v1alpha1/zz_generated.conversion.go | 4 ++++ pkg/apis/kops/v1alpha2/componentconfig.go | 3 +++ 4 files changed, 13 insertions(+) diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go index 03d659f20d..a65028c3ee 100644 --- a/pkg/apis/kops/componentconfig.go +++ b/pkg/apis/kops/componentconfig.go @@ -401,6 +401,9 @@ type KubeAPIServerConfig struct { // If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file // otherwise the host's root CA set will be used. OIDCCAFile *string `json:"oidcCAFile,omitempty" flag:"oidc-ca-file"` + + AuthorizationMode *string `json:"authorizationMode,omitempty" flag:"authorization-mode"` + AuthorizationRBACSuperUser *string `json:"authorizationRbacSuperUser,omitempty" flag:"authorization-rbac-super-user"` } type KubeControllerManagerConfig struct { diff --git a/pkg/apis/kops/v1alpha1/componentconfig.go b/pkg/apis/kops/v1alpha1/componentconfig.go index 5c7434fa46..c4fb57d43a 100644 --- a/pkg/apis/kops/v1alpha1/componentconfig.go +++ b/pkg/apis/kops/v1alpha1/componentconfig.go @@ -398,6 +398,9 @@ type KubeAPIServerConfig struct { // If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file // otherwise the host's root CA set will be used. OIDCCAFile *string `json:"oidcCAFile,omitempty" flag:"oidc-ca-file"` + + AuthorizationMode *string `json:"authorizationMode,omitempty" flag:"authorization-mode"` + AuthorizationRBACSuperUser *string `json:"authorizationRbacSuperUser,omitempty" flag:"authorization-rbac-super-user"` } type KubeControllerManagerConfig struct { diff --git a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go index 326712f07f..c1eb65492c 100644 --- a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go @@ -962,6 +962,8 @@ func autoConvert_v1alpha1_KubeAPIServerConfig_To_kops_KubeAPIServerConfig(in *Ku out.OIDCIssuerURL = in.OIDCIssuerURL out.OIDCClientID = in.OIDCClientID out.OIDCCAFile = in.OIDCCAFile + out.AuthorizationMode = in.AuthorizationMode + out.AuthorizationRBACSuperUser = in.AuthorizationRBACSuperUser return nil } @@ -997,6 +999,8 @@ func autoConvert_kops_KubeAPIServerConfig_To_v1alpha1_KubeAPIServerConfig(in *ko out.OIDCIssuerURL = in.OIDCIssuerURL out.OIDCClientID = in.OIDCClientID out.OIDCCAFile = in.OIDCCAFile + out.AuthorizationMode = in.AuthorizationMode + out.AuthorizationRBACSuperUser = in.AuthorizationRBACSuperUser return nil } diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go index 8284d24c9a..386fffa101 100644 --- a/pkg/apis/kops/v1alpha2/componentconfig.go +++ b/pkg/apis/kops/v1alpha2/componentconfig.go @@ -156,6 +156,9 @@ type KubeAPIServerConfig struct { // If set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file // otherwise the host's root CA set will be used. OIDCCAFile *string `json:"oidcCAFile,omitempty" flag:"oidc-ca-file"` + + AuthorizationMode *string `json:"authorizationMode,omitempty" flag:"authorization-mode"` + AuthorizationRBACSuperUser *string `json:"authorizationRbacSuperUser,omitempty" flag:"authorization-rbac-super-user"` } type KubeControllerManagerConfig struct {