github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into annotation

Browse Source
This commit is contained in:
Matt Matejczyk
2018-10-19 13:54:06 -04:00
parent 4cdab7c985 37cb88efd2
commit 536cee71b4
252 changed files with 17775 additions and 759 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -1,10 +1,25 @@
<!-- Thanks for sending a pull request! Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://git.k8s.io/community/contributors/guide#your-first-contribution and developer guide https://git.k8s.io/community/contributors/devel/development.md#development-guide
2. If you want *faster* PR reviews, read how: https://git.k8s.io/community/contributors/guide/pull-requests.md#best-practices-for-faster-reviews
3. Follow the instructions for writing a release note: https://git.k8s.io/community/contributors/guide/release-notes.md
4. If the PR is unfinished, see how to mark it: https://git.k8s.io/community/contributors/guide/pull-requests.md#marking-unfinished-pull-requests
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request. For reference on required PR/issue labels, read here:
https://git.k8s.io/community/contributors/devel/release.md#issue-kind-label
3. Ensure you have added or ran the appropriate tests for your PR: https://git.k8s.io/community/contributors/devel/testing.md
4. If you want *faster* PR reviews, read how: https://git.k8s.io/community/contributors/guide/pull-requests.md#best-practices-for-faster-reviews
5. Follow the instructions for writing a release note: https://git.k8s.io/community/contributors/guide/release-notes.md
6. If the PR is unfinished, see how to mark it: https://git.k8s.io/community/contributors/guide/pull-requests.md#marking-unfinished-pull-requests
-->
**What type of PR is this?**
> Uncomment only one, leave it on its own line:
>
> /kind api-change
> /kind bug
> /kind cleanup
> /kind design
> /kind documentation
> /kind failing-test
> /kind feature
> /kind flake
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
@@ -12,10 +27,12 @@ Fixes #
**Special notes for your reviewer**:
**Release note**:
<!-- Write your release note:
1. Enter your extended release note in the below block. If the PR requires additional action from users switching to the new release, include the string "action required".
2. If no release note is required, just write "NONE".
**Does this PR introduce a user-facing change?**:
<!--
If no, just write "NONE".
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
2.
-->
```release-note

59
Godeps/Godeps.json generated
View File

@@ -36,33 +36,33 @@
},
{
"ImportPath": "github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute",
"Comment": "v19.0.0",
"Rev": "520918e6c8e8e1064154f51d13e02fad92b287b8"
"Comment": "v21.1.0",
"Rev": "6d20bdbae88c06c36d72eb512295417693bfdf4e"
},
{
"ImportPath": "github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2017-10-01/containerregistry",
"Comment": "v19.0.0",
"Rev": "520918e6c8e8e1064154f51d13e02fad92b287b8"
"Comment": "v21.1.0",
"Rev": "6d20bdbae88c06c36d72eb512295417693bfdf4e"
},
{
"ImportPath": "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2017-09-01/network",
"Comment": "v19.0.0",
"Rev": "520918e6c8e8e1064154f51d13e02fad92b287b8"
"Comment": "v21.1.0",
"Rev": "6d20bdbae88c06c36d72eb512295417693bfdf4e"
},
{
"ImportPath": "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage",
"Comment": "v19.0.0",
"Rev": "520918e6c8e8e1064154f51d13e02fad92b287b8"
"ImportPath": "github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage",
"Comment": "v21.1.0",
"Rev": "6d20bdbae88c06c36d72eb512295417693bfdf4e"
},
{
"ImportPath": "github.com/Azure/azure-sdk-for-go/storage",
"Comment": "v19.0.0",
"Rev": "520918e6c8e8e1064154f51d13e02fad92b287b8"
"Comment": "v21.1.0",
"Rev": "6d20bdbae88c06c36d72eb512295417693bfdf4e"
},
{
"ImportPath": "github.com/Azure/azure-sdk-for-go/version",
"Comment": "v19.0.0",
"Rev": "520918e6c8e8e1064154f51d13e02fad92b287b8"
"Comment": "v21.1.0",
"Rev": "6d20bdbae88c06c36d72eb512295417693bfdf4e"
},
{
"ImportPath": "github.com/Azure/go-ansiterm",
@@ -74,38 +74,43 @@
},
{
"ImportPath": "github.com/Azure/go-autorest/autorest",
"Comment": "v10.14.0",
"Rev": "bca49d5b51a50dc5bb17bbf6204c711c6dbded06"
"Comment": "v10.15.4",
"Rev": "a88c19ef2016e095f0b6c3b451074b4663f53bed"
},
{
"ImportPath": "github.com/Azure/go-autorest/autorest/adal",
"Comment": "v10.14.0",
"Rev": "bca49d5b51a50dc5bb17bbf6204c711c6dbded06"
"Comment": "v10.15.4",
"Rev": "a88c19ef2016e095f0b6c3b451074b4663f53bed"
},
{
"ImportPath": "github.com/Azure/go-autorest/autorest/azure",
"Comment": "v10.14.0",
"Rev": "bca49d5b51a50dc5bb17bbf6204c711c6dbded06"
"Comment": "v10.15.4",
"Rev": "a88c19ef2016e095f0b6c3b451074b4663f53bed"
},
{
"ImportPath": "github.com/Azure/go-autorest/autorest/date",
"Comment": "v10.14.0",
"Rev": "bca49d5b51a50dc5bb17bbf6204c711c6dbded06"
"Comment": "v10.15.4",
"Rev": "a88c19ef2016e095f0b6c3b451074b4663f53bed"
},
{
"ImportPath": "github.com/Azure/go-autorest/autorest/to",
"Comment": "v10.14.0",
"Rev": "bca49d5b51a50dc5bb17bbf6204c711c6dbded06"
"Comment": "v10.15.4",
"Rev": "a88c19ef2016e095f0b6c3b451074b4663f53bed"
},
{
"ImportPath": "github.com/Azure/go-autorest/autorest/validation",
"Comment": "v10.14.0",
"Rev": "bca49d5b51a50dc5bb17bbf6204c711c6dbded06"
"Comment": "v10.15.4",
"Rev": "a88c19ef2016e095f0b6c3b451074b4663f53bed"
},
{
"ImportPath": "github.com/Azure/go-autorest/logger",
"Comment": "v10.15.4",
"Rev": "a88c19ef2016e095f0b6c3b451074b4663f53bed"
},
{
"ImportPath": "github.com/Azure/go-autorest/version",
"Comment": "v10.14.0",
"Rev": "bca49d5b51a50dc5bb17bbf6204c711c6dbded06"
"Comment": "v10.15.4",
"Rev": "a88c19ef2016e095f0b6c3b451074b4663f53bed"
},
{
"ImportPath": "github.com/GeertJohan/go.rice",

201
Godeps/LICENSES generated
View File

@@ -8767,7 +8767,7 @@ SOFTWARE.
================================================================================
= vendor/github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage licensed under: =
= vendor/github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage licensed under: =
Apache License
@@ -10648,6 +10648,205 @@ THE SOFTWARE.
================================================================================
================================================================================
= vendor/github.com/Azure/go-autorest/logger licensed under: =
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
Copyright 2015 Microsoft Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
= vendor/github.com/Azure/go-autorest/LICENSE a250e5ac3848f2acadb5adcb9555c18b
================================================================================
================================================================================
= vendor/github.com/Azure/go-autorest/version licensed under: =

975
api/openapi-spec/swagger.json generated
View File

@@ -39051,6 +39051,805 @@
}
]
},
"/apis/auditregistration.k8s.io/": {
"get": {
"description": "get information of a group",
"consumes": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"schemes": [
"https"
],
"tags": [
"auditregistration"
],
"operationId": "getAuditregistrationAPIGroup",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup"
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/apis/auditregistration.k8s.io/v1alpha1/": {
"get": {
"description": "get available resources",
"consumes": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"schemes": [
"https"
],
"tags": [
"auditregistration_v1alpha1"
],
"operationId": "getAuditregistrationV1alpha1APIResources",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList"
}
},
"401": {
"description": "Unauthorized"
}
}
}
},
"/apis/auditregistration.k8s.io/v1alpha1/auditsinks": {
"get": {
"description": "list or watch objects of kind AuditSink",
"consumes": [
"*/*"
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf",
"application/json;stream=watch",
"application/vnd.kubernetes.protobuf;stream=watch"
],
"schemes": [
"https"
],
"tags": [
"auditregistration_v1alpha1"
],
"operationId": "listAuditregistrationV1alpha1AuditSink",
"parameters": [
{
"uniqueItems": true,
"type": "string",
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"name": "continue",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"name": "fieldSelector",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"name": "labelSelector",
"in": "query"
},
{
"uniqueItems": true,
"type": "integer",
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"name": "limit",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.",
"name": "resourceVersion",
"in": "query"
},
{
"uniqueItems": true,
"type": "integer",
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"name": "timeoutSeconds",
"in": "query"
},
{
"uniqueItems": true,
"type": "boolean",
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"name": "watch",
"in": "query"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSinkList"
}
},
"401": {
"description": "Unauthorized"
}
},
"x-kubernetes-action": "list",
"x-kubernetes-group-version-kind": {
"group": "auditregistration.k8s.io",
"kind": "AuditSink",
"version": "v1alpha1"
}
},
"post": {
"description": "create an AuditSink",
"consumes": [
"*/*"
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"schemes": [
"https"
],
"tags": [
"auditregistration_v1alpha1"
],
"operationId": "createAuditregistrationV1alpha1AuditSink",
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSink"
}
},
{
"uniqueItems": true,
"type": "string",
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"name": "dryRun",
"in": "query"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSink"
}
},
"201": {
"description": "Created",
"schema": {
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSink"
}
},
"202": {
"description": "Accepted",
"schema": {
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSink"
}
},
"401": {
"description": "Unauthorized"
}
},
"x-kubernetes-action": "post",
"x-kubernetes-group-version-kind": {
"group": "auditregistration.k8s.io",
"kind": "AuditSink",
"version": "v1alpha1"
}
},
"delete": {
"description": "delete collection of AuditSink",
"consumes": [
"*/*"
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"schemes": [
"https"
],
"tags": [
"auditregistration_v1alpha1"
],
"operationId": "deleteAuditregistrationV1alpha1CollectionAuditSink",
"parameters": [
{
"uniqueItems": true,
"type": "string",
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"name": "continue",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"name": "fieldSelector",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"name": "labelSelector",
"in": "query"
},
{
"uniqueItems": true,
"type": "integer",
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"name": "limit",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.",
"name": "resourceVersion",
"in": "query"
},
{
"uniqueItems": true,
"type": "integer",
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"name": "timeoutSeconds",
"in": "query"
},
{
"uniqueItems": true,
"type": "boolean",
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"name": "watch",
"in": "query"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"401": {
"description": "Unauthorized"
}
},
"x-kubernetes-action": "deletecollection",
"x-kubernetes-group-version-kind": {
"group": "auditregistration.k8s.io",
"kind": "AuditSink",
"version": "v1alpha1"
}
},
"parameters": [
{
"uniqueItems": true,
"type": "boolean",
"description": "If true, partially initialized resources are included in the response.",
"name": "includeUninitialized",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "If 'true', then the output is pretty printed.",
"name": "pretty",
"in": "query"
}
]
},
"/apis/auditregistration.k8s.io/v1alpha1/auditsinks/{name}": {
"get": {
"description": "read the specified AuditSink",
"consumes": [
"*/*"
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"schemes": [
"https"
],
"tags": [
"auditregistration_v1alpha1"
],
"operationId": "readAuditregistrationV1alpha1AuditSink",
"parameters": [
{
"uniqueItems": true,
"type": "boolean",
"description": "Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'.",
"name": "exact",
"in": "query"
},
{
"uniqueItems": true,
"type": "boolean",
"description": "Should this value be exported. Export strips fields that a user can not specify.",
"name": "export",
"in": "query"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSink"
}
},
"401": {
"description": "Unauthorized"
}
},
"x-kubernetes-action": "get",
"x-kubernetes-group-version-kind": {
"group": "auditregistration.k8s.io",
"kind": "AuditSink",
"version": "v1alpha1"
}
},
"put": {
"description": "replace the specified AuditSink",
"consumes": [
"*/*"
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"schemes": [
"https"
],
"tags": [
"auditregistration_v1alpha1"
],
"operationId": "replaceAuditregistrationV1alpha1AuditSink",
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSink"
}
},
{
"uniqueItems": true,
"type": "string",
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"name": "dryRun",
"in": "query"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSink"
}
},
"201": {
"description": "Created",
"schema": {
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSink"
}
},
"401": {
"description": "Unauthorized"
}
},
"x-kubernetes-action": "put",
"x-kubernetes-group-version-kind": {
"group": "auditregistration.k8s.io",
"kind": "AuditSink",
"version": "v1alpha1"
}
},
"delete": {
"description": "delete an AuditSink",
"consumes": [
"*/*"
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"schemes": [
"https"
],
"tags": [
"auditregistration_v1alpha1"
],
"operationId": "deleteAuditregistrationV1alpha1AuditSink",
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions"
}
},
{
"uniqueItems": true,
"type": "string",
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"name": "dryRun",
"in": "query"
},
{
"uniqueItems": true,
"type": "integer",
"description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.",
"name": "gracePeriodSeconds",
"in": "query"
},
{
"uniqueItems": true,
"type": "boolean",
"description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.",
"name": "orphanDependents",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.",
"name": "propagationPolicy",
"in": "query"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"202": {
"description": "Accepted",
"schema": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status"
}
},
"401": {
"description": "Unauthorized"
}
},
"x-kubernetes-action": "delete",
"x-kubernetes-group-version-kind": {
"group": "auditregistration.k8s.io",
"kind": "AuditSink",
"version": "v1alpha1"
}
},
"patch": {
"description": "partially update the specified AuditSink",
"consumes": [
"application/json-patch+json",
"application/merge-patch+json",
"application/strategic-merge-patch+json"
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"schemes": [
"https"
],
"tags": [
"auditregistration_v1alpha1"
],
"operationId": "patchAuditregistrationV1alpha1AuditSink",
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Patch"
}
},
{
"uniqueItems": true,
"type": "string",
"description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed",
"name": "dryRun",
"in": "query"
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSink"
}
},
"401": {
"description": "Unauthorized"
}
},
"x-kubernetes-action": "patch",
"x-kubernetes-group-version-kind": {
"group": "auditregistration.k8s.io",
"kind": "AuditSink",
"version": "v1alpha1"
}
},
"parameters": [
{
"uniqueItems": true,
"type": "string",
"description": "name of the AuditSink",
"name": "name",
"in": "path",
"required": true
},
{
"uniqueItems": true,
"type": "string",
"description": "If 'true', then the output is pretty printed.",
"name": "pretty",
"in": "query"
}
]
},
"/apis/auditregistration.k8s.io/v1alpha1/watch/auditsinks": {
"get": {
"description": "watch individual changes to a list of AuditSink. deprecated: use the 'watch' parameter with a list operation instead.",
"consumes": [
"*/*"
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf",
"application/json;stream=watch",
"application/vnd.kubernetes.protobuf;stream=watch"
],
"schemes": [
"https"
],
"tags": [
"auditregistration_v1alpha1"
],
"operationId": "watchAuditregistrationV1alpha1AuditSinkList",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"401": {
"description": "Unauthorized"
}
},
"x-kubernetes-action": "watchlist",
"x-kubernetes-group-version-kind": {
"group": "auditregistration.k8s.io",
"kind": "AuditSink",
"version": "v1alpha1"
}
},
"parameters": [
{
"uniqueItems": true,
"type": "string",
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"name": "continue",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"name": "fieldSelector",
"in": "query"
},
{
"uniqueItems": true,
"type": "boolean",
"description": "If true, partially initialized resources are included in the response.",
"name": "includeUninitialized",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"name": "labelSelector",
"in": "query"
},
{
"uniqueItems": true,
"type": "integer",
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"name": "limit",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "If 'true', then the output is pretty printed.",
"name": "pretty",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.",
"name": "resourceVersion",
"in": "query"
},
{
"uniqueItems": true,
"type": "integer",
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"name": "timeoutSeconds",
"in": "query"
},
{
"uniqueItems": true,
"type": "boolean",
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"name": "watch",
"in": "query"
}
]
},
"/apis/auditregistration.k8s.io/v1alpha1/watch/auditsinks/{name}": {
"get": {
"description": "watch changes to an object of kind AuditSink. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.",
"consumes": [
"*/*"
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf",
"application/json;stream=watch",
"application/vnd.kubernetes.protobuf;stream=watch"
],
"schemes": [
"https"
],
"tags": [
"auditregistration_v1alpha1"
],
"operationId": "watchAuditregistrationV1alpha1AuditSink",
"responses": {
"200": {
"description": "OK",
"schema": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent"
}
},
"401": {
"description": "Unauthorized"
}
},
"x-kubernetes-action": "watch",
"x-kubernetes-group-version-kind": {
"group": "auditregistration.k8s.io",
"kind": "AuditSink",
"version": "v1alpha1"
}
},
"parameters": [
{
"uniqueItems": true,
"type": "string",
"description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.",
"name": "continue",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.",
"name": "fieldSelector",
"in": "query"
},
{
"uniqueItems": true,
"type": "boolean",
"description": "If true, partially initialized resources are included in the response.",
"name": "includeUninitialized",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.",
"name": "labelSelector",
"in": "query"
},
{
"uniqueItems": true,
"type": "integer",
"description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.",
"name": "limit",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "name of the AuditSink",
"name": "name",
"in": "path",
"required": true
},
{
"uniqueItems": true,
"type": "string",
"description": "If 'true', then the output is pretty printed.",
"name": "pretty",
"in": "query"
},
{
"uniqueItems": true,
"type": "string",
"description": "When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.",
"name": "resourceVersion",
"in": "query"
},
{
"uniqueItems": true,
"type": "integer",
"description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.",
"name": "timeoutSeconds",
"in": "query"
},
{
"uniqueItems": true,
"type": "boolean",
"description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.",
"name": "watch",
"in": "query"
}
]
},
"/apis/authentication.k8s.io/": {
"get": {
"description": "get information of a group",
@@ -79043,6 +79842,172 @@
}
}
},
"io.k8s.api.auditregistration.v1alpha1.AuditSink": {
"description": "AuditSink represents a cluster level audit sink",
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",
"type": "string"
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta"
},
"spec": {
"description": "Spec defines the audit configuration spec",
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSinkSpec"
}
},
"x-kubernetes-group-version-kind": [
{
"group": "auditregistration.k8s.io",
"kind": "AuditSink",
"version": "v1alpha1"
}
]
},
"io.k8s.api.auditregistration.v1alpha1.AuditSinkList": {
"description": "AuditSinkList is a list of AuditSink items.",
"required": [
"items"
],
"properties": {
"apiVersion": {
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",
"type": "string"
},
"items": {
"description": "List of audit configurations.",
"type": "array",
"items": {
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.AuditSink"
}
},
"kind": {
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds",
"type": "string"
},
"metadata": {
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta"
}
},
"x-kubernetes-group-version-kind": [
{
"group": "auditregistration.k8s.io",
"kind": "AuditSinkList",
"version": "v1alpha1"
}
]
},
"io.k8s.api.auditregistration.v1alpha1.AuditSinkSpec": {
"description": "AuditSinkSpec holds the spec for the audit sink",
"required": [
"policy",
"webhook"
],
"properties": {
"policy": {
"description": "Policy defines the policy for selecting which events should be sent to the webhook required",
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.Policy"
},
"webhook": {
"description": "Webhook to send events required",
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.Webhook"
}
}
},
"io.k8s.api.auditregistration.v1alpha1.Policy": {
"description": "Policy defines the configuration of how audit events are logged",
"required": [
"level"
],
"properties": {
"level": {
"description": "The Level that all requests are recorded at. available options: None, Metadata, Request, RequestResponse required",
"type": "string"
},
"stages": {
"description": "Stages is a list of stages for which events are created.",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"io.k8s.api.auditregistration.v1alpha1.ServiceReference": {
"description": "ServiceReference holds a reference to Service.legacy.k8s.io",
"required": [
"namespace",
"name"
],
"properties": {
"name": {
"description": "`name` is the name of the service. Required",
"type": "string"
},
"namespace": {
"description": "`namespace` is the namespace of the service. Required",
"type": "string"
},
"path": {
"description": "`path` is an optional URL path which will be sent in any request to this service.",
"type": "string"
}
}
},
"io.k8s.api.auditregistration.v1alpha1.Webhook": {
"description": "Webhook holds the configuration of the webhook",
"required": [
"clientConfig"
],
"properties": {
"clientConfig": {
"description": "ClientConfig holds the connection parameters for the webhook required",
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.WebhookClientConfig"
},
"throttle": {
"description": "Throttle holds the options for throttling the webhook",
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.WebhookThrottleConfig"
}
}
},
"io.k8s.api.auditregistration.v1alpha1.WebhookClientConfig": {
"description": "WebhookClientConfig contains the information to make a connection with the webhook",
"properties": {
"caBundle": {
"description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. defaults to the apiservers CA bundle for the endpoint type",
"type": "string",
"format": "byte"
},
"service": {
"description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nPort 443 will be used if it is open, otherwise it is an error.",
"$ref": "#/definitions/io.k8s.api.auditregistration.v1alpha1.ServiceReference"
},
"url": {
"description": "`url` gives the location of the webhook, in standard URL form (`[scheme://]host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.",
"type": "string"
}
}
},
"io.k8s.api.auditregistration.v1alpha1.WebhookThrottleConfig": {
"description": "WebhookThrottleConfig holds the configuration for throttling events",
"properties": {
"burst": {
"description": "ThrottleBurst is the maximum number of events sent at the same moment default 15 QPS",
"type": "integer",
"format": "int64"
},
"qps": {
"description": "ThrottleQPS maximum number of batches per second default 10 QPS",
"type": "integer",
"format": "int64"
}
}
},
"io.k8s.api.authentication.v1.TokenReview": {
"description": "TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.",
"required": [
@@ -91672,6 +92637,11 @@
"kind": "DeleteOptions",
"version": "v1beta2"
},
{
"group": "auditregistration.k8s.io",
"kind": "DeleteOptions",
"version": "v1alpha1"
},
{
"group": "authentication.k8s.io",
"kind": "DeleteOptions",
@@ -92237,6 +93207,11 @@
"kind": "WatchEvent",
"version": "v1beta2"
},
{
"group": "auditregistration.k8s.io",
"kind": "WatchEvent",
"version": "v1alpha1"
},
{
"group": "authentication.k8s.io",
"kind": "WatchEvent",

113
api/swagger-spec/auditregistration.k8s.io.json generated Normal file
View File

@@ -0,0 +1,113 @@
{
"swaggerVersion": "1.2",
"apiVersion": "",
"basePath": "https://10.10.10.10:6443",
"resourcePath": "/apis/auditregistration.k8s.io",
"info": {
"title": "",
"description": ""
},
"apis": [
{
"path": "/apis/auditregistration.k8s.io",
"description": "get information of a group",
"operations": [
{
"type": "v1.APIGroup",
"method": "GET",
"summary": "get information of a group",
"nickname": "getAPIGroup",
"parameters": [],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"consumes": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
]
}
]
}
],
"models": {
"v1.APIGroup": {
"id": "v1.APIGroup",
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions"
],
"properties": {
"kind": {
"type": "string",
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
},
"apiVersion": {
"type": "string",
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources"
},
"name": {
"type": "string",
"description": "name is the name of the group."
},
"versions": {
"type": "array",
"items": {
"$ref": "v1.GroupVersionForDiscovery"
},
"description": "versions are the versions supported in this group."
},
"preferredVersion": {
"$ref": "v1.GroupVersionForDiscovery",
"description": "preferredVersion is the version preferred by the API server, which probably is the storage version."
},
"serverAddressByClientCIDRs": {
"type": "array",
"items": {
"$ref": "v1.ServerAddressByClientCIDR"
},
"description": "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP."
}
}
},
"v1.GroupVersionForDiscovery": {
"id": "v1.GroupVersionForDiscovery",
"description": "GroupVersion contains the \"group/version\" and \"version\" string of a version. It is made a struct to keep extensibility.",
"required": [
"groupVersion",
"version"
],
"properties": {
"groupVersion": {
"type": "string",
"description": "groupVersion specifies the API group and version in the form \"group/version\""
},
"version": {
"type": "string",
"description": "version specifies the version in the form of \"version\". This is to save the clients the trouble of splitting the GroupVersion."
}
}
},
"v1.ServerAddressByClientCIDR": {
"id": "v1.ServerAddressByClientCIDR",
"description": "ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.",
"required": [
"clientCIDR",
"serverAddress"
],
"properties": {
"clientCIDR": {
"type": "string",
"description": "The CIDR with which clients can match their IP to figure out the server address that they should use."
},
"serverAddress": {
"type": "string",
"description": "Address of this server, suitable for a client that matches the above CIDR. This can be a hostname, hostname:port, IP or IP:port."
}
}
}
}
}

1363
api/swagger-spec/auditregistration.k8s.io_v1alpha1.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

8
api/swagger-spec/resourceListing.json generated
View File

@@ -21,6 +21,14 @@
"path": "/api",
"description": "get available API versions"
},
{
"path": "/apis/auditregistration.k8s.io/v1alpha1",
"description": "API at /apis/auditregistration.k8s.io/v1alpha1"
},
{
"path": "/apis/auditregistration.k8s.io",
"description": "get information of a group"
},
{
"path": "/apis/authentication.k8s.io/v1",
"description": "API at /apis/authentication.k8s.io/v1"

29
build/build-image/cross/Dockerfile
View File

@@ -33,24 +33,14 @@ ENV KUBE_CROSSPLATFORMS \
windows/amd64 windows/386
# Pre-compile the standard go library when cross-compiling. This is much easier now when we have go1.5+
RUN for platform in ${KUBE_CROSSPLATFORMS}; do GOOS=${platform%/*} GOARCH=${platform##*/} go install std; done
RUN for platform in ${KUBE_CROSSPLATFORMS}; do GOOS=${platform%/*} GOARCH=${platform##*/} go install std; done \
&& go clean -cache
# Install g++, then download and install protoc for generating protobuf output
RUN apt-get update \
&& apt-get install -y g++ rsync jq apt-utils file patch \
&& apt-get install -y rsync jq apt-utils file patch unzip \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
RUN mkdir -p /usr/local/src/protobuf \
&& cd /usr/local/src/protobuf \
&& curl -sSL https://github.com/google/protobuf/releases/download/v3.0.0-beta-2/protobuf-cpp-3.0.0-beta-2.tar.gz | tar -xzv \
&& cd protobuf-3.0.0-beta-2 \
&& ./configure \
&& make install \
&& ldconfig \
&& cd .. \
&& rm -rf protobuf-3.0.0-beta-2 \
&& protoc --version
# Use dynamic cgo linking for architectures other than amd64 for the server platforms
# To install crossbuild essential for other architectures add the following repository.
RUN echo "deb http://archive.ubuntu.com/ubuntu xenial main universe" > /etc/apt/sources.list.d/cgocrosscompiling.list \
@@ -60,6 +50,16 @@ RUN echo "deb http://archive.ubuntu.com/ubuntu xenial main universe" > /etc/apt/
&& for platform in ${KUBE_DYNAMIC_CROSSPLATFORMS}; do apt-get install -y crossbuild-essential-${platform}; done \
&& apt-get clean && rm -rf /var/lib/apt/lists/*
RUN PROTOBUF_VERSION=3.0.2; ZIPNAME="protoc-${PROTOBUF_VERSION}-linux-x86_64.zip"; \
mkdir /tmp/protoc && cd /tmp/protoc \
&& wget "https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOBUF_VERSION}/${ZIPNAME}" \
&& unzip "${ZIPNAME}" \
&& chmod -R +rX /tmp/protoc \
&& cp -pr bin /usr/local \
&& cp -pr include /usr/local \
&& rm -rf /tmp/protoc \
&& protoc --version
# work around 64MB tmpfs size in Docker 1.6
ENV TMPDIR /tmp.k8s
RUN mkdir $TMPDIR \
@@ -68,7 +68,8 @@ RUN mkdir $TMPDIR \
# Get the code coverage tool and goimports
RUN go get golang.org/x/tools/cmd/cover \
golang.org/x/tools/cmd/goimports
golang.org/x/tools/cmd/goimports \
&& go clean -cache
# Download and symlink etcd. We need this for our integration tests.
RUN export ETCD_VERSION=v3.2.24; \

2
build/build-image/cross/VERSION
View File

@@ -1 +1 @@
v1.11.1-1
v1.11.1-2

8
cluster/addons/dns/coredns/coredns.yaml.base
View File

@@ -27,6 +27,12 @@ rules:
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@@ -108,7 +114,7 @@ spec:
operator: "Exists"
containers:
- name: coredns
image: k8s.gcr.io/coredns:1.2.2
image: k8s.gcr.io/coredns:1.2.4
imagePullPolicy: IfNotPresent
resources:
limits:

8
cluster/addons/dns/coredns/coredns.yaml.in
View File

@@ -27,6 +27,12 @@ rules:
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@@ -108,7 +114,7 @@ spec:
operator: "Exists"
containers:
- name: coredns
image: k8s.gcr.io/coredns:1.2.2
image: k8s.gcr.io/coredns:1.2.4
imagePullPolicy: IfNotPresent
resources:
limits:

8
cluster/addons/dns/coredns/coredns.yaml.sed
View File

@@ -27,6 +27,12 @@ rules:
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@@ -108,7 +114,7 @@ spec:
operator: "Exists"
containers:
- name: coredns
image: k8s.gcr.io/coredns:1.2.2
image: k8s.gcr.io/coredns:1.2.4
imagePullPolicy: IfNotPresent
resources:
limits:

10
cluster/addons/fluentd-elasticsearch/fluentd-es-configmap.yaml
View File

@@ -1,7 +1,7 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: fluentd-es-config-v0.1.5
name: fluentd-es-config-v0.1.6
namespace: kube-system
labels:
addonmanager.kubernetes.io/mode: Reconcile
@@ -420,6 +420,14 @@ data:
@type kubernetes_metadata
</filter>
# Concatenate multi-line logs
<filter **>
@type concat
key message
multiline_end_regexp /\n$/
separator ""
</filter>
<match **>
@id elasticsearch
@type elasticsearch

10
cluster/addons/fluentd-elasticsearch/fluentd-es-ds.yaml
View File

@@ -48,24 +48,24 @@ roleRef:
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-es-v2.2.0
name: fluentd-es-v2.2.1
namespace: kube-system
labels:
k8s-app: fluentd-es
version: v2.2.0
version: v2.2.1
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
k8s-app: fluentd-es
version: v2.2.0
version: v2.2.1
template:
metadata:
labels:
k8s-app: fluentd-es
kubernetes.io/cluster-service: "true"
version: v2.2.0
version: v2.2.1
# This annotation ensures that fluentd does not get evicted if the node
# supports critical pod annotation based priority scheme.
# Note that this does not guarantee admission on the nodes (#40573).
@@ -107,4 +107,4 @@ spec:
path: /var/lib/docker/containers
- name: config-volume
configMap:
name: fluentd-es-config-v0.1.5
name: fluentd-es-config-v0.1.6

9
cluster/addons/fluentd-elasticsearch/fluentd-es-image/Gemfile
View File

@@ -2,10 +2,11 @@ source 'https://rubygems.org'
gem 'fluentd', '<=1.2.4'
gem 'activesupport', '~>5.2.1'
gem 'fluent-plugin-kubernetes_metadata_filter', '~>2.0.0'
gem 'fluent-plugin-elasticsearch', '~>2.11.5'
gem 'fluent-plugin-systemd', '~>1.0.1'
gem 'fluent-plugin-concat', '~>2.3.0'
gem 'fluent-plugin-detect-exceptions', '~>0.0.11'
gem 'fluent-plugin-prometheus', '~>1.0.1'
gem 'fluent-plugin-elasticsearch', '~>2.11.5'
gem 'fluent-plugin-kubernetes_metadata_filter', '~>2.0.0'
gem 'fluent-plugin-multi-format-parser', '~>1.0.0'
gem 'fluent-plugin-prometheus', '~>1.0.1'
gem 'fluent-plugin-systemd', '~>1.0.1'
gem 'oj', '~>3.6.5'

4
cluster/gce/config-default.sh
View File

@@ -261,8 +261,8 @@ if [[ ! -z "${NODE_ACCELERATORS}" ]]; then
fi
# Optional: Install cluster DNS.
# Set CLUSTER_DNS_CORE_DNS to 'true' to install CoreDNS instead of kube-dns.
CLUSTER_DNS_CORE_DNS="${CLUSTER_DNS_CORE_DNS:-false}"
# Set CLUSTER_DNS_CORE_DNS to 'false' to install kube-dns instead of CoreDNS.
CLUSTER_DNS_CORE_DNS="${CLUSTER_DNS_CORE_DNS:-true}"
ENABLE_CLUSTER_DNS="${KUBE_ENABLE_CLUSTER_DNS:-true}"
DNS_SERVER_IP="${KUBE_DNS_SERVER_IP:-10.0.0.10}"
DNS_DOMAIN="${KUBE_DNS_DOMAIN:-cluster.local}"

4
cluster/gce/config-test.sh
View File

@@ -268,8 +268,8 @@ if [[ ! -z "${NODE_ACCELERATORS}" ]]; then
fi
# Optional: Install cluster DNS.
# Set CLUSTER_DNS_CORE_DNS to 'true' to install CoreDNS instead of kube-dns.
CLUSTER_DNS_CORE_DNS="${CLUSTER_DNS_CORE_DNS:-false}"
# Set CLUSTER_DNS_CORE_DNS to 'false' to install kube-dns instead of CoreDNS.
CLUSTER_DNS_CORE_DNS="${CLUSTER_DNS_CORE_DNS:-true}"
ENABLE_CLUSTER_DNS="${KUBE_ENABLE_CLUSTER_DNS:-true}"
DNS_SERVER_IP="10.0.0.10"
DNS_DOMAIN="cluster.local"

2
cluster/gce/util.sh
View File

@@ -847,7 +847,7 @@ ENABLE_NODE_LOGGING: $(yaml-quote ${ENABLE_NODE_LOGGING:-false})
LOGGING_DESTINATION: $(yaml-quote ${LOGGING_DESTINATION:-})
ELASTICSEARCH_LOGGING_REPLICAS: $(yaml-quote ${ELASTICSEARCH_LOGGING_REPLICAS:-})
ENABLE_CLUSTER_DNS: $(yaml-quote ${ENABLE_CLUSTER_DNS:-false})
CLUSTER_DNS_CORE_DNS: $(yaml-quote ${CLUSTER_DNS_CORE_DNS:-false})
CLUSTER_DNS_CORE_DNS: $(yaml-quote ${CLUSTER_DNS_CORE_DNS:-true})
DNS_SERVER_IP: $(yaml-quote ${DNS_SERVER_IP:-})
DNS_DOMAIN: $(yaml-quote ${DNS_DOMAIN:-})
ENABLE_DNS_HORIZONTAL_AUTOSCALER: $(yaml-quote ${ENABLE_DNS_HORIZONTAL_AUTOSCALER:-false})

15
cmd/kubeadm/app/cmd/join.go
View File

@@ -68,7 +68,7 @@ var (
`)
notReadyToJoinControPlaneTemp = template.Must(template.New("join").Parse(dedent.Dedent(`
One or more conditions for hosting a new control plane instance is not satisfied.
One or more conditions for hosting a new control plane instance is not satisfied.
{{.Error}}
@@ -81,7 +81,7 @@ var (
joinControPlaneDoneTemp = template.Must(template.New("join").Parse(dedent.Dedent(`
This node has joined the cluster and a new control plane instance was created:
* Certificate signing request was sent to apiserver and approval was received.
* The Kubelet was informed of the new secure connection details.
* Master label and taint were applied to the new node.
@@ -94,7 +94,7 @@ var (
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Run 'kubectl get nodes' to see this node join the cluster.
`)))
joinLongDescription = dedent.Dedent(`
@@ -513,10 +513,11 @@ func (j *Join) BootstrapKubelet(tlsBootstrapCfg *clientcmdapi.Config) error {
return err
}
// Write env file with flags for the kubelet to use. We do not need to write the --register-with-taints for the master,
// as we handle that ourselves in the markmaster phase
// TODO: Maybe we want to do that some time in the future, in order to remove some logic from the markmaster phase?
if err := kubeletphase.WriteKubeletDynamicEnvFile(&j.cfg.NodeRegistration, j.cfg.FeatureGates, false, kubeadmconstants.KubeletRunDirectory); err != nil {
// Write env file with flags for the kubelet to use. We only want to
// register the joining node with the specified taints if the node
// is not a master. The markmaster phase will register the taints otherwise.
registerTaintsUsingFlags := !j.cfg.ControlPlane
if err := kubeletphase.WriteKubeletDynamicEnvFile(&j.cfg.NodeRegistration, j.cfg.FeatureGates, registerTaintsUsingFlags, kubeadmconstants.KubeletRunDirectory); err != nil {
return err
}

2
cmd/kubeadm/app/constants/constants.go
View File

@@ -306,7 +306,7 @@ const (
KubeDNSVersion = "1.14.13"
// CoreDNSVersion is the version of CoreDNS to be deployed if it is used
CoreDNSVersion = "1.2.2"
CoreDNSVersion = "1.2.4"
// ClusterConfigurationKind is the string kind value for the ClusterConfiguration struct
ClusterConfigurationKind = "ClusterConfiguration"

6
cmd/kubeadm/app/phases/addons/dns/manifests.go
View File

@@ -331,6 +331,12 @@ rules:
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
`
// CoreDNSClusterRoleBinding is the CoreDNS Clusterrolebinding manifest
CoreDNSClusterRoleBinding = `

28
cmd/kubeadm/app/phases/upgrade/compute_test.go
View File

@@ -168,7 +168,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.10.3",
KubeadmVersion: "v1.10.3",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.1.12",
},
},
@@ -207,7 +207,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.10.3",
KubeadmVersion: "v1.10.3",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.1.12",
},
},
@@ -246,7 +246,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.11.0",
KubeadmVersion: "v1.11.0",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.2.18",
},
},
@@ -285,7 +285,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.10.5",
KubeadmVersion: "v1.10.5", // Note: The kubeadm version mustn't be "downgraded" here
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.1.12",
},
},
@@ -305,7 +305,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.11.1",
KubeadmVersion: "v1.11.1",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.2.18",
},
},
@@ -364,7 +364,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.11.0-alpha.2",
KubeadmVersion: "v1.11.0-alpha.2",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.2.18",
},
},
@@ -404,7 +404,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.11.0-alpha.2",
KubeadmVersion: "v1.11.0-alpha.2",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.2.18",
},
},
@@ -445,7 +445,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.11.0-beta.1",
KubeadmVersion: "v1.11.0-beta.1",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.2.18",
},
},
@@ -486,7 +486,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.11.0-rc.1",
KubeadmVersion: "v1.11.0-rc.1",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.2.18",
},
},
@@ -527,7 +527,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.11.6-rc.1",
KubeadmVersion: "v1.11.6-rc.1",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.2.18",
},
},
@@ -568,7 +568,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.11.0-rc.1",
KubeadmVersion: "v1.11.0-rc.1",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.2.18",
},
},
@@ -588,7 +588,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.12.0-alpha.2",
KubeadmVersion: "v1.12.0-alpha.2",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.2.24",
},
},
@@ -641,7 +641,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.12.1",
KubeadmVersion: "v1.12.1",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.2.24",
},
},
@@ -678,7 +678,7 @@ func TestGetAvailableUpgrades(t *testing.T) {
KubeVersion: "v1.12.0",
KubeadmVersion: "v1.12.0",
DNSType: "coredns",
DNSVersion: "1.2.2",
DNSVersion: "1.2.4",
EtcdVersion: "3.2.24",
},
},

1
cmd/kubeadm/app/preflight/checks.go
View File

@@ -991,7 +991,6 @@ func addCommonChecks(execer utilsexec.Interface, cfg kubeadmapi.CommonConfigurat
}
checks = append(checks,
SystemVerificationCheck{IsDocker: isDocker},
IsPrivilegedUserCheck{},
HostnameCheck{nodeName: cfg.GetNodeName()},
KubeletVersionCheck{KubernetesVersion: cfg.GetKubernetesVersion(), exec: execer},
ServiceCheck{Service: "kubelet", CheckIfActive: false},

1646
docs/api-reference/auditregistration.k8s.io/v1alpha1/definitions.html generated Executable file
View File

File diff suppressed because it is too large Load Diff

1841
docs/api-reference/auditregistration.k8s.io/v1alpha1/operations.html generated Executable file
View File

File diff suppressed because it is too large Load Diff

4
hack/.golint_failures
View File

@@ -28,6 +28,7 @@ pkg/apis/apps/v1
pkg/apis/apps/v1beta1
pkg/apis/apps/v1beta2
pkg/apis/apps/validation
pkg/apis/auditregistration/v1alpha1
pkg/apis/authentication
pkg/apis/authentication/v1
pkg/apis/authentication/v1beta1
@@ -284,6 +285,7 @@ pkg/registry/apps/replicaset/storage
pkg/registry/apps/rest
pkg/registry/apps/statefulset
pkg/registry/apps/statefulset/storage
pkg/registry/auditregistration/rest
pkg/registry/authentication/rest
pkg/registry/authentication/tokenreview
pkg/registry/authorization/localsubjectaccessreview
@@ -452,6 +454,7 @@ staging/src/k8s.io/api/admissionregistration/v1beta1
staging/src/k8s.io/api/apps/v1
staging/src/k8s.io/api/apps/v1beta1
staging/src/k8s.io/api/apps/v1beta2
staging/src/k8s.io/api/auditregistration/v1alpha1
staging/src/k8s.io/api/authentication/v1
staging/src/k8s.io/api/authentication/v1beta1
staging/src/k8s.io/api/authorization/v1
@@ -554,7 +557,6 @@ staging/src/k8s.io/apiserver/pkg/apis/audit
staging/src/k8s.io/apiserver/pkg/apis/audit/v1
staging/src/k8s.io/apiserver/pkg/apis/audit/v1alpha1
staging/src/k8s.io/apiserver/pkg/apis/audit/v1beta1
staging/src/k8s.io/apiserver/pkg/apis/audit/validation
staging/src/k8s.io/apiserver/pkg/apis/config/v1alpha1
staging/src/k8s.io/apiserver/pkg/apis/example
staging/src/k8s.io/apiserver/pkg/apis/example/v1

1
hack/.spelling_failures
View File

@@ -11,6 +11,7 @@ generated.proto
pkg/client/clientset_generated
pkg/client/informers/informers_generated/
pkg/generated
pkg/kubectl/generated
swagger
test/e2e/generated
third_party/

2
hack/boilerplate/boilerplate.py
View File

@@ -147,7 +147,7 @@ def file_extension(filename):
skipped_dirs = ['Godeps', 'third_party', '_gopath', '_output', '.git', 'cluster/env.sh',
"vendor", "test/e2e/generated/bindata.go", "hack/boilerplate/test",
"pkg/generated/bindata.go"]
"pkg/kubectl/generated/bindata.go"]
# list all the files contain 'DO NOT EDIT', but are not generated
skipped_ungenerated_files = ['hack/build-ui.sh', 'hack/lib/swagger.sh',

2
hack/generate-bindata.sh
View File

@@ -64,7 +64,7 @@ fi
rm -f "${BINDATA_OUTPUT}.tmp"
# These are files for runtime code
BINDATA_OUTPUT="pkg/generated/bindata.go"
BINDATA_OUTPUT="pkg/kubectl/generated/bindata.go"
# IMPORTANT: if you make any changes to these arguments, you must also update
# pkg/generated/BUILD and/or build/bindata.bzl.
go-bindata -nometadata -nocompress -o "${BINDATA_OUTPUT}.tmp" -pkg generated \

2
hack/lib/golang.sh
View File

@@ -555,7 +555,7 @@ kube::golang::build_some_binaries() {
go test -c -o "$(kube::golang::outfile_for_binary "${package}" "${platform}")" \
-covermode count \
-coverpkg k8s.io/... \
-coverpkg k8s.io/...,k8s.io/kubernetes/vendor/k8s.io/... \
"${build_args[@]}" \
-tags coverage \
"${package}"

1
hack/lib/init.sh
View File

@@ -62,6 +62,7 @@ admission.k8s.io/v1beta1 \
apps/v1beta1 \
apps/v1beta2 \
apps/v1 \
auditregistration.k8s.io/v1alpha1 \
authentication.k8s.io/v1 \
authentication.k8s.io/v1beta1 \
authorization.k8s.io/v1 \

1
hack/update-generated-protobuf-dockerized.sh
View File

@@ -78,6 +78,7 @@ PACKAGES=(
k8s.io/api/admissionregistration/v1alpha1
k8s.io/api/admissionregistration/v1beta1
k8s.io/api/admission/v1beta1
k8s.io/api/auditregistration/v1alpha1
k8s.io/api/networking/v1
k8s.io/metrics/pkg/apis/metrics/v1alpha1
k8s.io/metrics/pkg/apis/metrics/v1beta1

2
pkg/BUILD
View File

@@ -33,6 +33,7 @@ filegroup(
"//pkg/apis/admission:all-srcs",
"//pkg/apis/admissionregistration:all-srcs",
"//pkg/apis/apps:all-srcs",
"//pkg/apis/auditregistration:all-srcs",
"//pkg/apis/authentication:all-srcs",
"//pkg/apis/authorization:all-srcs",
"//pkg/apis/autoscaling:all-srcs",
@@ -58,6 +59,7 @@ filegroup(
"//pkg/client/leaderelectionconfig:all-srcs",
"//pkg/client/listers/admissionregistration/internalversion:all-srcs",
"//pkg/client/listers/apps/internalversion:all-srcs",
"//pkg/client/listers/auditregistration/internalversion:all-srcs",
"//pkg/client/listers/authentication/internalversion:all-srcs",
"//pkg/client/listers/authorization/internalversion:all-srcs",
"//pkg/client/listers/autoscaling/internalversion:all-srcs",

2
pkg/api/testapi/BUILD
View File

@@ -18,6 +18,8 @@ go_library(
"//pkg/apis/admissionregistration/install:go_default_library",
"//pkg/apis/apps:go_default_library",
"//pkg/apis/apps/install:go_default_library",
"//pkg/apis/auditregistration:go_default_library",
"//pkg/apis/auditregistration/install:go_default_library",
"//pkg/apis/authentication/install:go_default_library",
"//pkg/apis/authorization:go_default_library",
"//pkg/apis/authorization/install:go_default_library",

8
pkg/api/testapi/testapi.go
View File

@@ -37,6 +37,7 @@ import (
"k8s.io/kubernetes/pkg/apis/admission"
"k8s.io/kubernetes/pkg/apis/admissionregistration"
"k8s.io/kubernetes/pkg/apis/apps"
"k8s.io/kubernetes/pkg/apis/auditregistration"
"k8s.io/kubernetes/pkg/apis/authorization"
"k8s.io/kubernetes/pkg/apis/autoscaling"
"k8s.io/kubernetes/pkg/apis/batch"
@@ -57,6 +58,7 @@ import (
_ "k8s.io/kubernetes/pkg/apis/admission/install"
_ "k8s.io/kubernetes/pkg/apis/admissionregistration/install"
_ "k8s.io/kubernetes/pkg/apis/apps/install"
_ "k8s.io/kubernetes/pkg/apis/auditregistration/install"
_ "k8s.io/kubernetes/pkg/apis/authentication/install"
_ "k8s.io/kubernetes/pkg/apis/authorization/install"
_ "k8s.io/kubernetes/pkg/apis/autoscaling/install"
@@ -267,6 +269,12 @@ func init() {
externalGroupVersion: externalGroupVersion,
}
}
if _, ok := Groups[auditregistration.GroupName]; !ok {
externalGroupVersion := schema.GroupVersion{Group: auditregistration.GroupName, Version: legacyscheme.Scheme.PrioritizedVersionsForGroup(auditregistration.GroupName)[0].Version}
Groups[auditregistration.GroupName] = TestGroup{
externalGroupVersion: externalGroupVersion,
}
}
Default = Groups[api.GroupName]
Autoscaling = Groups[autoscaling.GroupName]

1
pkg/api/testing/BUILD
View File

@@ -19,6 +19,7 @@ go_library(
"//pkg/api/legacyscheme:go_default_library",
"//pkg/apis/admissionregistration/fuzzer:go_default_library",
"//pkg/apis/apps/fuzzer:go_default_library",
"//pkg/apis/auditregistration/fuzzer:go_default_library",
"//pkg/apis/autoscaling/fuzzer:go_default_library",
"//pkg/apis/batch/fuzzer:go_default_library",
"//pkg/apis/certificates/fuzzer:go_default_library",

2
pkg/api/testing/defaulting_test.go
View File

@@ -136,6 +136,8 @@ func TestDefaulting(t *testing.T) {
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "ValidatingWebhookConfigurationList"}: {},
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "MutatingWebhookConfiguration"}: {},
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "MutatingWebhookConfigurationList"}: {},
{Group: "auditregistration.k8s.io", Version: "v1alpha1", Kind: "AuditSink"}: {},
{Group: "auditregistration.k8s.io", Version: "v1alpha1", Kind: "AuditSinkList"}: {},
{Group: "networking.k8s.io", Version: "v1", Kind: "NetworkPolicy"}: {},
{Group: "networking.k8s.io", Version: "v1", Kind: "NetworkPolicyList"}: {},
{Group: "storage.k8s.io", Version: "v1beta1", Kind: "StorageClass"}: {},

2
pkg/api/testing/fuzzer.go
View File

@@ -29,6 +29,7 @@ import (
runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
admissionregistrationfuzzer "k8s.io/kubernetes/pkg/apis/admissionregistration/fuzzer"
appsfuzzer "k8s.io/kubernetes/pkg/apis/apps/fuzzer"
auditregistrationfuzzer "k8s.io/kubernetes/pkg/apis/auditregistration/fuzzer"
autoscalingfuzzer "k8s.io/kubernetes/pkg/apis/autoscaling/fuzzer"
batchfuzzer "k8s.io/kubernetes/pkg/apis/batch/fuzzer"
certificatesfuzzer "k8s.io/kubernetes/pkg/apis/certificates/fuzzer"
@@ -101,6 +102,7 @@ var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
policyfuzzer.Funcs,
certificatesfuzzer.Funcs,
admissionregistrationfuzzer.Funcs,
auditregistrationfuzzer.Funcs,
storagefuzzer.Funcs,
networkingfuzzer.Funcs,
)

1
pkg/apis/admissionregistration/validation/validation.go
View File

@@ -240,6 +240,7 @@ func validateWebhookClientConfig(fldPath *field.Path, cc *admissionregistration.
return allErrors
}
// note: this has copy/paste inheritance in auditregistration
func validateWebhookService(fldPath *field.Path, svc *admissionregistration.ServiceReference) field.ErrorList {
var allErrors field.ErrorList

38
pkg/apis/auditregistration/BUILD Normal file
View File

@@ -0,0 +1,38 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"doc.go",
"register.go",
"types.go",
"zz_generated.deepcopy.go",
],
importpath = "k8s.io/kubernetes/pkg/apis/auditregistration",
visibility = ["//visibility:public"],
deps = [
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [
":package-srcs",
"//pkg/apis/auditregistration/fuzzer:all-srcs",
"//pkg/apis/auditregistration/install:all-srcs",
"//pkg/apis/auditregistration/v1alpha1:all-srcs",
"//pkg/apis/auditregistration/validation:all-srcs",
],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

20
pkg/apis/auditregistration/doc.go Normal file
View File

@@ -0,0 +1,20 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// +k8s:deepcopy-gen=package
// +groupName=auditregistration.k8s.io
package auditregistration // import "k8s.io/kubernetes/pkg/apis/auditregistration"

27
pkg/apis/auditregistration/fuzzer/BUILD Normal file
View File

@@ -0,0 +1,27 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["fuzzer.go"],
importpath = "k8s.io/kubernetes/pkg/apis/auditregistration/fuzzer",
visibility = ["//visibility:public"],
deps = [
"//pkg/apis/auditregistration:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
"//vendor/github.com/google/gofuzz:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

38
pkg/apis/auditregistration/fuzzer/fuzzer.go Normal file
View File

@@ -0,0 +1,38 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fuzzer
import (
fuzz "github.com/google/gofuzz"
runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
"k8s.io/kubernetes/pkg/apis/auditregistration"
)
// Funcs returns the fuzzer functions for the auditregistration api group.
var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
return []interface{}{
func(obj *auditregistration.AuditSink, c fuzz.Continue) {
c.FuzzNoCustom(obj)
v := int64(1)
obj.Spec.Webhook.Throttle = &auditregistration.WebhookThrottleConfig{
QPS: &v,
Burst: &v,
}
},
}
}

29
pkg/apis/auditregistration/install/BUILD Normal file
View File

@@ -0,0 +1,29 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["install.go"],
importpath = "k8s.io/kubernetes/pkg/apis/auditregistration/install",
visibility = ["//visibility:public"],
deps = [
"//pkg/api/legacyscheme:go_default_library",
"//pkg/apis/auditregistration:go_default_library",
"//pkg/apis/auditregistration/v1alpha1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

38
pkg/apis/auditregistration/install/install.go Normal file
View File

@@ -0,0 +1,38 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package install adds the experimental API group, making it available as
// an option to all of the API encoding/decoding machinery.
package install
import (
"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/kubernetes/pkg/api/legacyscheme"
"k8s.io/kubernetes/pkg/apis/auditregistration"
"k8s.io/kubernetes/pkg/apis/auditregistration/v1alpha1"
)
func init() {
Install(legacyscheme.Scheme)
}
// Install registers the API group and adds types to a scheme
func Install(scheme *runtime.Scheme) {
utilruntime.Must(auditregistration.AddToScheme(scheme))
utilruntime.Must(v1alpha1.AddToScheme(scheme))
utilruntime.Must(scheme.SetVersionPriority(v1alpha1.SchemeGroupVersion))
}

53
pkg/apis/auditregistration/register.go Normal file
View File

@@ -0,0 +1,53 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package auditregistration
import (
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
// GroupName is the group name use in this package
const GroupName = "auditregistration.k8s.io"
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
// Kind takes an unqualified kind and returns a Group qualified GroupKind
func Kind(kind string) schema.GroupKind {
return SchemeGroupVersion.WithKind(kind).GroupKind()
}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
// SchemeBuilder for audit registration
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
// AddToScheme audit registration
AddToScheme = SchemeBuilder.AddToScheme
)
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&AuditSink{},
&AuditSinkList{},
)
return nil
}

197
pkg/apis/auditregistration/types.go Normal file
View File

@@ -0,0 +1,197 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// +k8s:openapi-gen=true
package auditregistration
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// Level defines the amount of information logged during auditing
type Level string
// Valid audit levels
const (
// LevelNone disables auditing
LevelNone Level = "None"
// LevelMetadata provides the basic level of auditing.
LevelMetadata Level = "Metadata"
// LevelRequest provides Metadata level of auditing, and additionally
// logs the request object (does not apply for non-resource requests).
LevelRequest Level = "Request"
// LevelRequestResponse provides Request level of auditing, and additionally
// logs the response object (does not apply for non-resource requests and watches).
LevelRequestResponse Level = "RequestResponse"
)
// Stage defines the stages in request handling during which audit events may be generated.
type Stage string
// Valid audit stages.
const (
// The stage for events generated after the audit handler receives the request, but before it
// is delegated down the handler chain.
StageRequestReceived = "RequestReceived"
// The stage for events generated after the response headers are sent, but before the response body
// is sent. This stage is only generated for long-running requests (e.g. watch).
StageResponseStarted = "ResponseStarted"
// The stage for events generated after the response body has been completed, and no more bytes
// will be sent.
StageResponseComplete = "ResponseComplete"
// The stage for events generated when a panic occurred.
StagePanic = "Panic"
)
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// AuditSink represents a cluster level sink for audit data
type AuditSink struct {
metav1.TypeMeta
// +optional
metav1.ObjectMeta
// Spec defines the audit sink spec
Spec AuditSinkSpec
}
// AuditSinkSpec is the spec for the audit sink object
type AuditSinkSpec struct {
// Policy defines the policy for selecting which events should be sent to the backend
// required
Policy Policy
// Webhook to send events
// required
Webhook Webhook
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// AuditSinkList is a list of a audit sink items.
type AuditSinkList struct {
metav1.TypeMeta
// +optional
metav1.ListMeta
// List of audit configurations.
Items []AuditSink
}
// Policy defines the configuration of how audit events are logged
type Policy struct {
// The Level that all requests are recorded at.
// available options: None, Metadata, Request, RequestResponse
// required
Level Level
// Stages is a list of stages for which events are created.
// +optional
Stages []Stage
}
// Webhook holds the configuration of the webhooks
type Webhook struct {
// Throttle holds the options for throttling the webhook
// +optional
Throttle *WebhookThrottleConfig
// ClientConfig holds the connection parameters for the webhook
// required
ClientConfig WebhookClientConfig
}
// WebhookThrottleConfig holds the configuration for throttling
type WebhookThrottleConfig struct {
// QPS maximum number of batches per second
// default 10 QPS
// +optional
QPS *int64
// Burst is the maximum number of events sent at the same moment
// default 15 QPS
// +optional
Burst *int64
}
// WebhookClientConfig contains the information to make a connection with the webhook
type WebhookClientConfig struct {
// `url` gives the location of the webhook, in standard URL form
// (`[scheme://]host:port/path`). Exactly one of `url` or `service`
// must be specified.
//
// The `host` should not refer to a service running in the cluster; use
// the `service` field instead. The host might be resolved via external
// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
// in-cluster DNS as that would be a layering violation). `host` may
// also be an IP address.
//
// Please note that using `localhost` or `127.0.0.1` as a `host` is
// risky unless you take great care to run this webhook on all hosts
// which run an apiserver which might need to make calls to this
// webhook. Such installs are likely to be non-portable, i.e., not easy
// to turn up in a new cluster.
//
// The scheme must be "https"; the URL must begin with "https://".
//
// A path is optional, and if present may be any string permissible in
// a URL. You may use the path to pass an arbitrary string to the
// webhook, for example, a cluster identifier.
//
// Attempting to use a user or basic auth e.g. "user:password@" is not
// allowed. Fragments ("#...") and query parameters ("?...") are not
// allowed, either.
//
// +optional
URL *string
// `service` is a reference to the service for this webhook. Either
// `service` or `url` must be specified.
//
// If the webhook is running within the cluster, then you should use `service`.
//
// Port 443 will be used if it is open, otherwise it is an error.
//
// +optional
Service *ServiceReference
// `caBundle` is a PEM encoded CA bundle which will be used to validate
// the webhook's server certificate.
// defaults to the apiservers CA bundle for the endpoint type
// +optional
CABundle []byte
}
// ServiceReference holds a reference to Service.legacy.k8s.io
type ServiceReference struct {
// `namespace` is the namespace of the service.
// Required
Namespace string
// `name` is the name of the service.
// Required
Name string
// `path` is an optional URL path which will be sent in any request to
// this service.
// +optional
Path *string
}

50
pkg/apis/auditregistration/v1alpha1/BUILD Normal file
View File

@@ -0,0 +1,50 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
go_library(
name = "go_default_library",
srcs = [
"defaults.go",
"doc.go",
"register.go",
"zz_generated.conversion.go",
"zz_generated.defaults.go",
],
importpath = "k8s.io/kubernetes/pkg/apis/auditregistration/v1alpha1",
visibility = ["//visibility:public"],
deps = [
"//pkg/apis/auditregistration:go_default_library",
"//staging/src/k8s.io/api/auditregistration/v1alpha1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/conversion:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
"//vendor/k8s.io/utils/pointer:go_default_library",
],
)
go_test(
name = "go_default_test",
srcs = ["defaults_test.go"],
embed = [":go_default_library"],
deps = [
"//pkg/api/legacyscheme:go_default_library",
"//pkg/apis/auditregistration/install:go_default_library",
"//staging/src/k8s.io/api/auditregistration/v1alpha1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/api/equality:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/utils/pointer:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

56
pkg/apis/auditregistration/v1alpha1/defaults.go Normal file
View File

@@ -0,0 +1,56 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
auditregistrationv1alpha1 "k8s.io/api/auditregistration/v1alpha1"
"k8s.io/apimachinery/pkg/runtime"
utilpointer "k8s.io/utils/pointer"
)
const (
// DefaultQPS is the default QPS value
DefaultQPS = int64(10)
// DefaultBurst is the default burst value
DefaultBurst = int64(15)
)
// DefaultThrottle is a default throttle config
func DefaultThrottle() *auditregistrationv1alpha1.WebhookThrottleConfig {
return &auditregistrationv1alpha1.WebhookThrottleConfig{
QPS: utilpointer.Int64Ptr(DefaultQPS),
Burst: utilpointer.Int64Ptr(DefaultBurst),
}
}
func addDefaultingFuncs(scheme *runtime.Scheme) error {
return RegisterDefaults(scheme)
}
// SetDefaults_AuditSink sets defaults if the audit sink isn't present
func SetDefaults_AuditSink(obj *auditregistrationv1alpha1.AuditSink) {
if obj.Spec.Webhook.Throttle != nil {
if obj.Spec.Webhook.Throttle.QPS == nil {
obj.Spec.Webhook.Throttle.QPS = utilpointer.Int64Ptr(DefaultQPS)
}
if obj.Spec.Webhook.Throttle.Burst == nil {
obj.Spec.Webhook.Throttle.Burst = utilpointer.Int64Ptr(DefaultBurst)
}
} else {
obj.Spec.Webhook.Throttle = DefaultThrottle()
}
}

165
pkg/apis/auditregistration/v1alpha1/defaults_test.go Normal file
View File

@@ -0,0 +1,165 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1_test
import (
"reflect"
"testing"
auditregistrationv1alpha1 "k8s.io/api/auditregistration/v1alpha1"
apiequality "k8s.io/apimachinery/pkg/api/equality"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/kubernetes/pkg/api/legacyscheme"
_ "k8s.io/kubernetes/pkg/apis/auditregistration/install"
. "k8s.io/kubernetes/pkg/apis/auditregistration/v1alpha1"
utilpointer "k8s.io/utils/pointer"
)
func TestSetDefaultAuditSink(t *testing.T) {
defaultURL := "http://test"
tests := []struct {
original *auditregistrationv1alpha1.AuditSink
expected *auditregistrationv1alpha1.AuditSink
}{
{ // Missing Throttle
original: &auditregistrationv1alpha1.AuditSink{
Spec: auditregistrationv1alpha1.AuditSinkSpec{
Policy: auditregistrationv1alpha1.Policy{
Level: auditregistrationv1alpha1.LevelMetadata,
},
Webhook: auditregistrationv1alpha1.Webhook{
ClientConfig: auditregistrationv1alpha1.WebhookClientConfig{
URL: &defaultURL,
},
},
},
},
expected: &auditregistrationv1alpha1.AuditSink{
Spec: auditregistrationv1alpha1.AuditSinkSpec{
Policy: auditregistrationv1alpha1.Policy{
Level: auditregistrationv1alpha1.LevelMetadata,
},
Webhook: auditregistrationv1alpha1.Webhook{
Throttle: DefaultThrottle(),
ClientConfig: auditregistrationv1alpha1.WebhookClientConfig{
URL: &defaultURL,
},
},
},
},
},
{ // Missing QPS
original: &auditregistrationv1alpha1.AuditSink{
Spec: auditregistrationv1alpha1.AuditSinkSpec{
Policy: auditregistrationv1alpha1.Policy{
Level: auditregistrationv1alpha1.LevelMetadata,
},
Webhook: auditregistrationv1alpha1.Webhook{
Throttle: &auditregistrationv1alpha1.WebhookThrottleConfig{
Burst: utilpointer.Int64Ptr(1),
},
ClientConfig: auditregistrationv1alpha1.WebhookClientConfig{
URL: &defaultURL,
},
},
},
},
expected: &auditregistrationv1alpha1.AuditSink{
Spec: auditregistrationv1alpha1.AuditSinkSpec{
Policy: auditregistrationv1alpha1.Policy{
Level: auditregistrationv1alpha1.LevelMetadata,
},
Webhook: auditregistrationv1alpha1.Webhook{
Throttle: &auditregistrationv1alpha1.WebhookThrottleConfig{
QPS: DefaultThrottle().QPS,
Burst: utilpointer.Int64Ptr(1),
},
ClientConfig: auditregistrationv1alpha1.WebhookClientConfig{
URL: &defaultURL,
},
},
},
},
},
{ // Missing Burst
original: &auditregistrationv1alpha1.AuditSink{
Spec: auditregistrationv1alpha1.AuditSinkSpec{
Policy: auditregistrationv1alpha1.Policy{
Level: auditregistrationv1alpha1.LevelMetadata,
},
Webhook: auditregistrationv1alpha1.Webhook{
Throttle: &auditregistrationv1alpha1.WebhookThrottleConfig{
QPS: utilpointer.Int64Ptr(1),
},
ClientConfig: auditregistrationv1alpha1.WebhookClientConfig{
URL: &defaultURL,
},
},
},
},
expected: &auditregistrationv1alpha1.AuditSink{
Spec: auditregistrationv1alpha1.AuditSinkSpec{
Policy: auditregistrationv1alpha1.Policy{
Level: auditregistrationv1alpha1.LevelMetadata,
},
Webhook: auditregistrationv1alpha1.Webhook{
Throttle: &auditregistrationv1alpha1.WebhookThrottleConfig{
QPS: utilpointer.Int64Ptr(1),
Burst: DefaultThrottle().Burst,
},
ClientConfig: auditregistrationv1alpha1.WebhookClientConfig{
URL: &defaultURL,
},
},
},
},
},
}
for i, test := range tests {
original := test.original
expected := test.expected
obj2 := roundTrip(t, runtime.Object(original))
got, ok := obj2.(*auditregistrationv1alpha1.AuditSink)
if !ok {
t.Fatalf("(%d) unexpected object: %v", i, obj2)
}
if !apiequality.Semantic.DeepEqual(got.Spec, expected.Spec) {
t.Errorf("(%d) got different than expected\ngot:\n\t%+v\nexpected:\n\t%+v", i, got.Spec, expected.Spec)
}
}
}
func roundTrip(t *testing.T, obj runtime.Object) runtime.Object {
data, err := runtime.Encode(legacyscheme.Codecs.LegacyCodec(SchemeGroupVersion), obj)
if err != nil {
t.Errorf("%v\n %#v", err, obj)
return nil
}
obj2, err := runtime.Decode(legacyscheme.Codecs.UniversalDecoder(), data)
if err != nil {
t.Errorf("%v\nData: %s\nSource: %#v", err, string(data), obj)
return nil
}
obj3 := reflect.New(reflect.TypeOf(obj).Elem()).Interface().(runtime.Object)
err = legacyscheme.Scheme.Convert(obj2, obj3, nil)
if err != nil {
t.Errorf("%v\nSource: %#v", err, obj2)
return nil
}
return obj3
}

24
pkg/apis/auditregistration/v1alpha1/doc.go Normal file
View File

@@ -0,0 +1,24 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/auditregistration
// +k8s:conversion-gen-external-types=k8s.io/api/auditregistration/v1alpha1
// +k8s:defaulter-gen=TypeMeta
// +k8s:defaulter-gen-input=../../../../vendor/k8s.io/api/auditregistration/v1alpha1
// +groupName=auditregistration.k8s.io
package v1alpha1 // import "k8s.io/kubernetes/pkg/apis/auditregistration/v1alpha1"

46
pkg/apis/auditregistration/v1alpha1/register.go Normal file
View File

@@ -0,0 +1,46 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
auditregistrationv1alpha1 "k8s.io/api/auditregistration/v1alpha1"
"k8s.io/apimachinery/pkg/runtime/schema"
)
// GroupName for audit registration
const GroupName = "auditregistration.k8s.io"
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
localSchemeBuilder = &auditregistrationv1alpha1.SchemeBuilder
// AddToScheme audit registration
AddToScheme = localSchemeBuilder.AddToScheme
)
func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addDefaultingFuncs)
}

316
pkg/apis/auditregistration/v1alpha1/zz_generated.conversion.go generated Normal file
View File

@@ -0,0 +1,316 @@
// +build !ignore_autogenerated
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by conversion-gen. DO NOT EDIT.
package v1alpha1
import (
unsafe "unsafe"
v1alpha1 "k8s.io/api/auditregistration/v1alpha1"
conversion "k8s.io/apimachinery/pkg/conversion"
runtime "k8s.io/apimachinery/pkg/runtime"
auditregistration "k8s.io/kubernetes/pkg/apis/auditregistration"
)
func init() {
localSchemeBuilder.Register(RegisterConversions)
}
// RegisterConversions adds conversion functions to the given scheme.
// Public to allow building arbitrary schemes.
func RegisterConversions(s *runtime.Scheme) error {
if err := s.AddGeneratedConversionFunc((*v1alpha1.AuditSink)(nil), (*auditregistration.AuditSink)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_AuditSink_To_auditregistration_AuditSink(a.(*v1alpha1.AuditSink), b.(*auditregistration.AuditSink), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*auditregistration.AuditSink)(nil), (*v1alpha1.AuditSink)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_auditregistration_AuditSink_To_v1alpha1_AuditSink(a.(*auditregistration.AuditSink), b.(*v1alpha1.AuditSink), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1alpha1.AuditSinkList)(nil), (*auditregistration.AuditSinkList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_AuditSinkList_To_auditregistration_AuditSinkList(a.(*v1alpha1.AuditSinkList), b.(*auditregistration.AuditSinkList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*auditregistration.AuditSinkList)(nil), (*v1alpha1.AuditSinkList)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_auditregistration_AuditSinkList_To_v1alpha1_AuditSinkList(a.(*auditregistration.AuditSinkList), b.(*v1alpha1.AuditSinkList), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1alpha1.AuditSinkSpec)(nil), (*auditregistration.AuditSinkSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_AuditSinkSpec_To_auditregistration_AuditSinkSpec(a.(*v1alpha1.AuditSinkSpec), b.(*auditregistration.AuditSinkSpec), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*auditregistration.AuditSinkSpec)(nil), (*v1alpha1.AuditSinkSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_auditregistration_AuditSinkSpec_To_v1alpha1_AuditSinkSpec(a.(*auditregistration.AuditSinkSpec), b.(*v1alpha1.AuditSinkSpec), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1alpha1.Policy)(nil), (*auditregistration.Policy)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_Policy_To_auditregistration_Policy(a.(*v1alpha1.Policy), b.(*auditregistration.Policy), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*auditregistration.Policy)(nil), (*v1alpha1.Policy)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_auditregistration_Policy_To_v1alpha1_Policy(a.(*auditregistration.Policy), b.(*v1alpha1.Policy), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1alpha1.ServiceReference)(nil), (*auditregistration.ServiceReference)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_ServiceReference_To_auditregistration_ServiceReference(a.(*v1alpha1.ServiceReference), b.(*auditregistration.ServiceReference), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*auditregistration.ServiceReference)(nil), (*v1alpha1.ServiceReference)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_auditregistration_ServiceReference_To_v1alpha1_ServiceReference(a.(*auditregistration.ServiceReference), b.(*v1alpha1.ServiceReference), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1alpha1.Webhook)(nil), (*auditregistration.Webhook)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_Webhook_To_auditregistration_Webhook(a.(*v1alpha1.Webhook), b.(*auditregistration.Webhook), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*auditregistration.Webhook)(nil), (*v1alpha1.Webhook)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_auditregistration_Webhook_To_v1alpha1_Webhook(a.(*auditregistration.Webhook), b.(*v1alpha1.Webhook), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1alpha1.WebhookClientConfig)(nil), (*auditregistration.WebhookClientConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_WebhookClientConfig_To_auditregistration_WebhookClientConfig(a.(*v1alpha1.WebhookClientConfig), b.(*auditregistration.WebhookClientConfig), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*auditregistration.WebhookClientConfig)(nil), (*v1alpha1.WebhookClientConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_auditregistration_WebhookClientConfig_To_v1alpha1_WebhookClientConfig(a.(*auditregistration.WebhookClientConfig), b.(*v1alpha1.WebhookClientConfig), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1alpha1.WebhookThrottleConfig)(nil), (*auditregistration.WebhookThrottleConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1alpha1_WebhookThrottleConfig_To_auditregistration_WebhookThrottleConfig(a.(*v1alpha1.WebhookThrottleConfig), b.(*auditregistration.WebhookThrottleConfig), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*auditregistration.WebhookThrottleConfig)(nil), (*v1alpha1.WebhookThrottleConfig)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_auditregistration_WebhookThrottleConfig_To_v1alpha1_WebhookThrottleConfig(a.(*auditregistration.WebhookThrottleConfig), b.(*v1alpha1.WebhookThrottleConfig), scope)
}); err != nil {
return err
}
return nil
}
func autoConvert_v1alpha1_AuditSink_To_auditregistration_AuditSink(in *v1alpha1.AuditSink, out *auditregistration.AuditSink, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
if err := Convert_v1alpha1_AuditSinkSpec_To_auditregistration_AuditSinkSpec(&in.Spec, &out.Spec, s); err != nil {
return err
}
return nil
}
// Convert_v1alpha1_AuditSink_To_auditregistration_AuditSink is an autogenerated conversion function.
func Convert_v1alpha1_AuditSink_To_auditregistration_AuditSink(in *v1alpha1.AuditSink, out *auditregistration.AuditSink, s conversion.Scope) error {
return autoConvert_v1alpha1_AuditSink_To_auditregistration_AuditSink(in, out, s)
}
func autoConvert_auditregistration_AuditSink_To_v1alpha1_AuditSink(in *auditregistration.AuditSink, out *v1alpha1.AuditSink, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
if err := Convert_auditregistration_AuditSinkSpec_To_v1alpha1_AuditSinkSpec(&in.Spec, &out.Spec, s); err != nil {
return err
}
return nil
}
// Convert_auditregistration_AuditSink_To_v1alpha1_AuditSink is an autogenerated conversion function.
func Convert_auditregistration_AuditSink_To_v1alpha1_AuditSink(in *auditregistration.AuditSink, out *v1alpha1.AuditSink, s conversion.Scope) error {
return autoConvert_auditregistration_AuditSink_To_v1alpha1_AuditSink(in, out, s)
}
func autoConvert_v1alpha1_AuditSinkList_To_auditregistration_AuditSinkList(in *v1alpha1.AuditSinkList, out *auditregistration.AuditSinkList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]auditregistration.AuditSink)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_v1alpha1_AuditSinkList_To_auditregistration_AuditSinkList is an autogenerated conversion function.
func Convert_v1alpha1_AuditSinkList_To_auditregistration_AuditSinkList(in *v1alpha1.AuditSinkList, out *auditregistration.AuditSinkList, s conversion.Scope) error {
return autoConvert_v1alpha1_AuditSinkList_To_auditregistration_AuditSinkList(in, out, s)
}
func autoConvert_auditregistration_AuditSinkList_To_v1alpha1_AuditSinkList(in *auditregistration.AuditSinkList, out *v1alpha1.AuditSinkList, s conversion.Scope) error {
out.ListMeta = in.ListMeta
out.Items = *(*[]v1alpha1.AuditSink)(unsafe.Pointer(&in.Items))
return nil
}
// Convert_auditregistration_AuditSinkList_To_v1alpha1_AuditSinkList is an autogenerated conversion function.
func Convert_auditregistration_AuditSinkList_To_v1alpha1_AuditSinkList(in *auditregistration.AuditSinkList, out *v1alpha1.AuditSinkList, s conversion.Scope) error {
return autoConvert_auditregistration_AuditSinkList_To_v1alpha1_AuditSinkList(in, out, s)
}
func autoConvert_v1alpha1_AuditSinkSpec_To_auditregistration_AuditSinkSpec(in *v1alpha1.AuditSinkSpec, out *auditregistration.AuditSinkSpec, s conversion.Scope) error {
if err := Convert_v1alpha1_Policy_To_auditregistration_Policy(&in.Policy, &out.Policy, s); err != nil {
return err
}
if err := Convert_v1alpha1_Webhook_To_auditregistration_Webhook(&in.Webhook, &out.Webhook, s); err != nil {
return err
}
return nil
}
// Convert_v1alpha1_AuditSinkSpec_To_auditregistration_AuditSinkSpec is an autogenerated conversion function.
func Convert_v1alpha1_AuditSinkSpec_To_auditregistration_AuditSinkSpec(in *v1alpha1.AuditSinkSpec, out *auditregistration.AuditSinkSpec, s conversion.Scope) error {
return autoConvert_v1alpha1_AuditSinkSpec_To_auditregistration_AuditSinkSpec(in, out, s)
}
func autoConvert_auditregistration_AuditSinkSpec_To_v1alpha1_AuditSinkSpec(in *auditregistration.AuditSinkSpec, out *v1alpha1.AuditSinkSpec, s conversion.Scope) error {
if err := Convert_auditregistration_Policy_To_v1alpha1_Policy(&in.Policy, &out.Policy, s); err != nil {
return err
}
if err := Convert_auditregistration_Webhook_To_v1alpha1_Webhook(&in.Webhook, &out.Webhook, s); err != nil {
return err
}
return nil
}
// Convert_auditregistration_AuditSinkSpec_To_v1alpha1_AuditSinkSpec is an autogenerated conversion function.
func Convert_auditregistration_AuditSinkSpec_To_v1alpha1_AuditSinkSpec(in *auditregistration.AuditSinkSpec, out *v1alpha1.AuditSinkSpec, s conversion.Scope) error {
return autoConvert_auditregistration_AuditSinkSpec_To_v1alpha1_AuditSinkSpec(in, out, s)
}
func autoConvert_v1alpha1_Policy_To_auditregistration_Policy(in *v1alpha1.Policy, out *auditregistration.Policy, s conversion.Scope) error {
out.Level = auditregistration.Level(in.Level)
out.Stages = *(*[]auditregistration.Stage)(unsafe.Pointer(&in.Stages))
return nil
}
// Convert_v1alpha1_Policy_To_auditregistration_Policy is an autogenerated conversion function.
func Convert_v1alpha1_Policy_To_auditregistration_Policy(in *v1alpha1.Policy, out *auditregistration.Policy, s conversion.Scope) error {
return autoConvert_v1alpha1_Policy_To_auditregistration_Policy(in, out, s)
}
func autoConvert_auditregistration_Policy_To_v1alpha1_Policy(in *auditregistration.Policy, out *v1alpha1.Policy, s conversion.Scope) error {
out.Level = v1alpha1.Level(in.Level)
out.Stages = *(*[]v1alpha1.Stage)(unsafe.Pointer(&in.Stages))
return nil
}
// Convert_auditregistration_Policy_To_v1alpha1_Policy is an autogenerated conversion function.
func Convert_auditregistration_Policy_To_v1alpha1_Policy(in *auditregistration.Policy, out *v1alpha1.Policy, s conversion.Scope) error {
return autoConvert_auditregistration_Policy_To_v1alpha1_Policy(in, out, s)
}
func autoConvert_v1alpha1_ServiceReference_To_auditregistration_ServiceReference(in *v1alpha1.ServiceReference, out *auditregistration.ServiceReference, s conversion.Scope) error {
out.Namespace = in.Namespace
out.Name = in.Name
out.Path = (*string)(unsafe.Pointer(in.Path))
return nil
}
// Convert_v1alpha1_ServiceReference_To_auditregistration_ServiceReference is an autogenerated conversion function.
func Convert_v1alpha1_ServiceReference_To_auditregistration_ServiceReference(in *v1alpha1.ServiceReference, out *auditregistration.ServiceReference, s conversion.Scope) error {
return autoConvert_v1alpha1_ServiceReference_To_auditregistration_ServiceReference(in, out, s)
}
func autoConvert_auditregistration_ServiceReference_To_v1alpha1_ServiceReference(in *auditregistration.ServiceReference, out *v1alpha1.ServiceReference, s conversion.Scope) error {
out.Namespace = in.Namespace
out.Name = in.Name
out.Path = (*string)(unsafe.Pointer(in.Path))
return nil
}
// Convert_auditregistration_ServiceReference_To_v1alpha1_ServiceReference is an autogenerated conversion function.
func Convert_auditregistration_ServiceReference_To_v1alpha1_ServiceReference(in *auditregistration.ServiceReference, out *v1alpha1.ServiceReference, s conversion.Scope) error {
return autoConvert_auditregistration_ServiceReference_To_v1alpha1_ServiceReference(in, out, s)
}
func autoConvert_v1alpha1_Webhook_To_auditregistration_Webhook(in *v1alpha1.Webhook, out *auditregistration.Webhook, s conversion.Scope) error {
out.Throttle = (*auditregistration.WebhookThrottleConfig)(unsafe.Pointer(in.Throttle))
if err := Convert_v1alpha1_WebhookClientConfig_To_auditregistration_WebhookClientConfig(&in.ClientConfig, &out.ClientConfig, s); err != nil {
return err
}
return nil
}
// Convert_v1alpha1_Webhook_To_auditregistration_Webhook is an autogenerated conversion function.
func Convert_v1alpha1_Webhook_To_auditregistration_Webhook(in *v1alpha1.Webhook, out *auditregistration.Webhook, s conversion.Scope) error {
return autoConvert_v1alpha1_Webhook_To_auditregistration_Webhook(in, out, s)
}
func autoConvert_auditregistration_Webhook_To_v1alpha1_Webhook(in *auditregistration.Webhook, out *v1alpha1.Webhook, s conversion.Scope) error {
out.Throttle = (*v1alpha1.WebhookThrottleConfig)(unsafe.Pointer(in.Throttle))
if err := Convert_auditregistration_WebhookClientConfig_To_v1alpha1_WebhookClientConfig(&in.ClientConfig, &out.ClientConfig, s); err != nil {
return err
}
return nil
}
// Convert_auditregistration_Webhook_To_v1alpha1_Webhook is an autogenerated conversion function.
func Convert_auditregistration_Webhook_To_v1alpha1_Webhook(in *auditregistration.Webhook, out *v1alpha1.Webhook, s conversion.Scope) error {
return autoConvert_auditregistration_Webhook_To_v1alpha1_Webhook(in, out, s)
}
func autoConvert_v1alpha1_WebhookClientConfig_To_auditregistration_WebhookClientConfig(in *v1alpha1.WebhookClientConfig, out *auditregistration.WebhookClientConfig, s conversion.Scope) error {
out.URL = (*string)(unsafe.Pointer(in.URL))
out.Service = (*auditregistration.ServiceReference)(unsafe.Pointer(in.Service))
out.CABundle = *(*[]byte)(unsafe.Pointer(&in.CABundle))
return nil
}
// Convert_v1alpha1_WebhookClientConfig_To_auditregistration_WebhookClientConfig is an autogenerated conversion function.
func Convert_v1alpha1_WebhookClientConfig_To_auditregistration_WebhookClientConfig(in *v1alpha1.WebhookClientConfig, out *auditregistration.WebhookClientConfig, s conversion.Scope) error {
return autoConvert_v1alpha1_WebhookClientConfig_To_auditregistration_WebhookClientConfig(in, out, s)
}
func autoConvert_auditregistration_WebhookClientConfig_To_v1alpha1_WebhookClientConfig(in *auditregistration.WebhookClientConfig, out *v1alpha1.WebhookClientConfig, s conversion.Scope) error {
out.URL = (*string)(unsafe.Pointer(in.URL))
out.Service = (*v1alpha1.ServiceReference)(unsafe.Pointer(in.Service))
out.CABundle = *(*[]byte)(unsafe.Pointer(&in.CABundle))
return nil
}
// Convert_auditregistration_WebhookClientConfig_To_v1alpha1_WebhookClientConfig is an autogenerated conversion function.
func Convert_auditregistration_WebhookClientConfig_To_v1alpha1_WebhookClientConfig(in *auditregistration.WebhookClientConfig, out *v1alpha1.WebhookClientConfig, s conversion.Scope) error {
return autoConvert_auditregistration_WebhookClientConfig_To_v1alpha1_WebhookClientConfig(in, out, s)
}
func autoConvert_v1alpha1_WebhookThrottleConfig_To_auditregistration_WebhookThrottleConfig(in *v1alpha1.WebhookThrottleConfig, out *auditregistration.WebhookThrottleConfig, s conversion.Scope) error {
out.QPS = (*int64)(unsafe.Pointer(in.QPS))
out.Burst = (*int64)(unsafe.Pointer(in.Burst))
return nil
}
// Convert_v1alpha1_WebhookThrottleConfig_To_auditregistration_WebhookThrottleConfig is an autogenerated conversion function.
func Convert_v1alpha1_WebhookThrottleConfig_To_auditregistration_WebhookThrottleConfig(in *v1alpha1.WebhookThrottleConfig, out *auditregistration.WebhookThrottleConfig, s conversion.Scope) error {
return autoConvert_v1alpha1_WebhookThrottleConfig_To_auditregistration_WebhookThrottleConfig(in, out, s)
}
func autoConvert_auditregistration_WebhookThrottleConfig_To_v1alpha1_WebhookThrottleConfig(in *auditregistration.WebhookThrottleConfig, out *v1alpha1.WebhookThrottleConfig, s conversion.Scope) error {
out.QPS = (*int64)(unsafe.Pointer(in.QPS))
out.Burst = (*int64)(unsafe.Pointer(in.Burst))
return nil
}
// Convert_auditregistration_WebhookThrottleConfig_To_v1alpha1_WebhookThrottleConfig is an autogenerated conversion function.
func Convert_auditregistration_WebhookThrottleConfig_To_v1alpha1_WebhookThrottleConfig(in *auditregistration.WebhookThrottleConfig, out *v1alpha1.WebhookThrottleConfig, s conversion.Scope) error {
return autoConvert_auditregistration_WebhookThrottleConfig_To_v1alpha1_WebhookThrottleConfig(in, out, s)
}

46
pkg/apis/auditregistration/v1alpha1/zz_generated.defaults.go generated Normal file
View File

@@ -0,0 +1,46 @@
// +build !ignore_autogenerated
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by defaulter-gen. DO NOT EDIT.
package v1alpha1
import (
v1alpha1 "k8s.io/api/auditregistration/v1alpha1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
// RegisterDefaults adds defaulters functions to the given scheme.
// Public to allow building arbitrary schemes.
// All generated defaulters are covering - they call all nested defaulters.
func RegisterDefaults(scheme *runtime.Scheme) error {
scheme.AddTypeDefaultingFunc(&v1alpha1.AuditSink{}, func(obj interface{}) { SetObjectDefaults_AuditSink(obj.(*v1alpha1.AuditSink)) })
scheme.AddTypeDefaultingFunc(&v1alpha1.AuditSinkList{}, func(obj interface{}) { SetObjectDefaults_AuditSinkList(obj.(*v1alpha1.AuditSinkList)) })
return nil
}
func SetObjectDefaults_AuditSink(in *v1alpha1.AuditSink) {
SetDefaults_AuditSink(in)
}
func SetObjectDefaults_AuditSinkList(in *v1alpha1.AuditSinkList) {
for i := range in.Items {
a := &in.Items[i]
SetObjectDefaults_AuditSink(a)
}
}

41
pkg/apis/auditregistration/validation/BUILD Normal file
View File

@@ -0,0 +1,41 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
go_library(
name = "go_default_library",
srcs = ["validation.go"],
importpath = "k8s.io/kubernetes/pkg/apis/auditregistration/validation",
visibility = ["//visibility:public"],
deps = [
"//pkg/apis/auditregistration:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/api/validation:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/validation:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
],
)
go_test(
name = "go_default_test",
srcs = ["validation_test.go"],
embed = [":go_default_library"],
deps = [
"//pkg/apis/auditregistration:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
"//vendor/github.com/stretchr/testify/require:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

200
pkg/apis/auditregistration/validation/validation.go Normal file
View File

@@ -0,0 +1,200 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"fmt"
"net/url"
"strings"
genericvalidation "k8s.io/apimachinery/pkg/api/validation"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/validation"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/kubernetes/pkg/apis/auditregistration"
)
// ValidateAuditSink validates the AuditSinks
func ValidateAuditSink(as *auditregistration.AuditSink) field.ErrorList {
allErrs := genericvalidation.ValidateObjectMeta(&as.ObjectMeta, false, genericvalidation.NameIsDNSSubdomain, field.NewPath("metadata"))
allErrs = append(allErrs, ValidateAuditSinkSpec(as.Spec, field.NewPath("spec"))...)
return allErrs
}
// ValidateAuditSinkSpec validates the sink spec for audit
func ValidateAuditSinkSpec(s auditregistration.AuditSinkSpec, fldPath *field.Path) field.ErrorList {
var allErrs field.ErrorList
allErrs = append(allErrs, ValidatePolicy(s.Policy, field.NewPath("policy"))...)
allErrs = append(allErrs, ValidateWebhook(s.Webhook, field.NewPath("webhook"))...)
return allErrs
}
// ValidateWebhook validates the webhook
func ValidateWebhook(w auditregistration.Webhook, fldPath *field.Path) field.ErrorList {
var allErrs field.ErrorList
if w.Throttle != nil {
allErrs = append(allErrs, ValidateWebhookThrottleConfig(w.Throttle, fldPath.Child("throttle"))...)
}
allErrs = append(allErrs, ValidateWebhookClientConfig(&w.ClientConfig, fldPath.Child("clientConfig"))...)
return allErrs
}
// ValidateWebhookThrottleConfig validates the throttle config
func ValidateWebhookThrottleConfig(c *auditregistration.WebhookThrottleConfig, fldPath *field.Path) field.ErrorList {
var allErrs field.ErrorList
if c.QPS != nil && *c.QPS <= 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("qps"), c.QPS, "qps must be a positive number"))
}
if c.Burst != nil && *c.Burst <= 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("burst"), c.Burst, "burst must be a positive number"))
}
return allErrs
}
// ValidateWebhookClientConfig validates the WebhookClientConfig
// note: this is largely copy/paste inheritance from admissionregistration with subtle changes
func ValidateWebhookClientConfig(cc *auditregistration.WebhookClientConfig, fldPath *field.Path) field.ErrorList {
var allErrors field.ErrorList
if (cc.URL == nil) == (cc.Service == nil) {
allErrors = append(allErrors, field.Required(fldPath.Child("url"), "exactly one of url or service is required"))
}
if cc.URL != nil {
const form = "; desired format: https://host[/path]"
if u, err := url.Parse(*cc.URL); err != nil {
allErrors = append(allErrors, field.Required(fldPath.Child("url"), "url must be a valid URL: "+err.Error()+form))
} else {
if len(u.Host) == 0 {
allErrors = append(allErrors, field.Invalid(fldPath.Child("url"), u.Host, "host must be provided"+form))
}
if u.User != nil {
allErrors = append(allErrors, field.Invalid(fldPath.Child("url"), u.User.String(), "user information is not permitted in the URL"))
}
if len(u.Fragment) != 0 {
allErrors = append(allErrors, field.Invalid(fldPath.Child("url"), u.Fragment, "fragments are not permitted in the URL"))
}
if len(u.RawQuery) != 0 {
allErrors = append(allErrors, field.Invalid(fldPath.Child("url"), u.RawQuery, "query parameters are not permitted in the URL"))
}
}
}
if cc.Service != nil {
allErrors = append(allErrors, validateWebhookService(cc.Service, fldPath.Child("service"))...)
}
return allErrors
}
// note: this is copy/paste inheritance from admissionregistration
func validateWebhookService(svc *auditregistration.ServiceReference, fldPath *field.Path) field.ErrorList {
var allErrors field.ErrorList
if len(svc.Name) == 0 {
allErrors = append(allErrors, field.Required(fldPath.Child("name"), "service name is required"))
}
if len(svc.Namespace) == 0 {
allErrors = append(allErrors, field.Required(fldPath.Child("namespace"), "service namespace is required"))
}
if svc.Path == nil {
return allErrors
}
// TODO: replace below with url.Parse + verifying that host is empty?
urlPath := *svc.Path
if urlPath == "/" || len(urlPath) == 0 {
return allErrors
}
if urlPath == "//" {
allErrors = append(allErrors, field.Invalid(fldPath.Child("path"), urlPath, "segment[0] may not be empty"))
return allErrors
}
if !strings.HasPrefix(urlPath, "/") {
allErrors = append(allErrors, field.Invalid(fldPath.Child("path"), urlPath, "must start with a '/'"))
}
urlPathToCheck := urlPath[1:]
if strings.HasSuffix(urlPathToCheck, "/") {
urlPathToCheck = urlPathToCheck[:len(urlPathToCheck)-1]
}
steps := strings.Split(urlPathToCheck, "/")
for i, step := range steps {
if len(step) == 0 {
allErrors = append(allErrors, field.Invalid(fldPath.Child("path"), urlPath, fmt.Sprintf("segment[%d] may not be empty", i)))
continue
}
failures := validation.IsDNS1123Subdomain(step)
for _, failure := range failures {
allErrors = append(allErrors, field.Invalid(fldPath.Child("path"), urlPath, fmt.Sprintf("segment[%d]: %v", i, failure)))
}
}
return allErrors
}
// ValidatePolicy validates the audit policy
func ValidatePolicy(policy auditregistration.Policy, fldPath *field.Path) field.ErrorList {
var allErrs field.ErrorList
allErrs = append(allErrs, validateStages(policy.Stages, fldPath.Child("stages"))...)
allErrs = append(allErrs, validateLevel(policy.Level, fldPath.Child("level"))...)
if policy.Level != auditregistration.LevelNone && len(policy.Stages) == 0 {
return field.ErrorList{field.Required(fldPath.Child("stages"), "")}
}
return allErrs
}
var validLevels = sets.NewString(
string(auditregistration.LevelNone),
string(auditregistration.LevelMetadata),
string(auditregistration.LevelRequest),
string(auditregistration.LevelRequestResponse),
)
var validStages = sets.NewString(
string(auditregistration.StageRequestReceived),
string(auditregistration.StageResponseStarted),
string(auditregistration.StageResponseComplete),
string(auditregistration.StagePanic),
)
func validateLevel(level auditregistration.Level, fldPath *field.Path) field.ErrorList {
if string(level) == "" {
return field.ErrorList{field.Required(fldPath, "")}
}
if !validLevels.Has(string(level)) {
return field.ErrorList{field.NotSupported(fldPath, level, validLevels.List())}
}
return nil
}
func validateStages(stages []auditregistration.Stage, fldPath *field.Path) field.ErrorList {
var allErrs field.ErrorList
for i, stage := range stages {
if !validStages.Has(string(stage)) {
allErrs = append(allErrs, field.Invalid(fldPath.Index(i), string(stage), "allowed stages are "+strings.Join(validStages.List(), ",")))
}
}
return allErrs
}
// ValidateAuditSinkUpdate validates an update to the object
func ValidateAuditSinkUpdate(newC, oldC *auditregistration.AuditSink) field.ErrorList {
return ValidateAuditSink(newC)
}

324
pkg/apis/auditregistration/validation/validation_test.go Normal file
View File

@@ -0,0 +1,324 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"strings"
"testing"
"github.com/stretchr/testify/require"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/kubernetes/pkg/apis/auditregistration"
)
func TestValidateAuditSink(t *testing.T) {
testQPS := int64(10)
testURL := "http://localhost"
testCases := []struct {
name string
conf auditregistration.AuditSink
numErr int
}{
{
name: "should pass full config",
conf: auditregistration.AuditSink{
ObjectMeta: metav1.ObjectMeta{
Name: "myconf",
},
Spec: auditregistration.AuditSinkSpec{
Policy: auditregistration.Policy{
Level: auditregistration.LevelRequest,
Stages: []auditregistration.Stage{
auditregistration.StageRequestReceived,
},
},
Webhook: auditregistration.Webhook{
Throttle: &auditregistration.WebhookThrottleConfig{
QPS: &testQPS,
},
ClientConfig: auditregistration.WebhookClientConfig{
URL: &testURL,
},
},
},
},
numErr: 0,
},
{
name: "should fail no policy",
conf: auditregistration.AuditSink{
ObjectMeta: metav1.ObjectMeta{
Name: "myconf",
},
Spec: auditregistration.AuditSinkSpec{
Webhook: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
URL: &testURL,
},
},
},
},
numErr: 1,
},
{
name: "should fail no webhook",
conf: auditregistration.AuditSink{
ObjectMeta: metav1.ObjectMeta{
Name: "myconf",
},
Spec: auditregistration.AuditSinkSpec{
Policy: auditregistration.Policy{
Level: auditregistration.LevelMetadata,
Stages: []auditregistration.Stage{
auditregistration.StageRequestReceived,
},
},
},
},
numErr: 1,
},
}
for _, test := range testCases {
t.Run(test.name, func(t *testing.T) {
errs := ValidateAuditSink(&test.conf)
require.Len(t, errs, test.numErr)
})
}
}
func TestValidatePolicy(t *testing.T) {
successCases := []auditregistration.Policy{}
successCases = append(successCases, auditregistration.Policy{ // Policy with omitStages and level
Level: auditregistration.LevelRequest,
Stages: []auditregistration.Stage{
auditregistration.Stage("RequestReceived"),
auditregistration.Stage("ResponseStarted"),
},
})
successCases = append(successCases, auditregistration.Policy{Level: auditregistration.LevelNone}) // Policy with none level only
for i, policy := range successCases {
if errs := ValidatePolicy(policy, field.NewPath("policy")); len(errs) != 0 {
t.Errorf("[%d] Expected policy %#v to be valid: %v", i, policy, errs)
}
}
errorCases := []auditregistration.Policy{}
errorCases = append(errorCases, auditregistration.Policy{}) // Empty policy // Policy with missing level
errorCases = append(errorCases, auditregistration.Policy{Stages: []auditregistration.Stage{ // Policy with invalid stages
auditregistration.Stage("Bad")}})
errorCases = append(errorCases, auditregistration.Policy{Level: auditregistration.Level("invalid")}) // Policy with bad level
errorCases = append(errorCases, auditregistration.Policy{Level: auditregistration.LevelMetadata}) // Policy without stages
for i, policy := range errorCases {
if errs := ValidatePolicy(policy, field.NewPath("policy")); len(errs) == 0 {
t.Errorf("[%d] Expected policy %#v to be invalid!", i, policy)
}
}
}
func strPtr(s string) *string { return &s }
func TestValidateWebhookConfiguration(t *testing.T) {
tests := []struct {
name string
config auditregistration.Webhook
expectedError string
}{
{
name: "both service and URL missing",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{},
},
expectedError: `exactly one of`,
},
{
name: "both service and URL provided",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
Service: &auditregistration.ServiceReference{
Namespace: "ns",
Name: "n",
},
URL: strPtr("example.com/k8s/webhook"),
},
},
expectedError: `webhook.clientConfig.url: Required value: exactly one of url or service is required`,
},
{
name: "blank URL",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
URL: strPtr(""),
},
},
expectedError: `webhook.clientConfig.url: Invalid value: "": host must be provided`,
},
{
name: "missing host",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
URL: strPtr("https:///fancy/webhook"),
},
},
expectedError: `host must be provided`,
},
{
name: "fragment",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
URL: strPtr("https://example.com/#bookmark"),
},
},
expectedError: `"bookmark": fragments are not permitted`,
},
{
name: "query",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
URL: strPtr("https://example.com?arg=value"),
},
},
expectedError: `"arg=value": query parameters are not permitted`,
},
{
name: "user",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
URL: strPtr("https://harry.potter@example.com/"),
},
},
expectedError: `"harry.potter": user information is not permitted`,
},
{
name: "just totally wrong",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
URL: strPtr("arg#backwards=thisis?html.index/port:host//:https"),
},
},
expectedError: `host must be provided`,
},
{
name: "path must start with slash",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
Service: &auditregistration.ServiceReference{
Namespace: "ns",
Name: "n",
Path: strPtr("foo/"),
},
},
},
expectedError: `clientConfig.service.path: Invalid value: "foo/": must start with a '/'`,
},
{
name: "path accepts slash",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
Service: &auditregistration.ServiceReference{
Namespace: "ns",
Name: "n",
Path: strPtr("/"),
},
},
},
expectedError: ``,
},
{
name: "path accepts no trailing slash",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
Service: &auditregistration.ServiceReference{
Namespace: "ns",
Name: "n",
Path: strPtr("/foo"),
},
},
},
expectedError: ``,
},
{
name: "path fails //",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
Service: &auditregistration.ServiceReference{
Namespace: "ns",
Name: "n",
Path: strPtr("//"),
},
},
},
expectedError: `clientConfig.service.path: Invalid value: "//": segment[0] may not be empty`,
},
{
name: "path no empty step",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
Service: &auditregistration.ServiceReference{
Namespace: "ns",
Name: "n",
Path: strPtr("/foo//bar/"),
},
},
},
expectedError: `clientConfig.service.path: Invalid value: "/foo//bar/": segment[1] may not be empty`,
}, {
name: "path no empty step 2",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
Service: &auditregistration.ServiceReference{
Namespace: "ns",
Name: "n",
Path: strPtr("/foo/bar//"),
},
},
},
expectedError: `clientConfig.service.path: Invalid value: "/foo/bar//": segment[2] may not be empty`,
},
{
name: "path no non-subdomain",
config: auditregistration.Webhook{
ClientConfig: auditregistration.WebhookClientConfig{
Service: &auditregistration.ServiceReference{
Namespace: "ns",
Name: "n",
Path: strPtr("/apis/foo.bar/v1alpha1/--bad"),
},
},
},
expectedError: `clientConfig.service.path: Invalid value: "/apis/foo.bar/v1alpha1/--bad": segment[3]: a DNS-1123 subdomain`,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
errs := ValidateWebhook(test.config, field.NewPath("webhook"))
err := errs.ToAggregate()
if err != nil {
if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
t.Errorf("expected to contain \nerr: %s \ngot: %s", e, a)
}
} else {
if test.expectedError != "" {
t.Errorf("unexpected no error, expected to contain %s", test.expectedError)
}
}
})
}
}

224
pkg/apis/auditregistration/zz_generated.deepcopy.go generated Normal file
View File

@@ -0,0 +1,224 @@
// +build !ignore_autogenerated
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package auditregistration
import (
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AuditSink) DeepCopyInto(out *AuditSink) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSink.
func (in *AuditSink) DeepCopy() *AuditSink {
if in == nil {
return nil
}
out := new(AuditSink)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *AuditSink) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AuditSinkList) DeepCopyInto(out *AuditSinkList) {
*out = *in
out.TypeMeta = in.TypeMeta
out.ListMeta = in.ListMeta
if in.Items != nil {
in, out := &in.Items, &out.Items
*out = make([]AuditSink, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSinkList.
func (in *AuditSinkList) DeepCopy() *AuditSinkList {
if in == nil {
return nil
}
out := new(AuditSinkList)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *AuditSinkList) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *AuditSinkSpec) DeepCopyInto(out *AuditSinkSpec) {
*out = *in
in.Policy.DeepCopyInto(&out.Policy)
in.Webhook.DeepCopyInto(&out.Webhook)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditSinkSpec.
func (in *AuditSinkSpec) DeepCopy() *AuditSinkSpec {
if in == nil {
return nil
}
out := new(AuditSinkSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Policy) DeepCopyInto(out *Policy) {
*out = *in
if in.Stages != nil {
in, out := &in.Stages, &out.Stages
*out = make([]Stage, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
func (in *Policy) DeepCopy() *Policy {
if in == nil {
return nil
}
out := new(Policy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServiceReference) DeepCopyInto(out *ServiceReference) {
*out = *in
if in.Path != nil {
in, out := &in.Path, &out.Path
*out = new(string)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceReference.
func (in *ServiceReference) DeepCopy() *ServiceReference {
if in == nil {
return nil
}
out := new(ServiceReference)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Webhook) DeepCopyInto(out *Webhook) {
*out = *in
if in.Throttle != nil {
in, out := &in.Throttle, &out.Throttle
*out = new(WebhookThrottleConfig)
(*in).DeepCopyInto(*out)
}
in.ClientConfig.DeepCopyInto(&out.ClientConfig)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Webhook.
func (in *Webhook) DeepCopy() *Webhook {
if in == nil {
return nil
}
out := new(Webhook)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebhookClientConfig) DeepCopyInto(out *WebhookClientConfig) {
*out = *in
if in.URL != nil {
in, out := &in.URL, &out.URL
*out = new(string)
**out = **in
}
if in.Service != nil {
in, out := &in.Service, &out.Service
*out = new(ServiceReference)
(*in).DeepCopyInto(*out)
}
if in.CABundle != nil {
in, out := &in.CABundle, &out.CABundle
*out = make([]byte, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookClientConfig.
func (in *WebhookClientConfig) DeepCopy() *WebhookClientConfig {
if in == nil {
return nil
}
out := new(WebhookClientConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *WebhookThrottleConfig) DeepCopyInto(out *WebhookThrottleConfig) {
*out = *in
if in.QPS != nil {
in, out := &in.QPS, &out.QPS
*out = new(int64)
**out = **in
}
if in.Burst != nil {
in, out := &in.Burst, &out.Burst
*out = new(int64)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookThrottleConfig.
func (in *WebhookThrottleConfig) DeepCopy() *WebhookThrottleConfig {
if in == nil {
return nil
}
out := new(WebhookThrottleConfig)
in.DeepCopyInto(out)
return out
}

2
pkg/client/clientset_generated/internalclientset/BUILD
View File

@@ -15,6 +15,7 @@ go_library(
deps = [
"//pkg/client/clientset_generated/internalclientset/typed/admissionregistration/internalversion:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/apps/internalversion:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/authentication/internalversion:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/authorization/internalversion:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/autoscaling/internalversion:go_default_library",
@@ -51,6 +52,7 @@ filegroup(
"//pkg/client/clientset_generated/internalclientset/scheme:all-srcs",
"//pkg/client/clientset_generated/internalclientset/typed/admissionregistration/internalversion:all-srcs",
"//pkg/client/clientset_generated/internalclientset/typed/apps/internalversion:all-srcs",
"//pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion:all-srcs",
"//pkg/client/clientset_generated/internalclientset/typed/authentication/internalversion:all-srcs",
"//pkg/client/clientset_generated/internalclientset/typed/authorization/internalversion:all-srcs",
"//pkg/client/clientset_generated/internalclientset/typed/autoscaling/internalversion:all-srcs",

14
pkg/client/clientset_generated/internalclientset/clientset.go
View File

@@ -24,6 +24,7 @@ import (
flowcontrol "k8s.io/client-go/util/flowcontrol"
admissionregistrationinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/admissionregistration/internalversion"
appsinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/apps/internalversion"
auditregistrationinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion"
authenticationinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/authentication/internalversion"
authorizationinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/authorization/internalversion"
autoscalinginternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/autoscaling/internalversion"
@@ -46,6 +47,7 @@ type Interface interface {
Admissionregistration() admissionregistrationinternalversion.AdmissionregistrationInterface
Core() coreinternalversion.CoreInterface
Apps() appsinternalversion.AppsInterface
Auditregistration() auditregistrationinternalversion.AuditregistrationInterface
Authentication() authenticationinternalversion.AuthenticationInterface
Authorization() authorizationinternalversion.AuthorizationInterface
Autoscaling() autoscalinginternalversion.AutoscalingInterface
@@ -69,6 +71,7 @@ type Clientset struct {
admissionregistration *admissionregistrationinternalversion.AdmissionregistrationClient
core *coreinternalversion.CoreClient
apps *appsinternalversion.AppsClient
auditregistration *auditregistrationinternalversion.AuditregistrationClient
authentication *authenticationinternalversion.AuthenticationClient
authorization *authorizationinternalversion.AuthorizationClient
autoscaling *autoscalinginternalversion.AutoscalingClient
@@ -100,6 +103,11 @@ func (c *Clientset) Apps() appsinternalversion.AppsInterface {
return c.apps
}
// Auditregistration retrieves the AuditregistrationClient
func (c *Clientset) Auditregistration() auditregistrationinternalversion.AuditregistrationInterface {
return c.auditregistration
}
// Authentication retrieves the AuthenticationClient
func (c *Clientset) Authentication() authenticationinternalversion.AuthenticationInterface {
return c.authentication
@@ -198,6 +206,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) {
if err != nil {
return nil, err
}
cs.auditregistration, err = auditregistrationinternalversion.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
}
cs.authentication, err = authenticationinternalversion.NewForConfig(&configShallowCopy)
if err != nil {
return nil, err
@@ -269,6 +281,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset {
cs.admissionregistration = admissionregistrationinternalversion.NewForConfigOrDie(c)
cs.core = coreinternalversion.NewForConfigOrDie(c)
cs.apps = appsinternalversion.NewForConfigOrDie(c)
cs.auditregistration = auditregistrationinternalversion.NewForConfigOrDie(c)
cs.authentication = authenticationinternalversion.NewForConfigOrDie(c)
cs.authorization = authorizationinternalversion.NewForConfigOrDie(c)
cs.autoscaling = autoscalinginternalversion.NewForConfigOrDie(c)
@@ -294,6 +307,7 @@ func New(c rest.Interface) *Clientset {
cs.admissionregistration = admissionregistrationinternalversion.New(c)
cs.core = coreinternalversion.New(c)
cs.apps = appsinternalversion.New(c)
cs.auditregistration = auditregistrationinternalversion.New(c)
cs.authentication = authenticationinternalversion.New(c)
cs.authorization = authorizationinternalversion.New(c)
cs.autoscaling = autoscalinginternalversion.New(c)

3
pkg/client/clientset_generated/internalclientset/fake/BUILD
View File

@@ -16,6 +16,7 @@ go_library(
deps = [
"//pkg/apis/admissionregistration:go_default_library",
"//pkg/apis/apps:go_default_library",
"//pkg/apis/auditregistration:go_default_library",
"//pkg/apis/authentication:go_default_library",
"//pkg/apis/authorization:go_default_library",
"//pkg/apis/autoscaling:go_default_library",
@@ -36,6 +37,8 @@ go_library(
"//pkg/client/clientset_generated/internalclientset/typed/admissionregistration/internalversion/fake:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/apps/internalversion:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/apps/internalversion/fake:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/fake:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/authentication/internalversion:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/authentication/internalversion/fake:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/authorization/internalversion:go_default_library",

7
pkg/client/clientset_generated/internalclientset/fake/clientset_generated.go
View File

@@ -29,6 +29,8 @@ import (
fakeadmissionregistrationinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/admissionregistration/internalversion/fake"
appsinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/apps/internalversion"
fakeappsinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/apps/internalversion/fake"
auditregistrationinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion"
fakeauditregistrationinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/fake"
authenticationinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/authentication/internalversion"
fakeauthenticationinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/authentication/internalversion/fake"
authorizationinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/authorization/internalversion"
@@ -118,6 +120,11 @@ func (c *Clientset) Apps() appsinternalversion.AppsInterface {
return &fakeappsinternalversion.FakeApps{Fake: &c.Fake}
}
// Auditregistration retrieves the AuditregistrationClient
func (c *Clientset) Auditregistration() auditregistrationinternalversion.AuditregistrationInterface {
return &fakeauditregistrationinternalversion.FakeAuditregistration{Fake: &c.Fake}
}
// Authentication retrieves the AuthenticationClient
func (c *Clientset) Authentication() authenticationinternalversion.AuthenticationInterface {
return &fakeauthenticationinternalversion.FakeAuthentication{Fake: &c.Fake}

2
pkg/client/clientset_generated/internalclientset/fake/register.go
View File

@@ -26,6 +26,7 @@ import (
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
admissionregistrationinternalversion "k8s.io/kubernetes/pkg/apis/admissionregistration"
appsinternalversion "k8s.io/kubernetes/pkg/apis/apps"
auditregistrationinternalversion "k8s.io/kubernetes/pkg/apis/auditregistration"
authenticationinternalversion "k8s.io/kubernetes/pkg/apis/authentication"
authorizationinternalversion "k8s.io/kubernetes/pkg/apis/authorization"
autoscalinginternalversion "k8s.io/kubernetes/pkg/apis/autoscaling"
@@ -50,6 +51,7 @@ var localSchemeBuilder = runtime.SchemeBuilder{
admissionregistrationinternalversion.AddToScheme,
coreinternalversion.AddToScheme,
appsinternalversion.AddToScheme,
auditregistrationinternalversion.AddToScheme,
authenticationinternalversion.AddToScheme,
authorizationinternalversion.AddToScheme,
autoscalinginternalversion.AddToScheme,

1
pkg/client/clientset_generated/internalclientset/scheme/BUILD
View File

@@ -15,6 +15,7 @@ go_library(
deps = [
"//pkg/apis/admissionregistration/install:go_default_library",
"//pkg/apis/apps/install:go_default_library",
"//pkg/apis/auditregistration/install:go_default_library",
"//pkg/apis/authentication/install:go_default_library",
"//pkg/apis/authorization/install:go_default_library",
"//pkg/apis/autoscaling/install:go_default_library",

2
pkg/client/clientset_generated/internalclientset/scheme/register.go
View File

@@ -25,6 +25,7 @@ import (
serializer "k8s.io/apimachinery/pkg/runtime/serializer"
admissionregistration "k8s.io/kubernetes/pkg/apis/admissionregistration/install"
apps "k8s.io/kubernetes/pkg/apis/apps/install"
auditregistration "k8s.io/kubernetes/pkg/apis/auditregistration/install"
authentication "k8s.io/kubernetes/pkg/apis/authentication/install"
authorization "k8s.io/kubernetes/pkg/apis/authorization/install"
autoscaling "k8s.io/kubernetes/pkg/apis/autoscaling/install"
@@ -56,6 +57,7 @@ func Install(scheme *runtime.Scheme) {
admissionregistration.Install(scheme)
core.Install(scheme)
apps.Install(scheme)
auditregistration.Install(scheme)
authentication.Install(scheme)
authorization.Install(scheme)
autoscaling.Install(scheme)

38
pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/BUILD Normal file
View File

@@ -0,0 +1,38 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"auditregistration_client.go",
"auditsink.go",
"doc.go",
"generated_expansion.go",
],
importpath = "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion",
visibility = ["//visibility:public"],
deps = [
"//pkg/apis/auditregistration:go_default_library",
"//pkg/client/clientset_generated/internalclientset/scheme:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/watch:go_default_library",
"//staging/src/k8s.io/client-go/rest:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [
":package-srcs",
"//pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/fake:all-srcs",
],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

96
pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/auditregistration_client.go Normal file
View File

@@ -0,0 +1,96 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package internalversion
import (
rest "k8s.io/client-go/rest"
"k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/scheme"
)
type AuditregistrationInterface interface {
RESTClient() rest.Interface
AuditSinksGetter
}
// AuditregistrationClient is used to interact with features provided by the auditregistration.k8s.io group.
type AuditregistrationClient struct {
restClient rest.Interface
}
func (c *AuditregistrationClient) AuditSinks() AuditSinkInterface {
return newAuditSinks(c)
}
// NewForConfig creates a new AuditregistrationClient for the given config.
func NewForConfig(c *rest.Config) (*AuditregistrationClient, error) {
config := *c
if err := setConfigDefaults(&config); err != nil {
return nil, err
}
client, err := rest.RESTClientFor(&config)
if err != nil {
return nil, err
}
return &AuditregistrationClient{client}, nil
}
// NewForConfigOrDie creates a new AuditregistrationClient for the given config and
// panics if there is an error in the config.
func NewForConfigOrDie(c *rest.Config) *AuditregistrationClient {
client, err := NewForConfig(c)
if err != nil {
panic(err)
}
return client
}
// New creates a new AuditregistrationClient for the given RESTClient.
func New(c rest.Interface) *AuditregistrationClient {
return &AuditregistrationClient{c}
}
func setConfigDefaults(config *rest.Config) error {
config.APIPath = "/apis"
if config.UserAgent == "" {
config.UserAgent = rest.DefaultKubernetesUserAgent()
}
if config.GroupVersion == nil || config.GroupVersion.Group != scheme.Scheme.PrioritizedVersionsForGroup("auditregistration.k8s.io")[0].Group {
gv := scheme.Scheme.PrioritizedVersionsForGroup("auditregistration.k8s.io")[0]
config.GroupVersion = &gv
}
config.NegotiatedSerializer = scheme.Codecs
if config.QPS == 0 {
config.QPS = 5
}
if config.Burst == 0 {
config.Burst = 10
}
return nil
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *AuditregistrationClient) RESTClient() rest.Interface {
if c == nil {
return nil
}
return c.restClient
}

147
pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/auditsink.go Normal file
View File

@@ -0,0 +1,147 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package internalversion
import (
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
rest "k8s.io/client-go/rest"
auditregistration "k8s.io/kubernetes/pkg/apis/auditregistration"
scheme "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/scheme"
)
// AuditSinksGetter has a method to return a AuditSinkInterface.
// A group's client should implement this interface.
type AuditSinksGetter interface {
AuditSinks() AuditSinkInterface
}
// AuditSinkInterface has methods to work with AuditSink resources.
type AuditSinkInterface interface {
Create(*auditregistration.AuditSink) (*auditregistration.AuditSink, error)
Update(*auditregistration.AuditSink) (*auditregistration.AuditSink, error)
Delete(name string, options *v1.DeleteOptions) error
DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
Get(name string, options v1.GetOptions) (*auditregistration.AuditSink, error)
List(opts v1.ListOptions) (*auditregistration.AuditSinkList, error)
Watch(opts v1.ListOptions) (watch.Interface, error)
Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *auditregistration.AuditSink, err error)
AuditSinkExpansion
}
// auditSinks implements AuditSinkInterface
type auditSinks struct {
client rest.Interface
}
// newAuditSinks returns a AuditSinks
func newAuditSinks(c *AuditregistrationClient) *auditSinks {
return &auditSinks{
client: c.RESTClient(),
}
}
// Get takes name of the auditSink, and returns the corresponding auditSink object, and an error if there is any.
func (c *auditSinks) Get(name string, options v1.GetOptions) (result *auditregistration.AuditSink, err error) {
result = &auditregistration.AuditSink{}
err = c.client.Get().
Resource("auditsinks").
Name(name).
VersionedParams(&options, scheme.ParameterCodec).
Do().
Into(result)
return
}
// List takes label and field selectors, and returns the list of AuditSinks that match those selectors.
func (c *auditSinks) List(opts v1.ListOptions) (result *auditregistration.AuditSinkList, err error) {
result = &auditregistration.AuditSinkList{}
err = c.client.Get().
Resource("auditsinks").
VersionedParams(&opts, scheme.ParameterCodec).
Do().
Into(result)
return
}
// Watch returns a watch.Interface that watches the requested auditSinks.
func (c *auditSinks) Watch(opts v1.ListOptions) (watch.Interface, error) {
opts.Watch = true
return c.client.Get().
Resource("auditsinks").
VersionedParams(&opts, scheme.ParameterCodec).
Watch()
}
// Create takes the representation of a auditSink and creates it. Returns the server's representation of the auditSink, and an error, if there is any.
func (c *auditSinks) Create(auditSink *auditregistration.AuditSink) (result *auditregistration.AuditSink, err error) {
result = &auditregistration.AuditSink{}
err = c.client.Post().
Resource("auditsinks").
Body(auditSink).
Do().
Into(result)
return
}
// Update takes the representation of a auditSink and updates it. Returns the server's representation of the auditSink, and an error, if there is any.
func (c *auditSinks) Update(auditSink *auditregistration.AuditSink) (result *auditregistration.AuditSink, err error) {
result = &auditregistration.AuditSink{}
err = c.client.Put().
Resource("auditsinks").
Name(auditSink.Name).
Body(auditSink).
Do().
Into(result)
return
}
// Delete takes name of the auditSink and deletes it. Returns an error if one occurs.
func (c *auditSinks) Delete(name string, options *v1.DeleteOptions) error {
return c.client.Delete().
Resource("auditsinks").
Name(name).
Body(options).
Do().
Error()
}
// DeleteCollection deletes a collection of objects.
func (c *auditSinks) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
return c.client.Delete().
Resource("auditsinks").
VersionedParams(&listOptions, scheme.ParameterCodec).
Body(options).
Do().
Error()
}
// Patch applies the patch and returns the patched auditSink.
func (c *auditSinks) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *auditregistration.AuditSink, err error) {
result = &auditregistration.AuditSink{}
err = c.client.Patch(pt).
Resource("auditsinks").
SubResource(subresources...).
Name(name).
Body(data).
Do().
Into(result)
return
}

20
pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/doc.go Normal file
View File

@@ -0,0 +1,20 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// This package has the automatically generated typed clients.
package internalversion

37
pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/fake/BUILD Normal file
View File

@@ -0,0 +1,37 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"doc.go",
"fake_auditregistration_client.go",
"fake_auditsink.go",
],
importpath = "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/fake",
visibility = ["//visibility:public"],
deps = [
"//pkg/apis/auditregistration:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/watch:go_default_library",
"//staging/src/k8s.io/client-go/rest:go_default_library",
"//staging/src/k8s.io/client-go/testing:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

20
pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/fake/doc.go Normal file
View File

@@ -0,0 +1,20 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
// Package fake has the automatically generated clients.
package fake

40
pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/fake/fake_auditregistration_client.go Normal file
View File

@@ -0,0 +1,40 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
internalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion"
)
type FakeAuditregistration struct {
*testing.Fake
}
func (c *FakeAuditregistration) AuditSinks() internalversion.AuditSinkInterface {
return &FakeAuditSinks{c}
}
// RESTClient returns a RESTClient that is used to communicate
// with API server by this client implementation.
func (c *FakeAuditregistration) RESTClient() rest.Interface {
var ret *rest.RESTClient
return ret
}

120
pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/fake/fake_auditsink.go Normal file
View File

@@ -0,0 +1,120 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package fake
import (
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"
testing "k8s.io/client-go/testing"
auditregistration "k8s.io/kubernetes/pkg/apis/auditregistration"
)
// FakeAuditSinks implements AuditSinkInterface
type FakeAuditSinks struct {
Fake *FakeAuditregistration
}
var auditsinksResource = schema.GroupVersionResource{Group: "auditregistration.k8s.io", Version: "", Resource: "auditsinks"}
var auditsinksKind = schema.GroupVersionKind{Group: "auditregistration.k8s.io", Version: "", Kind: "AuditSink"}
// Get takes name of the auditSink, and returns the corresponding auditSink object, and an error if there is any.
func (c *FakeAuditSinks) Get(name string, options v1.GetOptions) (result *auditregistration.AuditSink, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootGetAction(auditsinksResource, name), &auditregistration.AuditSink{})
if obj == nil {
return nil, err
}
return obj.(*auditregistration.AuditSink), err
}
// List takes label and field selectors, and returns the list of AuditSinks that match those selectors.
func (c *FakeAuditSinks) List(opts v1.ListOptions) (result *auditregistration.AuditSinkList, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootListAction(auditsinksResource, auditsinksKind, opts), &auditregistration.AuditSinkList{})
if obj == nil {
return nil, err
}
label, _, _ := testing.ExtractFromListOptions(opts)
if label == nil {
label = labels.Everything()
}
list := &auditregistration.AuditSinkList{ListMeta: obj.(*auditregistration.AuditSinkList).ListMeta}
for _, item := range obj.(*auditregistration.AuditSinkList).Items {
if label.Matches(labels.Set(item.Labels)) {
list.Items = append(list.Items, item)
}
}
return list, err
}
// Watch returns a watch.Interface that watches the requested auditSinks.
func (c *FakeAuditSinks) Watch(opts v1.ListOptions) (watch.Interface, error) {
return c.Fake.
InvokesWatch(testing.NewRootWatchAction(auditsinksResource, opts))
}
// Create takes the representation of a auditSink and creates it. Returns the server's representation of the auditSink, and an error, if there is any.
func (c *FakeAuditSinks) Create(auditSink *auditregistration.AuditSink) (result *auditregistration.AuditSink, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootCreateAction(auditsinksResource, auditSink), &auditregistration.AuditSink{})
if obj == nil {
return nil, err
}
return obj.(*auditregistration.AuditSink), err
}
// Update takes the representation of a auditSink and updates it. Returns the server's representation of the auditSink, and an error, if there is any.
func (c *FakeAuditSinks) Update(auditSink *auditregistration.AuditSink) (result *auditregistration.AuditSink, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootUpdateAction(auditsinksResource, auditSink), &auditregistration.AuditSink{})
if obj == nil {
return nil, err
}
return obj.(*auditregistration.AuditSink), err
}
// Delete takes name of the auditSink and deletes it. Returns an error if one occurs.
func (c *FakeAuditSinks) Delete(name string, options *v1.DeleteOptions) error {
_, err := c.Fake.
Invokes(testing.NewRootDeleteAction(auditsinksResource, name), &auditregistration.AuditSink{})
return err
}
// DeleteCollection deletes a collection of objects.
func (c *FakeAuditSinks) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
action := testing.NewRootDeleteCollectionAction(auditsinksResource, listOptions)
_, err := c.Fake.Invokes(action, &auditregistration.AuditSinkList{})
return err
}
// Patch applies the patch and returns the patched auditSink.
func (c *FakeAuditSinks) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *auditregistration.AuditSink, err error) {
obj, err := c.Fake.
Invokes(testing.NewRootPatchSubresourceAction(auditsinksResource, name, pt, data, subresources...), &auditregistration.AuditSink{})
if obj == nil {
return nil, err
}
return obj.(*auditregistration.AuditSink), err
}

21
pkg/client/clientset_generated/internalclientset/typed/auditregistration/internalversion/generated_expansion.go Normal file
View File

@@ -0,0 +1,21 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by client-gen. DO NOT EDIT.
package internalversion
type AuditSinkExpansion interface{}

3
pkg/client/informers/informers_generated/internalversion/BUILD
View File

@@ -15,6 +15,7 @@ go_library(
deps = [
"//pkg/apis/admissionregistration:go_default_library",
"//pkg/apis/apps:go_default_library",
"//pkg/apis/auditregistration:go_default_library",
"//pkg/apis/autoscaling:go_default_library",
"//pkg/apis/batch:go_default_library",
"//pkg/apis/certificates:go_default_library",
@@ -30,6 +31,7 @@ go_library(
"//pkg/client/clientset_generated/internalclientset:go_default_library",
"//pkg/client/informers/informers_generated/internalversion/admissionregistration:go_default_library",
"//pkg/client/informers/informers_generated/internalversion/apps:go_default_library",
"//pkg/client/informers/informers_generated/internalversion/auditregistration:go_default_library",
"//pkg/client/informers/informers_generated/internalversion/autoscaling:go_default_library",
"//pkg/client/informers/informers_generated/internalversion/batch:go_default_library",
"//pkg/client/informers/informers_generated/internalversion/certificates:go_default_library",
@@ -63,6 +65,7 @@ filegroup(
":package-srcs",
"//pkg/client/informers/informers_generated/internalversion/admissionregistration:all-srcs",
"//pkg/client/informers/informers_generated/internalversion/apps:all-srcs",
"//pkg/client/informers/informers_generated/internalversion/auditregistration:all-srcs",
"//pkg/client/informers/informers_generated/internalversion/autoscaling:all-srcs",
"//pkg/client/informers/informers_generated/internalversion/batch:all-srcs",
"//pkg/client/informers/informers_generated/internalversion/certificates:all-srcs",

29
pkg/client/informers/informers_generated/internalversion/auditregistration/BUILD Normal file
View File

@@ -0,0 +1,29 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = ["interface.go"],
importpath = "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/auditregistration",
visibility = ["//visibility:public"],
deps = [
"//pkg/client/informers/informers_generated/internalversion/auditregistration/internalversion:go_default_library",
"//pkg/client/informers/informers_generated/internalversion/internalinterfaces:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [
":package-srcs",
"//pkg/client/informers/informers_generated/internalversion/auditregistration/internalversion:all-srcs",
],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

46
pkg/client/informers/informers_generated/internalversion/auditregistration/interface.go Normal file
View File

@@ -0,0 +1,46 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package auditregistration
import (
internalversion "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/auditregistration/internalversion"
internalinterfaces "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/internalinterfaces"
)
// Interface provides access to each of this group's versions.
type Interface interface {
// InternalVersion provides access to shared informers for resources in InternalVersion.
InternalVersion() internalversion.Interface
}
type group struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// InternalVersion returns a new internalversion.Interface.
func (g *group) InternalVersion() internalversion.Interface {
return internalversion.New(g.factory, g.namespace, g.tweakListOptions)
}

35
pkg/client/informers/informers_generated/internalversion/auditregistration/internalversion/BUILD Normal file
View File

@@ -0,0 +1,35 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"auditsink.go",
"interface.go",
],
importpath = "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/auditregistration/internalversion",
visibility = ["//visibility:public"],
deps = [
"//pkg/apis/auditregistration:go_default_library",
"//pkg/client/clientset_generated/internalclientset:go_default_library",
"//pkg/client/informers/informers_generated/internalversion/internalinterfaces:go_default_library",
"//pkg/client/listers/auditregistration/internalversion:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/watch:go_default_library",
"//staging/src/k8s.io/client-go/tools/cache:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

88
pkg/client/informers/informers_generated/internalversion/auditregistration/internalversion/auditsink.go Normal file
View File

@@ -0,0 +1,88 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package internalversion
import (
time "time"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"
cache "k8s.io/client-go/tools/cache"
auditregistration "k8s.io/kubernetes/pkg/apis/auditregistration"
internalclientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
internalinterfaces "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/internalinterfaces"
internalversion "k8s.io/kubernetes/pkg/client/listers/auditregistration/internalversion"
)
// AuditSinkInformer provides access to a shared informer and lister for
// AuditSinks.
type AuditSinkInformer interface {
Informer() cache.SharedIndexInformer
Lister() internalversion.AuditSinkLister
}
type auditSinkInformer struct {
factory internalinterfaces.SharedInformerFactory
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// NewAuditSinkInformer constructs a new informer for AuditSink type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewAuditSinkInformer(client internalclientset.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
return NewFilteredAuditSinkInformer(client, resyncPeriod, indexers, nil)
}
// NewFilteredAuditSinkInformer constructs a new informer for AuditSink type.
// Always prefer using an informer factory to get a shared informer instead of getting an independent
// one. This reduces memory footprint and number of connections to the server.
func NewFilteredAuditSinkInformer(client internalclientset.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
return cache.NewSharedIndexInformer(
&cache.ListWatch{
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.Auditregistration().AuditSinks().List(options)
},
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
if tweakListOptions != nil {
tweakListOptions(&options)
}
return client.Auditregistration().AuditSinks().Watch(options)
},
},
&auditregistration.AuditSink{},
resyncPeriod,
indexers,
)
}
func (f *auditSinkInformer) defaultInformer(client internalclientset.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
return NewFilteredAuditSinkInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
}
func (f *auditSinkInformer) Informer() cache.SharedIndexInformer {
return f.factory.InformerFor(&auditregistration.AuditSink{}, f.defaultInformer)
}
func (f *auditSinkInformer) Lister() internalversion.AuditSinkLister {
return internalversion.NewAuditSinkLister(f.Informer().GetIndexer())
}

45
pkg/client/informers/informers_generated/internalversion/auditregistration/internalversion/interface.go Normal file
View File

@@ -0,0 +1,45 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by informer-gen. DO NOT EDIT.
package internalversion
import (
internalinterfaces "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/internalinterfaces"
)
// Interface provides access to all the informers in this group version.
type Interface interface {
// AuditSinks returns a AuditSinkInformer.
AuditSinks() AuditSinkInformer
}
type version struct {
factory internalinterfaces.SharedInformerFactory
namespace string
tweakListOptions internalinterfaces.TweakListOptionsFunc
}
// New returns a new Interface.
func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
// AuditSinks returns a AuditSinkInformer.
func (v *version) AuditSinks() AuditSinkInformer {
return &auditSinkInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}

6
pkg/client/informers/informers_generated/internalversion/factory.go
View File

@@ -30,6 +30,7 @@ import (
internalclientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
admissionregistration "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/admissionregistration"
apps "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/apps"
auditregistration "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/auditregistration"
autoscaling "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/autoscaling"
batch "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/batch"
certificates "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/certificates"
@@ -187,6 +188,7 @@ type SharedInformerFactory interface {
Admissionregistration() admissionregistration.Interface
Apps() apps.Interface
Auditregistration() auditregistration.Interface
Autoscaling() autoscaling.Interface
Batch() batch.Interface
Certificates() certificates.Interface
@@ -209,6 +211,10 @@ func (f *sharedInformerFactory) Apps() apps.Interface {
return apps.New(f, f.namespace, f.tweakListOptions)
}
func (f *sharedInformerFactory) Auditregistration() auditregistration.Interface {
return auditregistration.New(f, f.namespace, f.tweakListOptions)
}
func (f *sharedInformerFactory) Autoscaling() autoscaling.Interface {
return autoscaling.New(f, f.namespace, f.tweakListOptions)
}

5
pkg/client/informers/informers_generated/internalversion/generic.go
View File

@@ -25,6 +25,7 @@ import (
cache "k8s.io/client-go/tools/cache"
admissionregistration "k8s.io/kubernetes/pkg/apis/admissionregistration"
apps "k8s.io/kubernetes/pkg/apis/apps"
auditregistration "k8s.io/kubernetes/pkg/apis/auditregistration"
autoscaling "k8s.io/kubernetes/pkg/apis/autoscaling"
batch "k8s.io/kubernetes/pkg/apis/batch"
certificates "k8s.io/kubernetes/pkg/apis/certificates"
@@ -79,6 +80,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
case apps.SchemeGroupVersion.WithResource("statefulsets"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().InternalVersion().StatefulSets().Informer()}, nil
// Group=auditregistration.k8s.io, Version=internalVersion
case auditregistration.SchemeGroupVersion.WithResource("auditsinks"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Auditregistration().InternalVersion().AuditSinks().Informer()}, nil
// Group=autoscaling, Version=internalVersion
case autoscaling.SchemeGroupVersion.WithResource("horizontalpodautoscalers"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Autoscaling().InternalVersion().HorizontalPodAutoscalers().Informer()}, nil

31
pkg/client/listers/auditregistration/internalversion/BUILD Normal file
View File

@@ -0,0 +1,31 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "go_default_library",
srcs = [
"auditsink.go",
"expansion_generated.go",
],
importpath = "k8s.io/kubernetes/pkg/client/listers/auditregistration/internalversion",
visibility = ["//visibility:public"],
deps = [
"//pkg/apis/auditregistration:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library",
"//staging/src/k8s.io/client-go/tools/cache:go_default_library",
],
)
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [":package-srcs"],
tags = ["automanaged"],
visibility = ["//visibility:public"],
)

65
pkg/client/listers/auditregistration/internalversion/auditsink.go Normal file
View File

@@ -0,0 +1,65 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package internalversion
import (
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"
auditregistration "k8s.io/kubernetes/pkg/apis/auditregistration"
)
// AuditSinkLister helps list AuditSinks.
type AuditSinkLister interface {
// List lists all AuditSinks in the indexer.
List(selector labels.Selector) (ret []*auditregistration.AuditSink, err error)
// Get retrieves the AuditSink from the index for a given name.
Get(name string) (*auditregistration.AuditSink, error)
AuditSinkListerExpansion
}
// auditSinkLister implements the AuditSinkLister interface.
type auditSinkLister struct {
indexer cache.Indexer
}
// NewAuditSinkLister returns a new AuditSinkLister.
func NewAuditSinkLister(indexer cache.Indexer) AuditSinkLister {
return &auditSinkLister{indexer: indexer}
}
// List lists all AuditSinks in the indexer.
func (s *auditSinkLister) List(selector labels.Selector) (ret []*auditregistration.AuditSink, err error) {
err = cache.ListAll(s.indexer, selector, func(m interface{}) {
ret = append(ret, m.(*auditregistration.AuditSink))
})
return ret, err
}
// Get retrieves the AuditSink from the index for a given name.
func (s *auditSinkLister) Get(name string) (*auditregistration.AuditSink, error) {
obj, exists, err := s.indexer.GetByKey(name)
if err != nil {
return nil, err
}
if !exists {
return nil, errors.NewNotFound(auditregistration.Resource("auditsink"), name)
}
return obj.(*auditregistration.AuditSink), nil
}

23
pkg/client/listers/auditregistration/internalversion/expansion_generated.go Normal file
View File

@@ -0,0 +1,23 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by lister-gen. DO NOT EDIT.
package internalversion
// AuditSinkListerExpansion allows custom methods to be added to
// AuditSinkLister.
type AuditSinkListerExpansion interface{}

6
pkg/cloudprovider/providers/aws/aws.go
View File

@@ -1386,7 +1386,9 @@ func (c *Cloud) InstanceShutdownByProviderID(ctx context.Context, providerID str
}
if len(instances) == 0 {
glog.Warningf("the instance %s does not exist anymore", providerID)
return true, nil
// returns false, because otherwise node is not deleted from cluster
// false means that it will continue to check InstanceExistsByProviderID
return false, nil
}
if len(instances) > 1 {
return false, fmt.Errorf("multiple instances found for instance: %s", instanceID)
@@ -1396,7 +1398,7 @@ func (c *Cloud) InstanceShutdownByProviderID(ctx context.Context, providerID str
if instance.State != nil {
state := aws.StringValue(instance.State.Name)
// valid state for detaching volumes
if state == ec2.InstanceStateNameStopped || state == ec2.InstanceStateNameTerminated {
if state == ec2.InstanceStateNameStopped {
return true, nil
}
}

4
pkg/cloudprovider/providers/azure/BUILD
View File

@@ -60,7 +60,7 @@ go_library(
"//staging/src/k8s.io/cloud-provider:go_default_library",
"//vendor/github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute:go_default_library",
"//vendor/github.com/Azure/azure-sdk-for-go/services/network/mgmt/2017-09-01/network:go_default_library",
"//vendor/github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage:go_default_library",
"//vendor/github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage:go_default_library",
"//vendor/github.com/Azure/azure-sdk-for-go/storage:go_default_library",
"//vendor/github.com/Azure/go-autorest/autorest:go_default_library",
"//vendor/github.com/Azure/go-autorest/autorest/adal:go_default_library",
@@ -103,7 +103,7 @@ go_test(
"//staging/src/k8s.io/cloud-provider:go_default_library",
"//vendor/github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute:go_default_library",
"//vendor/github.com/Azure/azure-sdk-for-go/services/network/mgmt/2017-09-01/network:go_default_library",
"//vendor/github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage:go_default_library",
"//vendor/github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage:go_default_library",
"//vendor/github.com/Azure/go-autorest/autorest:go_default_library",
"//vendor/github.com/Azure/go-autorest/autorest/to:go_default_library",
"//vendor/github.com/stretchr/testify/assert:go_default_library",

6
pkg/cloudprovider/providers/azure/azure_blobDiskController.go
View File

@@ -27,7 +27,7 @@ import (
"sync/atomic"
"time"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage"
azstorage "github.com/Azure/azure-sdk-for-go/storage"
"github.com/Azure/go-autorest/autorest/to"
"github.com/golang/glog"
@@ -80,7 +80,7 @@ func newBlobDiskController(common *controllerCommon) (*BlobDiskController, error
// If no storage account is given, search all the storage accounts associated with the resource group and pick one that
// fits storage type and location.
func (c *BlobDiskController) CreateVolume(blobName, accountName, accountType, location string, requestGB int) (string, string, int, error) {
account, key, err := c.common.cloud.ensureStorageAccount(accountName, accountType, c.common.resourceGroup, location, dedicatedDiskAccountNamePrefix)
account, key, err := c.common.cloud.ensureStorageAccount(accountName, accountType, string(defaultStorageAccountKind), c.common.resourceGroup, location, dedicatedDiskAccountNamePrefix)
if err != nil {
return "", "", 0, fmt.Errorf("could not get storage key for storage account %s: %v", accountName, err)
}
@@ -491,7 +491,7 @@ func (c *BlobDiskController) createStorageAccount(storageAccountName string, sto
cp := storage.AccountCreateParameters{
Sku: &storage.Sku{Name: storageAccountType},
// switch to use StorageV2 as it's recommended according to https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options
Kind: storage.StorageV2,
Kind: defaultStorageAccountKind,
Tags: map[string]*string{"created-by": to.StringPtr("azure-dd")},
Location: &location}
ctx, cancel := getContextWithCancel()

2
pkg/cloudprovider/providers/azure/azure_client.go
View File

@@ -24,7 +24,7 @@ import (
"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute"
"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2017-09-01/network"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage"
"github.com/Azure/go-autorest/autorest"
"github.com/Azure/go-autorest/autorest/adal"
"github.com/golang/glog"

2
pkg/cloudprovider/providers/azure/azure_controller_common.go
View File

@@ -128,7 +128,7 @@ func (c *controllerCommon) GetDiskLun(diskName, diskURI string, nodeName types.N
(disk.Vhd != nil && disk.Vhd.URI != nil && diskURI != "" && *disk.Vhd.URI == diskURI) ||
(disk.ManagedDisk != nil && *disk.ManagedDisk.ID == diskURI) {
// found the disk
glog.V(4).Infof("azureDisk - find disk: lun %d name %q uri %q", *disk.Lun, diskName, diskURI)
glog.V(2).Infof("azureDisk - find disk: lun %d name %q uri %q", *disk.Lun, diskName, diskURI)
return *disk.Lun, nil
}
}

2
pkg/cloudprovider/providers/azure/azure_fakes.go
View File

@@ -31,7 +31,7 @@ import (
"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute"
"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2017-09-01/network"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage"
"github.com/Azure/go-autorest/autorest"
"github.com/Azure/go-autorest/autorest/to"
)

13
pkg/cloudprovider/providers/azure/azure_file.go
View File

@@ -58,22 +58,11 @@ func (f *azureFileClient) createFileShare(accountName, accountKey, name string,
if err != nil {
return err
}
// create a file share and set quota
// Note. Per https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/Create-Share,
// setting x-ms-share-quota can set quota on the new share, but in reality, setting quota in CreateShare
// receives error "The metadata specified is invalid. It has characters that are not permitted."
// As a result,breaking into two API calls: create share and set quota
share := fileClient.GetShareReference(name)
share.Properties.Quota = sizeGiB
if err = share.Create(nil); err != nil {
return fmt.Errorf("failed to create file share, err: %v", err)
}
share.Properties.Quota = sizeGiB
if err = share.SetProperties(nil); err != nil {
if err := share.Delete(nil); err != nil {
glog.Errorf("Error deleting share: %v", err)
}
return fmt.Errorf("failed to set quota on file share %s, err: %v", name, err)
}
return nil
}

2
pkg/cloudprovider/providers/azure/azure_managedDiskController.go
View File

@@ -24,7 +24,7 @@ import (
"strings"
"github.com/Azure/azure-sdk-for-go/services/compute/mgmt/2018-04-01/compute"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage"
"github.com/golang/glog"
"k8s.io/api/core/v1"

10
pkg/cloudprovider/providers/azure/azure_storage.go
View File

@@ -19,24 +19,26 @@ package azure
import (
"fmt"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage"
"github.com/golang/glog"
)
const (
defaultStorageAccountType = string(storage.StandardLRS)
defaultStorageAccountKind = storage.StorageV2
fileShareAccountNamePrefix = "f"
sharedDiskAccountNamePrefix = "ds"
dedicatedDiskAccountNamePrefix = "dd"
)
// CreateFileShare creates a file share, using a matching storage account
func (az *Cloud) CreateFileShare(shareName, accountName, accountType, resourceGroup, location string, requestGiB int) (string, string, error) {
// CreateFileShare creates a file share, using a matching storage account type, account kind, etc.
// storage account will be created if specified account is not found
func (az *Cloud) CreateFileShare(shareName, accountName, accountType, accountKind, resourceGroup, location string, requestGiB int) (string, string, error) {
if resourceGroup == "" {
resourceGroup = az.resourceGroup
}
account, key, err := az.ensureStorageAccount(accountName, accountType, resourceGroup, location, fileShareAccountNamePrefix)
account, key, err := az.ensureStorageAccount(accountName, accountType, accountKind, resourceGroup, location, fileShareAccountNamePrefix)
if err != nil {
return "", "", fmt.Errorf("could not get storage key for storage account %s: %v", accountName, err)
}

13
pkg/cloudprovider/providers/azure/azure_storage_test.go
View File

@@ -19,7 +19,7 @@ package azure
import (
"testing"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage"
)
func TestCreateFileShare(t *testing.T) {
@@ -30,6 +30,7 @@ func TestCreateFileShare(t *testing.T) {
name := "baz"
sku := "sku"
kind := "StorageV2"
location := "centralus"
value := "foo key"
bogus := "bogus"
@@ -38,6 +39,7 @@ func TestCreateFileShare(t *testing.T) {
name string
acct string
acctType string
acctKind string
loc string
gb int
accounts storage.AccountListResult
@@ -52,6 +54,7 @@ func TestCreateFileShare(t *testing.T) {
name: "foo",
acct: "bar",
acctType: "type",
acctKind: "StorageV2",
loc: "eastus",
gb: 10,
expectErr: true,
@@ -60,6 +63,7 @@ func TestCreateFileShare(t *testing.T) {
name: "foo",
acct: "",
acctType: "type",
acctKind: "StorageV2",
loc: "eastus",
gb: 10,
expectErr: true,
@@ -68,11 +72,12 @@ func TestCreateFileShare(t *testing.T) {
name: "foo",
acct: "",
acctType: sku,
acctKind: kind,
loc: location,
gb: 10,
accounts: storage.AccountListResult{
Value: &[]storage.Account{
{Name: &name, Sku: &storage.Sku{Name: storage.SkuName(sku)}, Location: &location},
{Name: &name, Sku: &storage.Sku{Name: storage.SkuName(sku)}, Kind: storage.Kind(kind), Location: &location},
},
},
keys: storage.AccountListKeysResult{
@@ -87,6 +92,7 @@ func TestCreateFileShare(t *testing.T) {
name: "foo",
acct: "",
acctType: sku,
acctKind: kind,
loc: location,
gb: 10,
accounts: storage.AccountListResult{
@@ -100,6 +106,7 @@ func TestCreateFileShare(t *testing.T) {
name: "foo",
acct: "",
acctType: sku,
acctKind: kind,
loc: location,
gb: 10,
accounts: storage.AccountListResult{
@@ -116,7 +123,7 @@ func TestCreateFileShare(t *testing.T) {
fake.Keys = test.keys
fake.Err = test.err
account, key, err := cloud.CreateFileShare(test.name, test.acct, test.acctType, "rg", test.loc, test.gb)
account, key, err := cloud.CreateFileShare(test.name, test.acct, test.acctType, test.acctKind, "rg", test.loc, test.gb)
if test.expectErr && err == nil {
t.Errorf("unexpected non-error")
continue

26
pkg/cloudprovider/providers/azure/azure_storageaccount.go
View File

@@ -20,7 +20,7 @@ import (
"fmt"
"strings"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage"
"github.com/Azure/go-autorest/autorest/to"
"github.com/golang/glog"
)
@@ -30,7 +30,7 @@ type accountWithLocation struct {
}
// getStorageAccounts gets name, type, location of all storage accounts in a resource group which matches matchingAccountType, matchingLocation
func (az *Cloud) getStorageAccounts(matchingAccountType, resourceGroup, matchingLocation string) ([]accountWithLocation, error) {
func (az *Cloud) getStorageAccounts(matchingAccountType, matchingAccountKind, resourceGroup, matchingLocation string) ([]accountWithLocation, error) {
ctx, cancel := getContextWithCancel()
defer cancel()
result, err := az.StorageAccountClient.ListByResourceGroup(ctx, resourceGroup)
@@ -49,6 +49,10 @@ func (az *Cloud) getStorageAccounts(matchingAccountType, resourceGroup, matching
continue
}
if matchingAccountKind != "" && !strings.EqualFold(matchingAccountKind, string(acct.Kind)) {
continue
}
location := *acct.Location
if matchingLocation != "" && !strings.EqualFold(matchingLocation, location) {
continue
@@ -86,10 +90,10 @@ func (az *Cloud) getStorageAccesskey(account, resourceGroup string) (string, err
}
// ensureStorageAccount search storage account, create one storage account(with genAccountNamePrefix) if not found, return accountName, accountKey
func (az *Cloud) ensureStorageAccount(accountName, accountType, resourceGroup, location, genAccountNamePrefix string) (string, string, error) {
func (az *Cloud) ensureStorageAccount(accountName, accountType, accountKind, resourceGroup, location, genAccountNamePrefix string) (string, string, error) {
if len(accountName) == 0 {
// find a storage account that matches accountType
accounts, err := az.getStorageAccounts(accountType, resourceGroup, location)
accounts, err := az.getStorageAccounts(accountType, accountKind, resourceGroup, location)
if err != nil {
return "", "", fmt.Errorf("could not list storage accounts for account type %s: %v", accountType, err)
}
@@ -109,12 +113,16 @@ func (az *Cloud) ensureStorageAccount(accountName, accountType, resourceGroup, l
accountType = defaultStorageAccountType
}
glog.V(2).Infof("azure - no matching account found, begin to create a new account %s in resource group %s, location: %s, accountType: %s",
accountName, resourceGroup, location, accountType)
// use StorageV2 by default per https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options
kind := defaultStorageAccountKind
if accountKind != "" {
kind = storage.Kind(accountKind)
}
glog.V(2).Infof("azure - no matching account found, begin to create a new account %s in resource group %s, location: %s, accountType: %s, accountKind: %s",
accountName, resourceGroup, location, accountType, kind)
cp := storage.AccountCreateParameters{
Sku: &storage.Sku{Name: storage.SkuName(accountType)},
// switch to use StorageV2 as it's recommended according to https://docs.microsoft.com/en-us/azure/storage/common/storage-account-options
Kind: storage.StorageV2,
Sku: &storage.Sku{Name: storage.SkuName(accountType)},
Kind: kind,
AccountPropertiesCreateParameters: &storage.AccountPropertiesCreateParameters{EnableHTTPSTrafficOnly: to.BoolPtr(true)},
Tags: map[string]*string{"created-by": to.StringPtr("azure")},
Location: &location}

2
pkg/cloudprovider/providers/azure/azure_storageaccount_test.go
View File

@@ -20,7 +20,7 @@ import (
"fmt"
"testing"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2017-10-01/storage"
"github.com/Azure/azure-sdk-for-go/services/storage/mgmt/2018-07-01/storage"
)
func TestGetStorageAccessKeys(t *testing.T) {

1
pkg/controller/certificates/approver/sarapprove_test.go
View File

@@ -86,7 +86,6 @@ func TestHasKubeletUsages(t *testing.T) {
func TestHandle(t *testing.T) {
cases := []struct {
message string
allowed bool
recognized bool
err bool

11
pkg/controller/controller_ref_manager_test.go
View File

@@ -32,7 +32,6 @@ var (
productionLabel = map[string]string{"type": "production"}
testLabel = map[string]string{"type": "testing"}
productionLabelSelector = labels.Set{"type": "production"}.AsSelector()
testLabelSelector = labels.Set{"type": "testing"}.AsSelector()
controllerUID = "123"
)
@@ -60,12 +59,10 @@ func newPod(podName string, label map[string]string, owner metav1.Object) *v1.Po
func TestClaimPods(t *testing.T) {
controllerKind := schema.GroupVersionKind{}
type test struct {
name string
manager *PodControllerRefManager
pods []*v1.Pod
filters []func(*v1.Pod) bool
claimed []*v1.Pod
released []*v1.Pod
name string
manager *PodControllerRefManager
pods []*v1.Pod
claimed []*v1.Pod
}
var tests = []test{
{

1
pkg/controller/cronjob/BUILD
View File

@@ -25,7 +25,6 @@ go_library(
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/errors:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library",

Some files were not shown because too many files have changed in this diff Show More