Merge pull request #60741 from zlabjp/optional-subjects

Automatic merge from submit-queue (batch tested with PRs 60890, 63244, 60741, 63254). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Indicate clusterrolebinding, rolebinding subjects are optional fields **What this PR does / why we need it**: With this PR, clusterrolebinding and rolebinding subjects are marked optional instead of required. Currently we cannot create clusterrolebinding and rolebinding with subjects are empty using `kubectl create/apply/replace -f`. ``` $ kubectl create rolebinding test --clusterrole view rolebinding "test" created $ kubectl get rolebinding test -o yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: creationTimestamp: 2018-03-02T06:58:16Z name: test namespace: default resourceVersion: "5606612" selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/default/rolebindings/test uid: 155c5c29-1de7-11e8-9f6f-fa163ec89f2a roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: view subjects: null $ kubectl get rolebinding test -o yaml | kubectl replace -f - error: error validating "STDIN": error validating data: ValidationError(RoleBinding): missing required field "subjects" in io.k8s.api.rbac.v1.RoleBinding; if you choose to ignore these errors, turn validation off with --validate=false ``` **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # **Special notes for your reviewer**: This is a same issue with https://github.com/kubernetes/kubernetes/issues/59403. /cc @liggitt **Release note**: ```release-note NONE ```
2018-04-27 17:43:11 -07:00
parent d2b2c33052 0b96762f1b
commit 55f17933f5
14 changed files with 24 additions and 25 deletions
--- a/api/openapi-spec/swagger.json
+++ b/api/openapi-spec/swagger.json
@@ -82147,7 +82147,6 @@
   "io.k8s.api.rbac.v1.ClusterRoleBinding": {
    "description": "ClusterRoleBinding references a ClusterRole, but not contain it.  It can reference a ClusterRole in the global namespace, and adds who information via Subject.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {
@@ -82331,7 +82330,6 @@
   "io.k8s.api.rbac.v1.RoleBinding": {
    "description": "RoleBinding references a role, but does not contain it.  It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in.  RoleBindings in a given namespace only have effect in that namespace.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {
@@ -82535,7 +82533,6 @@
   "io.k8s.api.rbac.v1alpha1.ClusterRoleBinding": {
    "description": "ClusterRoleBinding references a ClusterRole, but not contain it.  It can reference a ClusterRole in the global namespace, and adds who information via Subject.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {
@@ -82719,7 +82716,6 @@
   "io.k8s.api.rbac.v1alpha1.RoleBinding": {
    "description": "RoleBinding references a role, but does not contain it.  It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in.  RoleBindings in a given namespace only have effect in that namespace.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {
@@ -82923,7 +82919,6 @@
   "io.k8s.api.rbac.v1beta1.ClusterRoleBinding": {
    "description": "ClusterRoleBinding references a ClusterRole, but not contain it.  It can reference a ClusterRole in the global namespace, and adds who information via Subject.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {
@@ -83107,7 +83102,6 @@
   "io.k8s.api.rbac.v1beta1.RoleBinding": {
    "description": "RoleBinding references a role, but does not contain it.  It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in.  RoleBindings in a given namespace only have effect in that namespace.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {
--- a/api/swagger-spec/rbac.authorization.k8s.io_v1.json
+++ b/api/swagger-spec/rbac.authorization.k8s.io_v1.json
@@ -3351,7 +3351,6 @@
    "id": "v1.ClusterRoleBinding",
    "description": "ClusterRoleBinding references a ClusterRole, but not contain it.  It can reference a ClusterRole in the global namespace, and adds who information via Subject.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {
@@ -3927,7 +3926,6 @@
    "id": "v1.RoleBinding",
    "description": "RoleBinding references a role, but does not contain it.  It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in.  RoleBindings in a given namespace only have effect in that namespace.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {
--- a/api/swagger-spec/rbac.authorization.k8s.io_v1alpha1.json
+++ b/api/swagger-spec/rbac.authorization.k8s.io_v1alpha1.json
@@ -3351,7 +3351,6 @@
    "id": "v1alpha1.ClusterRoleBinding",
    "description": "ClusterRoleBinding references a ClusterRole, but not contain it.  It can reference a ClusterRole in the global namespace, and adds who information via Subject.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {
@@ -3927,7 +3926,6 @@
    "id": "v1alpha1.RoleBinding",
    "description": "RoleBinding references a role, but does not contain it.  It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in.  RoleBindings in a given namespace only have effect in that namespace.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {
--- a/api/swagger-spec/rbac.authorization.k8s.io_v1beta1.json
+++ b/api/swagger-spec/rbac.authorization.k8s.io_v1beta1.json
@@ -3351,7 +3351,6 @@
    "id": "v1beta1.ClusterRoleBinding",
    "description": "ClusterRoleBinding references a ClusterRole, but not contain it.  It can reference a ClusterRole in the global namespace, and adds who information via Subject.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {
@@ -3927,7 +3926,6 @@
    "id": "v1beta1.RoleBinding",
    "description": "RoleBinding references a role, but does not contain it.  It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in.  RoleBindings in a given namespace only have effect in that namespace.",
    "required": [
-     "subjects",
     "roleRef"
    ],
    "properties": {