github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

generate

Browse Source
This commit is contained in:
David Eads
2024-06-05 16:50:43 -04:00
committed by Jordan Liggitt
parent 90f0b88b6a
commit f5e5bef2e0
40 changed files with 2449 additions and 399 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
pkg/generated/openapi/zz_generated.openapi.go generated
View File

@@ -223,6 +223,8 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
"k8s.io/api/authentication/v1beta1.TokenReviewSpec": schema_k8sio_api_authentication_v1beta1_TokenReviewSpec(ref),
"k8s.io/api/authentication/v1beta1.TokenReviewStatus": schema_k8sio_api_authentication_v1beta1_TokenReviewStatus(ref),
"k8s.io/api/authentication/v1beta1.UserInfo": schema_k8sio_api_authentication_v1beta1_UserInfo(ref),
"k8s.io/api/authorization/v1.FieldSelectorAttributes": schema_k8sio_api_authorization_v1_FieldSelectorAttributes(ref),
"k8s.io/api/authorization/v1.LabelSelectorAttributes": schema_k8sio_api_authorization_v1_LabelSelectorAttributes(ref),
"k8s.io/api/authorization/v1.LocalSubjectAccessReview": schema_k8sio_api_authorization_v1_LocalSubjectAccessReview(ref),
"k8s.io/api/authorization/v1.NonResourceAttributes": schema_k8sio_api_authorization_v1_NonResourceAttributes(ref),
"k8s.io/api/authorization/v1.NonResourceRule": schema_k8sio_api_authorization_v1_NonResourceRule(ref),
@@ -1053,6 +1055,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
"k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref),
"k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref),
"k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref),
"k8s.io/apimachinery/pkg/apis/meta/v1.FieldSelectorRequirement": schema_pkg_apis_meta_v1_FieldSelectorRequirement(ref),
"k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref),
"k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref),
"k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref),
@@ -11554,6 +11557,88 @@ func schema_k8sio_api_authentication_v1beta1_UserInfo(ref common.ReferenceCallba
}
}
func schema_k8sio_api_authorization_v1_FieldSelectorAttributes(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"rawSelector": {
SchemaProps: spec.SchemaProps{
Description: "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.",
Type: []string{"string"},
Format: "",
},
},
"requirements": {
VendorExtensible: spec.VendorExtensible{
Extensions: spec.Extensions{
"x-kubernetes-list-type": "atomic",
},
},
SchemaProps: spec.SchemaProps{
Description: "requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: map[string]interface{}{},
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.FieldSelectorRequirement"),
},
},
},
},
},
},
},
},
Dependencies: []string{
"k8s.io/apimachinery/pkg/apis/meta/v1.FieldSelectorRequirement"},
}
}
func schema_k8sio_api_authorization_v1_LabelSelectorAttributes(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"rawSelector": {
SchemaProps: spec.SchemaProps{
Description: "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.",
Type: []string{"string"},
Format: "",
},
},
"requirements": {
VendorExtensible: spec.VendorExtensible{
Extensions: spec.Extensions{
"x-kubernetes-list-type": "atomic",
},
},
SchemaProps: spec.SchemaProps{
Description: "requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: map[string]interface{}{},
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"),
},
},
},
},
},
},
},
},
Dependencies: []string{
"k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"},
}
}
func schema_k8sio_api_authorization_v1_LocalSubjectAccessReview(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
@@ -11742,9 +11827,23 @@ func schema_k8sio_api_authorization_v1_ResourceAttributes(ref common.ReferenceCa
Format: "",
},
},
"fieldSelector": {
SchemaProps: spec.SchemaProps{
Description: "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the `AuthorizeWithSelectors` feature gate (disabled by default).",
Ref: ref("k8s.io/api/authorization/v1.FieldSelectorAttributes"),
},
},
"labelSelector": {
SchemaProps: spec.SchemaProps{
Description: "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the `AuthorizeWithSelectors` feature gate (disabled by default).",
Ref: ref("k8s.io/api/authorization/v1.LabelSelectorAttributes"),
},
},
},
},
},
Dependencies: []string{
"k8s.io/api/authorization/v1.FieldSelectorAttributes", "k8s.io/api/authorization/v1.LabelSelectorAttributes"},
}
}
@@ -12426,9 +12525,23 @@ func schema_k8sio_api_authorization_v1beta1_ResourceAttributes(ref common.Refere
Format: "",
},
},
"fieldSelector": {
SchemaProps: spec.SchemaProps{
Description: "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.",
Ref: ref("k8s.io/api/authorization/v1.FieldSelectorAttributes"),
},
},
"labelSelector": {
SchemaProps: spec.SchemaProps{
Description: "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.",
Ref: ref("k8s.io/api/authorization/v1.LabelSelectorAttributes"),
},
},
},
},
},
Dependencies: []string{
"k8s.io/api/authorization/v1.FieldSelectorAttributes", "k8s.io/api/authorization/v1.LabelSelectorAttributes"},
}
}
@@ -54029,6 +54142,56 @@ func schema_pkg_apis_meta_v1_Duration(ref common.ReferenceCallback) common.OpenA
}
}
func schema_pkg_apis_meta_v1_FieldSelectorRequirement(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{
SchemaProps: spec.SchemaProps{
Description: "FieldSelectorRequirement is a selector that contains values, a key, and an operator that relates the key and values.",
Type: []string{"object"},
Properties: map[string]spec.Schema{
"key": {
SchemaProps: spec.SchemaProps{
Description: "key is the field selector key that the requirement applies to.",
Default: "",
Type: []string{"string"},
Format: "",
},
},
"operator": {
SchemaProps: spec.SchemaProps{
Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. The list of operators may grow in the future.",
Default: "",
Type: []string{"string"},
Format: "",
},
},
"values": {
VendorExtensible: spec.VendorExtensible{
Extensions: spec.Extensions{
"x-kubernetes-list-type": "atomic",
},
},
SchemaProps: spec.SchemaProps{
Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Default: "",
Type: []string{"string"},
Format: "",
},
},
},
},
},
},
Required: []string{"key", "operator"},
},
},
}
}
func schema_pkg_apis_meta_v1_FieldsV1(ref common.ReferenceCallback) common.OpenAPIDefinition {
return common.OpenAPIDefinition{
Schema: spec.Schema{