Skip to content

Commit

Permalink
rbac api changes for aggregation
Browse files Browse the repository at this point in the history
Kubernetes-commit: 0f0a5223dfc75337d03c9b80ae552ae8ef138eeb
  • Loading branch information
deads2k authored and k8s-publish-robot committed Oct 16, 2017
1 parent dc20b89 commit a3fae9d
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 0 deletions.
14 changes: 14 additions & 0 deletions rbac/v1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,20 @@ type ClusterRole struct {

// Rules holds all the PolicyRules for this ClusterRole
Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"`

// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
// stomped by the controller.
// +optional
AggregationRule *AggregationRule `json:"aggregationRule,omitempty" protobuf:"bytes,3,opt,name=aggregationRule"`
}

// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
type AggregationRule struct {
// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
// If any of the selectors match, then the ClusterRole's permissions will be added
// +optional
ClusterRoleSelectors []metav1.LabelSelector `json:"clusterRoleSelectors,omitempty" protobuf:"bytes,1,rep,name=clusterRoleSelectors"`
}

// +genclient
Expand Down
14 changes: 14 additions & 0 deletions rbac/v1alpha1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,20 @@ type ClusterRole struct {

// Rules holds all the PolicyRules for this ClusterRole
Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"`

// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
// stomped by the controller.
// +optional
AggregationRule *AggregationRule `json:"aggregationRule,omitempty" protobuf:"bytes,3,opt,name=aggregationRule"`
}

// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
type AggregationRule struct {
// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
// If any of the selectors match, then the ClusterRole's permissions will be added
// +optional
ClusterRoleSelectors []metav1.LabelSelector `json:"clusterRoleSelectors,omitempty" protobuf:"bytes,1,rep,name=clusterRoleSelectors"`
}

// +genclient
Expand Down
13 changes: 13 additions & 0 deletions rbac/v1beta1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,19 @@ type ClusterRole struct {

// Rules holds all the PolicyRules for this ClusterRole
Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"`
// AggregationRule is an optional field that describes how to build the Rules for this ClusterRole.
// If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be
// stomped by the controller.
// +optional
AggregationRule *AggregationRule `json:"aggregationRule,omitempty" protobuf:"bytes,3,opt,name=aggregationRule"`
}

// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole
type AggregationRule struct {
// ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules.
// If any of the selectors match, then the ClusterRole's permissions will be added
// +optional
ClusterRoleSelectors []metav1.LabelSelector `json:"clusterRoleSelectors,omitempty" protobuf:"bytes,1,rep,name=clusterRoleSelectors"`
}

// +genclient
Expand Down

0 comments on commit a3fae9d

Please sign in to comment.