docker/buildx
1
0
Fork 0
mirror of https://gitea.com/Lydanne/buildx.git synced 2025-07-09 21:17:09 +08:00
Code Issues Packages Projects Releases 1 Wiki Activity

vendor: update buildkit to v0.19.0-rc1

Browse Source 
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit is contained in:
Tonis Tiigi
2025-01-14 14:20:26 -08:00
parent 630066bfc5
commit 44fa243d58
1910 changed files with 95196 additions and 50438 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
vendor/k8s.io/api/authorization/v1/doc.go generated vendored
View File

@ -17,7 +17,7 @@ limitations under the License.
// +k8s:deepcopy-gen=package
// +k8s:protobuf-gen=package
// +k8s:openapi-gen=true
// +k8s:prerelease-lifecycle-gen=true
// +groupName=authorization.k8s.io
package v1 // import "k8s.io/api/authorization/v1"

733
vendor/k8s.io/api/authorization/v1/generated.pb.go generated vendored
View File

@ -15,7 +15,7 @@ limitations under the License.
*/
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: k8s.io/kubernetes/vendor/k8s.io/api/authorization/v1/generated.proto
// source: k8s.io/api/authorization/v1/generated.proto
package v1
@ -26,6 +26,7 @@ import (
proto "github.com/gogo/protobuf/proto"
github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
math "math"
math_bits "math/bits"
@ -47,7 +48,7 @@ const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
func (m *ExtraValue) Reset() { *m = ExtraValue{} }
func (*ExtraValue) ProtoMessage() {}
func (*ExtraValue) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{0}
return fileDescriptor_aafd0e5e70cec678, []int{0}
}
func (m *ExtraValue) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -72,10 +73,66 @@ func (m *ExtraValue) XXX_DiscardUnknown() {
var xxx_messageInfo_ExtraValue proto.InternalMessageInfo
func (m *FieldSelectorAttributes) Reset() { *m = FieldSelectorAttributes{} }
func (*FieldSelectorAttributes) ProtoMessage() {}
func (*FieldSelectorAttributes) Descriptor() ([]byte, []int) {
return fileDescriptor_aafd0e5e70cec678, []int{1}
}
func (m *FieldSelectorAttributes) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *FieldSelectorAttributes) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
func (m *FieldSelectorAttributes) XXX_Merge(src proto.Message) {
xxx_messageInfo_FieldSelectorAttributes.Merge(m, src)
}
func (m *FieldSelectorAttributes) XXX_Size() int {
return m.Size()
}
func (m *FieldSelectorAttributes) XXX_DiscardUnknown() {
xxx_messageInfo_FieldSelectorAttributes.DiscardUnknown(m)
}
var xxx_messageInfo_FieldSelectorAttributes proto.InternalMessageInfo
func (m *LabelSelectorAttributes) Reset() { *m = LabelSelectorAttributes{} }
func (*LabelSelectorAttributes) ProtoMessage() {}
func (*LabelSelectorAttributes) Descriptor() ([]byte, []int) {
return fileDescriptor_aafd0e5e70cec678, []int{2}
}
func (m *LabelSelectorAttributes) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *LabelSelectorAttributes) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
func (m *LabelSelectorAttributes) XXX_Merge(src proto.Message) {
xxx_messageInfo_LabelSelectorAttributes.Merge(m, src)
}
func (m *LabelSelectorAttributes) XXX_Size() int {
return m.Size()
}
func (m *LabelSelectorAttributes) XXX_DiscardUnknown() {
xxx_messageInfo_LabelSelectorAttributes.DiscardUnknown(m)
}
var xxx_messageInfo_LabelSelectorAttributes proto.InternalMessageInfo
func (m *LocalSubjectAccessReview) Reset() { *m = LocalSubjectAccessReview{} }
func (*LocalSubjectAccessReview) ProtoMessage() {}
func (*LocalSubjectAccessReview) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{1}
return fileDescriptor_aafd0e5e70cec678, []int{3}
}
func (m *LocalSubjectAccessReview) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -103,7 +160,7 @@ var xxx_messageInfo_LocalSubjectAccessReview proto.InternalMessageInfo
func (m *NonResourceAttributes) Reset() { *m = NonResourceAttributes{} }
func (*NonResourceAttributes) ProtoMessage() {}
func (*NonResourceAttributes) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{2}
return fileDescriptor_aafd0e5e70cec678, []int{4}
}
func (m *NonResourceAttributes) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -131,7 +188,7 @@ var xxx_messageInfo_NonResourceAttributes proto.InternalMessageInfo
func (m *NonResourceRule) Reset() { *m = NonResourceRule{} }
func (*NonResourceRule) ProtoMessage() {}
func (*NonResourceRule) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{3}
return fileDescriptor_aafd0e5e70cec678, []int{5}
}
func (m *NonResourceRule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -159,7 +216,7 @@ var xxx_messageInfo_NonResourceRule proto.InternalMessageInfo
func (m *ResourceAttributes) Reset() { *m = ResourceAttributes{} }
func (*ResourceAttributes) ProtoMessage() {}
func (*ResourceAttributes) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{4}
return fileDescriptor_aafd0e5e70cec678, []int{6}
}
func (m *ResourceAttributes) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -187,7 +244,7 @@ var xxx_messageInfo_ResourceAttributes proto.InternalMessageInfo
func (m *ResourceRule) Reset() { *m = ResourceRule{} }
func (*ResourceRule) ProtoMessage() {}
func (*ResourceRule) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{5}
return fileDescriptor_aafd0e5e70cec678, []int{7}
}
func (m *ResourceRule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -215,7 +272,7 @@ var xxx_messageInfo_ResourceRule proto.InternalMessageInfo
func (m *SelfSubjectAccessReview) Reset() { *m = SelfSubjectAccessReview{} }
func (*SelfSubjectAccessReview) ProtoMessage() {}
func (*SelfSubjectAccessReview) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{6}
return fileDescriptor_aafd0e5e70cec678, []int{8}
}
func (m *SelfSubjectAccessReview) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -243,7 +300,7 @@ var xxx_messageInfo_SelfSubjectAccessReview proto.InternalMessageInfo
func (m *SelfSubjectAccessReviewSpec) Reset() { *m = SelfSubjectAccessReviewSpec{} }
func (*SelfSubjectAccessReviewSpec) ProtoMessage() {}
func (*SelfSubjectAccessReviewSpec) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{7}
return fileDescriptor_aafd0e5e70cec678, []int{9}
}
func (m *SelfSubjectAccessReviewSpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -271,7 +328,7 @@ var xxx_messageInfo_SelfSubjectAccessReviewSpec proto.InternalMessageInfo
func (m *SelfSubjectRulesReview) Reset() { *m = SelfSubjectRulesReview{} }
func (*SelfSubjectRulesReview) ProtoMessage() {}
func (*SelfSubjectRulesReview) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{8}
return fileDescriptor_aafd0e5e70cec678, []int{10}
}
func (m *SelfSubjectRulesReview) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -299,7 +356,7 @@ var xxx_messageInfo_SelfSubjectRulesReview proto.InternalMessageInfo
func (m *SelfSubjectRulesReviewSpec) Reset() { *m = SelfSubjectRulesReviewSpec{} }
func (*SelfSubjectRulesReviewSpec) ProtoMessage() {}
func (*SelfSubjectRulesReviewSpec) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{9}
return fileDescriptor_aafd0e5e70cec678, []int{11}
}
func (m *SelfSubjectRulesReviewSpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -327,7 +384,7 @@ var xxx_messageInfo_SelfSubjectRulesReviewSpec proto.InternalMessageInfo
func (m *SubjectAccessReview) Reset() { *m = SubjectAccessReview{} }
func (*SubjectAccessReview) ProtoMessage() {}
func (*SubjectAccessReview) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{10}
return fileDescriptor_aafd0e5e70cec678, []int{12}
}
func (m *SubjectAccessReview) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -355,7 +412,7 @@ var xxx_messageInfo_SubjectAccessReview proto.InternalMessageInfo
func (m *SubjectAccessReviewSpec) Reset() { *m = SubjectAccessReviewSpec{} }
func (*SubjectAccessReviewSpec) ProtoMessage() {}
func (*SubjectAccessReviewSpec) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{11}
return fileDescriptor_aafd0e5e70cec678, []int{13}
}
func (m *SubjectAccessReviewSpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -383,7 +440,7 @@ var xxx_messageInfo_SubjectAccessReviewSpec proto.InternalMessageInfo
func (m *SubjectAccessReviewStatus) Reset() { *m = SubjectAccessReviewStatus{} }
func (*SubjectAccessReviewStatus) ProtoMessage() {}
func (*SubjectAccessReviewStatus) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{12}
return fileDescriptor_aafd0e5e70cec678, []int{14}
}
func (m *SubjectAccessReviewStatus) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -411,7 +468,7 @@ var xxx_messageInfo_SubjectAccessReviewStatus proto.InternalMessageInfo
func (m *SubjectRulesReviewStatus) Reset() { *m = SubjectRulesReviewStatus{} }
func (*SubjectRulesReviewStatus) ProtoMessage() {}
func (*SubjectRulesReviewStatus) Descriptor() ([]byte, []int) {
return fileDescriptor_e50da13573e369bd, []int{13}
return fileDescriptor_aafd0e5e70cec678, []int{15}
}
func (m *SubjectRulesReviewStatus) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@ -438,6 +495,8 @@ var xxx_messageInfo_SubjectRulesReviewStatus proto.InternalMessageInfo
func init() {
proto.RegisterType((*ExtraValue)(nil), "k8s.io.api.authorization.v1.ExtraValue")
proto.RegisterType((*FieldSelectorAttributes)(nil), "k8s.io.api.authorization.v1.FieldSelectorAttributes")
proto.RegisterType((*LabelSelectorAttributes)(nil), "k8s.io.api.authorization.v1.LabelSelectorAttributes")
proto.RegisterType((*LocalSubjectAccessReview)(nil), "k8s.io.api.authorization.v1.LocalSubjectAccessReview")
proto.RegisterType((*NonResourceAttributes)(nil), "k8s.io.api.authorization.v1.NonResourceAttributes")
proto.RegisterType((*NonResourceRule)(nil), "k8s.io.api.authorization.v1.NonResourceRule")
@ -455,83 +514,89 @@ func init() {
}
func init() {
proto.RegisterFile("k8s.io/kubernetes/vendor/k8s.io/api/authorization/v1/generated.proto", fileDescriptor_e50da13573e369bd)
proto.RegisterFile("k8s.io/api/authorization/v1/generated.proto", fileDescriptor_aafd0e5e70cec678)
}
var fileDescriptor_e50da13573e369bd = []byte{
// 1140 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x57, 0x4f, 0x6f, 0x1b, 0x45,
0x14, 0xf7, 0xfa, 0x4f, 0x62, 0x8f, 0x1b, 0x92, 0x4e, 0x94, 0x66, 0x9b, 0x08, 0x3b, 0x5a, 0x24,
0x48, 0x45, 0xd9, 0x25, 0x56, 0xdb, 0x44, 0x95, 0x2a, 0x64, 0x2b, 0x11, 0x8a, 0xd4, 0x96, 0x6a,
0xa2, 0x44, 0xa2, 0x08, 0xc4, 0x78, 0x3d, 0xb1, 0x97, 0xd8, 0xbb, 0xcb, 0xcc, 0xac, 0x43, 0x38,
0x55, 0xe2, 0x0b, 0x70, 0xe4, 0xc0, 0x81, 0x6f, 0xc0, 0x05, 0x89, 0x1b, 0x07, 0x0e, 0x28, 0xc7,
0x1e, 0x8b, 0x84, 0x2c, 0xb2, 0x9c, 0xf9, 0x0e, 0x68, 0x66, 0xc7, 0xde, 0x75, 0xb2, 0x76, 0x13,
0x0e, 0xed, 0xa5, 0x37, 0xef, 0xfb, 0xfd, 0xde, 0x9b, 0x37, 0xef, 0xdf, 0x3c, 0x83, 0xed, 0xa3,
0x2d, 0x66, 0x3a, 0x9e, 0x75, 0x14, 0x34, 0x09, 0x75, 0x09, 0x27, 0xcc, 0xea, 0x13, 0xb7, 0xe5,
0x51, 0x4b, 0x01, 0xd8, 0x77, 0x2c, 0x1c, 0xf0, 0x8e, 0x47, 0x9d, 0x6f, 0x31, 0x77, 0x3c, 0xd7,
0xea, 0x6f, 0x58, 0x6d, 0xe2, 0x12, 0x8a, 0x39, 0x69, 0x99, 0x3e, 0xf5, 0xb8, 0x07, 0x57, 0x23,
0xb2, 0x89, 0x7d, 0xc7, 0x1c, 0x23, 0x9b, 0xfd, 0x8d, 0x95, 0x0f, 0xda, 0x0e, 0xef, 0x04, 0x4d,
0xd3, 0xf6, 0x7a, 0x56, 0xdb, 0x6b, 0x7b, 0x96, 0xd4, 0x69, 0x06, 0x87, 0xf2, 0x4b, 0x7e, 0xc8,
0x5f, 0x91, 0xad, 0x95, 0x3b, 0xf1, 0xc1, 0x3d, 0x6c, 0x77, 0x1c, 0x97, 0xd0, 0x13, 0xcb, 0x3f,
0x6a, 0x0b, 0x01, 0xb3, 0x7a, 0x84, 0xe3, 0x14, 0x0f, 0x56, 0xac, 0x49, 0x5a, 0x34, 0x70, 0xb9,
0xd3, 0x23, 0x17, 0x14, 0xee, 0xbd, 0x4c, 0x81, 0xd9, 0x1d, 0xd2, 0xc3, 0xe7, 0xf5, 0x8c, 0x4d,
0x00, 0x76, 0xbe, 0xe1, 0x14, 0x1f, 0xe0, 0x6e, 0x40, 0x60, 0x15, 0x14, 0x1c, 0x4e, 0x7a, 0x4c,
0xd7, 0xd6, 0x72, 0xeb, 0xa5, 0x46, 0x29, 0x1c, 0x54, 0x0b, 0xbb, 0x42, 0x80, 0x22, 0xf9, 0xfd,
0xe2, 0x0f, 0x3f, 0x55, 0x33, 0xcf, 0xfe, 0x5a, 0xcb, 0x18, 0xbf, 0x64, 0x81, 0xfe, 0xd0, 0xb3,
0x71, 0x77, 0x2f, 0x68, 0x7e, 0x45, 0x6c, 0x5e, 0xb7, 0x6d, 0xc2, 0x18, 0x22, 0x7d, 0x87, 0x1c,
0xc3, 0x2f, 0x41, 0x51, 0xdc, 0xac, 0x85, 0x39, 0xd6, 0xb5, 0x35, 0x6d, 0xbd, 0x5c, 0xfb, 0xd0,
0x8c, 0x63, 0x3a, 0x72, 0xd0, 0xf4, 0x8f, 0xda, 0x42, 0xc0, 0x4c, 0xc1, 0x36, 0xfb, 0x1b, 0xe6,
0x27, 0xd2, 0xd6, 0x23, 0xc2, 0x71, 0x03, 0x9e, 0x0e, 0xaa, 0x99, 0x70, 0x50, 0x05, 0xb1, 0x0c,
0x8d, 0xac, 0xc2, 0x03, 0x90, 0x67, 0x3e, 0xb1, 0xf5, 0xac, 0xb4, 0x7e, 0xc7, 0x9c, 0x92, 0x31,
0x33, 0xc5, 0xc3, 0x3d, 0x9f, 0xd8, 0x8d, 0x6b, 0xea, 0x84, 0xbc, 0xf8, 0x42, 0xd2, 0x1e, 0xfc,
0x02, 0xcc, 0x30, 0x8e, 0x79, 0xc0, 0xf4, 0x9c, 0xb4, 0x7c, 0xef, 0xca, 0x96, 0xa5, 0x76, 0xe3,
0x2d, 0x65, 0x7b, 0x26, 0xfa, 0x46, 0xca, 0xaa, 0xf1, 0x19, 0x58, 0x7a, 0xec, 0xb9, 0x88, 0x30,
0x2f, 0xa0, 0x36, 0xa9, 0x73, 0x4e, 0x9d, 0x66, 0xc0, 0x09, 0x83, 0x6b, 0x20, 0xef, 0x63, 0xde,
0x91, 0xe1, 0x2a, 0xc5, 0xae, 0x3d, 0xc1, 0xbc, 0x83, 0x24, 0x22, 0x18, 0x7d, 0x42, 0x9b, 0xf2,
0xca, 0x09, 0xc6, 0x01, 0xa1, 0x4d, 0x24, 0x11, 0xe3, 0x6b, 0x30, 0x9f, 0x30, 0x8e, 0x82, 0xae,
0xcc, 0xa8, 0x80, 0xc6, 0x32, 0x2a, 0x34, 0x18, 0x8a, 0xe4, 0xf0, 0x01, 0x98, 0x77, 0x63, 0x9d,
0x7d, 0xf4, 0x90, 0xe9, 0x59, 0x49, 0x5d, 0x0c, 0x07, 0xd5, 0xa4, 0x39, 0x01, 0xa1, 0xf3, 0x5c,
0xe3, 0xb7, 0x2c, 0x80, 0x29, 0xb7, 0xb1, 0x40, 0xc9, 0xc5, 0x3d, 0xc2, 0x7c, 0x6c, 0x13, 0x75,
0xa5, 0xeb, 0xca, 0xe1, 0xd2, 0xe3, 0x21, 0x80, 0x62, 0xce, 0xcb, 0x2f, 0x07, 0xdf, 0x01, 0x85,
0x36, 0xf5, 0x02, 0x5f, 0x26, 0xa6, 0xd4, 0x98, 0x53, 0x94, 0xc2, 0xc7, 0x42, 0x88, 0x22, 0x0c,
0xde, 0x02, 0xb3, 0x7d, 0x42, 0x99, 0xe3, 0xb9, 0x7a, 0x5e, 0xd2, 0xe6, 0x15, 0x6d, 0xf6, 0x20,
0x12, 0xa3, 0x21, 0x0e, 0x6f, 0x83, 0x22, 0x55, 0x8e, 0xeb, 0x05, 0xc9, 0x5d, 0x50, 0xdc, 0xe2,
0x28, 0x82, 0x23, 0x06, 0xbc, 0x0b, 0xca, 0x2c, 0x68, 0x8e, 0x14, 0x66, 0xa4, 0xc2, 0xa2, 0x52,
0x28, 0xef, 0xc5, 0x10, 0x4a, 0xf2, 0xc4, 0xb5, 0xc4, 0x1d, 0xf5, 0xd9, 0xf1, 0x6b, 0x89, 0x10,
0x20, 0x89, 0x18, 0xbf, 0x6b, 0xe0, 0xda, 0xd5, 0x32, 0xf6, 0x3e, 0x28, 0x61, 0xdf, 0x91, 0xd7,
0x1e, 0xe6, 0x6a, 0x4e, 0xc4, 0xb5, 0xfe, 0x64, 0x37, 0x12, 0xa2, 0x18, 0x17, 0xe4, 0xa1, 0x33,
0xa2, 0xa4, 0x47, 0xe4, 0xe1, 0x91, 0x0c, 0xc5, 0x38, 0xdc, 0x04, 0x73, 0xc3, 0x0f, 0x99, 0x24,
0x3d, 0x2f, 0x15, 0xae, 0x87, 0x83, 0xea, 0x1c, 0x4a, 0x02, 0x68, 0x9c, 0x67, 0xfc, 0x9a, 0x05,
0xcb, 0x7b, 0xa4, 0x7b, 0xf8, 0x7a, 0x66, 0xc1, 0xd3, 0xb1, 0x59, 0xb0, 0x35, 0xbd, 0x63, 0xd3,
0xbd, 0x7c, 0x6d, 0xf3, 0xe0, 0xc7, 0x2c, 0x58, 0x9d, 0xe2, 0x13, 0x3c, 0x06, 0x90, 0x5e, 0x68,
0x2f, 0x15, 0x47, 0x6b, 0xaa, 0x2f, 0x17, 0xbb, 0xb2, 0x71, 0x23, 0x1c, 0x54, 0x53, 0xba, 0x15,
0xa5, 0x1c, 0x01, 0xbf, 0xd3, 0xc0, 0x92, 0x9b, 0x36, 0xa9, 0x54, 0x98, 0x6b, 0x53, 0x0f, 0x4f,
0x9d, 0x71, 0x8d, 0x9b, 0xe1, 0xa0, 0x9a, 0x3e, 0xfe, 0x50, 0xfa, 0x59, 0xe2, 0x95, 0xb9, 0x91,
0x08, 0x8f, 0x68, 0x90, 0x57, 0x57, 0x57, 0x9f, 0x8e, 0xd5, 0xd5, 0xe6, 0x65, 0xeb, 0x2a, 0xe1,
0xe4, 0xc4, 0xb2, 0xfa, 0xfc, 0x5c, 0x59, 0xdd, 0xbd, 0x4c, 0x59, 0x25, 0x0d, 0x4f, 0xaf, 0xaa,
0x47, 0x60, 0x65, 0xb2, 0x43, 0x57, 0x1e, 0xce, 0xc6, 0xcf, 0x59, 0xb0, 0xf8, 0xe6, 0x99, 0xbf,
0x4a, 0x5b, 0xff, 0x91, 0x07, 0xcb, 0x6f, 0x5a, 0x7a, 0xd2, 0xa2, 0x13, 0x30, 0x42, 0xd5, 0x33,
0x3e, 0x4a, 0xce, 0x3e, 0x23, 0x14, 0x49, 0x04, 0x1a, 0x60, 0xa6, 0x1d, 0xbd, 0x6e, 0xd1, 0xfb,
0x03, 0x44, 0x80, 0xd5, 0xd3, 0xa6, 0x10, 0xd8, 0x02, 0x05, 0x22, 0xf6, 0x56, 0xbd, 0xb0, 0x96,
0x5b, 0x2f, 0xd7, 0x3e, 0xfa, 0x3f, 0x95, 0x61, 0xca, 0xcd, 0x77, 0xc7, 0xe5, 0xf4, 0x24, 0x5e,
0x27, 0xa4, 0x0c, 0x45, 0xc6, 0xe1, 0xdb, 0x20, 0x17, 0x38, 0x2d, 0xf5, 0xda, 0x97, 0x15, 0x25,
0xb7, 0xbf, 0xbb, 0x8d, 0x84, 0x7c, 0x05, 0xab, 0xe5, 0x59, 0x9a, 0x80, 0x0b, 0x20, 0x77, 0x44,
0x4e, 0xa2, 0x86, 0x42, 0xe2, 0x27, 0x7c, 0x00, 0x0a, 0x7d, 0xb1, 0x57, 0xab, 0xf8, 0xbe, 0x37,
0xd5, 0xc9, 0x78, 0x0d, 0x47, 0x91, 0xd6, 0xfd, 0xec, 0x96, 0x66, 0xfc, 0xa9, 0x81, 0x9b, 0x13,
0xcb, 0x4f, 0xac, 0x3b, 0xb8, 0xdb, 0xf5, 0x8e, 0x49, 0x4b, 0x1e, 0x5b, 0x8c, 0xd7, 0x9d, 0x7a,
0x24, 0x46, 0x43, 0x1c, 0xbe, 0x0b, 0x66, 0x5a, 0xc4, 0x75, 0x48, 0x4b, 0x2e, 0x46, 0xc5, 0xb8,
0x72, 0xb7, 0xa5, 0x14, 0x29, 0x54, 0xf0, 0x28, 0xc1, 0xcc, 0x73, 0xd5, 0x2a, 0x36, 0xe2, 0x21,
0x29, 0x45, 0x0a, 0x85, 0x75, 0x30, 0x4f, 0x84, 0x9b, 0xd2, 0xff, 0x1d, 0x4a, 0xbd, 0x61, 0x46,
0x97, 0x95, 0xc2, 0xfc, 0xce, 0x38, 0x8c, 0xce, 0xf3, 0x8d, 0x7f, 0xb3, 0x40, 0x9f, 0x34, 0xda,
0xe0, 0x61, 0xbc, 0x8b, 0x48, 0x50, 0xae, 0x43, 0xe5, 0xda, 0xad, 0x4b, 0x35, 0x88, 0xd0, 0x68,
0x2c, 0x29, 0x47, 0xe6, 0x92, 0xd2, 0xc4, 0xea, 0x22, 0x3f, 0x21, 0x05, 0x0b, 0xee, 0xf8, 0xce,
0x1c, 0x2d, 0x55, 0xe5, 0xda, 0xed, 0xcb, 0xb6, 0x83, 0x3c, 0x4d, 0x57, 0xa7, 0x2d, 0x9c, 0x03,
0x18, 0xba, 0x60, 0x1f, 0xd6, 0x00, 0x70, 0x5c, 0xdb, 0xeb, 0xf9, 0x5d, 0xc2, 0x89, 0x0c, 0x5b,
0x31, 0x9e, 0x83, 0xbb, 0x23, 0x04, 0x25, 0x58, 0x69, 0xf1, 0xce, 0x5f, 0x2d, 0xde, 0x8d, 0xfa,
0xe9, 0x59, 0x25, 0xf3, 0xfc, 0xac, 0x92, 0x79, 0x71, 0x56, 0xc9, 0x3c, 0x0b, 0x2b, 0xda, 0x69,
0x58, 0xd1, 0x9e, 0x87, 0x15, 0xed, 0x45, 0x58, 0xd1, 0xfe, 0x0e, 0x2b, 0xda, 0xf7, 0xff, 0x54,
0x32, 0x4f, 0x57, 0xa7, 0xfc, 0x53, 0xfe, 0x2f, 0x00, 0x00, 0xff, 0xff, 0xea, 0x67, 0x63, 0x89,
0x60, 0x0f, 0x00, 0x00,
var fileDescriptor_aafd0e5e70cec678 = []byte{
// 1247 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x58, 0xcf, 0x6f, 0x1b, 0xc5,
0x17, 0xf7, 0xfa, 0x47, 0x62, 0x8f, 0xe3, 0x6f, 0xd2, 0xc9, 0x37, 0xcd, 0x36, 0x11, 0x76, 0x64,
0x24, 0x48, 0xd5, 0xb2, 0x26, 0x51, 0xdb, 0x44, 0x95, 0x0a, 0xf2, 0xaa, 0x01, 0x45, 0x4a, 0x4b,
0x35, 0x51, 0x22, 0x51, 0x04, 0x62, 0xbc, 0x9e, 0xd8, 0x4b, 0xec, 0xdd, 0xed, 0xcc, 0xac, 0xd3,
0x70, 0xaa, 0xc4, 0x3f, 0xc0, 0x91, 0x43, 0x0f, 0xfc, 0x07, 0x5c, 0x90, 0xb8, 0x73, 0x40, 0x11,
0xa7, 0x1e, 0x8b, 0x84, 0x2c, 0x62, 0xce, 0xfc, 0x0f, 0x68, 0x66, 0xc7, 0xde, 0xdd, 0xc4, 0x76,
0x6d, 0x0e, 0x94, 0x43, 0x6f, 0x9e, 0xf7, 0x79, 0xbf, 0xe7, 0xbd, 0xb7, 0x6f, 0x0c, 0x6e, 0x1c,
0x6f, 0x33, 0xc3, 0x76, 0x2b, 0xd8, 0xb3, 0x2b, 0xd8, 0xe7, 0x4d, 0x97, 0xda, 0x5f, 0x63, 0x6e,
0xbb, 0x4e, 0xa5, 0xb3, 0x51, 0x69, 0x10, 0x87, 0x50, 0xcc, 0x49, 0xdd, 0xf0, 0xa8, 0xcb, 0x5d,
0xb8, 0x1a, 0x30, 0x1b, 0xd8, 0xb3, 0x8d, 0x18, 0xb3, 0xd1, 0xd9, 0x58, 0x79, 0xaf, 0x61, 0xf3,
0xa6, 0x5f, 0x33, 0x2c, 0xb7, 0x5d, 0x69, 0xb8, 0x0d, 0xb7, 0x22, 0x65, 0x6a, 0xfe, 0x91, 0x3c,
0xc9, 0x83, 0xfc, 0x15, 0xe8, 0x5a, 0xb9, 0x15, 0x1a, 0x6e, 0x63, 0xab, 0x69, 0x3b, 0x84, 0x9e,
0x56, 0xbc, 0xe3, 0x86, 0x20, 0xb0, 0x4a, 0x9b, 0x70, 0x3c, 0xc4, 0x83, 0x95, 0xca, 0x28, 0x29,
0xea, 0x3b, 0xdc, 0x6e, 0x93, 0x4b, 0x02, 0x77, 0x5e, 0x25, 0xc0, 0xac, 0x26, 0x69, 0xe3, 0x8b,
0x72, 0xe5, 0x2d, 0x00, 0x76, 0x9e, 0x72, 0x8a, 0x0f, 0x71, 0xcb, 0x27, 0xb0, 0x04, 0x32, 0x36,
0x27, 0x6d, 0xa6, 0x6b, 0x6b, 0xa9, 0xf5, 0x9c, 0x99, 0xeb, 0x75, 0x4b, 0x99, 0x5d, 0x41, 0x40,
0x01, 0xfd, 0x6e, 0xf6, 0xbb, 0xef, 0x4b, 0x89, 0x67, 0xbf, 0xaf, 0x25, 0xca, 0xbf, 0x6a, 0x60,
0xf9, 0x23, 0x9b, 0xb4, 0xea, 0xfb, 0xa4, 0x45, 0x2c, 0xee, 0xd2, 0x2a, 0xe7, 0xd4, 0xae, 0xf9,
0x9c, 0x30, 0x78, 0x1b, 0xe4, 0x29, 0x3e, 0xe9, 0x03, 0xba, 0xb6, 0xa6, 0xad, 0xe7, 0xcc, 0xc5,
0xb3, 0x6e, 0x29, 0xd1, 0xeb, 0x96, 0xf2, 0x28, 0x84, 0x50, 0x94, 0x0f, 0x3e, 0x05, 0x73, 0x94,
0x3c, 0xf1, 0x6d, 0x4a, 0xda, 0xc4, 0xe1, 0x4c, 0x4f, 0xae, 0xa5, 0xd6, 0xf3, 0x9b, 0x1f, 0x18,
0xe1, 0x6d, 0x0c, 0x42, 0x33, 0xbc, 0xe3, 0x86, 0x20, 0x30, 0x43, 0x64, 0xd0, 0xe8, 0x6c, 0x18,
0x31, 0x5f, 0x50, 0xa8, 0xc6, 0xfc, 0xbf, 0xb2, 0x3b, 0x17, 0x21, 0x32, 0x14, 0xb3, 0x24, 0x83,
0xd9, 0xc3, 0x35, 0xd2, 0xfa, 0x8f, 0x04, 0x13, 0xf3, 0x65, 0xda, 0x60, 0x7e, 0x4c, 0x02, 0x7d,
0xcf, 0xb5, 0x70, 0x6b, 0xdf, 0xaf, 0x7d, 0x45, 0x2c, 0x5e, 0xb5, 0x2c, 0xc2, 0x18, 0x22, 0x1d,
0x9b, 0x9c, 0xc0, 0x2f, 0x41, 0x56, 0x18, 0xa9, 0x63, 0x8e, 0x65, 0x28, 0xf9, 0xcd, 0xf7, 0x27,
0x73, 0xe9, 0x13, 0xa9, 0xeb, 0x01, 0xe1, 0xd8, 0x84, 0xca, 0x09, 0x10, 0xd2, 0xd0, 0x40, 0x2b,
0x3c, 0x04, 0x69, 0xe6, 0x11, 0x4b, 0x4f, 0x4a, 0xed, 0xb7, 0x8c, 0x31, 0xbd, 0x64, 0x0c, 0xf1,
0x70, 0xdf, 0x23, 0x96, 0x39, 0xa7, 0x2c, 0xa4, 0xc5, 0x09, 0x49, 0x7d, 0xf0, 0x0b, 0x30, 0xc3,
0x38, 0xe6, 0x3e, 0xd3, 0x53, 0x52, 0xf3, 0x9d, 0xa9, 0x35, 0x4b, 0x69, 0xf3, 0x7f, 0x4a, 0xf7,
0x4c, 0x70, 0x46, 0x4a, 0x6b, 0xf9, 0x33, 0xb0, 0xf4, 0xd0, 0x75, 0x10, 0x61, 0xae, 0x4f, 0x2d,
0x12, 0x29, 0x80, 0x35, 0x90, 0xf6, 0x30, 0x6f, 0xaa, 0x9b, 0x1f, 0xb8, 0xf6, 0x08, 0xf3, 0x26,
0x92, 0x88, 0xe0, 0xe8, 0x10, 0x5a, 0x93, 0x21, 0x47, 0x38, 0x0e, 0x09, 0xad, 0x21, 0x89, 0x94,
0x9f, 0x80, 0xf9, 0x88, 0x72, 0xe4, 0xb7, 0x64, 0xaf, 0x09, 0x28, 0xd6, 0x6b, 0x42, 0x82, 0xa1,
0x80, 0x0e, 0xef, 0x81, 0x79, 0x27, 0x94, 0x39, 0x40, 0x7b, 0x41, 0x11, 0xe5, 0xcc, 0xc5, 0x5e,
0xb7, 0x14, 0x55, 0x27, 0x20, 0x74, 0x91, 0xb7, 0xfc, 0x3c, 0x0d, 0xe0, 0x90, 0x68, 0x2a, 0x20,
0xe7, 0xe0, 0x36, 0x61, 0x1e, 0xb6, 0x88, 0x0a, 0xe9, 0x8a, 0x72, 0x38, 0xf7, 0xb0, 0x0f, 0xa0,
0x90, 0xe7, 0xd5, 0xc1, 0xc1, 0xb7, 0x41, 0xa6, 0x41, 0x5d, 0xdf, 0x93, 0x17, 0x93, 0x33, 0x0b,
0x8a, 0x25, 0xf3, 0xb1, 0x20, 0xa2, 0x00, 0x83, 0xd7, 0xc1, 0x6c, 0x87, 0x50, 0x66, 0xbb, 0x8e,
0x9e, 0x96, 0x6c, 0xf3, 0x8a, 0x6d, 0xf6, 0x30, 0x20, 0xa3, 0x3e, 0x0e, 0x6f, 0x82, 0x2c, 0x55,
0x8e, 0xeb, 0x19, 0xc9, 0xbb, 0xa0, 0x78, 0xb3, 0x83, 0x0c, 0x0e, 0x38, 0x44, 0x7f, 0x32, 0xbf,
0x36, 0x10, 0x98, 0x89, 0xf7, 0xe7, 0x7e, 0x08, 0xa1, 0x28, 0x9f, 0x08, 0x4b, 0xc4, 0xa8, 0xcf,
0xc6, 0xc3, 0x12, 0x29, 0x40, 0x12, 0x81, 0x6d, 0x50, 0x38, 0x8a, 0x0e, 0x15, 0x3d, 0x3b, 0x41,
0x45, 0x8f, 0x18, 0x89, 0xe6, 0x95, 0x5e, 0xb7, 0x54, 0x88, 0xcf, 0xa8, 0xb8, 0x76, 0x61, 0xae,
0x15, 0x6d, 0x7b, 0x3d, 0x37, 0x81, 0xb9, 0x11, 0x43, 0x2b, 0x30, 0x17, 0x9f, 0x22, 0x71, 0xed,
0xe5, 0x9f, 0x35, 0x30, 0x37, 0x5d, 0x3d, 0xde, 0x00, 0x39, 0xec, 0xd9, 0xf2, 0x52, 0xfb, 0x95,
0x58, 0x10, 0x55, 0x53, 0x7d, 0xb4, 0x1b, 0x10, 0x51, 0x88, 0x0b, 0xe6, 0x7e, 0xaa, 0x45, 0xc3,
0x0e, 0x98, 0xfb, 0x26, 0x19, 0x0a, 0x71, 0xb8, 0x05, 0x0a, 0xfd, 0x83, 0x2c, 0x41, 0x3d, 0x2d,
0x05, 0x64, 0x10, 0x28, 0x0a, 0xa0, 0x38, 0x5f, 0xf9, 0xa7, 0x24, 0x58, 0xde, 0x27, 0xad, 0xa3,
0xd7, 0x33, 0xe9, 0x1e, 0xc7, 0x26, 0xdd, 0xf6, 0xf8, 0x79, 0x34, 0xdc, 0xcb, 0xd7, 0x36, 0xed,
0x9e, 0x27, 0xc1, 0xea, 0x18, 0x9f, 0xe0, 0x09, 0x80, 0xf4, 0xd2, 0xf0, 0x50, 0x79, 0xac, 0x8c,
0xf5, 0xe5, 0xf2, 0xcc, 0x31, 0xaf, 0xf6, 0xba, 0xa5, 0x21, 0xb3, 0x08, 0x0d, 0x31, 0x01, 0xbf,
0xd1, 0xc0, 0x92, 0x33, 0x6c, 0x0e, 0xab, 0x34, 0x6f, 0x8e, 0x35, 0x3e, 0x74, 0x82, 0x9b, 0xd7,
0x7a, 0xdd, 0xd2, 0xf0, 0xe1, 0x8e, 0x86, 0xdb, 0x12, 0xdf, 0xd0, 0xab, 0x91, 0xf4, 0x88, 0x06,
0xf9, 0xf7, 0xea, 0xea, 0xd3, 0x58, 0x5d, 0x6d, 0x4d, 0x5a, 0x57, 0x11, 0x27, 0x47, 0x96, 0xd5,
0xe7, 0x17, 0xca, 0xea, 0xf6, 0x24, 0x65, 0x15, 0x55, 0x3c, 0xbe, 0xaa, 0x1e, 0x80, 0x95, 0xd1,
0x0e, 0x4d, 0xfd, 0xe9, 0x29, 0xff, 0x90, 0x04, 0x8b, 0x6f, 0x96, 0x98, 0x69, 0xda, 0xfa, 0x97,
0x34, 0x58, 0x7e, 0xd3, 0xd2, 0xa3, 0xd6, 0x38, 0x9f, 0x11, 0xaa, 0x96, 0x94, 0xc1, 0xe5, 0x1c,
0x30, 0x42, 0x91, 0x44, 0x60, 0x19, 0xcc, 0x34, 0x82, 0xaf, 0x5b, 0xf0, 0xfd, 0x01, 0x22, 0xc1,
0xea, 0xd3, 0xa6, 0x10, 0x58, 0x07, 0x19, 0x22, 0xde, 0x4b, 0x7a, 0x46, 0xee, 0xf3, 0x1f, 0xfe,
0x93, 0xca, 0x30, 0xe4, 0x8b, 0x6b, 0xc7, 0xe1, 0xf4, 0x34, 0x5c, 0x96, 0x24, 0x0d, 0x05, 0xca,
0xe1, 0x5b, 0x20, 0xe5, 0xdb, 0x75, 0xb5, 0xcb, 0xe4, 0x15, 0x4b, 0xea, 0x60, 0xf7, 0x3e, 0x12,
0xf4, 0x15, 0xac, 0x1e, 0x6d, 0x52, 0x05, 0x5c, 0x00, 0xa9, 0x63, 0x72, 0x1a, 0x34, 0x14, 0x12,
0x3f, 0xe1, 0x3d, 0x90, 0xe9, 0x88, 0xf7, 0x9c, 0xca, 0xef, 0xbb, 0x63, 0x9d, 0x0c, 0x9f, 0x7f,
0x28, 0x90, 0xba, 0x9b, 0xdc, 0xd6, 0xca, 0xbf, 0x69, 0xe0, 0xda, 0xc8, 0xf2, 0x13, 0xcb, 0x1c,
0x6e, 0xb5, 0xdc, 0x13, 0x52, 0x97, 0x66, 0xb3, 0xe1, 0x32, 0x57, 0x0d, 0xc8, 0xa8, 0x8f, 0xc3,
0x77, 0xc0, 0x4c, 0x9d, 0x38, 0x36, 0xa9, 0xcb, 0xb5, 0x2f, 0x1b, 0x56, 0xee, 0x7d, 0x49, 0x45,
0x0a, 0x15, 0x7c, 0x94, 0x60, 0xe6, 0x3a, 0x6a, 0xd1, 0x1c, 0xf0, 0x21, 0x49, 0x45, 0x0a, 0x85,
0x55, 0x30, 0x4f, 0x84, 0x9b, 0xd2, 0xff, 0x1d, 0x4a, 0xdd, 0xfe, 0x8d, 0x2e, 0x2b, 0x81, 0xf9,
0x9d, 0x38, 0x8c, 0x2e, 0xf2, 0x97, 0xff, 0x4a, 0x02, 0x7d, 0xd4, 0x68, 0x83, 0x47, 0xe1, 0x2e,
0x22, 0x41, 0xb9, 0x0e, 0xe5, 0x37, 0xaf, 0x4f, 0xd4, 0x20, 0x42, 0xc2, 0x5c, 0x52, 0x8e, 0x14,
0xa2, 0xd4, 0xc8, 0xea, 0x22, 0x8f, 0x90, 0x82, 0x05, 0x27, 0xfe, 0x22, 0xe8, 0xbf, 0x11, 0x6f,
0x4e, 0xda, 0x0e, 0xd2, 0x9a, 0xae, 0xac, 0x2d, 0x5c, 0x00, 0x18, 0xba, 0xa4, 0x1f, 0x6e, 0x02,
0x60, 0x3b, 0x96, 0xdb, 0xf6, 0x5a, 0x84, 0x13, 0x99, 0xb6, 0x6c, 0x38, 0x07, 0x77, 0x07, 0x08,
0x8a, 0x70, 0x0d, 0xcb, 0x77, 0x7a, 0xba, 0x7c, 0x9b, 0xd5, 0xb3, 0xf3, 0x62, 0xe2, 0xc5, 0x79,
0x31, 0xf1, 0xf2, 0xbc, 0x98, 0x78, 0xd6, 0x2b, 0x6a, 0x67, 0xbd, 0xa2, 0xf6, 0xa2, 0x57, 0xd4,
0x5e, 0xf6, 0x8a, 0xda, 0x1f, 0xbd, 0xa2, 0xf6, 0xed, 0x9f, 0xc5, 0xc4, 0xe3, 0xd5, 0x31, 0xff,
0xd0, 0xfc, 0x1d, 0x00, 0x00, 0xff, 0xff, 0xb5, 0x8c, 0x77, 0x0f, 0xbf, 0x11, 0x00, 0x00,
}
func (m ExtraValue) Marshal() (dAtA []byte, err error) {
@ -566,6 +631,90 @@ func (m ExtraValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
return len(dAtA) - i, nil
}
func (m *FieldSelectorAttributes) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *FieldSelectorAttributes) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *FieldSelectorAttributes) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if len(m.Requirements) > 0 {
for iNdEx := len(m.Requirements) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Requirements[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintGenerated(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
i -= len(m.RawSelector)
copy(dAtA[i:], m.RawSelector)
i = encodeVarintGenerated(dAtA, i, uint64(len(m.RawSelector)))
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *LabelSelectorAttributes) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *LabelSelectorAttributes) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *LabelSelectorAttributes) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if len(m.Requirements) > 0 {
for iNdEx := len(m.Requirements) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Requirements[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintGenerated(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
i -= len(m.RawSelector)
copy(dAtA[i:], m.RawSelector)
i = encodeVarintGenerated(dAtA, i, uint64(len(m.RawSelector)))
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *LocalSubjectAccessReview) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
@ -713,6 +862,30 @@ func (m *ResourceAttributes) MarshalToSizedBuffer(dAtA []byte) (int, error) {
_ = i
var l int
_ = l
if m.LabelSelector != nil {
{
size, err := m.LabelSelector.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintGenerated(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
if m.FieldSelector != nil {
{
size, err := m.FieldSelector.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintGenerated(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
}
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
@ -1278,6 +1451,40 @@ func (m ExtraValue) Size() (n int) {
return n
}
func (m *FieldSelectorAttributes) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.RawSelector)
n += 1 + l + sovGenerated(uint64(l))
if len(m.Requirements) > 0 {
for _, e := range m.Requirements {
l = e.Size()
n += 1 + l + sovGenerated(uint64(l))
}
}
return n
}
func (m *LabelSelectorAttributes) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.RawSelector)
n += 1 + l + sovGenerated(uint64(l))
if len(m.Requirements) > 0 {
for _, e := range m.Requirements {
l = e.Size()
n += 1 + l + sovGenerated(uint64(l))
}
}
return n
}
func (m *LocalSubjectAccessReview) Size() (n int) {
if m == nil {
return 0
@ -1347,6 +1554,14 @@ func (m *ResourceAttributes) Size() (n int) {
n += 1 + l + sovGenerated(uint64(l))
l = len(m.Name)
n += 1 + l + sovGenerated(uint64(l))
if m.FieldSelector != nil {
l = m.FieldSelector.Size()
n += 1 + l + sovGenerated(uint64(l))
}
if m.LabelSelector != nil {
l = m.LabelSelector.Size()
n += 1 + l + sovGenerated(uint64(l))
}
return n
}
@ -1537,6 +1752,38 @@ func sovGenerated(x uint64) (n int) {
func sozGenerated(x uint64) (n int) {
return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
}
func (this *FieldSelectorAttributes) String() string {
if this == nil {
return "nil"
}
repeatedStringForRequirements := "[]FieldSelectorRequirement{"
for _, f := range this.Requirements {
repeatedStringForRequirements += fmt.Sprintf("%v", f) + ","
}
repeatedStringForRequirements += "}"
s := strings.Join([]string{`&FieldSelectorAttributes{`,
`RawSelector:` + fmt.Sprintf("%v", this.RawSelector) + `,`,
`Requirements:` + repeatedStringForRequirements + `,`,
`}`,
}, "")
return s
}
func (this *LabelSelectorAttributes) String() string {
if this == nil {
return "nil"
}
repeatedStringForRequirements := "[]LabelSelectorRequirement{"
for _, f := range this.Requirements {
repeatedStringForRequirements += fmt.Sprintf("%v", f) + ","
}
repeatedStringForRequirements += "}"
s := strings.Join([]string{`&LabelSelectorAttributes{`,
`RawSelector:` + fmt.Sprintf("%v", this.RawSelector) + `,`,
`Requirements:` + repeatedStringForRequirements + `,`,
`}`,
}, "")
return s
}
func (this *LocalSubjectAccessReview) String() string {
if this == nil {
return "nil"
@ -1583,6 +1830,8 @@ func (this *ResourceAttributes) String() string {
`Resource:` + fmt.Sprintf("%v", this.Resource) + `,`,
`Subresource:` + fmt.Sprintf("%v", this.Subresource) + `,`,
`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
`FieldSelector:` + strings.Replace(this.FieldSelector.String(), "FieldSelectorAttributes", "FieldSelectorAttributes", 1) + `,`,
`LabelSelector:` + strings.Replace(this.LabelSelector.String(), "LabelSelectorAttributes", "LabelSelectorAttributes", 1) + `,`,
`}`,
}, "")
return s
@ -1808,6 +2057,238 @@ func (m *ExtraValue) Unmarshal(dAtA []byte) error {
}
return nil
}
func (m *FieldSelectorAttributes) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: FieldSelectorAttributes: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: FieldSelectorAttributes: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field RawSelector", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthGenerated
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.RawSelector = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Requirements", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthGenerated
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Requirements = append(m.Requirements, v1.FieldSelectorRequirement{})
if err := m.Requirements[len(m.Requirements)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthGenerated
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *LabelSelectorAttributes) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: LabelSelectorAttributes: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: LabelSelectorAttributes: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field RawSelector", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthGenerated
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.RawSelector = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Requirements", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthGenerated
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Requirements = append(m.Requirements, v1.LabelSelectorRequirement{})
if err := m.Requirements[len(m.Requirements)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthGenerated
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *LocalSubjectAccessReview) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@ -2438,6 +2919,78 @@ func (m *ResourceAttributes) Unmarshal(dAtA []byte) error {
}
m.Name = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 8:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field FieldSelector", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthGenerated
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.FieldSelector == nil {
m.FieldSelector = &FieldSelectorAttributes{}
}
if err := m.FieldSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 9:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field LabelSelector", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthGenerated
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.LabelSelector == nil {
m.LabelSelector = &LabelSelectorAttributes{}
}
if err := m.LabelSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])

85
vendor/k8s.io/api/authorization/v1/generated.proto generated vendored
View File

@ -37,6 +37,60 @@ message ExtraValue {
repeated string items = 1;
}
// FieldSelectorAttributes indicates a field limited access.
// Webhook authors are encouraged to
// * ensure rawSelector and requirements are not both set
// * consider the requirements field if set
// * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details.
// For the *SubjectAccessReview endpoints of the kube-apiserver:
// * If rawSelector is empty and requirements are empty, the request is not limited.
// * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds.
// * If rawSelector is empty and requirements are present, the requirements should be honored
// * If rawSelector is present and requirements are present, the request is invalid.
message FieldSelectorAttributes {
// rawSelector is the serialization of a field selector that would be included in a query parameter.
// Webhook implementations are encouraged to ignore rawSelector.
// The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
// +optional
optional string rawSelector = 1;
// requirements is the parsed interpretation of a field selector.
// All requirements must be met for a resource instance to match the selector.
// Webhook implementations should handle requirements, but how to handle them is up to the webhook.
// Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
// are not understood.
// +optional
// +listType=atomic
repeated .k8s.io.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement requirements = 2;
}
// LabelSelectorAttributes indicates a label limited access.
// Webhook authors are encouraged to
// * ensure rawSelector and requirements are not both set
// * consider the requirements field if set
// * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details.
// For the *SubjectAccessReview endpoints of the kube-apiserver:
// * If rawSelector is empty and requirements are empty, the request is not limited.
// * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds.
// * If rawSelector is empty and requirements are present, the requirements should be honored
// * If rawSelector is present and requirements are present, the request is invalid.
message LabelSelectorAttributes {
// rawSelector is the serialization of a field selector that would be included in a query parameter.
// Webhook implementations are encouraged to ignore rawSelector.
// The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
// +optional
optional string rawSelector = 1;
// requirements is the parsed interpretation of a label selector.
// All requirements must be met for a resource instance to match the selector.
// Webhook implementations should handle requirements, but how to handle them is up to the webhook.
// Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
// are not understood.
// +optional
// +listType=atomic
repeated .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement requirements = 2;
}
// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace.
// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions
// checking.
@ -44,7 +98,7 @@ message LocalSubjectAccessReview {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace
// you made the request against. If empty, it is defaulted.
@ -69,11 +123,13 @@ message NonResourceAttributes {
// NonResourceRule holds information that describes a rule for the non-resource
message NonResourceRule {
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
// +listType=atomic
repeated string verbs = 1;
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
// final step in the path. "*" means all.
// +optional
// +listType=atomic
repeated string nonResourceURLs = 2;
}
@ -109,26 +165,44 @@ message ResourceAttributes {
// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
// +optional
optional string name = 7;
// fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.
//
// This field is alpha-level. To use this field, you must enable the
// `AuthorizeWithSelectors` feature gate (disabled by default).
// +optional
optional FieldSelectorAttributes fieldSelector = 8;
// labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.
//
// This field is alpha-level. To use this field, you must enable the
// `AuthorizeWithSelectors` feature gate (disabled by default).
// +optional
optional LabelSelectorAttributes labelSelector = 9;
}
// ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant,
// may contain duplicates, and possibly be incomplete.
message ResourceRule {
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
// +listType=atomic
repeated string verbs = 1;
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// the enumerated resources in any API group will be allowed. "*" means all.
// +optional
// +listType=atomic
repeated string apiGroups = 2;
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
// +optional
// +listType=atomic
repeated string resources = 3;
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
// +optional
// +listType=atomic
repeated string resourceNames = 4;
}
@ -139,7 +213,7 @@ message SelfSubjectAccessReview {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated. user and groups must be empty
optional SelfSubjectAccessReviewSpec spec = 2;
@ -171,7 +245,7 @@ message SelfSubjectRulesReview {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated.
optional SelfSubjectRulesReviewSpec spec = 2;
@ -192,7 +266,7 @@ message SubjectAccessReview {
// Standard list metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the request being evaluated
optional SubjectAccessReviewSpec spec = 2;
@ -220,6 +294,7 @@ message SubjectAccessReviewSpec {
// Groups is the groups you're testing for.
// +optional
// +listType=atomic
repeated string groups = 4;
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
@ -262,10 +337,12 @@ message SubjectAccessReviewStatus {
message SubjectRulesReviewStatus {
// ResourceRules is the list of actions the subject is allowed to perform on resources.
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
// +listType=atomic
repeated ResourceRule resourceRules = 1;
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
// +listType=atomic
repeated NonResourceRule nonResourceRules = 2;
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly

79
vendor/k8s.io/api/authorization/v1/types.go generated vendored
View File

@ -26,6 +26,7 @@ import (
// +genclient:nonNamespaced
// +genclient:onlyVerbs=create
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.6
// SubjectAccessReview checks whether or not a user or group can perform an action.
type SubjectAccessReview struct {
@ -47,6 +48,7 @@ type SubjectAccessReview struct {
// +genclient:nonNamespaced
// +genclient:onlyVerbs=create
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.19
// SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a
// spec.namespace means "in all namespaces". Self is a special case, because users should always be able
@ -69,6 +71,7 @@ type SelfSubjectAccessReview struct {
// +genclient
// +genclient:onlyVerbs=create
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.19
// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace.
// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions
@ -115,6 +118,72 @@ type ResourceAttributes struct {
// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
// +optional
Name string `json:"name,omitempty" protobuf:"bytes,7,opt,name=name"`
// fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.
//
// This field is alpha-level. To use this field, you must enable the
// `AuthorizeWithSelectors` feature gate (disabled by default).
// +optional
FieldSelector *FieldSelectorAttributes `json:"fieldSelector,omitempty" protobuf:"bytes,8,opt,name=fieldSelector"`
// labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.
//
// This field is alpha-level. To use this field, you must enable the
// `AuthorizeWithSelectors` feature gate (disabled by default).
// +optional
LabelSelector *LabelSelectorAttributes `json:"labelSelector,omitempty" protobuf:"bytes,9,opt,name=labelSelector"`
}
// LabelSelectorAttributes indicates a label limited access.
// Webhook authors are encouraged to
// * ensure rawSelector and requirements are not both set
// * consider the requirements field if set
// * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details.
// For the *SubjectAccessReview endpoints of the kube-apiserver:
// * If rawSelector is empty and requirements are empty, the request is not limited.
// * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds.
// * If rawSelector is empty and requirements are present, the requirements should be honored
// * If rawSelector is present and requirements are present, the request is invalid.
type LabelSelectorAttributes struct {
// rawSelector is the serialization of a field selector that would be included in a query parameter.
// Webhook implementations are encouraged to ignore rawSelector.
// The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
// +optional
RawSelector string `json:"rawSelector,omitempty" protobuf:"bytes,1,opt,name=rawSelector"`
// requirements is the parsed interpretation of a label selector.
// All requirements must be met for a resource instance to match the selector.
// Webhook implementations should handle requirements, but how to handle them is up to the webhook.
// Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
// are not understood.
// +optional
// +listType=atomic
Requirements []metav1.LabelSelectorRequirement `json:"requirements,omitempty" protobuf:"bytes,2,rep,name=requirements"`
}
// FieldSelectorAttributes indicates a field limited access.
// Webhook authors are encouraged to
// * ensure rawSelector and requirements are not both set
// * consider the requirements field if set
// * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details.
// For the *SubjectAccessReview endpoints of the kube-apiserver:
// * If rawSelector is empty and requirements are empty, the request is not limited.
// * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds.
// * If rawSelector is empty and requirements are present, the requirements should be honored
// * If rawSelector is present and requirements are present, the request is invalid.
type FieldSelectorAttributes struct {
// rawSelector is the serialization of a field selector that would be included in a query parameter.
// Webhook implementations are encouraged to ignore rawSelector.
// The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
// +optional
RawSelector string `json:"rawSelector,omitempty" protobuf:"bytes,1,opt,name=rawSelector"`
// requirements is the parsed interpretation of a field selector.
// All requirements must be met for a resource instance to match the selector.
// Webhook implementations should handle requirements, but how to handle them is up to the webhook.
// Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements
// are not understood.
// +optional
// +listType=atomic
Requirements []metav1.FieldSelectorRequirement `json:"requirements,omitempty" protobuf:"bytes,2,rep,name=requirements"`
}
// NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
@ -143,6 +212,7 @@ type SubjectAccessReviewSpec struct {
User string `json:"user,omitempty" protobuf:"bytes,3,opt,name=user"`
// Groups is the groups you're testing for.
// +optional
// +listType=atomic
Groups []string `json:"groups,omitempty" protobuf:"bytes,4,rep,name=groups"`
// Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer
// it needs a reflection here.
@ -197,6 +267,7 @@ type SubjectAccessReviewStatus struct {
// +genclient:nonNamespaced
// +genclient:onlyVerbs=create
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +k8s:prerelease-lifecycle-gen:introduced=1.19
// SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace.
// The returned list of actions may be incomplete depending on the server's authorization mode,
@ -232,9 +303,11 @@ type SelfSubjectRulesReviewSpec struct {
type SubjectRulesReviewStatus struct {
// ResourceRules is the list of actions the subject is allowed to perform on resources.
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
// +listType=atomic
ResourceRules []ResourceRule `json:"resourceRules" protobuf:"bytes,1,rep,name=resourceRules"`
// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
// +listType=atomic
NonResourceRules []NonResourceRule `json:"nonResourceRules" protobuf:"bytes,2,rep,name=nonResourceRules"`
// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
// encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
@ -250,28 +323,34 @@ type SubjectRulesReviewStatus struct {
// may contain duplicates, and possibly be incomplete.
type ResourceRule struct {
// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.
// +listType=atomic
Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"`
// APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
// the enumerated resources in any API group will be allowed. "*" means all.
// +optional
// +listType=atomic
APIGroups []string `json:"apiGroups,omitempty" protobuf:"bytes,2,rep,name=apiGroups"`
// Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups.
// "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
// +optional
// +listType=atomic
Resources []string `json:"resources,omitempty" protobuf:"bytes,3,rep,name=resources"`
// ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.
// +optional
// +listType=atomic
ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,4,rep,name=resourceNames"`
}
// NonResourceRule holds information that describes a rule for the non-resource
type NonResourceRule struct {
// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.
// +listType=atomic
Verbs []string `json:"verbs" protobuf:"bytes,1,rep,name=verbs"`
// NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full,
// final step in the path. "*" means all.
// +optional
// +listType=atomic
NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,2,rep,name=nonResourceURLs"`
}

38
vendor/k8s.io/api/authorization/v1/types_swagger_doc_generated.go generated vendored
View File

@ -27,6 +27,26 @@ package v1
// Those methods can be generated by using hack/update-codegen.sh
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_FieldSelectorAttributes = map[string]string{
"": "FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.",
"rawSelector": "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.",
"requirements": "requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.",
}
func (FieldSelectorAttributes) SwaggerDoc() map[string]string {
return map_FieldSelectorAttributes
}
var map_LabelSelectorAttributes = map[string]string{
"": "LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.",
"rawSelector": "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.",
"requirements": "requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.",
}
func (LabelSelectorAttributes) SwaggerDoc() map[string]string {
return map_LabelSelectorAttributes
}
var map_LocalSubjectAccessReview = map[string]string{
"": "LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.",
"metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata",
@ -59,14 +79,16 @@ func (NonResourceRule) SwaggerDoc() map[string]string {
}
var map_ResourceAttributes = map[string]string{
"": "ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface",
"namespace": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces \"\" (empty) is defaulted for LocalSubjectAccessReviews \"\" (empty) is empty for cluster-scoped resources \"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview",
"verb": "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
"group": "Group is the API Group of the Resource. \"*\" means all.",
"version": "Version is the API Version of the Resource. \"*\" means all.",
"resource": "Resource is one of the existing resource types. \"*\" means all.",
"subresource": "Subresource is one of the existing resource types. \"\" means none.",
"name": "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.",
"": "ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface",
"namespace": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces \"\" (empty) is defaulted for LocalSubjectAccessReviews \"\" (empty) is empty for cluster-scoped resources \"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview",
"verb": "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.",
"group": "Group is the API Group of the Resource. \"*\" means all.",
"version": "Version is the API Version of the Resource. \"*\" means all.",
"resource": "Resource is one of the existing resource types. \"*\" means all.",
"subresource": "Subresource is one of the existing resource types. \"\" means none.",
"name": "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.",
"fieldSelector": "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the `AuthorizeWithSelectors` feature gate (disabled by default).",
"labelSelector": "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.\n\nThis field is alpha-level. To use this field, you must enable the `AuthorizeWithSelectors` feature gate (disabled by default).",
}
func (ResourceAttributes) SwaggerDoc() map[string]string {

61
vendor/k8s.io/api/authorization/v1/zz_generated.deepcopy.go generated vendored
View File

@ -22,6 +22,7 @@ limitations under the License.
package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
@ -45,6 +46,52 @@ func (in ExtraValue) DeepCopy() ExtraValue {
return *out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *FieldSelectorAttributes) DeepCopyInto(out *FieldSelectorAttributes) {
*out = *in
if in.Requirements != nil {
in, out := &in.Requirements, &out.Requirements
*out = make([]metav1.FieldSelectorRequirement, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FieldSelectorAttributes.
func (in *FieldSelectorAttributes) DeepCopy() *FieldSelectorAttributes {
if in == nil {
return nil
}
out := new(FieldSelectorAttributes)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *LabelSelectorAttributes) DeepCopyInto(out *LabelSelectorAttributes) {
*out = *in
if in.Requirements != nil {
in, out := &in.Requirements, &out.Requirements
*out = make([]metav1.LabelSelectorRequirement, len(*in))
for i := range *in {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LabelSelectorAttributes.
func (in *LabelSelectorAttributes) DeepCopy() *LabelSelectorAttributes {
if in == nil {
return nil
}
out := new(LabelSelectorAttributes)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *LocalSubjectAccessReview) DeepCopyInto(out *LocalSubjectAccessReview) {
*out = *in
@ -118,6 +165,16 @@ func (in *NonResourceRule) DeepCopy() *NonResourceRule {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ResourceAttributes) DeepCopyInto(out *ResourceAttributes) {
*out = *in
if in.FieldSelector != nil {
in, out := &in.FieldSelector, &out.FieldSelector
*out = new(FieldSelectorAttributes)
(*in).DeepCopyInto(*out)
}
if in.LabelSelector != nil {
in, out := &in.LabelSelector, &out.LabelSelector
*out = new(LabelSelectorAttributes)
(*in).DeepCopyInto(*out)
}
return
}
@ -201,7 +258,7 @@ func (in *SelfSubjectAccessReviewSpec) DeepCopyInto(out *SelfSubjectAccessReview
if in.ResourceAttributes != nil {
in, out := &in.ResourceAttributes, &out.ResourceAttributes
*out = new(ResourceAttributes)
**out = **in
(*in).DeepCopyInto(*out)
}
if in.NonResourceAttributes != nil {
in, out := &in.NonResourceAttributes, &out.NonResourceAttributes
@ -299,7 +356,7 @@ func (in *SubjectAccessReviewSpec) DeepCopyInto(out *SubjectAccessReviewSpec) {
if in.ResourceAttributes != nil {
in, out := &in.ResourceAttributes, &out.ResourceAttributes
*out = new(ResourceAttributes)
**out = **in
(*in).DeepCopyInto(*out)
}
if in.NonResourceAttributes != nil {
in, out := &in.NonResourceAttributes, &out.NonResourceAttributes

46
vendor/k8s.io/api/authorization/v1/zz_generated.prerelease-lifecycle.go generated vendored Normal file
View File

@ -0,0 +1,46 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by prerelease-lifecycle-gen. DO NOT EDIT.
package v1
// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (in *LocalSubjectAccessReview) APILifecycleIntroduced() (major, minor int) {
return 1, 19
}
// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (in *SelfSubjectAccessReview) APILifecycleIntroduced() (major, minor int) {
return 1, 19
}
// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (in *SelfSubjectRulesReview) APILifecycleIntroduced() (major, minor int) {
return 1, 19
}
// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison.
// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go.
func (in *SubjectAccessReview) APILifecycleIntroduced() (major, minor int) {
return 1, 6
}