Skip to content

Commit

Permalink
Generated changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@soltysh
soltysh committed Dec 3, 2020
1 parent d7c33ea commit 23a9a1e
Show file tree
Hide file tree
Showing 6 changed files with 345 additions and 327 deletions.
70 changes: 36 additions & 34 deletions authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,10 @@ spec:
type: object
properties:
groups:
description: Groups is a list of groups used to match against an
individual user's groups. If the user is a member of one of the
whitelisted groups, the user is allowed to be bound to a role.
description: Groups is a list of groups used to match against
an individual user's groups. If the user is a member of one
of the whitelisted groups, the user is allowed to be bound to
a role.
type: array
items:
type: string
Expand All @@ -60,10 +61,10 @@ spec:
group labels.
type: array
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An
empty label selector matches all objects. A null label selector
matches no objects.
description: A label selector is a label query over a set of
resources. The result of matchLabels and matchExpressions
are ANDed. An empty label selector matches all objects. A
null label selector matches no objects.
type: object
properties:
matchExpressions:
Expand All @@ -89,20 +90,20 @@ spec:
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
type: array
items:
type: string
matchLabels:
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
additionalProperties:
type: string
Expand All @@ -114,7 +115,8 @@ spec:
type: object
properties:
namespaces:
description: Namespaces specifies a list of literal namespace names.
description: Namespaces specifies a list of literal namespace
names.
type: array
items:
type: string
Expand All @@ -133,8 +135,8 @@ spec:
namespace:
description: Namespace is the namespace of the service account. Service
accounts from inside the whitelisted namespaces are allowed
to be bound to roles. If Namespace is empty, then the namespace
of the RoleBindingRestriction in which the ServiceAccountReference
to be bound to roles. If Namespace is empty, then the
namespace of the RoleBindingRestriction in which the ServiceAccountReference
is embedded is used.
type: string
nullable: true
Expand All @@ -153,10 +155,10 @@ spec:
user labels.
type: array
items:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An
empty label selector matches all objects. A null label selector
matches no objects.
description: A label selector is a label query over a set of
resources. The result of matchLabels and matchExpressions
are ANDed. An empty label selector matches all objects. A
null label selector matches no objects.
type: object
properties:
matchExpressions:
Expand All @@ -182,20 +184,20 @@ spec:
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
type: array
items:
type: string
matchLabels:
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
additionalProperties:
type: string
Expand Down
32 changes: 16 additions & 16 deletions config/v1/0000_03_config-operator_01_proxy.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,9 @@ spec:
means unset and will not result in an env var.
type: string
noProxy:
description: noProxy is a comma-separated list of hostnames and/or CIDRs
for which the proxy should not be used. Empty means unset and will
not result in an env var.
description: noProxy is a comma-separated list of hostnames and/or
CIDRs for which the proxy should not be used. Empty means unset
and will not result in an env var.
type: string
readinessEndpoints:
description: readinessEndpoints is a list of endpoints used to verify
Expand All @@ -64,19 +64,19 @@ spec:
items:
type: string
trustedCA:
description: "trustedCA is a reference to a ConfigMap containing a CA
certificate bundle. The trustedCA field should only be consumed by
a proxy validator. The validator is responsible for reading the certificate
bundle from the required key \"ca-bundle.crt\", merging it with the
system default trust bundle, and writing the merged trust bundle to
a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\"
description: "trustedCA is a reference to a ConfigMap containing a
CA certificate bundle. The trustedCA field should only be consumed
by a proxy validator. The validator is responsible for reading the
certificate bundle from the required key \"ca-bundle.crt\", merging
it with the system default trust bundle, and writing the merged
trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\"
namespace. Clients that expect to make proxy connections must use
the trusted-ca-bundle for all HTTPS requests to the proxy, and may
use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n
The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\".
Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap
metadata: name: user-ca-bundle namespace: openshift-config data:
\ ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom
use the trusted-ca-bundle for non-proxy HTTPS requests as well.
\n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\".
Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind:
ConfigMap metadata: name: user-ca-bundle namespace: openshift-config
\ data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom
CA certificate bundle. -----END CERTIFICATE-----"
type: object
required:
Expand All @@ -98,6 +98,6 @@ spec:
description: httpsProxy is the URL of the proxy for HTTPS requests.
type: string
noProxy:
description: noProxy is a comma-separated list of hostnames and/or CIDRs
for which the proxy should not be used.
description: noProxy is a comma-separated list of hostnames and/or
CIDRs for which the proxy should not be used.
type: string
50 changes: 26 additions & 24 deletions config/v1/0000_10_config-operator_01_authentication.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ spec:
schema:
openAPIV3Schema:
description: Authentication specifies cluster-wide settings for authentication
(like OAuth and webhook token authenticators). The canonical name of an instance
is `cluster`.
(like OAuth and webhook token authenticators). The canonical name of an
instance is `cluster`.
type: object
required:
- spec
Expand All @@ -48,12 +48,12 @@ spec:
oauthMetadata:
description: 'oauthMetadata contains the discovery endpoint data for
OAuth 2.0 Authorization Server Metadata for an external OAuth server.
This discovery document can be viewed from its served location: oc
get --raw ''/.well-known/oauth-authorization-server'' For further
This discovery document can be viewed from its served location:
oc get --raw ''/.well-known/oauth-authorization-server'' For further
details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
If oauthMetadata.name is non-empty, this value has precedence over
any metadata reference stored in status. The key "oauthMetadata" is
used to locate the data. If specified and the config map or expected
any metadata reference stored in status. The key "oauthMetadata"
is used to locate the data. If specified and the config map or expected
key is not found, no metadata is served. If the specified metadata
is not valid, no metadata is served. The namespace for this config
map is openshift-config.'
Expand All @@ -77,8 +77,8 @@ spec:
webhookTokenAuthenticator:
description: webhookTokenAuthenticator configures a remote token reviewer.
These remote authentication webhooks can be used to verify bearer
tokens via the tokenreviews.authentication.k8s.io REST API. This is
required to honor bearer tokens that are provisioned by an external
tokens via the tokenreviews.authentication.k8s.io REST API. This
is required to honor bearer tokens that are provisioned by an external
authentication service.
type: object
required:
Expand All @@ -89,9 +89,10 @@ spec:
config file data which describes how to access the remote webhook
service. The namespace for the referenced secret is openshift-config.
\n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
\n The key \"kubeConfig\" is used to locate the data. If the secret
or expected key is not found, the webhook is not honored. If the
specified kube config data is not valid, the webhook is not honored."
\n The key \"kubeConfig\" is used to locate the data. If the
secret or expected key is not found, the webhook is not honored.
If the specified kube config data is not valid, the webhook
is not honored."
type: object
required:
- name
Expand All @@ -100,8 +101,8 @@ spec:
description: name is the metadata.name of the referenced secret
type: string
webhookTokenAuthenticators:
description: webhookTokenAuthenticators is DEPRECATED, setting it has
no effect.
description: webhookTokenAuthenticators is DEPRECATED, setting it
has no effect.
type: array
items:
description: deprecatedWebhookTokenAuthenticator holds the necessary
Expand All @@ -115,16 +116,17 @@ spec:
describes how to access the remote webhook service. For further
details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
The key "kubeConfig" is used to locate the data. If the secret
or expected key is not found, the webhook is not honored. If
the specified kube config data is not valid, the webhook is
not honored. The namespace for this secret is determined by
the point of use.'
or expected key is not found, the webhook is not honored.
If the specified kube config data is not valid, the webhook
is not honored. The namespace for this secret is determined
by the point of use.'
type: object
required:
- name
properties:
name:
description: name is the metadata.name of the referenced secret
description: name is the metadata.name of the referenced
secret
type: string
status:
description: status holds observed values from the cluster. They may not
Expand All @@ -138,12 +140,12 @@ spec:
its served location: oc get --raw ''/.well-known/oauth-authorization-server''
For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
This contains the observed value based on cluster state. An explicitly
set value in spec.oauthMetadata has precedence over this field. This
field has no meaning if authentication spec.type is not set to IntegratedOAuth.
The key "oauthMetadata" is used to locate the data. If the config
map or expected key is not found, no metadata is served. If the specified
metadata is not valid, no metadata is served. The namespace for this
config map is openshift-config-managed.'
set value in spec.oauthMetadata has precedence over this field.
This field has no meaning if authentication spec.type is not set
to IntegratedOAuth. The key "oauthMetadata" is used to locate the
data. If the config map or expected key is not found, no metadata
is served. If the specified metadata is not valid, no metadata is
served. The namespace for this config map is openshift-config-managed.'
type: object
required:
- name
Expand Down
12 changes: 6 additions & 6 deletions config/v1/0000_10_config-operator_01_featuregate.crd.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,16 +46,16 @@ spec:
properties:
customNoUpgrade:
description: customNoUpgrade allows the enabling or disabling of any
feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE,
and PREVENTS UPGRADES. Because of its nature, this setting cannot
be validated. If you have any typos or accidentally apply invalid
combinations your cluster may fail in an unrecoverable way. featureSet
feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE
UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting
cannot be validated. If you have any typos or accidentally apply
invalid combinations your cluster may fail in an unrecoverable way. featureSet
must equal "CustomNoUpgrade" must be set to use this field.
type: object
properties:
disabled:
description: disabled is a list of all feature gates that you want
to force off
description: disabled is a list of all feature gates that you
want to force off
type: array
items:
type: string
Expand Down
Loading

0 comments on commit 23a9a1e

Please sign in to comment.