summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorvincentgoat <linguohui1@huawei.com>2023-05-29 21:27:35 +0800
committervincentgoat <linguohui1@huawei.com>2023-05-29 21:28:21 +0800
commit1de6d1c6bca2b4513ecd75305cd99f1159990318 (patch)
tree421d93544181ed3dbe65e4ed31681e49a8925453
parentadd crd api types (diff)
downloadkubeedge-1de6d1c6bca2b4513ecd75305cd99f1159990318.tar.gz
generate crd
Signed-off-by: vincentgoat <linguohui1@huawei.com>
Diffstat
-rw-r--r--build/crds/policy/policy_v1alpha1_serviceaccountaccess.yaml501
-rw-r--r--manifests/charts/cloudcore/crds/policy_v1alpha1_serviceaccountaccess.yaml501
-rw-r--r--pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go188
-rw-r--r--pkg/client/clientset/versioned/clientset.go13
-rw-r--r--pkg/client/clientset/versioned/fake/clientset_generated.go7
-rw-r--r--pkg/client/clientset/versioned/fake/register.go2
-rw-r--r--pkg/client/clientset/versioned/scheme/register.go2
-rw-r--r--pkg/client/clientset/versioned/typed/policy/v1alpha1/doc.go20
-rw-r--r--pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/doc.go20
-rw-r--r--pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_policy_client.go40
-rw-r--r--pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_serviceaccountaccess.go142
-rw-r--r--pkg/client/clientset/versioned/typed/policy/v1alpha1/generated_expansion.go21
-rw-r--r--pkg/client/clientset/versioned/typed/policy/v1alpha1/policy_client.go107
-rw-r--r--pkg/client/clientset/versioned/typed/policy/v1alpha1/serviceaccountaccess.go195
-rw-r--r--pkg/client/informers/externalversions/factory.go6
-rw-r--r--pkg/client/informers/externalversions/generic.go5
-rw-r--r--pkg/client/informers/externalversions/policy/interface.go46
-rw-r--r--pkg/client/informers/externalversions/policy/v1alpha1/interface.go45
-rw-r--r--pkg/client/informers/externalversions/policy/v1alpha1/serviceaccountaccess.go90
-rw-r--r--pkg/client/listers/policy/v1alpha1/expansion_generated.go27
-rw-r--r--pkg/client/listers/policy/v1alpha1/serviceaccountaccess.go99
21 files changed, 2077 insertions, 0 deletions
diff --git a/build/crds/policy/policy_v1alpha1_serviceaccountaccess.yaml b/build/crds/policy/policy_v1alpha1_serviceaccountaccess.yaml
new file mode 100644
index 000000000..a6a2c27e0
--- /dev/null
+++ b/build/crds/policy/policy_v1alpha1_serviceaccountaccess.yaml
@@ -0,0 +1,501 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: serviceaccountaccesses.policy.kubeedge.io
+spec:
+ group: policy.kubeedge.io
+ names:
+ kind: ServiceAccountAccess
+ listKind: ServiceAccountAccessList
+ plural: serviceaccountaccesses
+ shortNames:
+ - saaccess
+ singular: serviceaccountaccess
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ServiceAccountAccess is the Schema for the ServiceAccountAccess
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec represents the specification of rbac.
+ properties:
+ accessClusterRoleBinding:
+ description: AccessClusterRoleBinding represents rbac ClusterRoleBinding
+ plus detailed ClusterRole info.
+ items:
+ description: AccessClusterRoleBinding represents rbac ClusterRoleBinding
+ plus detailed ClusterRole info.
+ properties:
+ clusterRoleBinding:
+ description: ClusterRoleBinding represents rbac ClusterRoleBinding.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of
+ this representation of an object. Servers should convert
+ recognized schemas to the latest internal value, and may
+ reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: Standard object's metadata.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ roleRef:
+ description: RoleRef can only reference a ClusterRole in
+ the global namespace. If the RoleRef cannot be resolved,
+ the Authorizer must return an error.
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - apiGroup
+ - kind
+ - name
+ type: object
+ subjects:
+ description: Subjects holds references to the objects the
+ role applies to.
+ items:
+ description: Subject contains a reference to the object
+ or user identities a role binding applies to. This
+ can either hold a direct API object reference, or a
+ value for non-objects such as user and group names.
+ properties:
+ apiGroup:
+ description: APIGroup holds the API group of the referenced
+ subject. Defaults to "" for ServiceAccount subjects.
+ Defaults to "rbac.authorization.k8s.io" for User
+ and Group subjects.
+ type: string
+ kind:
+ description: Kind of object being referenced. Values
+ defined by this API group are "User", "Group", and
+ "ServiceAccount". If the Authorizer does not recognized
+ the kind value, the Authorizer should report an
+ error.
+ type: string
+ name:
+ description: Name of the object being referenced.
+ type: string
+ namespace:
+ description: Namespace of the referenced object. If
+ the object kind is non-namespace, such as "User"
+ or "Group", and this value is not empty the Authorizer
+ should report an error.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - roleRef
+ type: object
+ rules:
+ description: Rules contains role rules.
+ items:
+ description: PolicyRule holds information that describes a
+ policy rule, but does not contain information about who
+ the rule applies to or which namespace the rule applies
+ to.
+ properties:
+ apiGroups:
+ description: APIGroups is the name of the APIGroup that
+ contains the resources. If multiple API groups are
+ specified, any action requested against one of the enumerated
+ resources in any API group will be allowed.
+ items:
+ type: string
+ type: array
+ nonResourceURLs:
+ description: NonResourceURLs is a set of partial urls
+ that a user should have access to. *s are allowed,
+ but only as the full, final step in the path Since non-resource
+ URLs are not namespaced, this field is only applicable
+ for ClusterRoles referenced from a ClusterRoleBinding.
+ Rules can either apply to API resources (such as "pods"
+ or "secrets") or non-resource URL paths (such as "/api"), but
+ not both.
+ items:
+ type: string
+ type: array
+ resourceNames:
+ description: ResourceNames is an optional white list of
+ names that the rule applies to. An empty set means
+ that everything is allowed.
+ items:
+ type: string
+ type: array
+ resources:
+ description: Resources is a list of resources this rule
+ applies to. '*' represents all resources.
+ items:
+ type: string
+ type: array
+ verbs:
+ description: Verbs is a list of Verbs that apply to ALL
+ the ResourceKinds contained in this rule. '*' represents
+ all verbs.
+ items:
+ type: string
+ type: array
+ required:
+ - verbs
+ type: object
+ type: array
+ type: object
+ type: array
+ accessRoleBinding:
+ description: AccessRoleBinding represents rbac rolebinding plus detailed
+ role info.
+ items:
+ description: AccessRoleBinding represents rbac rolebinding plus
+ detailed role info.
+ properties:
+ roleBinding:
+ description: RoleBinding represents rbac rolebinding.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of
+ this representation of an object. Servers should convert
+ recognized schemas to the latest internal value, and may
+ reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: Standard object's metadata.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ roleRef:
+ description: RoleRef can reference a Role in the current
+ namespace or a ClusterRole in the global namespace. If
+ the RoleRef cannot be resolved, the Authorizer must return
+ an error.
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - apiGroup
+ - kind
+ - name
+ type: object
+ subjects:
+ description: Subjects holds references to the objects the
+ role applies to.
+ items:
+ description: Subject contains a reference to the object
+ or user identities a role binding applies to. This
+ can either hold a direct API object reference, or a
+ value for non-objects such as user and group names.
+ properties:
+ apiGroup:
+ description: APIGroup holds the API group of the referenced
+ subject. Defaults to "" for ServiceAccount subjects.
+ Defaults to "rbac.authorization.k8s.io" for User
+ and Group subjects.
+ type: string
+ kind:
+ description: Kind of object being referenced. Values
+ defined by this API group are "User", "Group", and
+ "ServiceAccount". If the Authorizer does not recognized
+ the kind value, the Authorizer should report an
+ error.
+ type: string
+ name:
+ description: Name of the object being referenced.
+ type: string
+ namespace:
+ description: Namespace of the referenced object. If
+ the object kind is non-namespace, such as "User"
+ or "Group", and this value is not empty the Authorizer
+ should report an error.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - roleRef
+ type: object
+ rules:
+ description: Rules contains role rules.
+ items:
+ description: PolicyRule holds information that describes a
+ policy rule, but does not contain information about who
+ the rule applies to or which namespace the rule applies
+ to.
+ properties:
+ apiGroups:
+ description: APIGroups is the name of the APIGroup that
+ contains the resources. If multiple API groups are
+ specified, any action requested against one of the enumerated
+ resources in any API group will be allowed.
+ items:
+ type: string
+ type: array
+ nonResourceURLs:
+ description: NonResourceURLs is a set of partial urls
+ that a user should have access to. *s are allowed,
+ but only as the full, final step in the path Since non-resource
+ URLs are not namespaced, this field is only applicable
+ for ClusterRoles referenced from a ClusterRoleBinding.
+ Rules can either apply to API resources (such as "pods"
+ or "secrets") or non-resource URL paths (such as "/api"), but
+ not both.
+ items:
+ type: string
+ type: array
+ resourceNames:
+ description: ResourceNames is an optional white list of
+ names that the rule applies to. An empty set means
+ that everything is allowed.
+ items:
+ type: string
+ type: array
+ resources:
+ description: Resources is a list of resources this rule
+ applies to. '*' represents all resources.
+ items:
+ type: string
+ type: array
+ verbs:
+ description: Verbs is a list of Verbs that apply to ALL
+ the ResourceKinds contained in this rule. '*' represents
+ all verbs.
+ items:
+ type: string
+ type: array
+ required:
+ - verbs
+ type: object
+ type: array
+ type: object
+ type: array
+ serviceAccount:
+ description: ServiceAccount is one-to-one corresponding relations
+ with the serviceaccountaccess.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates whether pods
+ running as this service account should have an API token automatically
+ mounted. Can be overridden at the pod level.
+ type: boolean
+ imagePullSecrets:
+ description: 'ImagePullSecrets is a list of references to secrets
+ in the same namespace to use for pulling any images in pods
+ that reference this ServiceAccount. ImagePullSecrets are distinct
+ from Secrets because Secrets can be mounted in the pod, but
+ ImagePullSecrets are only accessed by the kubelet. More info:
+ https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
+ items:
+ description: LocalObjectReference contains enough information
+ to let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing the REST resource
+ this object represents. Servers may infer this from the endpoint
+ the client submits requests to. Cannot be updated. In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ secrets:
+ description: 'Secrets is the list of secrets allowed to be used
+ by pods running using this ServiceAccount. More info: https://kubernetes.io/docs/concepts/configuration/secret'
+ items:
+ description: 'ObjectReference contains enough information to
+ let you inspect or modify the referred object. --- New uses
+ of this type are discouraged because of difficulty describing
+ its usage when embedded in APIs. 1. Ignored fields. It includes
+ many fields which are not generally honored. For instance,
+ ResourceVersion and FieldPath are both very rarely valid in
+ actual usage. 2. Invalid usage help. It is impossible to
+ add specific help for individual usage. In most embedded
+ usages, there are particular restrictions like, "must
+ refer only to types A and B" or "UID not honored" or "name
+ must be restricted". Those cannot be well described when
+ embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage,
+ which makes it hard for users to predict what will happen. 4.
+ The fields are both imprecise and overly precise. Kind is
+ not a precise mapping to a URL. This can produce ambiguity during
+ interpretation and require a REST mapping. In most cases,
+ the dependency is on the group,resource tuple and the
+ version of the actual struct is irrelevant. 5. We cannot
+ easily change it. Because this type is embedded in many locations,
+ updates to this type will affect numerous schemas. Don''t
+ make new APIs embed an underspecified API type they do not
+ control. Instead of using this type, create a locally provided
+ and used type that is well-focused on your reference. For
+ example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way
+ of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in the
+ future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ type: object
+ serviceAccountUid:
+ description: ServiceAccountUID is the uid of serviceaccount.
+ type: string
+ type: object
+ status:
+ description: Status represents the node list which store the rules.
+ properties:
+ nodeList:
+ description: NodeList represents the node name which store the rules.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/manifests/charts/cloudcore/crds/policy_v1alpha1_serviceaccountaccess.yaml b/manifests/charts/cloudcore/crds/policy_v1alpha1_serviceaccountaccess.yaml
new file mode 100644
index 000000000..a6a2c27e0
--- /dev/null
+++ b/manifests/charts/cloudcore/crds/policy_v1alpha1_serviceaccountaccess.yaml
@@ -0,0 +1,501 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: serviceaccountaccesses.policy.kubeedge.io
+spec:
+ group: policy.kubeedge.io
+ names:
+ kind: ServiceAccountAccess
+ listKind: ServiceAccountAccessList
+ plural: serviceaccountaccesses
+ shortNames:
+ - saaccess
+ singular: serviceaccountaccess
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ServiceAccountAccess is the Schema for the ServiceAccountAccess
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec represents the specification of rbac.
+ properties:
+ accessClusterRoleBinding:
+ description: AccessClusterRoleBinding represents rbac ClusterRoleBinding
+ plus detailed ClusterRole info.
+ items:
+ description: AccessClusterRoleBinding represents rbac ClusterRoleBinding
+ plus detailed ClusterRole info.
+ properties:
+ clusterRoleBinding:
+ description: ClusterRoleBinding represents rbac ClusterRoleBinding.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of
+ this representation of an object. Servers should convert
+ recognized schemas to the latest internal value, and may
+ reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: Standard object's metadata.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ roleRef:
+ description: RoleRef can only reference a ClusterRole in
+ the global namespace. If the RoleRef cannot be resolved,
+ the Authorizer must return an error.
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - apiGroup
+ - kind
+ - name
+ type: object
+ subjects:
+ description: Subjects holds references to the objects the
+ role applies to.
+ items:
+ description: Subject contains a reference to the object
+ or user identities a role binding applies to. This
+ can either hold a direct API object reference, or a
+ value for non-objects such as user and group names.
+ properties:
+ apiGroup:
+ description: APIGroup holds the API group of the referenced
+ subject. Defaults to "" for ServiceAccount subjects.
+ Defaults to "rbac.authorization.k8s.io" for User
+ and Group subjects.
+ type: string
+ kind:
+ description: Kind of object being referenced. Values
+ defined by this API group are "User", "Group", and
+ "ServiceAccount". If the Authorizer does not recognized
+ the kind value, the Authorizer should report an
+ error.
+ type: string
+ name:
+ description: Name of the object being referenced.
+ type: string
+ namespace:
+ description: Namespace of the referenced object. If
+ the object kind is non-namespace, such as "User"
+ or "Group", and this value is not empty the Authorizer
+ should report an error.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - roleRef
+ type: object
+ rules:
+ description: Rules contains role rules.
+ items:
+ description: PolicyRule holds information that describes a
+ policy rule, but does not contain information about who
+ the rule applies to or which namespace the rule applies
+ to.
+ properties:
+ apiGroups:
+ description: APIGroups is the name of the APIGroup that
+ contains the resources. If multiple API groups are
+ specified, any action requested against one of the enumerated
+ resources in any API group will be allowed.
+ items:
+ type: string
+ type: array
+ nonResourceURLs:
+ description: NonResourceURLs is a set of partial urls
+ that a user should have access to. *s are allowed,
+ but only as the full, final step in the path Since non-resource
+ URLs are not namespaced, this field is only applicable
+ for ClusterRoles referenced from a ClusterRoleBinding.
+ Rules can either apply to API resources (such as "pods"
+ or "secrets") or non-resource URL paths (such as "/api"), but
+ not both.
+ items:
+ type: string
+ type: array
+ resourceNames:
+ description: ResourceNames is an optional white list of
+ names that the rule applies to. An empty set means
+ that everything is allowed.
+ items:
+ type: string
+ type: array
+ resources:
+ description: Resources is a list of resources this rule
+ applies to. '*' represents all resources.
+ items:
+ type: string
+ type: array
+ verbs:
+ description: Verbs is a list of Verbs that apply to ALL
+ the ResourceKinds contained in this rule. '*' represents
+ all verbs.
+ items:
+ type: string
+ type: array
+ required:
+ - verbs
+ type: object
+ type: array
+ type: object
+ type: array
+ accessRoleBinding:
+ description: AccessRoleBinding represents rbac rolebinding plus detailed
+ role info.
+ items:
+ description: AccessRoleBinding represents rbac rolebinding plus
+ detailed role info.
+ properties:
+ roleBinding:
+ description: RoleBinding represents rbac rolebinding.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of
+ this representation of an object. Servers should convert
+ recognized schemas to the latest internal value, and may
+ reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST
+ resource this object represents. Servers may infer this
+ from the endpoint the client submits requests to. Cannot
+ be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: Standard object's metadata.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ roleRef:
+ description: RoleRef can reference a Role in the current
+ namespace or a ClusterRole in the global namespace. If
+ the RoleRef cannot be resolved, the Authorizer must return
+ an error.
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource
+ being referenced
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - apiGroup
+ - kind
+ - name
+ type: object
+ subjects:
+ description: Subjects holds references to the objects the
+ role applies to.
+ items:
+ description: Subject contains a reference to the object
+ or user identities a role binding applies to. This
+ can either hold a direct API object reference, or a
+ value for non-objects such as user and group names.
+ properties:
+ apiGroup:
+ description: APIGroup holds the API group of the referenced
+ subject. Defaults to "" for ServiceAccount subjects.
+ Defaults to "rbac.authorization.k8s.io" for User
+ and Group subjects.
+ type: string
+ kind:
+ description: Kind of object being referenced. Values
+ defined by this API group are "User", "Group", and
+ "ServiceAccount". If the Authorizer does not recognized
+ the kind value, the Authorizer should report an
+ error.
+ type: string
+ name:
+ description: Name of the object being referenced.
+ type: string
+ namespace:
+ description: Namespace of the referenced object. If
+ the object kind is non-namespace, such as "User"
+ or "Group", and this value is not empty the Authorizer
+ should report an error.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ type: array
+ required:
+ - roleRef
+ type: object
+ rules:
+ description: Rules contains role rules.
+ items:
+ description: PolicyRule holds information that describes a
+ policy rule, but does not contain information about who
+ the rule applies to or which namespace the rule applies
+ to.
+ properties:
+ apiGroups:
+ description: APIGroups is the name of the APIGroup that
+ contains the resources. If multiple API groups are
+ specified, any action requested against one of the enumerated
+ resources in any API group will be allowed.
+ items:
+ type: string
+ type: array
+ nonResourceURLs:
+ description: NonResourceURLs is a set of partial urls
+ that a user should have access to. *s are allowed,
+ but only as the full, final step in the path Since non-resource
+ URLs are not namespaced, this field is only applicable
+ for ClusterRoles referenced from a ClusterRoleBinding.
+ Rules can either apply to API resources (such as "pods"
+ or "secrets") or non-resource URL paths (such as "/api"), but
+ not both.
+ items:
+ type: string
+ type: array
+ resourceNames:
+ description: ResourceNames is an optional white list of
+ names that the rule applies to. An empty set means
+ that everything is allowed.
+ items:
+ type: string
+ type: array
+ resources:
+ description: Resources is a list of resources this rule
+ applies to. '*' represents all resources.
+ items:
+ type: string
+ type: array
+ verbs:
+ description: Verbs is a list of Verbs that apply to ALL
+ the ResourceKinds contained in this rule. '*' represents
+ all verbs.
+ items:
+ type: string
+ type: array
+ required:
+ - verbs
+ type: object
+ type: array
+ type: object
+ type: array
+ serviceAccount:
+ description: ServiceAccount is one-to-one corresponding relations
+ with the serviceaccountaccess.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this
+ representation of an object. Servers should convert recognized
+ schemas to the latest internal value, and may reject unrecognized
+ values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates whether pods
+ running as this service account should have an API token automatically
+ mounted. Can be overridden at the pod level.
+ type: boolean
+ imagePullSecrets:
+ description: 'ImagePullSecrets is a list of references to secrets
+ in the same namespace to use for pulling any images in pods
+ that reference this ServiceAccount. ImagePullSecrets are distinct
+ from Secrets because Secrets can be mounted in the pod, but
+ ImagePullSecrets are only accessed by the kubelet. More info:
+ https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod'
+ items:
+ description: LocalObjectReference contains enough information
+ to let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ kind:
+ description: 'Kind is a string value representing the REST resource
+ this object represents. Servers may infer this from the endpoint
+ the client submits requests to. Cannot be updated. In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ secrets:
+ description: 'Secrets is the list of secrets allowed to be used
+ by pods running using this ServiceAccount. More info: https://kubernetes.io/docs/concepts/configuration/secret'
+ items:
+ description: 'ObjectReference contains enough information to
+ let you inspect or modify the referred object. --- New uses
+ of this type are discouraged because of difficulty describing
+ its usage when embedded in APIs. 1. Ignored fields. It includes
+ many fields which are not generally honored. For instance,
+ ResourceVersion and FieldPath are both very rarely valid in
+ actual usage. 2. Invalid usage help. It is impossible to
+ add specific help for individual usage. In most embedded
+ usages, there are particular restrictions like, "must
+ refer only to types A and B" or "UID not honored" or "name
+ must be restricted". Those cannot be well described when
+ embedded. 3. Inconsistent validation. Because the usages
+ are different, the validation rules are different by usage,
+ which makes it hard for users to predict what will happen. 4.
+ The fields are both imprecise and overly precise. Kind is
+ not a precise mapping to a URL. This can produce ambiguity during
+ interpretation and require a REST mapping. In most cases,
+ the dependency is on the group,resource tuple and the
+ version of the actual struct is irrelevant. 5. We cannot
+ easily change it. Because this type is embedded in many locations,
+ updates to this type will affect numerous schemas. Don''t
+ make new APIs embed an underspecified API type they do not
+ control. Instead of using this type, create a locally provided
+ and used type that is well-focused on your reference. For
+ example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+ .'
+ properties:
+ apiVersion:
+ description: API version of the referent.
+ type: string
+ fieldPath:
+ description: 'If referring to a piece of an object instead
+ of an entire object, this string should contain a valid
+ JSON/Go field access statement, such as desiredState.manifest.containers[2].
+ For example, if the object reference is to a container
+ within a pod, this would take on a value like: "spec.containers{name}"
+ (where "name" refers to the name of the container that
+ triggered the event) or if no container name is specified
+ "spec.containers[2]" (container with index 2 in this pod).
+ This syntax is chosen only to have some well-defined way
+ of referencing a part of an object. TODO: this design
+ is not final and this field is subject to change in the
+ future.'
+ type: string
+ kind:
+ description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ namespace:
+ description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+ type: string
+ resourceVersion:
+ description: 'Specific resourceVersion to which this reference
+ is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+ type: string
+ uid:
+ description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+ type: string
+ type: object
+ type: array
+ type: object
+ serviceAccountUid:
+ description: ServiceAccountUID is the uid of serviceaccount.
+ type: string
+ type: object
+ status:
+ description: Status represents the node list which store the rules.
+ properties:
+ nodeList:
+ description: NodeList represents the node name which store the rules.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go
new file mode 100644
index 000000000..0acd0afd6
--- /dev/null
+++ b/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go
@@ -0,0 +1,188 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ v1 "k8s.io/api/rbac/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AccessClusterRoleBinding) DeepCopyInto(out *AccessClusterRoleBinding) {
+ *out = *in
+ in.ClusterRoleBinding.DeepCopyInto(&out.ClusterRoleBinding)
+ if in.Rules != nil {
+ in, out := &in.Rules, &out.Rules
+ *out = make([]v1.PolicyRule, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessClusterRoleBinding.
+func (in *AccessClusterRoleBinding) DeepCopy() *AccessClusterRoleBinding {
+ if in == nil {
+ return nil
+ }
+ out := new(AccessClusterRoleBinding)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AccessRoleBinding) DeepCopyInto(out *AccessRoleBinding) {
+ *out = *in
+ in.RoleBinding.DeepCopyInto(&out.RoleBinding)
+ if in.Rules != nil {
+ in, out := &in.Rules, &out.Rules
+ *out = make([]v1.PolicyRule, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessRoleBinding.
+func (in *AccessRoleBinding) DeepCopy() *AccessRoleBinding {
+ if in == nil {
+ return nil
+ }
+ out := new(AccessRoleBinding)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AccessSpec) DeepCopyInto(out *AccessSpec) {
+ *out = *in
+ in.ServiceAccount.DeepCopyInto(&out.ServiceAccount)
+ if in.AccessRoleBinding != nil {
+ in, out := &in.AccessRoleBinding, &out.AccessRoleBinding
+ *out = make([]AccessRoleBinding, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.AccessClusterRoleBinding != nil {
+ in, out := &in.AccessClusterRoleBinding, &out.AccessClusterRoleBinding
+ *out = make([]AccessClusterRoleBinding, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessSpec.
+func (in *AccessSpec) DeepCopy() *AccessSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(AccessSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AccessStatus) DeepCopyInto(out *AccessStatus) {
+ *out = *in
+ if in.NodeList != nil {
+ in, out := &in.NodeList, &out.NodeList
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessStatus.
+func (in *AccessStatus) DeepCopy() *AccessStatus {
+ if in == nil {
+ return nil
+ }
+ out := new(AccessStatus)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceAccountAccess) DeepCopyInto(out *ServiceAccountAccess) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ in.Status.DeepCopyInto(&out.Status)
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountAccess.
+func (in *ServiceAccountAccess) DeepCopy() *ServiceAccountAccess {
+ if in == nil {
+ return nil
+ }
+ out := new(ServiceAccountAccess)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ServiceAccountAccess) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ServiceAccountAccessList) DeepCopyInto(out *ServiceAccountAccessList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]ServiceAccountAccess, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountAccessList.
+func (in *ServiceAccountAccessList) DeepCopy() *ServiceAccountAccessList {
+ if in == nil {
+ return nil
+ }
+ out := new(ServiceAccountAccessList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ServiceAccountAccessList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
diff --git a/pkg/client/clientset/versioned/clientset.go b/pkg/client/clientset/versioned/clientset.go
index 33ba808de..10908589e 100644
--- a/pkg/client/clientset/versioned/clientset.go
+++ b/pkg/client/clientset/versioned/clientset.go
@@ -25,6 +25,7 @@ import (
appsv1alpha1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/apps/v1alpha1"
devicesv1alpha2 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/devices/v1alpha2"
operationsv1alpha1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/operations/v1alpha1"
+ policyv1alpha1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/policy/v1alpha1"
reliablesyncsv1alpha1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/reliablesyncs/v1alpha1"
rulesv1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/rules/v1"
discovery "k8s.io/client-go/discovery"
@@ -37,6 +38,7 @@ type Interface interface {
AppsV1alpha1() appsv1alpha1.AppsV1alpha1Interface
DevicesV1alpha2() devicesv1alpha2.DevicesV1alpha2Interface
OperationsV1alpha1() operationsv1alpha1.OperationsV1alpha1Interface
+ PolicyV1alpha1() policyv1alpha1.PolicyV1alpha1Interface
ReliablesyncsV1alpha1() reliablesyncsv1alpha1.ReliablesyncsV1alpha1Interface
RulesV1() rulesv1.RulesV1Interface
}
@@ -48,6 +50,7 @@ type Clientset struct {
appsV1alpha1 *appsv1alpha1.AppsV1alpha1Client
devicesV1alpha2 *devicesv1alpha2.DevicesV1alpha2Client
operationsV1alpha1 *operationsv1alpha1.OperationsV1alpha1Client
+ policyV1alpha1 *policyv1alpha1.PolicyV1alpha1Client
reliablesyncsV1alpha1 *reliablesyncsv1alpha1.ReliablesyncsV1alpha1Client
rulesV1 *rulesv1.RulesV1Client
}
@@ -67,6 +70,11 @@ func (c *Clientset) OperationsV1alpha1() operationsv1alpha1.OperationsV1alpha1In
return c.operationsV1alpha1
}
+// PolicyV1alpha1 retrieves the PolicyV1alpha1Client
+func (c *Clientset) PolicyV1alpha1() policyv1alpha1.PolicyV1alpha1Interface {
+ return c.policyV1alpha1
+}
+
// ReliablesyncsV1alpha1 retrieves the ReliablesyncsV1alpha1Client
func (c *Clientset) ReliablesyncsV1alpha1() reliablesyncsv1alpha1.ReliablesyncsV1alpha1Interface {
return c.reliablesyncsV1alpha1
@@ -133,6 +141,10 @@ func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset,
if err != nil {
return nil, err
}
+ cs.policyV1alpha1, err = policyv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient)
+ if err != nil {
+ return nil, err
+ }
cs.reliablesyncsV1alpha1, err = reliablesyncsv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient)
if err != nil {
return nil, err
@@ -165,6 +177,7 @@ func New(c rest.Interface) *Clientset {
cs.appsV1alpha1 = appsv1alpha1.New(c)
cs.devicesV1alpha2 = devicesv1alpha2.New(c)
cs.operationsV1alpha1 = operationsv1alpha1.New(c)
+ cs.policyV1alpha1 = policyv1alpha1.New(c)
cs.reliablesyncsV1alpha1 = reliablesyncsv1alpha1.New(c)
cs.rulesV1 = rulesv1.New(c)
diff --git a/pkg/client/clientset/versioned/fake/clientset_generated.go b/pkg/client/clientset/versioned/fake/clientset_generated.go
index ce1710f79..5da802c6b 100644
--- a/pkg/client/clientset/versioned/fake/clientset_generated.go
+++ b/pkg/client/clientset/versioned/fake/clientset_generated.go
@@ -26,6 +26,8 @@ import (
fakedevicesv1alpha2 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/devices/v1alpha2/fake"
operationsv1alpha1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/operations/v1alpha1"
fakeoperationsv1alpha1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/operations/v1alpha1/fake"
+ policyv1alpha1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/policy/v1alpha1"
+ fakepolicyv1alpha1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake"
reliablesyncsv1alpha1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/reliablesyncs/v1alpha1"
fakereliablesyncsv1alpha1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/reliablesyncs/v1alpha1/fake"
rulesv1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/rules/v1"
@@ -102,6 +104,11 @@ func (c *Clientset) OperationsV1alpha1() operationsv1alpha1.OperationsV1alpha1In
return &fakeoperationsv1alpha1.FakeOperationsV1alpha1{Fake: &c.Fake}
}
+// PolicyV1alpha1 retrieves the PolicyV1alpha1Client
+func (c *Clientset) PolicyV1alpha1() policyv1alpha1.PolicyV1alpha1Interface {
+ return &fakepolicyv1alpha1.FakePolicyV1alpha1{Fake: &c.Fake}
+}
+
// ReliablesyncsV1alpha1 retrieves the ReliablesyncsV1alpha1Client
func (c *Clientset) ReliablesyncsV1alpha1() reliablesyncsv1alpha1.ReliablesyncsV1alpha1Interface {
return &fakereliablesyncsv1alpha1.FakeReliablesyncsV1alpha1{Fake: &c.Fake}
diff --git a/pkg/client/clientset/versioned/fake/register.go b/pkg/client/clientset/versioned/fake/register.go
index 30a08cf8d..80a7b2fcc 100644
--- a/pkg/client/clientset/versioned/fake/register.go
+++ b/pkg/client/clientset/versioned/fake/register.go
@@ -22,6 +22,7 @@ import (
appsv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/apps/v1alpha1"
devicesv1alpha2 "github.com/kubeedge/kubeedge/pkg/apis/devices/v1alpha2"
operationsv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/operations/v1alpha1"
+ policyv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/policy/v1alpha1"
reliablesyncsv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/reliablesyncs/v1alpha1"
rulesv1 "github.com/kubeedge/kubeedge/pkg/apis/rules/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -38,6 +39,7 @@ var localSchemeBuilder = runtime.SchemeBuilder{
appsv1alpha1.AddToScheme,
devicesv1alpha2.AddToScheme,
operationsv1alpha1.AddToScheme,
+ policyv1alpha1.AddToScheme,
reliablesyncsv1alpha1.AddToScheme,
rulesv1.AddToScheme,
}
diff --git a/pkg/client/clientset/versioned/scheme/register.go b/pkg/client/clientset/versioned/scheme/register.go
index 55b21eafb..766c6f57c 100644
--- a/pkg/client/clientset/versioned/scheme/register.go
+++ b/pkg/client/clientset/versioned/scheme/register.go
@@ -22,6 +22,7 @@ import (
appsv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/apps/v1alpha1"
devicesv1alpha2 "github.com/kubeedge/kubeedge/pkg/apis/devices/v1alpha2"
operationsv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/operations/v1alpha1"
+ policyv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/policy/v1alpha1"
reliablesyncsv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/reliablesyncs/v1alpha1"
rulesv1 "github.com/kubeedge/kubeedge/pkg/apis/rules/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -38,6 +39,7 @@ var localSchemeBuilder = runtime.SchemeBuilder{
appsv1alpha1.AddToScheme,
devicesv1alpha2.AddToScheme,
operationsv1alpha1.AddToScheme,
+ policyv1alpha1.AddToScheme,
reliablesyncsv1alpha1.AddToScheme,
rulesv1.AddToScheme,
}
diff --git a/pkg/client/clientset/versioned/typed/policy/v1alpha1/doc.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/doc.go
new file mode 100644
index 000000000..62dbf54f4
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/doc.go
@@ -0,0 +1,20 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated typed clients.
+package v1alpha1
diff --git a/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/doc.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/doc.go
new file mode 100644
index 000000000..937651e2e
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/doc.go
@@ -0,0 +1,20 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake
diff --git a/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_policy_client.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_policy_client.go
new file mode 100644
index 000000000..2b2d4f4df
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_policy_client.go
@@ -0,0 +1,40 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ v1alpha1 "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/typed/policy/v1alpha1"
+ rest "k8s.io/client-go/rest"
+ testing "k8s.io/client-go/testing"
+)
+
+type FakePolicyV1alpha1 struct {
+ *testing.Fake
+}
+
+func (c *FakePolicyV1alpha1) ServiceAccountAccesses(namespace string) v1alpha1.ServiceAccountAccessInterface {
+ return &FakeServiceAccountAccesses{c, namespace}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakePolicyV1alpha1) RESTClient() rest.Interface {
+ var ret *rest.RESTClient
+ return ret
+}
diff --git a/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_serviceaccountaccess.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_serviceaccountaccess.go
new file mode 100644
index 000000000..318c14bb4
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/fake/fake_serviceaccountaccess.go
@@ -0,0 +1,142 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ "context"
+
+ v1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/policy/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ schema "k8s.io/apimachinery/pkg/runtime/schema"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakeServiceAccountAccesses implements ServiceAccountAccessInterface
+type FakeServiceAccountAccesses struct {
+ Fake *FakePolicyV1alpha1
+ ns string
+}
+
+var serviceaccountaccessesResource = schema.GroupVersionResource{Group: "policy.kubeedge.io", Version: "v1alpha1", Resource: "serviceaccountaccesses"}
+
+var serviceaccountaccessesKind = schema.GroupVersionKind{Group: "policy.kubeedge.io", Version: "v1alpha1", Kind: "ServiceAccountAccess"}
+
+// Get takes name of the serviceAccountAccess, and returns the corresponding serviceAccountAccess object, and an error if there is any.
+func (c *FakeServiceAccountAccesses) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ServiceAccountAccess, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewGetAction(serviceaccountaccessesResource, c.ns, name), &v1alpha1.ServiceAccountAccess{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ServiceAccountAccess), err
+}
+
+// List takes label and field selectors, and returns the list of ServiceAccountAccesses that match those selectors.
+func (c *FakeServiceAccountAccesses) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ServiceAccountAccessList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewListAction(serviceaccountaccessesResource, serviceaccountaccessesKind, c.ns, opts), &v1alpha1.ServiceAccountAccessList{})
+
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v1alpha1.ServiceAccountAccessList{ListMeta: obj.(*v1alpha1.ServiceAccountAccessList).ListMeta}
+ for _, item := range obj.(*v1alpha1.ServiceAccountAccessList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested serviceAccountAccesses.
+func (c *FakeServiceAccountAccesses) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewWatchAction(serviceaccountaccessesResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a serviceAccountAccess and creates it. Returns the server's representation of the serviceAccountAccess, and an error, if there is any.
+func (c *FakeServiceAccountAccesses) Create(ctx context.Context, serviceAccountAccess *v1alpha1.ServiceAccountAccess, opts v1.CreateOptions) (result *v1alpha1.ServiceAccountAccess, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewCreateAction(serviceaccountaccessesResource, c.ns, serviceAccountAccess), &v1alpha1.ServiceAccountAccess{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ServiceAccountAccess), err
+}
+
+// Update takes the representation of a serviceAccountAccess and updates it. Returns the server's representation of the serviceAccountAccess, and an error, if there is any.
+func (c *FakeServiceAccountAccesses) Update(ctx context.Context, serviceAccountAccess *v1alpha1.ServiceAccountAccess, opts v1.UpdateOptions) (result *v1alpha1.ServiceAccountAccess, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewUpdateAction(serviceaccountaccessesResource, c.ns, serviceAccountAccess), &v1alpha1.ServiceAccountAccess{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ServiceAccountAccess), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeServiceAccountAccesses) UpdateStatus(ctx context.Context, serviceAccountAccess *v1alpha1.ServiceAccountAccess, opts v1.UpdateOptions) (*v1alpha1.ServiceAccountAccess, error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewUpdateSubresourceAction(serviceaccountaccessesResource, "status", c.ns, serviceAccountAccess), &v1alpha1.ServiceAccountAccess{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ServiceAccountAccess), err
+}
+
+// Delete takes name of the serviceAccountAccess and deletes it. Returns an error if one occurs.
+func (c *FakeServiceAccountAccesses) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewDeleteActionWithOptions(serviceaccountaccessesResource, c.ns, name, opts), &v1alpha1.ServiceAccountAccess{})
+
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeServiceAccountAccesses) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewDeleteCollectionAction(serviceaccountaccessesResource, c.ns, listOpts)
+
+ _, err := c.Fake.Invokes(action, &v1alpha1.ServiceAccountAccessList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched serviceAccountAccess.
+func (c *FakeServiceAccountAccesses) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ServiceAccountAccess, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewPatchSubresourceAction(serviceaccountaccessesResource, c.ns, name, pt, data, subresources...), &v1alpha1.ServiceAccountAccess{})
+
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.ServiceAccountAccess), err
+}
diff --git a/pkg/client/clientset/versioned/typed/policy/v1alpha1/generated_expansion.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/generated_expansion.go
new file mode 100644
index 000000000..3a23c0ae4
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/generated_expansion.go
@@ -0,0 +1,21 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+type ServiceAccountAccessExpansion interface{}
diff --git a/pkg/client/clientset/versioned/typed/policy/v1alpha1/policy_client.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/policy_client.go
new file mode 100644
index 000000000..e1ef05fe2
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/policy_client.go
@@ -0,0 +1,107 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "net/http"
+
+ v1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/policy/v1alpha1"
+ "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/scheme"
+ rest "k8s.io/client-go/rest"
+)
+
+type PolicyV1alpha1Interface interface {
+ RESTClient() rest.Interface
+ ServiceAccountAccessesGetter
+}
+
+// PolicyV1alpha1Client is used to interact with features provided by the policy.kubeedge.io group.
+type PolicyV1alpha1Client struct {
+ restClient rest.Interface
+}
+
+func (c *PolicyV1alpha1Client) ServiceAccountAccesses(namespace string) ServiceAccountAccessInterface {
+ return newServiceAccountAccesses(c, namespace)
+}
+
+// NewForConfig creates a new PolicyV1alpha1Client for the given config.
+// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
+// where httpClient was generated with rest.HTTPClientFor(c).
+func NewForConfig(c *rest.Config) (*PolicyV1alpha1Client, error) {
+ config := *c
+ if err := setConfigDefaults(&config); err != nil {
+ return nil, err
+ }
+ httpClient, err := rest.HTTPClientFor(&config)
+ if err != nil {
+ return nil, err
+ }
+ return NewForConfigAndClient(&config, httpClient)
+}
+
+// NewForConfigAndClient creates a new PolicyV1alpha1Client for the given config and http client.
+// Note the http client provided takes precedence over the configured transport values.
+func NewForConfigAndClient(c *rest.Config, h *http.Client) (*PolicyV1alpha1Client, error) {
+ config := *c
+ if err := setConfigDefaults(&config); err != nil {
+ return nil, err
+ }
+ client, err := rest.RESTClientForConfigAndClient(&config, h)
+ if err != nil {
+ return nil, err
+ }
+ return &PolicyV1alpha1Client{client}, nil
+}
+
+// NewForConfigOrDie creates a new PolicyV1alpha1Client for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *PolicyV1alpha1Client {
+ client, err := NewForConfig(c)
+ if err != nil {
+ panic(err)
+ }
+ return client
+}
+
+// New creates a new PolicyV1alpha1Client for the given RESTClient.
+func New(c rest.Interface) *PolicyV1alpha1Client {
+ return &PolicyV1alpha1Client{c}
+}
+
+func setConfigDefaults(config *rest.Config) error {
+ gv := v1alpha1.SchemeGroupVersion
+ config.GroupVersion = &gv
+ config.APIPath = "/apis"
+ config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
+
+ if config.UserAgent == "" {
+ config.UserAgent = rest.DefaultKubernetesUserAgent()
+ }
+
+ return nil
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *PolicyV1alpha1Client) RESTClient() rest.Interface {
+ if c == nil {
+ return nil
+ }
+ return c.restClient
+}
diff --git a/pkg/client/clientset/versioned/typed/policy/v1alpha1/serviceaccountaccess.go b/pkg/client/clientset/versioned/typed/policy/v1alpha1/serviceaccountaccess.go
new file mode 100644
index 000000000..98ddc8d94
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/policy/v1alpha1/serviceaccountaccess.go
@@ -0,0 +1,195 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ "time"
+
+ v1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/policy/v1alpha1"
+ scheme "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned/scheme"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ rest "k8s.io/client-go/rest"
+)
+
+// ServiceAccountAccessesGetter has a method to return a ServiceAccountAccessInterface.
+// A group's client should implement this interface.
+type ServiceAccountAccessesGetter interface {
+ ServiceAccountAccesses(namespace string) ServiceAccountAccessInterface
+}
+
+// ServiceAccountAccessInterface has methods to work with ServiceAccountAccess resources.
+type ServiceAccountAccessInterface interface {
+ Create(ctx context.Context, serviceAccountAccess *v1alpha1.ServiceAccountAccess, opts v1.CreateOptions) (*v1alpha1.ServiceAccountAccess, error)
+ Update(ctx context.Context, serviceAccountAccess *v1alpha1.ServiceAccountAccess, opts v1.UpdateOptions) (*v1alpha1.ServiceAccountAccess, error)
+ UpdateStatus(ctx context.Context, serviceAccountAccess *v1alpha1.ServiceAccountAccess, opts v1.UpdateOptions) (*v1alpha1.ServiceAccountAccess, error)
+ Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+ Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ServiceAccountAccess, error)
+ List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ServiceAccountAccessList, error)
+ Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ServiceAccountAccess, err error)
+ ServiceAccountAccessExpansion
+}
+
+// serviceAccountAccesses implements ServiceAccountAccessInterface
+type serviceAccountAccesses struct {
+ client rest.Interface
+ ns string
+}
+
+// newServiceAccountAccesses returns a ServiceAccountAccesses
+func newServiceAccountAccesses(c *PolicyV1alpha1Client, namespace string) *serviceAccountAccesses {
+ return &serviceAccountAccesses{
+ client: c.RESTClient(),
+ ns: namespace,
+ }
+}
+
+// Get takes name of the serviceAccountAccess, and returns the corresponding serviceAccountAccess object, and an error if there is any.
+func (c *serviceAccountAccesses) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ServiceAccountAccess, err error) {
+ result = &v1alpha1.ServiceAccountAccess{}
+ err = c.client.Get().
+ Namespace(c.ns).
+ Resource("serviceaccountaccesses").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of ServiceAccountAccesses that match those selectors.
+func (c *serviceAccountAccesses) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ServiceAccountAccessList, err error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ result = &v1alpha1.ServiceAccountAccessList{}
+ err = c.client.Get().
+ Namespace(c.ns).
+ Resource("serviceaccountaccesses").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested serviceAccountAccesses.
+func (c *serviceAccountAccesses) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ opts.Watch = true
+ return c.client.Get().
+ Namespace(c.ns).
+ Resource("serviceaccountaccesses").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Watch(ctx)
+}
+
+// Create takes the representation of a serviceAccountAccess and creates it. Returns the server's representation of the serviceAccountAccess, and an error, if there is any.
+func (c *serviceAccountAccesses) Create(ctx context.Context, serviceAccountAccess *v1alpha1.ServiceAccountAccess, opts v1.CreateOptions) (result *v1alpha1.ServiceAccountAccess, err error) {
+ result = &v1alpha1.ServiceAccountAccess{}
+ err = c.client.Post().
+ Namespace(c.ns).
+ Resource("serviceaccountaccesses").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(serviceAccountAccess).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Update takes the representation of a serviceAccountAccess and updates it. Returns the server's representation of the serviceAccountAccess, and an error, if there is any.
+func (c *serviceAccountAccesses) Update(ctx context.Context, serviceAccountAccess *v1alpha1.ServiceAccountAccess, opts v1.UpdateOptions) (result *v1alpha1.ServiceAccountAccess, err error) {
+ result = &v1alpha1.ServiceAccountAccess{}
+ err = c.client.Put().
+ Namespace(c.ns).
+ Resource("serviceaccountaccesses").
+ Name(serviceAccountAccess.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(serviceAccountAccess).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *serviceAccountAccesses) UpdateStatus(ctx context.Context, serviceAccountAccess *v1alpha1.ServiceAccountAccess, opts v1.UpdateOptions) (result *v1alpha1.ServiceAccountAccess, err error) {
+ result = &v1alpha1.ServiceAccountAccess{}
+ err = c.client.Put().
+ Namespace(c.ns).
+ Resource("serviceaccountaccesses").
+ Name(serviceAccountAccess.Name).
+ SubResource("status").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(serviceAccountAccess).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Delete takes name of the serviceAccountAccess and deletes it. Returns an error if one occurs.
+func (c *serviceAccountAccesses) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ return c.client.Delete().
+ Namespace(c.ns).
+ Resource("serviceaccountaccesses").
+ Name(name).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *serviceAccountAccesses) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ var timeout time.Duration
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+ }
+ return c.client.Delete().
+ Namespace(c.ns).
+ Resource("serviceaccountaccesses").
+ VersionedParams(&listOpts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// Patch applies the patch and returns the patched serviceAccountAccess.
+func (c *serviceAccountAccesses) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ServiceAccountAccess, err error) {
+ result = &v1alpha1.ServiceAccountAccess{}
+ err = c.client.Patch(pt).
+ Namespace(c.ns).
+ Resource("serviceaccountaccesses").
+ Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(data).
+ Do(ctx).
+ Into(result)
+ return
+}
diff --git a/pkg/client/informers/externalversions/factory.go b/pkg/client/informers/externalversions/factory.go
index 0caccdf0c..3f7a50649 100644
--- a/pkg/client/informers/externalversions/factory.go
+++ b/pkg/client/informers/externalversions/factory.go
@@ -28,6 +28,7 @@ import (
devices "github.com/kubeedge/kubeedge/pkg/client/informers/externalversions/devices"
internalinterfaces "github.com/kubeedge/kubeedge/pkg/client/informers/externalversions/internalinterfaces"
operations "github.com/kubeedge/kubeedge/pkg/client/informers/externalversions/operations"
+ policy "github.com/kubeedge/kubeedge/pkg/client/informers/externalversions/policy"
reliablesyncs "github.com/kubeedge/kubeedge/pkg/client/informers/externalversions/reliablesyncs"
rules "github.com/kubeedge/kubeedge/pkg/client/informers/externalversions/rules"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -179,6 +180,7 @@ type SharedInformerFactory interface {
Apps() apps.Interface
Devices() devices.Interface
Operations() operations.Interface
+ Policy() policy.Interface
Reliablesyncs() reliablesyncs.Interface
Rules() rules.Interface
}
@@ -195,6 +197,10 @@ func (f *sharedInformerFactory) Operations() operations.Interface {
return operations.New(f, f.namespace, f.tweakListOptions)
}
+func (f *sharedInformerFactory) Policy() policy.Interface {
+ return policy.New(f, f.namespace, f.tweakListOptions)
+}
+
func (f *sharedInformerFactory) Reliablesyncs() reliablesyncs.Interface {
return reliablesyncs.New(f, f.namespace, f.tweakListOptions)
}
diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go
index 0efc5fe3b..c9fd39b70 100644
--- a/pkg/client/informers/externalversions/generic.go
+++ b/pkg/client/informers/externalversions/generic.go
@@ -24,6 +24,7 @@ import (
v1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/apps/v1alpha1"
v1alpha2 "github.com/kubeedge/kubeedge/pkg/apis/devices/v1alpha2"
operationsv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/operations/v1alpha1"
+ policyv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/policy/v1alpha1"
reliablesyncsv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/reliablesyncs/v1alpha1"
v1 "github.com/kubeedge/kubeedge/pkg/apis/rules/v1"
schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -72,6 +73,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
case operationsv1alpha1.SchemeGroupVersion.WithResource("nodeupgradejobs"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Operations().V1alpha1().NodeUpgradeJobs().Informer()}, nil
+ // Group=policy.kubeedge.io, Version=v1alpha1
+ case policyv1alpha1.SchemeGroupVersion.WithResource("serviceaccountaccesses"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1alpha1().ServiceAccountAccesses().Informer()}, nil
+
// Group=reliablesyncs.kubeedge.io, Version=v1alpha1
case reliablesyncsv1alpha1.SchemeGroupVersion.WithResource("clusterobjectsyncs"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Reliablesyncs().V1alpha1().ClusterObjectSyncs().Informer()}, nil
diff --git a/pkg/client/informers/externalversions/policy/interface.go b/pkg/client/informers/externalversions/policy/interface.go
new file mode 100644
index 000000000..d0ccc848c
--- /dev/null
+++ b/pkg/client/informers/externalversions/policy/interface.go
@@ -0,0 +1,46 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package policy
+
+import (
+ internalinterfaces "github.com/kubeedge/kubeedge/pkg/client/informers/externalversions/internalinterfaces"
+ v1alpha1 "github.com/kubeedge/kubeedge/pkg/client/informers/externalversions/policy/v1alpha1"
+)
+
+// Interface provides access to each of this group's versions.
+type Interface interface {
+ // V1alpha1 provides access to shared informers for resources in V1alpha1.
+ V1alpha1() v1alpha1.Interface
+}
+
+type group struct {
+ factory internalinterfaces.SharedInformerFactory
+ namespace string
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+ return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// V1alpha1 returns a new v1alpha1.Interface.
+func (g *group) V1alpha1() v1alpha1.Interface {
+ return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
+}
diff --git a/pkg/client/informers/externalversions/policy/v1alpha1/interface.go b/pkg/client/informers/externalversions/policy/v1alpha1/interface.go
new file mode 100644
index 000000000..1af843a9f
--- /dev/null
+++ b/pkg/client/informers/externalversions/policy/v1alpha1/interface.go
@@ -0,0 +1,45 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ internalinterfaces "github.com/kubeedge/kubeedge/pkg/client/informers/externalversions/internalinterfaces"
+)
+
+// Interface provides access to all the informers in this group version.
+type Interface interface {
+ // ServiceAccountAccesses returns a ServiceAccountAccessInformer.
+ ServiceAccountAccesses() ServiceAccountAccessInformer
+}
+
+type version struct {
+ factory internalinterfaces.SharedInformerFactory
+ namespace string
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+ return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// ServiceAccountAccesses returns a ServiceAccountAccessInformer.
+func (v *version) ServiceAccountAccesses() ServiceAccountAccessInformer {
+ return &serviceAccountAccessInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
diff --git a/pkg/client/informers/externalversions/policy/v1alpha1/serviceaccountaccess.go b/pkg/client/informers/externalversions/policy/v1alpha1/serviceaccountaccess.go
new file mode 100644
index 000000000..7c6694aeb
--- /dev/null
+++ b/pkg/client/informers/externalversions/policy/v1alpha1/serviceaccountaccess.go
@@ -0,0 +1,90 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ time "time"
+
+ policyv1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/policy/v1alpha1"
+ versioned "github.com/kubeedge/kubeedge/pkg/client/clientset/versioned"
+ internalinterfaces "github.com/kubeedge/kubeedge/pkg/client/informers/externalversions/internalinterfaces"
+ v1alpha1 "github.com/kubeedge/kubeedge/pkg/client/listers/policy/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// ServiceAccountAccessInformer provides access to a shared informer and lister for
+// ServiceAccountAccesses.
+type ServiceAccountAccessInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v1alpha1.ServiceAccountAccessLister
+}
+
+type serviceAccountAccessInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+ namespace string
+}
+
+// NewServiceAccountAccessInformer constructs a new informer for ServiceAccountAccess type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewServiceAccountAccessInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredServiceAccountAccessInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredServiceAccountAccessInformer constructs a new informer for ServiceAccountAccess type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredServiceAccountAccessInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.PolicyV1alpha1().ServiceAccountAccesses(namespace).List(context.TODO(), options)
+ },
+ WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.PolicyV1alpha1().ServiceAccountAccesses(namespace).Watch(context.TODO(), options)
+ },
+ },
+ &policyv1alpha1.ServiceAccountAccess{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *serviceAccountAccessInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredServiceAccountAccessInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *serviceAccountAccessInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&policyv1alpha1.ServiceAccountAccess{}, f.defaultInformer)
+}
+
+func (f *serviceAccountAccessInformer) Lister() v1alpha1.ServiceAccountAccessLister {
+ return v1alpha1.NewServiceAccountAccessLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/listers/policy/v1alpha1/expansion_generated.go b/pkg/client/listers/policy/v1alpha1/expansion_generated.go
new file mode 100644
index 000000000..e94ff1647
--- /dev/null
+++ b/pkg/client/listers/policy/v1alpha1/expansion_generated.go
@@ -0,0 +1,27 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+// ServiceAccountAccessListerExpansion allows custom methods to be added to
+// ServiceAccountAccessLister.
+type ServiceAccountAccessListerExpansion interface{}
+
+// ServiceAccountAccessNamespaceListerExpansion allows custom methods to be added to
+// ServiceAccountAccessNamespaceLister.
+type ServiceAccountAccessNamespaceListerExpansion interface{}
diff --git a/pkg/client/listers/policy/v1alpha1/serviceaccountaccess.go b/pkg/client/listers/policy/v1alpha1/serviceaccountaccess.go
new file mode 100644
index 000000000..722eb516a
--- /dev/null
+++ b/pkg/client/listers/policy/v1alpha1/serviceaccountaccess.go
@@ -0,0 +1,99 @@
+/*
+Copyright The KubeEdge Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ v1alpha1 "github.com/kubeedge/kubeedge/pkg/apis/policy/v1alpha1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// ServiceAccountAccessLister helps list ServiceAccountAccesses.
+// All objects returned here must be treated as read-only.
+type ServiceAccountAccessLister interface {
+ // List lists all ServiceAccountAccesses in the indexer.
+ // Objects returned here must be treated as read-only.
+ List(selector labels.Selector) (ret []*v1alpha1.ServiceAccountAccess, err error)
+ // ServiceAccountAccesses returns an object that can list and get ServiceAccountAccesses.
+ ServiceAccountAccesses(namespace string) ServiceAccountAccessNamespaceLister
+ ServiceAccountAccessListerExpansion
+}
+
+// serviceAccountAccessLister implements the ServiceAccountAccessLister interface.
+type serviceAccountAccessLister struct {
+ indexer cache.Indexer
+}
+
+// NewServiceAccountAccessLister returns a new ServiceAccountAccessLister.
+func NewServiceAccountAccessLister(indexer cache.Indexer) ServiceAccountAccessLister {
+ return &serviceAccountAccessLister{indexer: indexer}
+}
+
+// List lists all ServiceAccountAccesses in the indexer.
+func (s *serviceAccountAccessLister) List(selector labels.Selector) (ret []*v1alpha1.ServiceAccountAccess, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1alpha1.ServiceAccountAccess))
+ })
+ return ret, err
+}
+
+// ServiceAccountAccesses returns an object that can list and get ServiceAccountAccesses.
+func (s *serviceAccountAccessLister) ServiceAccountAccesses(namespace string) ServiceAccountAccessNamespaceLister {
+ return serviceAccountAccessNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// ServiceAccountAccessNamespaceLister helps list and get ServiceAccountAccesses.
+// All objects returned here must be treated as read-only.
+type ServiceAccountAccessNamespaceLister interface {
+ // List lists all ServiceAccountAccesses in the indexer for a given namespace.
+ // Objects returned here must be treated as read-only.
+ List(selector labels.Selector) (ret []*v1alpha1.ServiceAccountAccess, err error)
+ // Get retrieves the ServiceAccountAccess from the indexer for a given namespace and name.
+ // Objects returned here must be treated as read-only.
+ Get(name string) (*v1alpha1.ServiceAccountAccess, error)
+ ServiceAccountAccessNamespaceListerExpansion
+}
+
+// serviceAccountAccessNamespaceLister implements the ServiceAccountAccessNamespaceLister
+// interface.
+type serviceAccountAccessNamespaceLister struct {
+ indexer cache.Indexer
+ namespace string
+}
+
+// List lists all ServiceAccountAccesses in the indexer for a given namespace.
+func (s serviceAccountAccessNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.ServiceAccountAccess, err error) {
+ err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1alpha1.ServiceAccountAccess))
+ })
+ return ret, err
+}
+
+// Get retrieves the ServiceAccountAccess from the indexer for a given namespace and name.
+func (s serviceAccountAccessNamespaceLister) Get(name string) (*v1alpha1.ServiceAccountAccess, error) {
+ obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v1alpha1.Resource("serviceaccountaccess"), name)
+ }
+ return obj.(*v1alpha1.ServiceAccountAccess), nil
+}
generated by cgit v1.2.3 (git 2.52.0) at 2026-01-17 04:58:36 +0000