... | ... |
@@ -94,6 +94,13 @@ func fuzzInternalObject(t *testing.T, forVersion unversioned.GroupVersion, item |
94 | 94 |
j.Subjects[i].FieldPath = "" |
95 | 95 |
} |
96 | 96 |
}, |
97 |
+ func(j *authorizationapi.PolicyRule, c fuzz.Continue) { |
|
98 |
+ c.FuzzNoCustom(j) |
|
99 |
+ // if no groups are found, then we assume "". This matches defaulting |
|
100 |
+ if len(j.APIGroups) == 0 { |
|
101 |
+ j.APIGroups = []string{""} |
|
102 |
+ } |
|
103 |
+ }, |
|
97 | 104 |
func(j *authorizationapi.ClusterRoleBinding, c fuzz.Continue) { |
98 | 105 |
c.FuzzNoCustom(j) |
99 | 106 |
for i := range j.Subjects { |
... | ... |
@@ -21,6 +21,11 @@ func addDefaultingFuncs(scheme *runtime.Scheme) { |
21 | 21 |
if kapi.Semantic.Equalities.DeepEqual(oldAllowAllPolicyRule, *obj) && obj.APIGroups == nil { |
22 | 22 |
obj.APIGroups = []string{internal.APIGroupAll} |
23 | 23 |
} |
24 |
+ |
|
25 |
+ // if no groups are found, then we assume "" |
|
26 |
+ if len(obj.Resources) > 0 && len(obj.APIGroups) == 0 { |
|
27 |
+ obj.APIGroups = []string{""} |
|
28 |
+ } |
|
24 | 29 |
}, |
25 | 30 |
) |
26 | 31 |
if err != nil { |
... | ... |
@@ -70,11 +70,6 @@ func (a DefaultAuthorizationAttributes) RuleMatches(rule authorizationapi.Policy |
70 | 70 |
} |
71 | 71 |
|
72 | 72 |
func (a DefaultAuthorizationAttributes) apiGroupMatches(allowedGroups []string) bool { |
73 |
- // if no APIGroups are specified, then the default APIGroup of "" is assumed. |
|
74 |
- if len(allowedGroups) == 0 && len(a.GetAPIGroup()) == 0 { |
|
75 |
- return true |
|
76 |
- } |
|
77 |
- |
|
78 | 73 |
// allowedGroups is expected to be small, so I don't feel bad about this. |
79 | 74 |
for _, allowedGroup := range allowedGroups { |
80 | 75 |
if allowedGroup == authorizationapi.APIGroupAll { |
... | ... |
@@ -15,6 +15,8 @@ import ( |
15 | 15 |
testpolicyregistry "github.com/openshift/origin/pkg/authorization/registry/test" |
16 | 16 |
"github.com/openshift/origin/pkg/authorization/rulevalidation" |
17 | 17 |
"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy" |
18 |
+ |
|
19 |
+ _ "github.com/openshift/origin/pkg/api/install" |
|
18 | 20 |
) |
19 | 21 |
|
20 | 22 |
type authorizeTest struct { |
... | ... |
@@ -646,6 +648,7 @@ func newAdzePolicies() []authorizationapi.Policy { |
646 | 646 |
}, |
647 | 647 |
Rules: append(make([]authorizationapi.PolicyRule, 0), |
648 | 648 |
authorizationapi.PolicyRule{ |
649 |
+ APIGroups: []string{""}, |
|
649 | 650 |
Verbs: sets.NewString("watch", "list", "get"), |
650 | 651 |
Resources: sets.NewString("buildConfigs"), |
651 | 652 |
}), |
... | ... |
@@ -539,11 +539,13 @@ func newInvalidExtensionPolicies() []authorizationapi.Policy { |
539 | 539 |
}, |
540 | 540 |
Rules: []authorizationapi.PolicyRule{ |
541 | 541 |
{ |
542 |
+ APIGroups: []string{""}, |
|
542 | 543 |
Verbs: sets.NewString("watch", "list", "get"), |
543 | 544 |
Resources: sets.NewString("buildConfigs"), |
544 | 545 |
AttributeRestrictions: &authorizationapi.Role{}, |
545 | 546 |
}, |
546 | 547 |
{ |
548 |
+ APIGroups: []string{""}, |
|
547 | 549 |
Verbs: sets.NewString("update"), |
548 | 550 |
Resources: sets.NewString("buildConfigs"), |
549 | 551 |
}, |
... | ... |
@@ -13,6 +13,7 @@ import ( |
13 | 13 |
authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
14 | 14 |
"github.com/openshift/origin/pkg/authorization/rulevalidation" |
15 | 15 |
oauthapi "github.com/openshift/origin/pkg/oauth/api" |
16 |
+ projectapi "github.com/openshift/origin/pkg/project/api" |
|
16 | 17 |
userapi "github.com/openshift/origin/pkg/user/api" |
17 | 18 |
) |
18 | 19 |
|
... | ... |
@@ -124,11 +125,11 @@ func (userEvaluator) ResolveRules(scope, namespace string, clusterPolicyGetter r |
124 | 124 |
}, nil |
125 | 125 |
case UserIndicator + UserAccessCheck: |
126 | 126 |
return []authorizationapi.PolicyRule{ |
127 |
- {Verbs: sets.NewString("create"), Resources: sets.NewString("subjectaccessreviews", "localsubjectaccessreviews"), AttributeRestrictions: &authorizationapi.IsPersonalSubjectAccessReview{}}, |
|
127 |
+ {Verbs: sets.NewString("create"), APIGroups: []string{authorizationapi.GroupName}, Resources: sets.NewString("subjectaccessreviews", "localsubjectaccessreviews"), AttributeRestrictions: &authorizationapi.IsPersonalSubjectAccessReview{}}, |
|
128 | 128 |
}, nil |
129 | 129 |
case UserIndicator + UserListProject: |
130 | 130 |
return []authorizationapi.PolicyRule{ |
131 |
- {Verbs: sets.NewString("list"), Resources: sets.NewString("projects")}, |
|
131 |
+ {Verbs: sets.NewString("list"), APIGroups: []string{projectapi.GroupName}, Resources: sets.NewString("projects")}, |
|
132 | 132 |
}, nil |
133 | 133 |
default: |
134 | 134 |
return nil, fmt.Errorf("unrecognized scope: %v", scope) |
... | ... |
@@ -11,8 +11,10 @@ import ( |
11 | 11 |
|
12 | 12 |
"github.com/openshift/origin/pkg/api" |
13 | 13 |
authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
14 |
+ authorizationapiv1 "github.com/openshift/origin/pkg/authorization/api/v1" |
|
14 | 15 |
imageapi "github.com/openshift/origin/pkg/image/api" |
15 | 16 |
projectapi "github.com/openshift/origin/pkg/project/api" |
17 |
+ routeapi "github.com/openshift/origin/pkg/route/api" |
|
16 | 18 |
) |
17 | 19 |
|
18 | 20 |
func GetBootstrapOpenshiftRoles(openshiftNamespace string) []authorizationapi.Role { |
... | ... |
@@ -226,16 +228,19 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole { |
226 | 226 |
Resources: sets.NewString("daemonsets"), |
227 | 227 |
}, |
228 | 228 |
{ |
229 |
+ APIGroups: []string{api.GroupName}, |
|
229 | 230 |
Verbs: sets.NewString("get", "list", "watch"), |
230 | 231 |
Resources: sets.NewString(authorizationapi.PolicyOwnerGroupName, authorizationapi.KubeAllGroupName, authorizationapi.OpenshiftStatusGroupName, authorizationapi.KubeStatusGroupName), |
231 | 232 |
}, |
232 | 233 |
{ |
233 |
- Verbs: sets.NewString("get", "update"), |
|
234 |
+ APIGroups: []string{imageapi.GroupName}, |
|
235 |
+ Verbs: sets.NewString("get", "update"), |
|
234 | 236 |
// this is used by verifyImageStreamAccess in pkg/dockerregistry/server/auth.go |
235 | 237 |
Resources: sets.NewString("imagestreams/layers"), |
236 | 238 |
}, |
237 | 239 |
// an admin can run routers that write back conditions to the route |
238 | 240 |
{ |
241 |
+ APIGroups: []string{routeapi.GroupName}, |
|
239 | 242 |
Verbs: sets.NewString("update"), |
240 | 243 |
Resources: sets.NewString("routes/status"), |
241 | 244 |
}, |
... | ... |
@@ -292,11 +297,13 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole { |
292 | 292 |
Resources: sets.NewString("daemonsets"), |
293 | 293 |
}, |
294 | 294 |
{ |
295 |
+ APIGroups: []string{api.GroupName}, |
|
295 | 296 |
Verbs: sets.NewString("get", "list", "watch"), |
296 | 297 |
Resources: sets.NewString(authorizationapi.KubeAllGroupName, authorizationapi.OpenshiftStatusGroupName, authorizationapi.KubeStatusGroupName, "projects"), |
297 | 298 |
}, |
298 | 299 |
{ |
299 |
- Verbs: sets.NewString("get", "update"), |
|
300 |
+ APIGroups: []string{imageapi.GroupName}, |
|
301 |
+ Verbs: sets.NewString("get", "update"), |
|
300 | 302 |
// this is used by verifyImageStreamAccess in pkg/dockerregistry/server/auth.go |
301 | 303 |
Resources: sets.NewString("imagestreams/layers"), |
302 | 304 |
}, |
... | ... |
@@ -308,6 +315,7 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole { |
308 | 308 |
}, |
309 | 309 |
Rules: []authorizationapi.PolicyRule{ |
310 | 310 |
{ |
311 |
+ APIGroups: []string{api.GroupName}, |
|
311 | 312 |
Verbs: sets.NewString("get", "list", "watch"), |
312 | 313 |
Resources: sets.NewString(authorizationapi.OpenshiftExposedGroupName, authorizationapi.KubeAllGroupName, authorizationapi.OpenshiftStatusGroupName, authorizationapi.KubeStatusGroupName, "projects"), |
313 | 314 |
}, |
... | ... |
@@ -861,7 +869,27 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole { |
861 | 861 |
} |
862 | 862 |
} |
863 | 863 |
|
864 |
- return roles |
|
864 |
+ // TODO roundtrip roles to pick up defaulting for API groups. Without this, the covers check in reconcile-cluster-roles will fail. |
|
865 |
+ // we can remove this again once everything gets group qualified and we have unit tests enforcing that. other pulls are in |
|
866 |
+ // progress to do that. |
|
867 |
+ versionedRoles := []authorizationapiv1.ClusterRole{} |
|
868 |
+ for i := range roles { |
|
869 |
+ newRole := &authorizationapiv1.ClusterRole{} |
|
870 |
+ if err := kapi.Scheme.Convert(&roles[i], newRole); err != nil { |
|
871 |
+ panic(err) |
|
872 |
+ } |
|
873 |
+ versionedRoles = append(versionedRoles, *newRole) |
|
874 |
+ } |
|
875 |
+ roundtrippedRoles := []authorizationapi.ClusterRole{} |
|
876 |
+ for i := range versionedRoles { |
|
877 |
+ newRole := &authorizationapi.ClusterRole{} |
|
878 |
+ if err := kapi.Scheme.Convert(&versionedRoles[i], newRole); err != nil { |
|
879 |
+ panic(err) |
|
880 |
+ } |
|
881 |
+ roundtrippedRoles = append(roundtrippedRoles, *newRole) |
|
882 |
+ } |
|
883 |
+ |
|
884 |
+ return roundtrippedRoles |
|
865 | 885 |
} |
866 | 886 |
|
867 | 887 |
func GetBootstrapOpenshiftRoleBindings(openshiftNamespace string) []authorizationapi.RoleBinding { |
... | ... |
@@ -13,6 +13,8 @@ import ( |
13 | 13 |
"k8s.io/kubernetes/pkg/util/diff" |
14 | 14 |
|
15 | 15 |
"github.com/openshift/origin/pkg/api/v1" |
16 |
+ authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
|
17 |
+ "github.com/openshift/origin/pkg/authorization/rulevalidation" |
|
16 | 18 |
"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy" |
17 | 19 |
|
18 | 20 |
// install all APIs |
... | ... |
@@ -91,3 +93,51 @@ func testObjects(t *testing.T, list *api.List, fixtureFilename string) { |
91 | 91 |
} |
92 | 92 |
} |
93 | 93 |
} |
94 |
+ |
|
95 |
+// Some roles should always cover others |
|
96 |
+func TestCovers(t *testing.T) { |
|
97 |
+ allRoles := bootstrappolicy.GetBootstrapClusterRoles() |
|
98 |
+ var admin *authorizationapi.ClusterRole |
|
99 |
+ var editor *authorizationapi.ClusterRole |
|
100 |
+ var viewer *authorizationapi.ClusterRole |
|
101 |
+ var registryAdmin *authorizationapi.ClusterRole |
|
102 |
+ var registryEditor *authorizationapi.ClusterRole |
|
103 |
+ var registryViewer *authorizationapi.ClusterRole |
|
104 |
+ |
|
105 |
+ for i := range allRoles { |
|
106 |
+ role := allRoles[i] |
|
107 |
+ switch role.Name { |
|
108 |
+ case bootstrappolicy.AdminRoleName: |
|
109 |
+ admin = &role |
|
110 |
+ case bootstrappolicy.EditRoleName: |
|
111 |
+ editor = &role |
|
112 |
+ case bootstrappolicy.ViewRoleName: |
|
113 |
+ viewer = &role |
|
114 |
+ case bootstrappolicy.RegistryAdminRoleName: |
|
115 |
+ registryAdmin = &role |
|
116 |
+ case bootstrappolicy.RegistryEditorRoleName: |
|
117 |
+ registryEditor = &role |
|
118 |
+ case bootstrappolicy.RegistryViewerRoleName: |
|
119 |
+ registryViewer = &role |
|
120 |
+ } |
|
121 |
+ } |
|
122 |
+ |
|
123 |
+ if covers, _ := rulevalidation.Covers(admin.Rules, editor.Rules); !covers { |
|
124 |
+ t.Errorf("failed to cover") |
|
125 |
+ } |
|
126 |
+ if covers, _ := rulevalidation.Covers(admin.Rules, editor.Rules); !covers { |
|
127 |
+ t.Errorf("failed to cover") |
|
128 |
+ } |
|
129 |
+ if covers, _ := rulevalidation.Covers(admin.Rules, viewer.Rules); !covers { |
|
130 |
+ t.Errorf("failed to cover") |
|
131 |
+ } |
|
132 |
+ if covers, _ := rulevalidation.Covers(admin.Rules, registryAdmin.Rules); !covers { |
|
133 |
+ t.Errorf("failed to cover") |
|
134 |
+ } |
|
135 |
+ if covers, _ := rulevalidation.Covers(registryAdmin.Rules, registryEditor.Rules); !covers { |
|
136 |
+ t.Errorf("failed to cover") |
|
137 |
+ } |
|
138 |
+ if covers, _ := rulevalidation.Covers(registryAdmin.Rules, registryViewer.Rules); !covers { |
|
139 |
+ t.Errorf("failed to cover") |
|
140 |
+ } |
|
141 |
+} |
... | ... |
@@ -41,7 +41,8 @@ items: |
41 | 41 |
creationTimestamp: null |
42 | 42 |
name: cluster-reader |
43 | 43 |
rules: |
44 |
- - apiGroups: null |
|
44 |
+ - apiGroups: |
|
45 |
+ - "" |
|
45 | 46 |
attributeRestrictions: null |
46 | 47 |
resources: |
47 | 48 |
- bindings |
... | ... |
@@ -147,20 +148,23 @@ items: |
147 | 147 |
- get |
148 | 148 |
- list |
149 | 149 |
- watch |
150 |
- - apiGroups: null |
|
150 |
+ - apiGroups: |
|
151 |
+ - "" |
|
151 | 152 |
attributeRestrictions: null |
152 | 153 |
resources: |
153 | 154 |
- resourceaccessreviews |
154 | 155 |
- subjectaccessreviews |
155 | 156 |
verbs: |
156 | 157 |
- create |
157 |
- - apiGroups: null |
|
158 |
+ - apiGroups: |
|
159 |
+ - "" |
|
158 | 160 |
attributeRestrictions: null |
159 | 161 |
resources: |
160 | 162 |
- nodes/metrics |
161 | 163 |
verbs: |
162 | 164 |
- get |
163 |
- - apiGroups: null |
|
165 |
+ - apiGroups: |
|
166 |
+ - "" |
|
164 | 167 |
attributeRestrictions: null |
165 | 168 |
resources: |
166 | 169 |
- nodes/stats |
... | ... |
@@ -363,7 +367,8 @@ items: |
363 | 363 |
- get |
364 | 364 |
- list |
365 | 365 |
- watch |
366 |
- - apiGroups: null |
|
366 |
+ - apiGroups: |
|
367 |
+ - "" |
|
367 | 368 |
attributeRestrictions: null |
368 | 369 |
resources: |
369 | 370 |
- bindings |
... | ... |
@@ -397,14 +402,16 @@ items: |
397 | 397 |
- get |
398 | 398 |
- list |
399 | 399 |
- watch |
400 |
- - apiGroups: null |
|
400 |
+ - apiGroups: |
|
401 |
+ - "" |
|
401 | 402 |
attributeRestrictions: null |
402 | 403 |
resources: |
403 | 404 |
- imagestreams/layers |
404 | 405 |
verbs: |
405 | 406 |
- get |
406 | 407 |
- update |
407 |
- - apiGroups: null |
|
408 |
+ - apiGroups: |
|
409 |
+ - "" |
|
408 | 410 |
attributeRestrictions: null |
409 | 411 |
resources: |
410 | 412 |
- routes/status |
... | ... |
@@ -540,7 +547,8 @@ items: |
540 | 540 |
- get |
541 | 541 |
- list |
542 | 542 |
- watch |
543 |
- - apiGroups: null |
|
543 |
+ - apiGroups: |
|
544 |
+ - "" |
|
544 | 545 |
attributeRestrictions: null |
545 | 546 |
resources: |
546 | 547 |
- bindings |
... | ... |
@@ -573,7 +581,8 @@ items: |
573 | 573 |
- get |
574 | 574 |
- list |
575 | 575 |
- watch |
576 |
- - apiGroups: null |
|
576 |
+ - apiGroups: |
|
577 |
+ - "" |
|
577 | 578 |
attributeRestrictions: null |
578 | 579 |
resources: |
579 | 580 |
- imagestreams/layers |
... | ... |
@@ -586,7 +595,8 @@ items: |
586 | 586 |
creationTimestamp: null |
587 | 587 |
name: view |
588 | 588 |
rules: |
589 |
- - apiGroups: null |
|
589 |
+ - apiGroups: |
|
590 |
+ - "" |
|
590 | 591 |
attributeRestrictions: null |
591 | 592 |
resources: |
592 | 593 |
- bindings |
... | ... |
@@ -676,7 +686,8 @@ items: |
676 | 676 |
creationTimestamp: null |
677 | 677 |
name: basic-user |
678 | 678 |
rules: |
679 |
- - apiGroups: null |
|
679 |
+ - apiGroups: |
|
680 |
+ - "" |
|
680 | 681 |
attributeRestrictions: null |
681 | 682 |
resourceNames: |
682 | 683 |
- "~" |
... | ... |
@@ -684,27 +695,31 @@ items: |
684 | 684 |
- users |
685 | 685 |
verbs: |
686 | 686 |
- get |
687 |
- - apiGroups: null |
|
687 |
+ - apiGroups: |
|
688 |
+ - "" |
|
688 | 689 |
attributeRestrictions: null |
689 | 690 |
resources: |
690 | 691 |
- projectrequests |
691 | 692 |
verbs: |
692 | 693 |
- list |
693 |
- - apiGroups: null |
|
694 |
+ - apiGroups: |
|
695 |
+ - "" |
|
694 | 696 |
attributeRestrictions: null |
695 | 697 |
resources: |
696 | 698 |
- clusterroles |
697 | 699 |
verbs: |
698 | 700 |
- get |
699 | 701 |
- list |
700 |
- - apiGroups: null |
|
702 |
+ - apiGroups: |
|
703 |
+ - "" |
|
701 | 704 |
attributeRestrictions: null |
702 | 705 |
resources: |
703 | 706 |
- projects |
704 | 707 |
verbs: |
705 | 708 |
- list |
706 | 709 |
- watch |
707 |
- - apiGroups: null |
|
710 |
+ - apiGroups: |
|
711 |
+ - "" |
|
708 | 712 |
attributeRestrictions: |
709 | 713 |
apiVersion: v1 |
710 | 714 |
kind: IsPersonalSubjectAccessReview |
... | ... |
@@ -713,7 +728,8 @@ items: |
713 | 713 |
- subjectaccessreviews |
714 | 714 |
verbs: |
715 | 715 |
- create |
716 |
- - apiGroups: null |
|
716 |
+ - apiGroups: |
|
717 |
+ - "" |
|
717 | 718 |
attributeRestrictions: null |
718 | 719 |
resources: |
719 | 720 |
- selfsubjectrulesreviews |
... | ... |
@@ -725,7 +741,8 @@ items: |
725 | 725 |
creationTimestamp: null |
726 | 726 |
name: self-provisioner |
727 | 727 |
rules: |
728 |
- - apiGroups: null |
|
728 |
+ - apiGroups: |
|
729 |
+ - "" |
|
729 | 730 |
attributeRestrictions: null |
730 | 731 |
resources: |
731 | 732 |
- projectrequests |
... | ... |
@@ -783,7 +800,8 @@ items: |
783 | 783 |
creationTimestamp: null |
784 | 784 |
name: system:image-puller |
785 | 785 |
rules: |
786 |
- - apiGroups: null |
|
786 |
+ - apiGroups: |
|
787 |
+ - "" |
|
787 | 788 |
attributeRestrictions: null |
788 | 789 |
resources: |
789 | 790 |
- imagestreams/layers |
... | ... |
@@ -795,7 +813,8 @@ items: |
795 | 795 |
creationTimestamp: null |
796 | 796 |
name: system:image-pusher |
797 | 797 |
rules: |
798 |
- - apiGroups: null |
|
798 |
+ - apiGroups: |
|
799 |
+ - "" |
|
799 | 800 |
attributeRestrictions: null |
800 | 801 |
resources: |
801 | 802 |
- imagestreams/layers |
... | ... |
@@ -808,14 +827,16 @@ items: |
808 | 808 |
creationTimestamp: null |
809 | 809 |
name: system:image-builder |
810 | 810 |
rules: |
811 |
- - apiGroups: null |
|
811 |
+ - apiGroups: |
|
812 |
+ - "" |
|
812 | 813 |
attributeRestrictions: null |
813 | 814 |
resources: |
814 | 815 |
- imagestreams/layers |
815 | 816 |
verbs: |
816 | 817 |
- get |
817 | 818 |
- update |
818 |
- - apiGroups: null |
|
819 |
+ - apiGroups: |
|
820 |
+ - "" |
|
819 | 821 |
attributeRestrictions: null |
820 | 822 |
resources: |
821 | 823 |
- builds/details |
... | ... |
@@ -827,13 +848,15 @@ items: |
827 | 827 |
creationTimestamp: null |
828 | 828 |
name: system:image-pruner |
829 | 829 |
rules: |
830 |
- - apiGroups: null |
|
830 |
+ - apiGroups: |
|
831 |
+ - "" |
|
831 | 832 |
attributeRestrictions: null |
832 | 833 |
resources: |
833 | 834 |
- images |
834 | 835 |
verbs: |
835 | 836 |
- delete |
836 |
- - apiGroups: null |
|
837 |
+ - apiGroups: |
|
838 |
+ - "" |
|
837 | 839 |
attributeRestrictions: null |
838 | 840 |
resources: |
839 | 841 |
- buildconfigs |
... | ... |
@@ -846,7 +869,8 @@ items: |
846 | 846 |
verbs: |
847 | 847 |
- get |
848 | 848 |
- list |
849 |
- - apiGroups: null |
|
849 |
+ - apiGroups: |
|
850 |
+ - "" |
|
850 | 851 |
attributeRestrictions: null |
851 | 852 |
resources: |
852 | 853 |
- imagestreams/status |
... | ... |
@@ -858,21 +882,24 @@ items: |
858 | 858 |
creationTimestamp: null |
859 | 859 |
name: system:deployer |
860 | 860 |
rules: |
861 |
- - apiGroups: null |
|
861 |
+ - apiGroups: |
|
862 |
+ - "" |
|
862 | 863 |
attributeRestrictions: null |
863 | 864 |
resources: |
864 | 865 |
- replicationcontrollers |
865 | 866 |
verbs: |
866 | 867 |
- get |
867 | 868 |
- list |
868 |
- - apiGroups: null |
|
869 |
+ - apiGroups: |
|
870 |
+ - "" |
|
869 | 871 |
attributeRestrictions: null |
870 | 872 |
resources: |
871 | 873 |
- replicationcontrollers |
872 | 874 |
verbs: |
873 | 875 |
- get |
874 | 876 |
- update |
875 |
- - apiGroups: null |
|
877 |
+ - apiGroups: |
|
878 |
+ - "" |
|
876 | 879 |
attributeRestrictions: null |
877 | 880 |
resources: |
878 | 881 |
- pods |
... | ... |
@@ -881,13 +908,15 @@ items: |
881 | 881 |
- get |
882 | 882 |
- list |
883 | 883 |
- watch |
884 |
- - apiGroups: null |
|
884 |
+ - apiGroups: |
|
885 |
+ - "" |
|
885 | 886 |
attributeRestrictions: null |
886 | 887 |
resources: |
887 | 888 |
- pods/log |
888 | 889 |
verbs: |
889 | 890 |
- get |
890 |
- - apiGroups: null |
|
891 |
+ - apiGroups: |
|
892 |
+ - "" |
|
891 | 893 |
attributeRestrictions: null |
892 | 894 |
resources: |
893 | 895 |
- imagestreamtags |
... | ... |
@@ -912,7 +941,8 @@ items: |
912 | 912 |
creationTimestamp: null |
913 | 913 |
name: system:oauth-token-deleter |
914 | 914 |
rules: |
915 |
- - apiGroups: null |
|
915 |
+ - apiGroups: |
|
916 |
+ - "" |
|
916 | 917 |
attributeRestrictions: null |
917 | 918 |
resources: |
918 | 919 |
- oauthaccesstokens |
... | ... |
@@ -925,7 +955,8 @@ items: |
925 | 925 |
creationTimestamp: null |
926 | 926 |
name: system:router |
927 | 927 |
rules: |
928 |
- - apiGroups: null |
|
928 |
+ - apiGroups: |
|
929 |
+ - "" |
|
929 | 930 |
attributeRestrictions: null |
930 | 931 |
resources: |
931 | 932 |
- endpoints |
... | ... |
@@ -933,7 +964,8 @@ items: |
933 | 933 |
verbs: |
934 | 934 |
- list |
935 | 935 |
- watch |
936 |
- - apiGroups: null |
|
936 |
+ - apiGroups: |
|
937 |
+ - "" |
|
937 | 938 |
attributeRestrictions: null |
938 | 939 |
resources: |
939 | 940 |
- routes/status |
... | ... |
@@ -945,14 +977,16 @@ items: |
945 | 945 |
creationTimestamp: null |
946 | 946 |
name: system:registry |
947 | 947 |
rules: |
948 |
- - apiGroups: null |
|
948 |
+ - apiGroups: |
|
949 |
+ - "" |
|
949 | 950 |
attributeRestrictions: null |
950 | 951 |
resources: |
951 | 952 |
- images |
952 | 953 |
verbs: |
953 | 954 |
- delete |
954 | 955 |
- get |
955 |
- - apiGroups: null |
|
956 |
+ - apiGroups: |
|
957 |
+ - "" |
|
956 | 958 |
attributeRestrictions: null |
957 | 959 |
resources: |
958 | 960 |
- imagestreamimages |
... | ... |
@@ -961,19 +995,22 @@ items: |
961 | 961 |
- imagestreamtags |
962 | 962 |
verbs: |
963 | 963 |
- get |
964 |
- - apiGroups: null |
|
964 |
+ - apiGroups: |
|
965 |
+ - "" |
|
965 | 966 |
attributeRestrictions: null |
966 | 967 |
resources: |
967 | 968 |
- imagestreams |
968 | 969 |
verbs: |
969 | 970 |
- update |
970 |
- - apiGroups: null |
|
971 |
+ - apiGroups: |
|
972 |
+ - "" |
|
971 | 973 |
attributeRestrictions: null |
972 | 974 |
resources: |
973 | 975 |
- imagestreammappings |
974 | 976 |
verbs: |
975 | 977 |
- create |
976 |
- - apiGroups: null |
|
978 |
+ - apiGroups: |
|
979 |
+ - "" |
|
977 | 980 |
attributeRestrictions: null |
978 | 981 |
resources: |
979 | 982 |
- resourcequotas |
... | ... |
@@ -985,7 +1022,8 @@ items: |
985 | 985 |
creationTimestamp: null |
986 | 986 |
name: system:node-proxier |
987 | 987 |
rules: |
988 |
- - apiGroups: null |
|
988 |
+ - apiGroups: |
|
989 |
+ - "" |
|
989 | 990 |
attributeRestrictions: null |
990 | 991 |
resources: |
991 | 992 |
- endpoints |
... | ... |
@@ -999,7 +1037,8 @@ items: |
999 | 999 |
creationTimestamp: null |
1000 | 1000 |
name: system:node-admin |
1001 | 1001 |
rules: |
1002 |
- - apiGroups: null |
|
1002 |
+ - apiGroups: |
|
1003 |
+ - "" |
|
1003 | 1004 |
attributeRestrictions: null |
1004 | 1005 |
resources: |
1005 | 1006 |
- nodes |
... | ... |
@@ -1007,13 +1046,15 @@ items: |
1007 | 1007 |
- get |
1008 | 1008 |
- list |
1009 | 1009 |
- watch |
1010 |
- - apiGroups: null |
|
1010 |
+ - apiGroups: |
|
1011 |
+ - "" |
|
1011 | 1012 |
attributeRestrictions: null |
1012 | 1013 |
resources: |
1013 | 1014 |
- nodes |
1014 | 1015 |
verbs: |
1015 | 1016 |
- proxy |
1016 |
- - apiGroups: null |
|
1017 |
+ - apiGroups: |
|
1018 |
+ - "" |
|
1017 | 1019 |
attributeRestrictions: null |
1018 | 1020 |
resources: |
1019 | 1021 |
- nodes/log |
... | ... |
@@ -1028,7 +1069,8 @@ items: |
1028 | 1028 |
creationTimestamp: null |
1029 | 1029 |
name: system:node-reader |
1030 | 1030 |
rules: |
1031 |
- - apiGroups: null |
|
1031 |
+ - apiGroups: |
|
1032 |
+ - "" |
|
1032 | 1033 |
attributeRestrictions: null |
1033 | 1034 |
resources: |
1034 | 1035 |
- nodes |
... | ... |
@@ -1036,13 +1078,15 @@ items: |
1036 | 1036 |
- get |
1037 | 1037 |
- list |
1038 | 1038 |
- watch |
1039 |
- - apiGroups: null |
|
1039 |
+ - apiGroups: |
|
1040 |
+ - "" |
|
1040 | 1041 |
attributeRestrictions: null |
1041 | 1042 |
resources: |
1042 | 1043 |
- nodes/metrics |
1043 | 1044 |
verbs: |
1044 | 1045 |
- get |
1045 |
- - apiGroups: null |
|
1046 |
+ - apiGroups: |
|
1047 |
+ - "" |
|
1046 | 1048 |
attributeRestrictions: null |
1047 | 1049 |
resources: |
1048 | 1050 |
- nodes/stats |
... | ... |
@@ -1055,14 +1099,16 @@ items: |
1055 | 1055 |
creationTimestamp: null |
1056 | 1056 |
name: system:node |
1057 | 1057 |
rules: |
1058 |
- - apiGroups: null |
|
1058 |
+ - apiGroups: |
|
1059 |
+ - "" |
|
1059 | 1060 |
attributeRestrictions: null |
1060 | 1061 |
resources: |
1061 | 1062 |
- localsubjectaccessreviews |
1062 | 1063 |
- subjectaccessreviews |
1063 | 1064 |
verbs: |
1064 | 1065 |
- create |
1065 |
- - apiGroups: null |
|
1066 |
+ - apiGroups: |
|
1067 |
+ - "" |
|
1066 | 1068 |
attributeRestrictions: null |
1067 | 1069 |
resources: |
1068 | 1070 |
- services |
... | ... |
@@ -1070,7 +1116,8 @@ items: |
1070 | 1070 |
- get |
1071 | 1071 |
- list |
1072 | 1072 |
- watch |
1073 |
- - apiGroups: null |
|
1073 |
+ - apiGroups: |
|
1074 |
+ - "" |
|
1074 | 1075 |
attributeRestrictions: null |
1075 | 1076 |
resources: |
1076 | 1077 |
- nodes |
... | ... |
@@ -1079,13 +1126,15 @@ items: |
1079 | 1079 |
- get |
1080 | 1080 |
- list |
1081 | 1081 |
- watch |
1082 |
- - apiGroups: null |
|
1082 |
+ - apiGroups: |
|
1083 |
+ - "" |
|
1083 | 1084 |
attributeRestrictions: null |
1084 | 1085 |
resources: |
1085 | 1086 |
- nodes/status |
1086 | 1087 |
verbs: |
1087 | 1088 |
- update |
1088 |
- - apiGroups: null |
|
1089 |
+ - apiGroups: |
|
1090 |
+ - "" |
|
1089 | 1091 |
attributeRestrictions: null |
1090 | 1092 |
resources: |
1091 | 1093 |
- events |
... | ... |
@@ -1093,7 +1142,8 @@ items: |
1093 | 1093 |
- create |
1094 | 1094 |
- patch |
1095 | 1095 |
- update |
1096 |
- - apiGroups: null |
|
1096 |
+ - apiGroups: |
|
1097 |
+ - "" |
|
1097 | 1098 |
attributeRestrictions: null |
1098 | 1099 |
resources: |
1099 | 1100 |
- pods |
... | ... |
@@ -1101,7 +1151,8 @@ items: |
1101 | 1101 |
- get |
1102 | 1102 |
- list |
1103 | 1103 |
- watch |
1104 |
- - apiGroups: null |
|
1104 |
+ - apiGroups: |
|
1105 |
+ - "" |
|
1105 | 1106 |
attributeRestrictions: null |
1106 | 1107 |
resources: |
1107 | 1108 |
- pods |
... | ... |
@@ -1109,27 +1160,31 @@ items: |
1109 | 1109 |
- create |
1110 | 1110 |
- delete |
1111 | 1111 |
- get |
1112 |
- - apiGroups: null |
|
1112 |
+ - apiGroups: |
|
1113 |
+ - "" |
|
1113 | 1114 |
attributeRestrictions: null |
1114 | 1115 |
resources: |
1115 | 1116 |
- pods/status |
1116 | 1117 |
verbs: |
1117 | 1118 |
- update |
1118 |
- - apiGroups: null |
|
1119 |
+ - apiGroups: |
|
1120 |
+ - "" |
|
1119 | 1121 |
attributeRestrictions: null |
1120 | 1122 |
resources: |
1121 | 1123 |
- configmaps |
1122 | 1124 |
- secrets |
1123 | 1125 |
verbs: |
1124 | 1126 |
- get |
1125 |
- - apiGroups: null |
|
1127 |
+ - apiGroups: |
|
1128 |
+ - "" |
|
1126 | 1129 |
attributeRestrictions: null |
1127 | 1130 |
resources: |
1128 | 1131 |
- persistentvolumeclaims |
1129 | 1132 |
- persistentvolumes |
1130 | 1133 |
verbs: |
1131 | 1134 |
- get |
1132 |
- - apiGroups: null |
|
1135 |
+ - apiGroups: |
|
1136 |
+ - "" |
|
1133 | 1137 |
attributeRestrictions: null |
1134 | 1138 |
resources: |
1135 | 1139 |
- endpoints |
... | ... |
@@ -1141,7 +1196,8 @@ items: |
1141 | 1141 |
creationTimestamp: null |
1142 | 1142 |
name: system:sdn-reader |
1143 | 1143 |
rules: |
1144 |
- - apiGroups: null |
|
1144 |
+ - apiGroups: |
|
1145 |
+ - "" |
|
1145 | 1146 |
attributeRestrictions: null |
1146 | 1147 |
resources: |
1147 | 1148 |
- hostsubnets |
... | ... |
@@ -1149,7 +1205,8 @@ items: |
1149 | 1149 |
- get |
1150 | 1150 |
- list |
1151 | 1151 |
- watch |
1152 |
- - apiGroups: null |
|
1152 |
+ - apiGroups: |
|
1153 |
+ - "" |
|
1153 | 1154 |
attributeRestrictions: null |
1154 | 1155 |
resources: |
1155 | 1156 |
- netnamespaces |
... | ... |
@@ -1157,7 +1214,8 @@ items: |
1157 | 1157 |
- get |
1158 | 1158 |
- list |
1159 | 1159 |
- watch |
1160 |
- - apiGroups: null |
|
1160 |
+ - apiGroups: |
|
1161 |
+ - "" |
|
1161 | 1162 |
attributeRestrictions: null |
1162 | 1163 |
resources: |
1163 | 1164 |
- nodes |
... | ... |
@@ -1165,13 +1223,15 @@ items: |
1165 | 1165 |
- get |
1166 | 1166 |
- list |
1167 | 1167 |
- watch |
1168 |
- - apiGroups: null |
|
1168 |
+ - apiGroups: |
|
1169 |
+ - "" |
|
1169 | 1170 |
attributeRestrictions: null |
1170 | 1171 |
resources: |
1171 | 1172 |
- clusternetworks |
1172 | 1173 |
verbs: |
1173 | 1174 |
- get |
1174 |
- - apiGroups: null |
|
1175 |
+ - apiGroups: |
|
1176 |
+ - "" |
|
1175 | 1177 |
attributeRestrictions: null |
1176 | 1178 |
resources: |
1177 | 1179 |
- namespaces |
... | ... |
@@ -1185,7 +1245,8 @@ items: |
1185 | 1185 |
creationTimestamp: null |
1186 | 1186 |
name: system:sdn-manager |
1187 | 1187 |
rules: |
1188 |
- - apiGroups: null |
|
1188 |
+ - apiGroups: |
|
1189 |
+ - "" |
|
1189 | 1190 |
attributeRestrictions: null |
1190 | 1191 |
resources: |
1191 | 1192 |
- hostsubnets |
... | ... |
@@ -1195,7 +1256,8 @@ items: |
1195 | 1195 |
- get |
1196 | 1196 |
- list |
1197 | 1197 |
- watch |
1198 |
- - apiGroups: null |
|
1198 |
+ - apiGroups: |
|
1199 |
+ - "" |
|
1199 | 1200 |
attributeRestrictions: null |
1200 | 1201 |
resources: |
1201 | 1202 |
- netnamespaces |
... | ... |
@@ -1205,7 +1267,8 @@ items: |
1205 | 1205 |
- get |
1206 | 1206 |
- list |
1207 | 1207 |
- watch |
1208 |
- - apiGroups: null |
|
1208 |
+ - apiGroups: |
|
1209 |
+ - "" |
|
1209 | 1210 |
attributeRestrictions: null |
1210 | 1211 |
resources: |
1211 | 1212 |
- nodes |
... | ... |
@@ -1213,7 +1276,8 @@ items: |
1213 | 1213 |
- get |
1214 | 1214 |
- list |
1215 | 1215 |
- watch |
1216 |
- - apiGroups: null |
|
1216 |
+ - apiGroups: |
|
1217 |
+ - "" |
|
1217 | 1218 |
attributeRestrictions: null |
1218 | 1219 |
resources: |
1219 | 1220 |
- clusternetworks |
... | ... |
@@ -1226,7 +1290,8 @@ items: |
1226 | 1226 |
creationTimestamp: null |
1227 | 1227 |
name: system:webhook |
1228 | 1228 |
rules: |
1229 |
- - apiGroups: null |
|
1229 |
+ - apiGroups: |
|
1230 |
+ - "" |
|
1230 | 1231 |
attributeRestrictions: null |
1231 | 1232 |
resources: |
1232 | 1233 |
- buildconfigs/webhooks |
... | ... |
@@ -1430,7 +1495,8 @@ items: |
1430 | 1430 |
creationTimestamp: null |
1431 | 1431 |
name: system:build-controller |
1432 | 1432 |
rules: |
1433 |
- - apiGroups: null |
|
1433 |
+ - apiGroups: |
|
1434 |
+ - "" |
|
1434 | 1435 |
attributeRestrictions: null |
1435 | 1436 |
resources: |
1436 | 1437 |
- builds |
... | ... |
@@ -1438,13 +1504,15 @@ items: |
1438 | 1438 |
- get |
1439 | 1439 |
- list |
1440 | 1440 |
- watch |
1441 |
- - apiGroups: null |
|
1441 |
+ - apiGroups: |
|
1442 |
+ - "" |
|
1442 | 1443 |
attributeRestrictions: null |
1443 | 1444 |
resources: |
1444 | 1445 |
- builds |
1445 | 1446 |
verbs: |
1446 | 1447 |
- update |
1447 |
- - apiGroups: null |
|
1448 |
+ - apiGroups: |
|
1449 |
+ - "" |
|
1448 | 1450 |
attributeRestrictions: null |
1449 | 1451 |
resources: |
1450 | 1452 |
- builds/custom |
... | ... |
@@ -1453,13 +1521,15 @@ items: |
1453 | 1453 |
- builds/source |
1454 | 1454 |
verbs: |
1455 | 1455 |
- create |
1456 |
- - apiGroups: null |
|
1456 |
+ - apiGroups: |
|
1457 |
+ - "" |
|
1457 | 1458 |
attributeRestrictions: null |
1458 | 1459 |
resources: |
1459 | 1460 |
- imagestreams |
1460 | 1461 |
verbs: |
1461 | 1462 |
- get |
1462 |
- - apiGroups: null |
|
1463 |
+ - apiGroups: |
|
1464 |
+ - "" |
|
1463 | 1465 |
attributeRestrictions: null |
1464 | 1466 |
resources: |
1465 | 1467 |
- pods |
... | ... |
@@ -1468,7 +1538,8 @@ items: |
1468 | 1468 |
- delete |
1469 | 1469 |
- get |
1470 | 1470 |
- list |
1471 |
- - apiGroups: null |
|
1471 |
+ - apiGroups: |
|
1472 |
+ - "" |
|
1472 | 1473 |
attributeRestrictions: null |
1473 | 1474 |
resources: |
1474 | 1475 |
- events |
... | ... |
@@ -1490,14 +1561,16 @@ items: |
1490 | 1490 |
verbs: |
1491 | 1491 |
- list |
1492 | 1492 |
- watch |
1493 |
- - apiGroups: null |
|
1493 |
+ - apiGroups: |
|
1494 |
+ - "" |
|
1494 | 1495 |
attributeRestrictions: null |
1495 | 1496 |
resources: |
1496 | 1497 |
- pods |
1497 | 1498 |
verbs: |
1498 | 1499 |
- list |
1499 | 1500 |
- watch |
1500 |
- - apiGroups: null |
|
1501 |
+ - apiGroups: |
|
1502 |
+ - "" |
|
1501 | 1503 |
attributeRestrictions: null |
1502 | 1504 |
resources: |
1503 | 1505 |
- nodes |
... | ... |
@@ -1511,7 +1584,8 @@ items: |
1511 | 1511 |
- daemonsets/status |
1512 | 1512 |
verbs: |
1513 | 1513 |
- update |
1514 |
- - apiGroups: null |
|
1514 |
+ - apiGroups: |
|
1515 |
+ - "" |
|
1515 | 1516 |
attributeRestrictions: null |
1516 | 1517 |
resources: |
1517 | 1518 |
- pods |
... | ... |
@@ -1525,7 +1599,8 @@ items: |
1525 | 1525 |
- pods/binding |
1526 | 1526 |
verbs: |
1527 | 1527 |
- create |
1528 |
- - apiGroups: null |
|
1528 |
+ - apiGroups: |
|
1529 |
+ - "" |
|
1529 | 1530 |
attributeRestrictions: null |
1530 | 1531 |
resources: |
1531 | 1532 |
- events |
... | ... |
@@ -1539,21 +1614,24 @@ items: |
1539 | 1539 |
creationTimestamp: null |
1540 | 1540 |
name: system:deployment-controller |
1541 | 1541 |
rules: |
1542 |
- - apiGroups: null |
|
1542 |
+ - apiGroups: |
|
1543 |
+ - "" |
|
1543 | 1544 |
attributeRestrictions: null |
1544 | 1545 |
resources: |
1545 | 1546 |
- replicationcontrollers |
1546 | 1547 |
verbs: |
1547 | 1548 |
- list |
1548 | 1549 |
- watch |
1549 |
- - apiGroups: null |
|
1550 |
+ - apiGroups: |
|
1551 |
+ - "" |
|
1550 | 1552 |
attributeRestrictions: null |
1551 | 1553 |
resources: |
1552 | 1554 |
- replicationcontrollers |
1553 | 1555 |
verbs: |
1554 | 1556 |
- get |
1555 | 1557 |
- update |
1556 |
- - apiGroups: null |
|
1558 |
+ - apiGroups: |
|
1559 |
+ - "" |
|
1557 | 1560 |
attributeRestrictions: null |
1558 | 1561 |
resources: |
1559 | 1562 |
- pods |
... | ... |
@@ -1563,7 +1641,8 @@ items: |
1563 | 1563 |
- get |
1564 | 1564 |
- list |
1565 | 1565 |
- update |
1566 |
- - apiGroups: null |
|
1566 |
+ - apiGroups: |
|
1567 |
+ - "" |
|
1567 | 1568 |
attributeRestrictions: null |
1568 | 1569 |
resources: |
1569 | 1570 |
- events |
... | ... |
@@ -1625,14 +1704,16 @@ items: |
1625 | 1625 |
verbs: |
1626 | 1626 |
- get |
1627 | 1627 |
- update |
1628 |
- - apiGroups: null |
|
1628 |
+ - apiGroups: |
|
1629 |
+ - "" |
|
1629 | 1630 |
attributeRestrictions: null |
1630 | 1631 |
resources: |
1631 | 1632 |
- deploymentconfigs/scale |
1632 | 1633 |
verbs: |
1633 | 1634 |
- get |
1634 | 1635 |
- update |
1635 |
- - apiGroups: null |
|
1636 |
+ - apiGroups: |
|
1637 |
+ - "" |
|
1636 | 1638 |
attributeRestrictions: null |
1637 | 1639 |
resources: |
1638 | 1640 |
- events |
... | ... |
@@ -1640,13 +1721,15 @@ items: |
1640 | 1640 |
- create |
1641 | 1641 |
- patch |
1642 | 1642 |
- update |
1643 |
- - apiGroups: null |
|
1643 |
+ - apiGroups: |
|
1644 |
+ - "" |
|
1644 | 1645 |
attributeRestrictions: null |
1645 | 1646 |
resources: |
1646 | 1647 |
- pods |
1647 | 1648 |
verbs: |
1648 | 1649 |
- list |
1649 |
- - apiGroups: null |
|
1650 |
+ - apiGroups: |
|
1651 |
+ - "" |
|
1650 | 1652 |
attributeRestrictions: null |
1651 | 1653 |
resourceNames: |
1652 | 1654 |
- 'https:heapster:' |
... | ... |
@@ -1677,21 +1760,24 @@ items: |
1677 | 1677 |
- jobs/status |
1678 | 1678 |
verbs: |
1679 | 1679 |
- update |
1680 |
- - apiGroups: null |
|
1680 |
+ - apiGroups: |
|
1681 |
+ - "" |
|
1681 | 1682 |
attributeRestrictions: null |
1682 | 1683 |
resources: |
1683 | 1684 |
- pods |
1684 | 1685 |
verbs: |
1685 | 1686 |
- list |
1686 | 1687 |
- watch |
1687 |
- - apiGroups: null |
|
1688 |
+ - apiGroups: |
|
1689 |
+ - "" |
|
1688 | 1690 |
attributeRestrictions: null |
1689 | 1691 |
resources: |
1690 | 1692 |
- pods |
1691 | 1693 |
verbs: |
1692 | 1694 |
- create |
1693 | 1695 |
- delete |
1694 |
- - apiGroups: null |
|
1696 |
+ - apiGroups: |
|
1697 |
+ - "" |
|
1695 | 1698 |
attributeRestrictions: null |
1696 | 1699 |
resources: |
1697 | 1700 |
- events |
... | ... |
@@ -1739,14 +1825,16 @@ items: |
1739 | 1739 |
creationTimestamp: null |
1740 | 1740 |
name: system:pv-binder-controller |
1741 | 1741 |
rules: |
1742 |
- - apiGroups: null |
|
1742 |
+ - apiGroups: |
|
1743 |
+ - "" |
|
1743 | 1744 |
attributeRestrictions: null |
1744 | 1745 |
resources: |
1745 | 1746 |
- persistentvolumes |
1746 | 1747 |
verbs: |
1747 | 1748 |
- list |
1748 | 1749 |
- watch |
1749 |
- - apiGroups: null |
|
1750 |
+ - apiGroups: |
|
1751 |
+ - "" |
|
1750 | 1752 |
attributeRestrictions: null |
1751 | 1753 |
resources: |
1752 | 1754 |
- persistentvolumes |
... | ... |
@@ -1755,27 +1843,31 @@ items: |
1755 | 1755 |
- delete |
1756 | 1756 |
- get |
1757 | 1757 |
- update |
1758 |
- - apiGroups: null |
|
1758 |
+ - apiGroups: |
|
1759 |
+ - "" |
|
1759 | 1760 |
attributeRestrictions: null |
1760 | 1761 |
resources: |
1761 | 1762 |
- persistentvolumes/status |
1762 | 1763 |
verbs: |
1763 | 1764 |
- update |
1764 |
- - apiGroups: null |
|
1765 |
+ - apiGroups: |
|
1766 |
+ - "" |
|
1765 | 1767 |
attributeRestrictions: null |
1766 | 1768 |
resources: |
1767 | 1769 |
- persistentvolumeclaims |
1768 | 1770 |
verbs: |
1769 | 1771 |
- list |
1770 | 1772 |
- watch |
1771 |
- - apiGroups: null |
|
1773 |
+ - apiGroups: |
|
1774 |
+ - "" |
|
1772 | 1775 |
attributeRestrictions: null |
1773 | 1776 |
resources: |
1774 | 1777 |
- persistentvolumeclaims |
1775 | 1778 |
verbs: |
1776 | 1779 |
- get |
1777 | 1780 |
- update |
1778 |
- - apiGroups: null |
|
1781 |
+ - apiGroups: |
|
1782 |
+ - "" |
|
1779 | 1783 |
attributeRestrictions: null |
1780 | 1784 |
resources: |
1781 | 1785 |
- persistentvolumeclaims/status |
... | ... |
@@ -1787,14 +1879,16 @@ items: |
1787 | 1787 |
creationTimestamp: null |
1788 | 1788 |
name: system:pv-provisioner-controller |
1789 | 1789 |
rules: |
1790 |
- - apiGroups: null |
|
1790 |
+ - apiGroups: |
|
1791 |
+ - "" |
|
1791 | 1792 |
attributeRestrictions: null |
1792 | 1793 |
resources: |
1793 | 1794 |
- persistentvolumes |
1794 | 1795 |
verbs: |
1795 | 1796 |
- list |
1796 | 1797 |
- watch |
1797 |
- - apiGroups: null |
|
1798 |
+ - apiGroups: |
|
1799 |
+ - "" |
|
1798 | 1800 |
attributeRestrictions: null |
1799 | 1801 |
resources: |
1800 | 1802 |
- persistentvolumes |
... | ... |
@@ -1803,27 +1897,31 @@ items: |
1803 | 1803 |
- delete |
1804 | 1804 |
- get |
1805 | 1805 |
- update |
1806 |
- - apiGroups: null |
|
1806 |
+ - apiGroups: |
|
1807 |
+ - "" |
|
1807 | 1808 |
attributeRestrictions: null |
1808 | 1809 |
resources: |
1809 | 1810 |
- persistentvolumes/status |
1810 | 1811 |
verbs: |
1811 | 1812 |
- update |
1812 |
- - apiGroups: null |
|
1813 |
+ - apiGroups: |
|
1814 |
+ - "" |
|
1813 | 1815 |
attributeRestrictions: null |
1814 | 1816 |
resources: |
1815 | 1817 |
- persistentvolumeclaims |
1816 | 1818 |
verbs: |
1817 | 1819 |
- list |
1818 | 1820 |
- watch |
1819 |
- - apiGroups: null |
|
1821 |
+ - apiGroups: |
|
1822 |
+ - "" |
|
1820 | 1823 |
attributeRestrictions: null |
1821 | 1824 |
resources: |
1822 | 1825 |
- persistentvolumeclaims |
1823 | 1826 |
verbs: |
1824 | 1827 |
- get |
1825 | 1828 |
- update |
1826 |
- - apiGroups: null |
|
1829 |
+ - apiGroups: |
|
1830 |
+ - "" |
|
1827 | 1831 |
attributeRestrictions: null |
1828 | 1832 |
resources: |
1829 | 1833 |
- persistentvolumeclaims/status |
... | ... |
@@ -1835,14 +1933,16 @@ items: |
1835 | 1835 |
creationTimestamp: null |
1836 | 1836 |
name: system:pv-recycler-controller |
1837 | 1837 |
rules: |
1838 |
- - apiGroups: null |
|
1838 |
+ - apiGroups: |
|
1839 |
+ - "" |
|
1839 | 1840 |
attributeRestrictions: null |
1840 | 1841 |
resources: |
1841 | 1842 |
- persistentvolumes |
1842 | 1843 |
verbs: |
1843 | 1844 |
- list |
1844 | 1845 |
- watch |
1845 |
- - apiGroups: null |
|
1846 |
+ - apiGroups: |
|
1847 |
+ - "" |
|
1846 | 1848 |
attributeRestrictions: null |
1847 | 1849 |
resources: |
1848 | 1850 |
- persistentvolumes |
... | ... |
@@ -1851,40 +1951,46 @@ items: |
1851 | 1851 |
- delete |
1852 | 1852 |
- get |
1853 | 1853 |
- update |
1854 |
- - apiGroups: null |
|
1854 |
+ - apiGroups: |
|
1855 |
+ - "" |
|
1855 | 1856 |
attributeRestrictions: null |
1856 | 1857 |
resources: |
1857 | 1858 |
- persistentvolumes/status |
1858 | 1859 |
verbs: |
1859 | 1860 |
- update |
1860 |
- - apiGroups: null |
|
1861 |
+ - apiGroups: |
|
1862 |
+ - "" |
|
1861 | 1863 |
attributeRestrictions: null |
1862 | 1864 |
resources: |
1863 | 1865 |
- persistentvolumeclaims |
1864 | 1866 |
verbs: |
1865 | 1867 |
- list |
1866 | 1868 |
- watch |
1867 |
- - apiGroups: null |
|
1869 |
+ - apiGroups: |
|
1870 |
+ - "" |
|
1868 | 1871 |
attributeRestrictions: null |
1869 | 1872 |
resources: |
1870 | 1873 |
- persistentvolumeclaims |
1871 | 1874 |
verbs: |
1872 | 1875 |
- get |
1873 | 1876 |
- update |
1874 |
- - apiGroups: null |
|
1877 |
+ - apiGroups: |
|
1878 |
+ - "" |
|
1875 | 1879 |
attributeRestrictions: null |
1876 | 1880 |
resources: |
1877 | 1881 |
- persistentvolumeclaims/status |
1878 | 1882 |
verbs: |
1879 | 1883 |
- update |
1880 |
- - apiGroups: null |
|
1884 |
+ - apiGroups: |
|
1885 |
+ - "" |
|
1881 | 1886 |
attributeRestrictions: null |
1882 | 1887 |
resources: |
1883 | 1888 |
- pods |
1884 | 1889 |
verbs: |
1885 | 1890 |
- list |
1886 | 1891 |
- watch |
1887 |
- - apiGroups: null |
|
1892 |
+ - apiGroups: |
|
1893 |
+ - "" |
|
1888 | 1894 |
attributeRestrictions: null |
1889 | 1895 |
resources: |
1890 | 1896 |
- pods |
... | ... |
@@ -1892,7 +1998,8 @@ items: |
1892 | 1892 |
- create |
1893 | 1893 |
- delete |
1894 | 1894 |
- get |
1895 |
- - apiGroups: null |
|
1895 |
+ - apiGroups: |
|
1896 |
+ - "" |
|
1896 | 1897 |
attributeRestrictions: null |
1897 | 1898 |
resources: |
1898 | 1899 |
- events |
... | ... |
@@ -1906,41 +2013,47 @@ items: |
1906 | 1906 |
creationTimestamp: null |
1907 | 1907 |
name: system:replication-controller |
1908 | 1908 |
rules: |
1909 |
- - apiGroups: null |
|
1909 |
+ - apiGroups: |
|
1910 |
+ - "" |
|
1910 | 1911 |
attributeRestrictions: null |
1911 | 1912 |
resources: |
1912 | 1913 |
- replicationcontrollers |
1913 | 1914 |
verbs: |
1914 | 1915 |
- list |
1915 | 1916 |
- watch |
1916 |
- - apiGroups: null |
|
1917 |
+ - apiGroups: |
|
1918 |
+ - "" |
|
1917 | 1919 |
attributeRestrictions: null |
1918 | 1920 |
resources: |
1919 | 1921 |
- replicationcontrollers |
1920 | 1922 |
verbs: |
1921 | 1923 |
- get |
1922 | 1924 |
- update |
1923 |
- - apiGroups: null |
|
1925 |
+ - apiGroups: |
|
1926 |
+ - "" |
|
1924 | 1927 |
attributeRestrictions: null |
1925 | 1928 |
resources: |
1926 | 1929 |
- replicationcontrollers/status |
1927 | 1930 |
verbs: |
1928 | 1931 |
- update |
1929 |
- - apiGroups: null |
|
1932 |
+ - apiGroups: |
|
1933 |
+ - "" |
|
1930 | 1934 |
attributeRestrictions: null |
1931 | 1935 |
resources: |
1932 | 1936 |
- pods |
1933 | 1937 |
verbs: |
1934 | 1938 |
- list |
1935 | 1939 |
- watch |
1936 |
- - apiGroups: null |
|
1940 |
+ - apiGroups: |
|
1941 |
+ - "" |
|
1937 | 1942 |
attributeRestrictions: null |
1938 | 1943 |
resources: |
1939 | 1944 |
- pods |
1940 | 1945 |
verbs: |
1941 | 1946 |
- create |
1942 | 1947 |
- delete |
1943 |
- - apiGroups: null |
|
1948 |
+ - apiGroups: |
|
1949 |
+ - "" |
|
1944 | 1950 |
attributeRestrictions: null |
1945 | 1951 |
resources: |
1946 | 1952 |
- events |
... | ... |
@@ -1984,7 +2097,8 @@ items: |
1984 | 1984 |
verbs: |
1985 | 1985 |
- list |
1986 | 1986 |
- watch |
1987 |
- - apiGroups: null |
|
1987 |
+ - apiGroups: |
|
1988 |
+ - "" |
|
1988 | 1989 |
attributeRestrictions: null |
1989 | 1990 |
resources: |
1990 | 1991 |
- events |