Browse code
make the empty API groups to "" for policy rules standard
deads2k authored on 2016/05/24 23:45:57Showing 9 changed files
- pkg/api/serialization_test.go
- pkg/authorization/api/v1/defaults.go
- pkg/authorization/authorizer/attributes.go
- pkg/authorization/authorizer/authorizer_test.go
- pkg/authorization/authorizer/bootstrap_policy_test.go
- pkg/authorization/authorizer/scope/converter.go
- pkg/cmd/server/bootstrappolicy/policy.go
- pkg/cmd/server/bootstrappolicy/policy_test.go
- test/fixtures/bootstrappolicy/bootstrap_cluster_roles.yaml
| ... | ... |
@@ -94,6 +94,13 @@ func fuzzInternalObject(t *testing.T, forVersion unversioned.GroupVersion, item |
| 94 | 94 |
j.Subjects[i].FieldPath = "" |
| 95 | 95 |
} |
| 96 | 96 |
}, |
| 97 |
+ func(j *authorizationapi.PolicyRule, c fuzz.Continue) {
|
|
| 98 |
+ c.FuzzNoCustom(j) |
|
| 99 |
+ // if no groups are found, then we assume "". This matches defaulting |
|
| 100 |
+ if len(j.APIGroups) == 0 {
|
|
| 101 |
+ j.APIGroups = []string{""}
|
|
| 102 |
+ } |
|
| 103 |
+ }, |
|
| 97 | 104 |
func(j *authorizationapi.ClusterRoleBinding, c fuzz.Continue) {
|
| 98 | 105 |
c.FuzzNoCustom(j) |
| 99 | 106 |
for i := range j.Subjects {
|
| ... | ... |
@@ -21,6 +21,11 @@ func addDefaultingFuncs(scheme *runtime.Scheme) {
|
| 21 | 21 |
if kapi.Semantic.Equalities.DeepEqual(oldAllowAllPolicyRule, *obj) && obj.APIGroups == nil {
|
| 22 | 22 |
obj.APIGroups = []string{internal.APIGroupAll}
|
| 23 | 23 |
} |
| 24 |
+ |
|
| 25 |
+ // if no groups are found, then we assume "" |
|
| 26 |
+ if len(obj.Resources) > 0 && len(obj.APIGroups) == 0 {
|
|
| 27 |
+ obj.APIGroups = []string{""}
|
|
| 28 |
+ } |
|
| 24 | 29 |
}, |
| 25 | 30 |
) |
| 26 | 31 |
if err != nil {
|
| ... | ... |
@@ -70,11 +70,6 @@ func (a DefaultAuthorizationAttributes) RuleMatches(rule authorizationapi.Policy |
| 70 | 70 |
} |
| 71 | 71 |
|
| 72 | 72 |
func (a DefaultAuthorizationAttributes) apiGroupMatches(allowedGroups []string) bool {
|
| 73 |
- // if no APIGroups are specified, then the default APIGroup of "" is assumed. |
|
| 74 |
- if len(allowedGroups) == 0 && len(a.GetAPIGroup()) == 0 {
|
|
| 75 |
- return true |
|
| 76 |
- } |
|
| 77 |
- |
|
| 78 | 73 |
// allowedGroups is expected to be small, so I don't feel bad about this. |
| 79 | 74 |
for _, allowedGroup := range allowedGroups {
|
| 80 | 75 |
if allowedGroup == authorizationapi.APIGroupAll {
|
| ... | ... |
@@ -15,6 +15,8 @@ import ( |
| 15 | 15 |
testpolicyregistry "github.com/openshift/origin/pkg/authorization/registry/test" |
| 16 | 16 |
"github.com/openshift/origin/pkg/authorization/rulevalidation" |
| 17 | 17 |
"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy" |
| 18 |
+ |
|
| 19 |
+ _ "github.com/openshift/origin/pkg/api/install" |
|
| 18 | 20 |
) |
| 19 | 21 |
|
| 20 | 22 |
type authorizeTest struct {
|
| ... | ... |
@@ -646,6 +648,7 @@ func newAdzePolicies() []authorizationapi.Policy {
|
| 646 | 646 |
}, |
| 647 | 647 |
Rules: append(make([]authorizationapi.PolicyRule, 0), |
| 648 | 648 |
authorizationapi.PolicyRule{
|
| 649 |
+ APIGroups: []string{""},
|
|
| 649 | 650 |
Verbs: sets.NewString("watch", "list", "get"),
|
| 650 | 651 |
Resources: sets.NewString("buildConfigs"),
|
| 651 | 652 |
}), |
| ... | ... |
@@ -539,11 +539,13 @@ func newInvalidExtensionPolicies() []authorizationapi.Policy {
|
| 539 | 539 |
}, |
| 540 | 540 |
Rules: []authorizationapi.PolicyRule{
|
| 541 | 541 |
{
|
| 542 |
+ APIGroups: []string{""},
|
|
| 542 | 543 |
Verbs: sets.NewString("watch", "list", "get"),
|
| 543 | 544 |
Resources: sets.NewString("buildConfigs"),
|
| 544 | 545 |
AttributeRestrictions: &authorizationapi.Role{},
|
| 545 | 546 |
}, |
| 546 | 547 |
{
|
| 548 |
+ APIGroups: []string{""},
|
|
| 547 | 549 |
Verbs: sets.NewString("update"),
|
| 548 | 550 |
Resources: sets.NewString("buildConfigs"),
|
| 549 | 551 |
}, |
| ... | ... |
@@ -13,6 +13,7 @@ import ( |
| 13 | 13 |
authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
| 14 | 14 |
"github.com/openshift/origin/pkg/authorization/rulevalidation" |
| 15 | 15 |
oauthapi "github.com/openshift/origin/pkg/oauth/api" |
| 16 |
+ projectapi "github.com/openshift/origin/pkg/project/api" |
|
| 16 | 17 |
userapi "github.com/openshift/origin/pkg/user/api" |
| 17 | 18 |
) |
| 18 | 19 |
|
| ... | ... |
@@ -124,11 +125,11 @@ func (userEvaluator) ResolveRules(scope, namespace string, clusterPolicyGetter r |
| 124 | 124 |
}, nil |
| 125 | 125 |
case UserIndicator + UserAccessCheck: |
| 126 | 126 |
return []authorizationapi.PolicyRule{
|
| 127 |
- {Verbs: sets.NewString("create"), Resources: sets.NewString("subjectaccessreviews", "localsubjectaccessreviews"), AttributeRestrictions: &authorizationapi.IsPersonalSubjectAccessReview{}},
|
|
| 127 |
+ {Verbs: sets.NewString("create"), APIGroups: []string{authorizationapi.GroupName}, Resources: sets.NewString("subjectaccessreviews", "localsubjectaccessreviews"), AttributeRestrictions: &authorizationapi.IsPersonalSubjectAccessReview{}},
|
|
| 128 | 128 |
}, nil |
| 129 | 129 |
case UserIndicator + UserListProject: |
| 130 | 130 |
return []authorizationapi.PolicyRule{
|
| 131 |
- {Verbs: sets.NewString("list"), Resources: sets.NewString("projects")},
|
|
| 131 |
+ {Verbs: sets.NewString("list"), APIGroups: []string{projectapi.GroupName}, Resources: sets.NewString("projects")},
|
|
| 132 | 132 |
}, nil |
| 133 | 133 |
default: |
| 134 | 134 |
return nil, fmt.Errorf("unrecognized scope: %v", scope)
|
| ... | ... |
@@ -11,8 +11,10 @@ import ( |
| 11 | 11 |
|
| 12 | 12 |
"github.com/openshift/origin/pkg/api" |
| 13 | 13 |
authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
| 14 |
+ authorizationapiv1 "github.com/openshift/origin/pkg/authorization/api/v1" |
|
| 14 | 15 |
imageapi "github.com/openshift/origin/pkg/image/api" |
| 15 | 16 |
projectapi "github.com/openshift/origin/pkg/project/api" |
| 17 |
+ routeapi "github.com/openshift/origin/pkg/route/api" |
|
| 16 | 18 |
) |
| 17 | 19 |
|
| 18 | 20 |
func GetBootstrapOpenshiftRoles(openshiftNamespace string) []authorizationapi.Role {
|
| ... | ... |
@@ -226,16 +228,19 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
|
| 226 | 226 |
Resources: sets.NewString("daemonsets"),
|
| 227 | 227 |
}, |
| 228 | 228 |
{
|
| 229 |
+ APIGroups: []string{api.GroupName},
|
|
| 229 | 230 |
Verbs: sets.NewString("get", "list", "watch"),
|
| 230 | 231 |
Resources: sets.NewString(authorizationapi.PolicyOwnerGroupName, authorizationapi.KubeAllGroupName, authorizationapi.OpenshiftStatusGroupName, authorizationapi.KubeStatusGroupName), |
| 231 | 232 |
}, |
| 232 | 233 |
{
|
| 233 |
- Verbs: sets.NewString("get", "update"),
|
|
| 234 |
+ APIGroups: []string{imageapi.GroupName},
|
|
| 235 |
+ Verbs: sets.NewString("get", "update"),
|
|
| 234 | 236 |
// this is used by verifyImageStreamAccess in pkg/dockerregistry/server/auth.go |
| 235 | 237 |
Resources: sets.NewString("imagestreams/layers"),
|
| 236 | 238 |
}, |
| 237 | 239 |
// an admin can run routers that write back conditions to the route |
| 238 | 240 |
{
|
| 241 |
+ APIGroups: []string{routeapi.GroupName},
|
|
| 239 | 242 |
Verbs: sets.NewString("update"),
|
| 240 | 243 |
Resources: sets.NewString("routes/status"),
|
| 241 | 244 |
}, |
| ... | ... |
@@ -292,11 +297,13 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
|
| 292 | 292 |
Resources: sets.NewString("daemonsets"),
|
| 293 | 293 |
}, |
| 294 | 294 |
{
|
| 295 |
+ APIGroups: []string{api.GroupName},
|
|
| 295 | 296 |
Verbs: sets.NewString("get", "list", "watch"),
|
| 296 | 297 |
Resources: sets.NewString(authorizationapi.KubeAllGroupName, authorizationapi.OpenshiftStatusGroupName, authorizationapi.KubeStatusGroupName, "projects"), |
| 297 | 298 |
}, |
| 298 | 299 |
{
|
| 299 |
- Verbs: sets.NewString("get", "update"),
|
|
| 300 |
+ APIGroups: []string{imageapi.GroupName},
|
|
| 301 |
+ Verbs: sets.NewString("get", "update"),
|
|
| 300 | 302 |
// this is used by verifyImageStreamAccess in pkg/dockerregistry/server/auth.go |
| 301 | 303 |
Resources: sets.NewString("imagestreams/layers"),
|
| 302 | 304 |
}, |
| ... | ... |
@@ -308,6 +315,7 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
|
| 308 | 308 |
}, |
| 309 | 309 |
Rules: []authorizationapi.PolicyRule{
|
| 310 | 310 |
{
|
| 311 |
+ APIGroups: []string{api.GroupName},
|
|
| 311 | 312 |
Verbs: sets.NewString("get", "list", "watch"),
|
| 312 | 313 |
Resources: sets.NewString(authorizationapi.OpenshiftExposedGroupName, authorizationapi.KubeAllGroupName, authorizationapi.OpenshiftStatusGroupName, authorizationapi.KubeStatusGroupName, "projects"), |
| 313 | 314 |
}, |
| ... | ... |
@@ -861,7 +869,27 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
|
| 861 | 861 |
} |
| 862 | 862 |
} |
| 863 | 863 |
|
| 864 |
- return roles |
|
| 864 |
+ // TODO roundtrip roles to pick up defaulting for API groups. Without this, the covers check in reconcile-cluster-roles will fail. |
|
| 865 |
+ // we can remove this again once everything gets group qualified and we have unit tests enforcing that. other pulls are in |
|
| 866 |
+ // progress to do that. |
|
| 867 |
+ versionedRoles := []authorizationapiv1.ClusterRole{}
|
|
| 868 |
+ for i := range roles {
|
|
| 869 |
+ newRole := &authorizationapiv1.ClusterRole{}
|
|
| 870 |
+ if err := kapi.Scheme.Convert(&roles[i], newRole); err != nil {
|
|
| 871 |
+ panic(err) |
|
| 872 |
+ } |
|
| 873 |
+ versionedRoles = append(versionedRoles, *newRole) |
|
| 874 |
+ } |
|
| 875 |
+ roundtrippedRoles := []authorizationapi.ClusterRole{}
|
|
| 876 |
+ for i := range versionedRoles {
|
|
| 877 |
+ newRole := &authorizationapi.ClusterRole{}
|
|
| 878 |
+ if err := kapi.Scheme.Convert(&versionedRoles[i], newRole); err != nil {
|
|
| 879 |
+ panic(err) |
|
| 880 |
+ } |
|
| 881 |
+ roundtrippedRoles = append(roundtrippedRoles, *newRole) |
|
| 882 |
+ } |
|
| 883 |
+ |
|
| 884 |
+ return roundtrippedRoles |
|
| 865 | 885 |
} |
| 866 | 886 |
|
| 867 | 887 |
func GetBootstrapOpenshiftRoleBindings(openshiftNamespace string) []authorizationapi.RoleBinding {
|
| ... | ... |
@@ -13,6 +13,8 @@ import ( |
| 13 | 13 |
"k8s.io/kubernetes/pkg/util/diff" |
| 14 | 14 |
|
| 15 | 15 |
"github.com/openshift/origin/pkg/api/v1" |
| 16 |
+ authorizationapi "github.com/openshift/origin/pkg/authorization/api" |
|
| 17 |
+ "github.com/openshift/origin/pkg/authorization/rulevalidation" |
|
| 16 | 18 |
"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy" |
| 17 | 19 |
|
| 18 | 20 |
// install all APIs |
| ... | ... |
@@ -91,3 +93,51 @@ func testObjects(t *testing.T, list *api.List, fixtureFilename string) {
|
| 91 | 91 |
} |
| 92 | 92 |
} |
| 93 | 93 |
} |
| 94 |
+ |
|
| 95 |
+// Some roles should always cover others |
|
| 96 |
+func TestCovers(t *testing.T) {
|
|
| 97 |
+ allRoles := bootstrappolicy.GetBootstrapClusterRoles() |
|
| 98 |
+ var admin *authorizationapi.ClusterRole |
|
| 99 |
+ var editor *authorizationapi.ClusterRole |
|
| 100 |
+ var viewer *authorizationapi.ClusterRole |
|
| 101 |
+ var registryAdmin *authorizationapi.ClusterRole |
|
| 102 |
+ var registryEditor *authorizationapi.ClusterRole |
|
| 103 |
+ var registryViewer *authorizationapi.ClusterRole |
|
| 104 |
+ |
|
| 105 |
+ for i := range allRoles {
|
|
| 106 |
+ role := allRoles[i] |
|
| 107 |
+ switch role.Name {
|
|
| 108 |
+ case bootstrappolicy.AdminRoleName: |
|
| 109 |
+ admin = &role |
|
| 110 |
+ case bootstrappolicy.EditRoleName: |
|
| 111 |
+ editor = &role |
|
| 112 |
+ case bootstrappolicy.ViewRoleName: |
|
| 113 |
+ viewer = &role |
|
| 114 |
+ case bootstrappolicy.RegistryAdminRoleName: |
|
| 115 |
+ registryAdmin = &role |
|
| 116 |
+ case bootstrappolicy.RegistryEditorRoleName: |
|
| 117 |
+ registryEditor = &role |
|
| 118 |
+ case bootstrappolicy.RegistryViewerRoleName: |
|
| 119 |
+ registryViewer = &role |
|
| 120 |
+ } |
|
| 121 |
+ } |
|
| 122 |
+ |
|
| 123 |
+ if covers, _ := rulevalidation.Covers(admin.Rules, editor.Rules); !covers {
|
|
| 124 |
+ t.Errorf("failed to cover")
|
|
| 125 |
+ } |
|
| 126 |
+ if covers, _ := rulevalidation.Covers(admin.Rules, editor.Rules); !covers {
|
|
| 127 |
+ t.Errorf("failed to cover")
|
|
| 128 |
+ } |
|
| 129 |
+ if covers, _ := rulevalidation.Covers(admin.Rules, viewer.Rules); !covers {
|
|
| 130 |
+ t.Errorf("failed to cover")
|
|
| 131 |
+ } |
|
| 132 |
+ if covers, _ := rulevalidation.Covers(admin.Rules, registryAdmin.Rules); !covers {
|
|
| 133 |
+ t.Errorf("failed to cover")
|
|
| 134 |
+ } |
|
| 135 |
+ if covers, _ := rulevalidation.Covers(registryAdmin.Rules, registryEditor.Rules); !covers {
|
|
| 136 |
+ t.Errorf("failed to cover")
|
|
| 137 |
+ } |
|
| 138 |
+ if covers, _ := rulevalidation.Covers(registryAdmin.Rules, registryViewer.Rules); !covers {
|
|
| 139 |
+ t.Errorf("failed to cover")
|
|
| 140 |
+ } |
|
| 141 |
+} |
| ... | ... |
@@ -41,7 +41,8 @@ items: |
| 41 | 41 |
creationTimestamp: null |
| 42 | 42 |
name: cluster-reader |
| 43 | 43 |
rules: |
| 44 |
- - apiGroups: null |
|
| 44 |
+ - apiGroups: |
|
| 45 |
+ - "" |
|
| 45 | 46 |
attributeRestrictions: null |
| 46 | 47 |
resources: |
| 47 | 48 |
- bindings |
| ... | ... |
@@ -147,20 +148,23 @@ items: |
| 147 | 147 |
- get |
| 148 | 148 |
- list |
| 149 | 149 |
- watch |
| 150 |
- - apiGroups: null |
|
| 150 |
+ - apiGroups: |
|
| 151 |
+ - "" |
|
| 151 | 152 |
attributeRestrictions: null |
| 152 | 153 |
resources: |
| 153 | 154 |
- resourceaccessreviews |
| 154 | 155 |
- subjectaccessreviews |
| 155 | 156 |
verbs: |
| 156 | 157 |
- create |
| 157 |
- - apiGroups: null |
|
| 158 |
+ - apiGroups: |
|
| 159 |
+ - "" |
|
| 158 | 160 |
attributeRestrictions: null |
| 159 | 161 |
resources: |
| 160 | 162 |
- nodes/metrics |
| 161 | 163 |
verbs: |
| 162 | 164 |
- get |
| 163 |
- - apiGroups: null |
|
| 165 |
+ - apiGroups: |
|
| 166 |
+ - "" |
|
| 164 | 167 |
attributeRestrictions: null |
| 165 | 168 |
resources: |
| 166 | 169 |
- nodes/stats |
| ... | ... |
@@ -363,7 +367,8 @@ items: |
| 363 | 363 |
- get |
| 364 | 364 |
- list |
| 365 | 365 |
- watch |
| 366 |
- - apiGroups: null |
|
| 366 |
+ - apiGroups: |
|
| 367 |
+ - "" |
|
| 367 | 368 |
attributeRestrictions: null |
| 368 | 369 |
resources: |
| 369 | 370 |
- bindings |
| ... | ... |
@@ -397,14 +402,16 @@ items: |
| 397 | 397 |
- get |
| 398 | 398 |
- list |
| 399 | 399 |
- watch |
| 400 |
- - apiGroups: null |
|
| 400 |
+ - apiGroups: |
|
| 401 |
+ - "" |
|
| 401 | 402 |
attributeRestrictions: null |
| 402 | 403 |
resources: |
| 403 | 404 |
- imagestreams/layers |
| 404 | 405 |
verbs: |
| 405 | 406 |
- get |
| 406 | 407 |
- update |
| 407 |
- - apiGroups: null |
|
| 408 |
+ - apiGroups: |
|
| 409 |
+ - "" |
|
| 408 | 410 |
attributeRestrictions: null |
| 409 | 411 |
resources: |
| 410 | 412 |
- routes/status |
| ... | ... |
@@ -540,7 +547,8 @@ items: |
| 540 | 540 |
- get |
| 541 | 541 |
- list |
| 542 | 542 |
- watch |
| 543 |
- - apiGroups: null |
|
| 543 |
+ - apiGroups: |
|
| 544 |
+ - "" |
|
| 544 | 545 |
attributeRestrictions: null |
| 545 | 546 |
resources: |
| 546 | 547 |
- bindings |
| ... | ... |
@@ -573,7 +581,8 @@ items: |
| 573 | 573 |
- get |
| 574 | 574 |
- list |
| 575 | 575 |
- watch |
| 576 |
- - apiGroups: null |
|
| 576 |
+ - apiGroups: |
|
| 577 |
+ - "" |
|
| 577 | 578 |
attributeRestrictions: null |
| 578 | 579 |
resources: |
| 579 | 580 |
- imagestreams/layers |
| ... | ... |
@@ -586,7 +595,8 @@ items: |
| 586 | 586 |
creationTimestamp: null |
| 587 | 587 |
name: view |
| 588 | 588 |
rules: |
| 589 |
- - apiGroups: null |
|
| 589 |
+ - apiGroups: |
|
| 590 |
+ - "" |
|
| 590 | 591 |
attributeRestrictions: null |
| 591 | 592 |
resources: |
| 592 | 593 |
- bindings |
| ... | ... |
@@ -676,7 +686,8 @@ items: |
| 676 | 676 |
creationTimestamp: null |
| 677 | 677 |
name: basic-user |
| 678 | 678 |
rules: |
| 679 |
- - apiGroups: null |
|
| 679 |
+ - apiGroups: |
|
| 680 |
+ - "" |
|
| 680 | 681 |
attributeRestrictions: null |
| 681 | 682 |
resourceNames: |
| 682 | 683 |
- "~" |
| ... | ... |
@@ -684,27 +695,31 @@ items: |
| 684 | 684 |
- users |
| 685 | 685 |
verbs: |
| 686 | 686 |
- get |
| 687 |
- - apiGroups: null |
|
| 687 |
+ - apiGroups: |
|
| 688 |
+ - "" |
|
| 688 | 689 |
attributeRestrictions: null |
| 689 | 690 |
resources: |
| 690 | 691 |
- projectrequests |
| 691 | 692 |
verbs: |
| 692 | 693 |
- list |
| 693 |
- - apiGroups: null |
|
| 694 |
+ - apiGroups: |
|
| 695 |
+ - "" |
|
| 694 | 696 |
attributeRestrictions: null |
| 695 | 697 |
resources: |
| 696 | 698 |
- clusterroles |
| 697 | 699 |
verbs: |
| 698 | 700 |
- get |
| 699 | 701 |
- list |
| 700 |
- - apiGroups: null |
|
| 702 |
+ - apiGroups: |
|
| 703 |
+ - "" |
|
| 701 | 704 |
attributeRestrictions: null |
| 702 | 705 |
resources: |
| 703 | 706 |
- projects |
| 704 | 707 |
verbs: |
| 705 | 708 |
- list |
| 706 | 709 |
- watch |
| 707 |
- - apiGroups: null |
|
| 710 |
+ - apiGroups: |
|
| 711 |
+ - "" |
|
| 708 | 712 |
attributeRestrictions: |
| 709 | 713 |
apiVersion: v1 |
| 710 | 714 |
kind: IsPersonalSubjectAccessReview |
| ... | ... |
@@ -713,7 +728,8 @@ items: |
| 713 | 713 |
- subjectaccessreviews |
| 714 | 714 |
verbs: |
| 715 | 715 |
- create |
| 716 |
- - apiGroups: null |
|
| 716 |
+ - apiGroups: |
|
| 717 |
+ - "" |
|
| 717 | 718 |
attributeRestrictions: null |
| 718 | 719 |
resources: |
| 719 | 720 |
- selfsubjectrulesreviews |
| ... | ... |
@@ -725,7 +741,8 @@ items: |
| 725 | 725 |
creationTimestamp: null |
| 726 | 726 |
name: self-provisioner |
| 727 | 727 |
rules: |
| 728 |
- - apiGroups: null |
|
| 728 |
+ - apiGroups: |
|
| 729 |
+ - "" |
|
| 729 | 730 |
attributeRestrictions: null |
| 730 | 731 |
resources: |
| 731 | 732 |
- projectrequests |
| ... | ... |
@@ -783,7 +800,8 @@ items: |
| 783 | 783 |
creationTimestamp: null |
| 784 | 784 |
name: system:image-puller |
| 785 | 785 |
rules: |
| 786 |
- - apiGroups: null |
|
| 786 |
+ - apiGroups: |
|
| 787 |
+ - "" |
|
| 787 | 788 |
attributeRestrictions: null |
| 788 | 789 |
resources: |
| 789 | 790 |
- imagestreams/layers |
| ... | ... |
@@ -795,7 +813,8 @@ items: |
| 795 | 795 |
creationTimestamp: null |
| 796 | 796 |
name: system:image-pusher |
| 797 | 797 |
rules: |
| 798 |
- - apiGroups: null |
|
| 798 |
+ - apiGroups: |
|
| 799 |
+ - "" |
|
| 799 | 800 |
attributeRestrictions: null |
| 800 | 801 |
resources: |
| 801 | 802 |
- imagestreams/layers |
| ... | ... |
@@ -808,14 +827,16 @@ items: |
| 808 | 808 |
creationTimestamp: null |
| 809 | 809 |
name: system:image-builder |
| 810 | 810 |
rules: |
| 811 |
- - apiGroups: null |
|
| 811 |
+ - apiGroups: |
|
| 812 |
+ - "" |
|
| 812 | 813 |
attributeRestrictions: null |
| 813 | 814 |
resources: |
| 814 | 815 |
- imagestreams/layers |
| 815 | 816 |
verbs: |
| 816 | 817 |
- get |
| 817 | 818 |
- update |
| 818 |
- - apiGroups: null |
|
| 819 |
+ - apiGroups: |
|
| 820 |
+ - "" |
|
| 819 | 821 |
attributeRestrictions: null |
| 820 | 822 |
resources: |
| 821 | 823 |
- builds/details |
| ... | ... |
@@ -827,13 +848,15 @@ items: |
| 827 | 827 |
creationTimestamp: null |
| 828 | 828 |
name: system:image-pruner |
| 829 | 829 |
rules: |
| 830 |
- - apiGroups: null |
|
| 830 |
+ - apiGroups: |
|
| 831 |
+ - "" |
|
| 831 | 832 |
attributeRestrictions: null |
| 832 | 833 |
resources: |
| 833 | 834 |
- images |
| 834 | 835 |
verbs: |
| 835 | 836 |
- delete |
| 836 |
- - apiGroups: null |
|
| 837 |
+ - apiGroups: |
|
| 838 |
+ - "" |
|
| 837 | 839 |
attributeRestrictions: null |
| 838 | 840 |
resources: |
| 839 | 841 |
- buildconfigs |
| ... | ... |
@@ -846,7 +869,8 @@ items: |
| 846 | 846 |
verbs: |
| 847 | 847 |
- get |
| 848 | 848 |
- list |
| 849 |
- - apiGroups: null |
|
| 849 |
+ - apiGroups: |
|
| 850 |
+ - "" |
|
| 850 | 851 |
attributeRestrictions: null |
| 851 | 852 |
resources: |
| 852 | 853 |
- imagestreams/status |
| ... | ... |
@@ -858,21 +882,24 @@ items: |
| 858 | 858 |
creationTimestamp: null |
| 859 | 859 |
name: system:deployer |
| 860 | 860 |
rules: |
| 861 |
- - apiGroups: null |
|
| 861 |
+ - apiGroups: |
|
| 862 |
+ - "" |
|
| 862 | 863 |
attributeRestrictions: null |
| 863 | 864 |
resources: |
| 864 | 865 |
- replicationcontrollers |
| 865 | 866 |
verbs: |
| 866 | 867 |
- get |
| 867 | 868 |
- list |
| 868 |
- - apiGroups: null |
|
| 869 |
+ - apiGroups: |
|
| 870 |
+ - "" |
|
| 869 | 871 |
attributeRestrictions: null |
| 870 | 872 |
resources: |
| 871 | 873 |
- replicationcontrollers |
| 872 | 874 |
verbs: |
| 873 | 875 |
- get |
| 874 | 876 |
- update |
| 875 |
- - apiGroups: null |
|
| 877 |
+ - apiGroups: |
|
| 878 |
+ - "" |
|
| 876 | 879 |
attributeRestrictions: null |
| 877 | 880 |
resources: |
| 878 | 881 |
- pods |
| ... | ... |
@@ -881,13 +908,15 @@ items: |
| 881 | 881 |
- get |
| 882 | 882 |
- list |
| 883 | 883 |
- watch |
| 884 |
- - apiGroups: null |
|
| 884 |
+ - apiGroups: |
|
| 885 |
+ - "" |
|
| 885 | 886 |
attributeRestrictions: null |
| 886 | 887 |
resources: |
| 887 | 888 |
- pods/log |
| 888 | 889 |
verbs: |
| 889 | 890 |
- get |
| 890 |
- - apiGroups: null |
|
| 891 |
+ - apiGroups: |
|
| 892 |
+ - "" |
|
| 891 | 893 |
attributeRestrictions: null |
| 892 | 894 |
resources: |
| 893 | 895 |
- imagestreamtags |
| ... | ... |
@@ -912,7 +941,8 @@ items: |
| 912 | 912 |
creationTimestamp: null |
| 913 | 913 |
name: system:oauth-token-deleter |
| 914 | 914 |
rules: |
| 915 |
- - apiGroups: null |
|
| 915 |
+ - apiGroups: |
|
| 916 |
+ - "" |
|
| 916 | 917 |
attributeRestrictions: null |
| 917 | 918 |
resources: |
| 918 | 919 |
- oauthaccesstokens |
| ... | ... |
@@ -925,7 +955,8 @@ items: |
| 925 | 925 |
creationTimestamp: null |
| 926 | 926 |
name: system:router |
| 927 | 927 |
rules: |
| 928 |
- - apiGroups: null |
|
| 928 |
+ - apiGroups: |
|
| 929 |
+ - "" |
|
| 929 | 930 |
attributeRestrictions: null |
| 930 | 931 |
resources: |
| 931 | 932 |
- endpoints |
| ... | ... |
@@ -933,7 +964,8 @@ items: |
| 933 | 933 |
verbs: |
| 934 | 934 |
- list |
| 935 | 935 |
- watch |
| 936 |
- - apiGroups: null |
|
| 936 |
+ - apiGroups: |
|
| 937 |
+ - "" |
|
| 937 | 938 |
attributeRestrictions: null |
| 938 | 939 |
resources: |
| 939 | 940 |
- routes/status |
| ... | ... |
@@ -945,14 +977,16 @@ items: |
| 945 | 945 |
creationTimestamp: null |
| 946 | 946 |
name: system:registry |
| 947 | 947 |
rules: |
| 948 |
- - apiGroups: null |
|
| 948 |
+ - apiGroups: |
|
| 949 |
+ - "" |
|
| 949 | 950 |
attributeRestrictions: null |
| 950 | 951 |
resources: |
| 951 | 952 |
- images |
| 952 | 953 |
verbs: |
| 953 | 954 |
- delete |
| 954 | 955 |
- get |
| 955 |
- - apiGroups: null |
|
| 956 |
+ - apiGroups: |
|
| 957 |
+ - "" |
|
| 956 | 958 |
attributeRestrictions: null |
| 957 | 959 |
resources: |
| 958 | 960 |
- imagestreamimages |
| ... | ... |
@@ -961,19 +995,22 @@ items: |
| 961 | 961 |
- imagestreamtags |
| 962 | 962 |
verbs: |
| 963 | 963 |
- get |
| 964 |
- - apiGroups: null |
|
| 964 |
+ - apiGroups: |
|
| 965 |
+ - "" |
|
| 965 | 966 |
attributeRestrictions: null |
| 966 | 967 |
resources: |
| 967 | 968 |
- imagestreams |
| 968 | 969 |
verbs: |
| 969 | 970 |
- update |
| 970 |
- - apiGroups: null |
|
| 971 |
+ - apiGroups: |
|
| 972 |
+ - "" |
|
| 971 | 973 |
attributeRestrictions: null |
| 972 | 974 |
resources: |
| 973 | 975 |
- imagestreammappings |
| 974 | 976 |
verbs: |
| 975 | 977 |
- create |
| 976 |
- - apiGroups: null |
|
| 978 |
+ - apiGroups: |
|
| 979 |
+ - "" |
|
| 977 | 980 |
attributeRestrictions: null |
| 978 | 981 |
resources: |
| 979 | 982 |
- resourcequotas |
| ... | ... |
@@ -985,7 +1022,8 @@ items: |
| 985 | 985 |
creationTimestamp: null |
| 986 | 986 |
name: system:node-proxier |
| 987 | 987 |
rules: |
| 988 |
- - apiGroups: null |
|
| 988 |
+ - apiGroups: |
|
| 989 |
+ - "" |
|
| 989 | 990 |
attributeRestrictions: null |
| 990 | 991 |
resources: |
| 991 | 992 |
- endpoints |
| ... | ... |
@@ -999,7 +1037,8 @@ items: |
| 999 | 999 |
creationTimestamp: null |
| 1000 | 1000 |
name: system:node-admin |
| 1001 | 1001 |
rules: |
| 1002 |
- - apiGroups: null |
|
| 1002 |
+ - apiGroups: |
|
| 1003 |
+ - "" |
|
| 1003 | 1004 |
attributeRestrictions: null |
| 1004 | 1005 |
resources: |
| 1005 | 1006 |
- nodes |
| ... | ... |
@@ -1007,13 +1046,15 @@ items: |
| 1007 | 1007 |
- get |
| 1008 | 1008 |
- list |
| 1009 | 1009 |
- watch |
| 1010 |
- - apiGroups: null |
|
| 1010 |
+ - apiGroups: |
|
| 1011 |
+ - "" |
|
| 1011 | 1012 |
attributeRestrictions: null |
| 1012 | 1013 |
resources: |
| 1013 | 1014 |
- nodes |
| 1014 | 1015 |
verbs: |
| 1015 | 1016 |
- proxy |
| 1016 |
- - apiGroups: null |
|
| 1017 |
+ - apiGroups: |
|
| 1018 |
+ - "" |
|
| 1017 | 1019 |
attributeRestrictions: null |
| 1018 | 1020 |
resources: |
| 1019 | 1021 |
- nodes/log |
| ... | ... |
@@ -1028,7 +1069,8 @@ items: |
| 1028 | 1028 |
creationTimestamp: null |
| 1029 | 1029 |
name: system:node-reader |
| 1030 | 1030 |
rules: |
| 1031 |
- - apiGroups: null |
|
| 1031 |
+ - apiGroups: |
|
| 1032 |
+ - "" |
|
| 1032 | 1033 |
attributeRestrictions: null |
| 1033 | 1034 |
resources: |
| 1034 | 1035 |
- nodes |
| ... | ... |
@@ -1036,13 +1078,15 @@ items: |
| 1036 | 1036 |
- get |
| 1037 | 1037 |
- list |
| 1038 | 1038 |
- watch |
| 1039 |
- - apiGroups: null |
|
| 1039 |
+ - apiGroups: |
|
| 1040 |
+ - "" |
|
| 1040 | 1041 |
attributeRestrictions: null |
| 1041 | 1042 |
resources: |
| 1042 | 1043 |
- nodes/metrics |
| 1043 | 1044 |
verbs: |
| 1044 | 1045 |
- get |
| 1045 |
- - apiGroups: null |
|
| 1046 |
+ - apiGroups: |
|
| 1047 |
+ - "" |
|
| 1046 | 1048 |
attributeRestrictions: null |
| 1047 | 1049 |
resources: |
| 1048 | 1050 |
- nodes/stats |
| ... | ... |
@@ -1055,14 +1099,16 @@ items: |
| 1055 | 1055 |
creationTimestamp: null |
| 1056 | 1056 |
name: system:node |
| 1057 | 1057 |
rules: |
| 1058 |
- - apiGroups: null |
|
| 1058 |
+ - apiGroups: |
|
| 1059 |
+ - "" |
|
| 1059 | 1060 |
attributeRestrictions: null |
| 1060 | 1061 |
resources: |
| 1061 | 1062 |
- localsubjectaccessreviews |
| 1062 | 1063 |
- subjectaccessreviews |
| 1063 | 1064 |
verbs: |
| 1064 | 1065 |
- create |
| 1065 |
- - apiGroups: null |
|
| 1066 |
+ - apiGroups: |
|
| 1067 |
+ - "" |
|
| 1066 | 1068 |
attributeRestrictions: null |
| 1067 | 1069 |
resources: |
| 1068 | 1070 |
- services |
| ... | ... |
@@ -1070,7 +1116,8 @@ items: |
| 1070 | 1070 |
- get |
| 1071 | 1071 |
- list |
| 1072 | 1072 |
- watch |
| 1073 |
- - apiGroups: null |
|
| 1073 |
+ - apiGroups: |
|
| 1074 |
+ - "" |
|
| 1074 | 1075 |
attributeRestrictions: null |
| 1075 | 1076 |
resources: |
| 1076 | 1077 |
- nodes |
| ... | ... |
@@ -1079,13 +1126,15 @@ items: |
| 1079 | 1079 |
- get |
| 1080 | 1080 |
- list |
| 1081 | 1081 |
- watch |
| 1082 |
- - apiGroups: null |
|
| 1082 |
+ - apiGroups: |
|
| 1083 |
+ - "" |
|
| 1083 | 1084 |
attributeRestrictions: null |
| 1084 | 1085 |
resources: |
| 1085 | 1086 |
- nodes/status |
| 1086 | 1087 |
verbs: |
| 1087 | 1088 |
- update |
| 1088 |
- - apiGroups: null |
|
| 1089 |
+ - apiGroups: |
|
| 1090 |
+ - "" |
|
| 1089 | 1091 |
attributeRestrictions: null |
| 1090 | 1092 |
resources: |
| 1091 | 1093 |
- events |
| ... | ... |
@@ -1093,7 +1142,8 @@ items: |
| 1093 | 1093 |
- create |
| 1094 | 1094 |
- patch |
| 1095 | 1095 |
- update |
| 1096 |
- - apiGroups: null |
|
| 1096 |
+ - apiGroups: |
|
| 1097 |
+ - "" |
|
| 1097 | 1098 |
attributeRestrictions: null |
| 1098 | 1099 |
resources: |
| 1099 | 1100 |
- pods |
| ... | ... |
@@ -1101,7 +1151,8 @@ items: |
| 1101 | 1101 |
- get |
| 1102 | 1102 |
- list |
| 1103 | 1103 |
- watch |
| 1104 |
- - apiGroups: null |
|
| 1104 |
+ - apiGroups: |
|
| 1105 |
+ - "" |
|
| 1105 | 1106 |
attributeRestrictions: null |
| 1106 | 1107 |
resources: |
| 1107 | 1108 |
- pods |
| ... | ... |
@@ -1109,27 +1160,31 @@ items: |
| 1109 | 1109 |
- create |
| 1110 | 1110 |
- delete |
| 1111 | 1111 |
- get |
| 1112 |
- - apiGroups: null |
|
| 1112 |
+ - apiGroups: |
|
| 1113 |
+ - "" |
|
| 1113 | 1114 |
attributeRestrictions: null |
| 1114 | 1115 |
resources: |
| 1115 | 1116 |
- pods/status |
| 1116 | 1117 |
verbs: |
| 1117 | 1118 |
- update |
| 1118 |
- - apiGroups: null |
|
| 1119 |
+ - apiGroups: |
|
| 1120 |
+ - "" |
|
| 1119 | 1121 |
attributeRestrictions: null |
| 1120 | 1122 |
resources: |
| 1121 | 1123 |
- configmaps |
| 1122 | 1124 |
- secrets |
| 1123 | 1125 |
verbs: |
| 1124 | 1126 |
- get |
| 1125 |
- - apiGroups: null |
|
| 1127 |
+ - apiGroups: |
|
| 1128 |
+ - "" |
|
| 1126 | 1129 |
attributeRestrictions: null |
| 1127 | 1130 |
resources: |
| 1128 | 1131 |
- persistentvolumeclaims |
| 1129 | 1132 |
- persistentvolumes |
| 1130 | 1133 |
verbs: |
| 1131 | 1134 |
- get |
| 1132 |
- - apiGroups: null |
|
| 1135 |
+ - apiGroups: |
|
| 1136 |
+ - "" |
|
| 1133 | 1137 |
attributeRestrictions: null |
| 1134 | 1138 |
resources: |
| 1135 | 1139 |
- endpoints |
| ... | ... |
@@ -1141,7 +1196,8 @@ items: |
| 1141 | 1141 |
creationTimestamp: null |
| 1142 | 1142 |
name: system:sdn-reader |
| 1143 | 1143 |
rules: |
| 1144 |
- - apiGroups: null |
|
| 1144 |
+ - apiGroups: |
|
| 1145 |
+ - "" |
|
| 1145 | 1146 |
attributeRestrictions: null |
| 1146 | 1147 |
resources: |
| 1147 | 1148 |
- hostsubnets |
| ... | ... |
@@ -1149,7 +1205,8 @@ items: |
| 1149 | 1149 |
- get |
| 1150 | 1150 |
- list |
| 1151 | 1151 |
- watch |
| 1152 |
- - apiGroups: null |
|
| 1152 |
+ - apiGroups: |
|
| 1153 |
+ - "" |
|
| 1153 | 1154 |
attributeRestrictions: null |
| 1154 | 1155 |
resources: |
| 1155 | 1156 |
- netnamespaces |
| ... | ... |
@@ -1157,7 +1214,8 @@ items: |
| 1157 | 1157 |
- get |
| 1158 | 1158 |
- list |
| 1159 | 1159 |
- watch |
| 1160 |
- - apiGroups: null |
|
| 1160 |
+ - apiGroups: |
|
| 1161 |
+ - "" |
|
| 1161 | 1162 |
attributeRestrictions: null |
| 1162 | 1163 |
resources: |
| 1163 | 1164 |
- nodes |
| ... | ... |
@@ -1165,13 +1223,15 @@ items: |
| 1165 | 1165 |
- get |
| 1166 | 1166 |
- list |
| 1167 | 1167 |
- watch |
| 1168 |
- - apiGroups: null |
|
| 1168 |
+ - apiGroups: |
|
| 1169 |
+ - "" |
|
| 1169 | 1170 |
attributeRestrictions: null |
| 1170 | 1171 |
resources: |
| 1171 | 1172 |
- clusternetworks |
| 1172 | 1173 |
verbs: |
| 1173 | 1174 |
- get |
| 1174 |
- - apiGroups: null |
|
| 1175 |
+ - apiGroups: |
|
| 1176 |
+ - "" |
|
| 1175 | 1177 |
attributeRestrictions: null |
| 1176 | 1178 |
resources: |
| 1177 | 1179 |
- namespaces |
| ... | ... |
@@ -1185,7 +1245,8 @@ items: |
| 1185 | 1185 |
creationTimestamp: null |
| 1186 | 1186 |
name: system:sdn-manager |
| 1187 | 1187 |
rules: |
| 1188 |
- - apiGroups: null |
|
| 1188 |
+ - apiGroups: |
|
| 1189 |
+ - "" |
|
| 1189 | 1190 |
attributeRestrictions: null |
| 1190 | 1191 |
resources: |
| 1191 | 1192 |
- hostsubnets |
| ... | ... |
@@ -1195,7 +1256,8 @@ items: |
| 1195 | 1195 |
- get |
| 1196 | 1196 |
- list |
| 1197 | 1197 |
- watch |
| 1198 |
- - apiGroups: null |
|
| 1198 |
+ - apiGroups: |
|
| 1199 |
+ - "" |
|
| 1199 | 1200 |
attributeRestrictions: null |
| 1200 | 1201 |
resources: |
| 1201 | 1202 |
- netnamespaces |
| ... | ... |
@@ -1205,7 +1267,8 @@ items: |
| 1205 | 1205 |
- get |
| 1206 | 1206 |
- list |
| 1207 | 1207 |
- watch |
| 1208 |
- - apiGroups: null |
|
| 1208 |
+ - apiGroups: |
|
| 1209 |
+ - "" |
|
| 1209 | 1210 |
attributeRestrictions: null |
| 1210 | 1211 |
resources: |
| 1211 | 1212 |
- nodes |
| ... | ... |
@@ -1213,7 +1276,8 @@ items: |
| 1213 | 1213 |
- get |
| 1214 | 1214 |
- list |
| 1215 | 1215 |
- watch |
| 1216 |
- - apiGroups: null |
|
| 1216 |
+ - apiGroups: |
|
| 1217 |
+ - "" |
|
| 1217 | 1218 |
attributeRestrictions: null |
| 1218 | 1219 |
resources: |
| 1219 | 1220 |
- clusternetworks |
| ... | ... |
@@ -1226,7 +1290,8 @@ items: |
| 1226 | 1226 |
creationTimestamp: null |
| 1227 | 1227 |
name: system:webhook |
| 1228 | 1228 |
rules: |
| 1229 |
- - apiGroups: null |
|
| 1229 |
+ - apiGroups: |
|
| 1230 |
+ - "" |
|
| 1230 | 1231 |
attributeRestrictions: null |
| 1231 | 1232 |
resources: |
| 1232 | 1233 |
- buildconfigs/webhooks |
| ... | ... |
@@ -1430,7 +1495,8 @@ items: |
| 1430 | 1430 |
creationTimestamp: null |
| 1431 | 1431 |
name: system:build-controller |
| 1432 | 1432 |
rules: |
| 1433 |
- - apiGroups: null |
|
| 1433 |
+ - apiGroups: |
|
| 1434 |
+ - "" |
|
| 1434 | 1435 |
attributeRestrictions: null |
| 1435 | 1436 |
resources: |
| 1436 | 1437 |
- builds |
| ... | ... |
@@ -1438,13 +1504,15 @@ items: |
| 1438 | 1438 |
- get |
| 1439 | 1439 |
- list |
| 1440 | 1440 |
- watch |
| 1441 |
- - apiGroups: null |
|
| 1441 |
+ - apiGroups: |
|
| 1442 |
+ - "" |
|
| 1442 | 1443 |
attributeRestrictions: null |
| 1443 | 1444 |
resources: |
| 1444 | 1445 |
- builds |
| 1445 | 1446 |
verbs: |
| 1446 | 1447 |
- update |
| 1447 |
- - apiGroups: null |
|
| 1448 |
+ - apiGroups: |
|
| 1449 |
+ - "" |
|
| 1448 | 1450 |
attributeRestrictions: null |
| 1449 | 1451 |
resources: |
| 1450 | 1452 |
- builds/custom |
| ... | ... |
@@ -1453,13 +1521,15 @@ items: |
| 1453 | 1453 |
- builds/source |
| 1454 | 1454 |
verbs: |
| 1455 | 1455 |
- create |
| 1456 |
- - apiGroups: null |
|
| 1456 |
+ - apiGroups: |
|
| 1457 |
+ - "" |
|
| 1457 | 1458 |
attributeRestrictions: null |
| 1458 | 1459 |
resources: |
| 1459 | 1460 |
- imagestreams |
| 1460 | 1461 |
verbs: |
| 1461 | 1462 |
- get |
| 1462 |
- - apiGroups: null |
|
| 1463 |
+ - apiGroups: |
|
| 1464 |
+ - "" |
|
| 1463 | 1465 |
attributeRestrictions: null |
| 1464 | 1466 |
resources: |
| 1465 | 1467 |
- pods |
| ... | ... |
@@ -1468,7 +1538,8 @@ items: |
| 1468 | 1468 |
- delete |
| 1469 | 1469 |
- get |
| 1470 | 1470 |
- list |
| 1471 |
- - apiGroups: null |
|
| 1471 |
+ - apiGroups: |
|
| 1472 |
+ - "" |
|
| 1472 | 1473 |
attributeRestrictions: null |
| 1473 | 1474 |
resources: |
| 1474 | 1475 |
- events |
| ... | ... |
@@ -1490,14 +1561,16 @@ items: |
| 1490 | 1490 |
verbs: |
| 1491 | 1491 |
- list |
| 1492 | 1492 |
- watch |
| 1493 |
- - apiGroups: null |
|
| 1493 |
+ - apiGroups: |
|
| 1494 |
+ - "" |
|
| 1494 | 1495 |
attributeRestrictions: null |
| 1495 | 1496 |
resources: |
| 1496 | 1497 |
- pods |
| 1497 | 1498 |
verbs: |
| 1498 | 1499 |
- list |
| 1499 | 1500 |
- watch |
| 1500 |
- - apiGroups: null |
|
| 1501 |
+ - apiGroups: |
|
| 1502 |
+ - "" |
|
| 1501 | 1503 |
attributeRestrictions: null |
| 1502 | 1504 |
resources: |
| 1503 | 1505 |
- nodes |
| ... | ... |
@@ -1511,7 +1584,8 @@ items: |
| 1511 | 1511 |
- daemonsets/status |
| 1512 | 1512 |
verbs: |
| 1513 | 1513 |
- update |
| 1514 |
- - apiGroups: null |
|
| 1514 |
+ - apiGroups: |
|
| 1515 |
+ - "" |
|
| 1515 | 1516 |
attributeRestrictions: null |
| 1516 | 1517 |
resources: |
| 1517 | 1518 |
- pods |
| ... | ... |
@@ -1525,7 +1599,8 @@ items: |
| 1525 | 1525 |
- pods/binding |
| 1526 | 1526 |
verbs: |
| 1527 | 1527 |
- create |
| 1528 |
- - apiGroups: null |
|
| 1528 |
+ - apiGroups: |
|
| 1529 |
+ - "" |
|
| 1529 | 1530 |
attributeRestrictions: null |
| 1530 | 1531 |
resources: |
| 1531 | 1532 |
- events |
| ... | ... |
@@ -1539,21 +1614,24 @@ items: |
| 1539 | 1539 |
creationTimestamp: null |
| 1540 | 1540 |
name: system:deployment-controller |
| 1541 | 1541 |
rules: |
| 1542 |
- - apiGroups: null |
|
| 1542 |
+ - apiGroups: |
|
| 1543 |
+ - "" |
|
| 1543 | 1544 |
attributeRestrictions: null |
| 1544 | 1545 |
resources: |
| 1545 | 1546 |
- replicationcontrollers |
| 1546 | 1547 |
verbs: |
| 1547 | 1548 |
- list |
| 1548 | 1549 |
- watch |
| 1549 |
- - apiGroups: null |
|
| 1550 |
+ - apiGroups: |
|
| 1551 |
+ - "" |
|
| 1550 | 1552 |
attributeRestrictions: null |
| 1551 | 1553 |
resources: |
| 1552 | 1554 |
- replicationcontrollers |
| 1553 | 1555 |
verbs: |
| 1554 | 1556 |
- get |
| 1555 | 1557 |
- update |
| 1556 |
- - apiGroups: null |
|
| 1558 |
+ - apiGroups: |
|
| 1559 |
+ - "" |
|
| 1557 | 1560 |
attributeRestrictions: null |
| 1558 | 1561 |
resources: |
| 1559 | 1562 |
- pods |
| ... | ... |
@@ -1563,7 +1641,8 @@ items: |
| 1563 | 1563 |
- get |
| 1564 | 1564 |
- list |
| 1565 | 1565 |
- update |
| 1566 |
- - apiGroups: null |
|
| 1566 |
+ - apiGroups: |
|
| 1567 |
+ - "" |
|
| 1567 | 1568 |
attributeRestrictions: null |
| 1568 | 1569 |
resources: |
| 1569 | 1570 |
- events |
| ... | ... |
@@ -1625,14 +1704,16 @@ items: |
| 1625 | 1625 |
verbs: |
| 1626 | 1626 |
- get |
| 1627 | 1627 |
- update |
| 1628 |
- - apiGroups: null |
|
| 1628 |
+ - apiGroups: |
|
| 1629 |
+ - "" |
|
| 1629 | 1630 |
attributeRestrictions: null |
| 1630 | 1631 |
resources: |
| 1631 | 1632 |
- deploymentconfigs/scale |
| 1632 | 1633 |
verbs: |
| 1633 | 1634 |
- get |
| 1634 | 1635 |
- update |
| 1635 |
- - apiGroups: null |
|
| 1636 |
+ - apiGroups: |
|
| 1637 |
+ - "" |
|
| 1636 | 1638 |
attributeRestrictions: null |
| 1637 | 1639 |
resources: |
| 1638 | 1640 |
- events |
| ... | ... |
@@ -1640,13 +1721,15 @@ items: |
| 1640 | 1640 |
- create |
| 1641 | 1641 |
- patch |
| 1642 | 1642 |
- update |
| 1643 |
- - apiGroups: null |
|
| 1643 |
+ - apiGroups: |
|
| 1644 |
+ - "" |
|
| 1644 | 1645 |
attributeRestrictions: null |
| 1645 | 1646 |
resources: |
| 1646 | 1647 |
- pods |
| 1647 | 1648 |
verbs: |
| 1648 | 1649 |
- list |
| 1649 |
- - apiGroups: null |
|
| 1650 |
+ - apiGroups: |
|
| 1651 |
+ - "" |
|
| 1650 | 1652 |
attributeRestrictions: null |
| 1651 | 1653 |
resourceNames: |
| 1652 | 1654 |
- 'https:heapster:' |
| ... | ... |
@@ -1677,21 +1760,24 @@ items: |
| 1677 | 1677 |
- jobs/status |
| 1678 | 1678 |
verbs: |
| 1679 | 1679 |
- update |
| 1680 |
- - apiGroups: null |
|
| 1680 |
+ - apiGroups: |
|
| 1681 |
+ - "" |
|
| 1681 | 1682 |
attributeRestrictions: null |
| 1682 | 1683 |
resources: |
| 1683 | 1684 |
- pods |
| 1684 | 1685 |
verbs: |
| 1685 | 1686 |
- list |
| 1686 | 1687 |
- watch |
| 1687 |
- - apiGroups: null |
|
| 1688 |
+ - apiGroups: |
|
| 1689 |
+ - "" |
|
| 1688 | 1690 |
attributeRestrictions: null |
| 1689 | 1691 |
resources: |
| 1690 | 1692 |
- pods |
| 1691 | 1693 |
verbs: |
| 1692 | 1694 |
- create |
| 1693 | 1695 |
- delete |
| 1694 |
- - apiGroups: null |
|
| 1696 |
+ - apiGroups: |
|
| 1697 |
+ - "" |
|
| 1695 | 1698 |
attributeRestrictions: null |
| 1696 | 1699 |
resources: |
| 1697 | 1700 |
- events |
| ... | ... |
@@ -1739,14 +1825,16 @@ items: |
| 1739 | 1739 |
creationTimestamp: null |
| 1740 | 1740 |
name: system:pv-binder-controller |
| 1741 | 1741 |
rules: |
| 1742 |
- - apiGroups: null |
|
| 1742 |
+ - apiGroups: |
|
| 1743 |
+ - "" |
|
| 1743 | 1744 |
attributeRestrictions: null |
| 1744 | 1745 |
resources: |
| 1745 | 1746 |
- persistentvolumes |
| 1746 | 1747 |
verbs: |
| 1747 | 1748 |
- list |
| 1748 | 1749 |
- watch |
| 1749 |
- - apiGroups: null |
|
| 1750 |
+ - apiGroups: |
|
| 1751 |
+ - "" |
|
| 1750 | 1752 |
attributeRestrictions: null |
| 1751 | 1753 |
resources: |
| 1752 | 1754 |
- persistentvolumes |
| ... | ... |
@@ -1755,27 +1843,31 @@ items: |
| 1755 | 1755 |
- delete |
| 1756 | 1756 |
- get |
| 1757 | 1757 |
- update |
| 1758 |
- - apiGroups: null |
|
| 1758 |
+ - apiGroups: |
|
| 1759 |
+ - "" |
|
| 1759 | 1760 |
attributeRestrictions: null |
| 1760 | 1761 |
resources: |
| 1761 | 1762 |
- persistentvolumes/status |
| 1762 | 1763 |
verbs: |
| 1763 | 1764 |
- update |
| 1764 |
- - apiGroups: null |
|
| 1765 |
+ - apiGroups: |
|
| 1766 |
+ - "" |
|
| 1765 | 1767 |
attributeRestrictions: null |
| 1766 | 1768 |
resources: |
| 1767 | 1769 |
- persistentvolumeclaims |
| 1768 | 1770 |
verbs: |
| 1769 | 1771 |
- list |
| 1770 | 1772 |
- watch |
| 1771 |
- - apiGroups: null |
|
| 1773 |
+ - apiGroups: |
|
| 1774 |
+ - "" |
|
| 1772 | 1775 |
attributeRestrictions: null |
| 1773 | 1776 |
resources: |
| 1774 | 1777 |
- persistentvolumeclaims |
| 1775 | 1778 |
verbs: |
| 1776 | 1779 |
- get |
| 1777 | 1780 |
- update |
| 1778 |
- - apiGroups: null |
|
| 1781 |
+ - apiGroups: |
|
| 1782 |
+ - "" |
|
| 1779 | 1783 |
attributeRestrictions: null |
| 1780 | 1784 |
resources: |
| 1781 | 1785 |
- persistentvolumeclaims/status |
| ... | ... |
@@ -1787,14 +1879,16 @@ items: |
| 1787 | 1787 |
creationTimestamp: null |
| 1788 | 1788 |
name: system:pv-provisioner-controller |
| 1789 | 1789 |
rules: |
| 1790 |
- - apiGroups: null |
|
| 1790 |
+ - apiGroups: |
|
| 1791 |
+ - "" |
|
| 1791 | 1792 |
attributeRestrictions: null |
| 1792 | 1793 |
resources: |
| 1793 | 1794 |
- persistentvolumes |
| 1794 | 1795 |
verbs: |
| 1795 | 1796 |
- list |
| 1796 | 1797 |
- watch |
| 1797 |
- - apiGroups: null |
|
| 1798 |
+ - apiGroups: |
|
| 1799 |
+ - "" |
|
| 1798 | 1800 |
attributeRestrictions: null |
| 1799 | 1801 |
resources: |
| 1800 | 1802 |
- persistentvolumes |
| ... | ... |
@@ -1803,27 +1897,31 @@ items: |
| 1803 | 1803 |
- delete |
| 1804 | 1804 |
- get |
| 1805 | 1805 |
- update |
| 1806 |
- - apiGroups: null |
|
| 1806 |
+ - apiGroups: |
|
| 1807 |
+ - "" |
|
| 1807 | 1808 |
attributeRestrictions: null |
| 1808 | 1809 |
resources: |
| 1809 | 1810 |
- persistentvolumes/status |
| 1810 | 1811 |
verbs: |
| 1811 | 1812 |
- update |
| 1812 |
- - apiGroups: null |
|
| 1813 |
+ - apiGroups: |
|
| 1814 |
+ - "" |
|
| 1813 | 1815 |
attributeRestrictions: null |
| 1814 | 1816 |
resources: |
| 1815 | 1817 |
- persistentvolumeclaims |
| 1816 | 1818 |
verbs: |
| 1817 | 1819 |
- list |
| 1818 | 1820 |
- watch |
| 1819 |
- - apiGroups: null |
|
| 1821 |
+ - apiGroups: |
|
| 1822 |
+ - "" |
|
| 1820 | 1823 |
attributeRestrictions: null |
| 1821 | 1824 |
resources: |
| 1822 | 1825 |
- persistentvolumeclaims |
| 1823 | 1826 |
verbs: |
| 1824 | 1827 |
- get |
| 1825 | 1828 |
- update |
| 1826 |
- - apiGroups: null |
|
| 1829 |
+ - apiGroups: |
|
| 1830 |
+ - "" |
|
| 1827 | 1831 |
attributeRestrictions: null |
| 1828 | 1832 |
resources: |
| 1829 | 1833 |
- persistentvolumeclaims/status |
| ... | ... |
@@ -1835,14 +1933,16 @@ items: |
| 1835 | 1835 |
creationTimestamp: null |
| 1836 | 1836 |
name: system:pv-recycler-controller |
| 1837 | 1837 |
rules: |
| 1838 |
- - apiGroups: null |
|
| 1838 |
+ - apiGroups: |
|
| 1839 |
+ - "" |
|
| 1839 | 1840 |
attributeRestrictions: null |
| 1840 | 1841 |
resources: |
| 1841 | 1842 |
- persistentvolumes |
| 1842 | 1843 |
verbs: |
| 1843 | 1844 |
- list |
| 1844 | 1845 |
- watch |
| 1845 |
- - apiGroups: null |
|
| 1846 |
+ - apiGroups: |
|
| 1847 |
+ - "" |
|
| 1846 | 1848 |
attributeRestrictions: null |
| 1847 | 1849 |
resources: |
| 1848 | 1850 |
- persistentvolumes |
| ... | ... |
@@ -1851,40 +1951,46 @@ items: |
| 1851 | 1851 |
- delete |
| 1852 | 1852 |
- get |
| 1853 | 1853 |
- update |
| 1854 |
- - apiGroups: null |
|
| 1854 |
+ - apiGroups: |
|
| 1855 |
+ - "" |
|
| 1855 | 1856 |
attributeRestrictions: null |
| 1856 | 1857 |
resources: |
| 1857 | 1858 |
- persistentvolumes/status |
| 1858 | 1859 |
verbs: |
| 1859 | 1860 |
- update |
| 1860 |
- - apiGroups: null |
|
| 1861 |
+ - apiGroups: |
|
| 1862 |
+ - "" |
|
| 1861 | 1863 |
attributeRestrictions: null |
| 1862 | 1864 |
resources: |
| 1863 | 1865 |
- persistentvolumeclaims |
| 1864 | 1866 |
verbs: |
| 1865 | 1867 |
- list |
| 1866 | 1868 |
- watch |
| 1867 |
- - apiGroups: null |
|
| 1869 |
+ - apiGroups: |
|
| 1870 |
+ - "" |
|
| 1868 | 1871 |
attributeRestrictions: null |
| 1869 | 1872 |
resources: |
| 1870 | 1873 |
- persistentvolumeclaims |
| 1871 | 1874 |
verbs: |
| 1872 | 1875 |
- get |
| 1873 | 1876 |
- update |
| 1874 |
- - apiGroups: null |
|
| 1877 |
+ - apiGroups: |
|
| 1878 |
+ - "" |
|
| 1875 | 1879 |
attributeRestrictions: null |
| 1876 | 1880 |
resources: |
| 1877 | 1881 |
- persistentvolumeclaims/status |
| 1878 | 1882 |
verbs: |
| 1879 | 1883 |
- update |
| 1880 |
- - apiGroups: null |
|
| 1884 |
+ - apiGroups: |
|
| 1885 |
+ - "" |
|
| 1881 | 1886 |
attributeRestrictions: null |
| 1882 | 1887 |
resources: |
| 1883 | 1888 |
- pods |
| 1884 | 1889 |
verbs: |
| 1885 | 1890 |
- list |
| 1886 | 1891 |
- watch |
| 1887 |
- - apiGroups: null |
|
| 1892 |
+ - apiGroups: |
|
| 1893 |
+ - "" |
|
| 1888 | 1894 |
attributeRestrictions: null |
| 1889 | 1895 |
resources: |
| 1890 | 1896 |
- pods |
| ... | ... |
@@ -1892,7 +1998,8 @@ items: |
| 1892 | 1892 |
- create |
| 1893 | 1893 |
- delete |
| 1894 | 1894 |
- get |
| 1895 |
- - apiGroups: null |
|
| 1895 |
+ - apiGroups: |
|
| 1896 |
+ - "" |
|
| 1896 | 1897 |
attributeRestrictions: null |
| 1897 | 1898 |
resources: |
| 1898 | 1899 |
- events |
| ... | ... |
@@ -1906,41 +2013,47 @@ items: |
| 1906 | 1906 |
creationTimestamp: null |
| 1907 | 1907 |
name: system:replication-controller |
| 1908 | 1908 |
rules: |
| 1909 |
- - apiGroups: null |
|
| 1909 |
+ - apiGroups: |
|
| 1910 |
+ - "" |
|
| 1910 | 1911 |
attributeRestrictions: null |
| 1911 | 1912 |
resources: |
| 1912 | 1913 |
- replicationcontrollers |
| 1913 | 1914 |
verbs: |
| 1914 | 1915 |
- list |
| 1915 | 1916 |
- watch |
| 1916 |
- - apiGroups: null |
|
| 1917 |
+ - apiGroups: |
|
| 1918 |
+ - "" |
|
| 1917 | 1919 |
attributeRestrictions: null |
| 1918 | 1920 |
resources: |
| 1919 | 1921 |
- replicationcontrollers |
| 1920 | 1922 |
verbs: |
| 1921 | 1923 |
- get |
| 1922 | 1924 |
- update |
| 1923 |
- - apiGroups: null |
|
| 1925 |
+ - apiGroups: |
|
| 1926 |
+ - "" |
|
| 1924 | 1927 |
attributeRestrictions: null |
| 1925 | 1928 |
resources: |
| 1926 | 1929 |
- replicationcontrollers/status |
| 1927 | 1930 |
verbs: |
| 1928 | 1931 |
- update |
| 1929 |
- - apiGroups: null |
|
| 1932 |
+ - apiGroups: |
|
| 1933 |
+ - "" |
|
| 1930 | 1934 |
attributeRestrictions: null |
| 1931 | 1935 |
resources: |
| 1932 | 1936 |
- pods |
| 1933 | 1937 |
verbs: |
| 1934 | 1938 |
- list |
| 1935 | 1939 |
- watch |
| 1936 |
- - apiGroups: null |
|
| 1940 |
+ - apiGroups: |
|
| 1941 |
+ - "" |
|
| 1937 | 1942 |
attributeRestrictions: null |
| 1938 | 1943 |
resources: |
| 1939 | 1944 |
- pods |
| 1940 | 1945 |
verbs: |
| 1941 | 1946 |
- create |
| 1942 | 1947 |
- delete |
| 1943 |
- - apiGroups: null |
|
| 1948 |
+ - apiGroups: |
|
| 1949 |
+ - "" |
|
| 1944 | 1950 |
attributeRestrictions: null |
| 1945 | 1951 |
resources: |
| 1946 | 1952 |
- events |
| ... | ... |
@@ -1984,7 +2097,8 @@ items: |
| 1984 | 1984 |
verbs: |
| 1985 | 1985 |
- list |
| 1986 | 1986 |
- watch |
| 1987 |
- - apiGroups: null |
|
| 1987 |
+ - apiGroups: |
|
| 1988 |
+ - "" |
|
| 1988 | 1989 |
attributeRestrictions: null |
| 1989 | 1990 |
resources: |
| 1990 | 1991 |
- events |