| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 |
- /*
- Copyright 2015 The Kubernetes Authors.
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- */
- package v0
- import (
- api "k8s.io/kubernetes/pkg/apis/abac"
- "k8s.io/kubernetes/pkg/conversion"
- "k8s.io/kubernetes/pkg/runtime"
- )
- func addConversionFuncs(scheme *runtime.Scheme) error {
- return scheme.AddConversionFuncs(
- func(in *Policy, out *api.Policy, s conversion.Scope) error {
- // Begin by copying all fields
- out.Spec.User = in.User
- out.Spec.Group = in.Group
- out.Spec.Namespace = in.Namespace
- out.Spec.Resource = in.Resource
- out.Spec.Readonly = in.Readonly
- // In v0, unspecified user and group matches all subjects
- if len(in.User) == 0 && len(in.Group) == 0 {
- out.Spec.User = "*"
- }
- // In v0, leaving namespace empty matches all namespaces
- if len(in.Namespace) == 0 {
- out.Spec.Namespace = "*"
- }
- // In v0, leaving resource empty matches all resources
- if len(in.Resource) == 0 {
- out.Spec.Resource = "*"
- }
- // Any rule in v0 should match all API groups
- out.Spec.APIGroup = "*"
- // In v0, leaving namespace and resource blank allows non-resource paths
- if len(in.Namespace) == 0 && len(in.Resource) == 0 {
- out.Spec.NonResourcePath = "*"
- }
- return nil
- },
- )
- }
|
