diff options
| author | Chao Xu <xuchao@google.com> | 2017-05-17 14:04:06 -0700 |
|---|---|---|
| committer | Chao Xu <xuchao@google.com> | 2017-05-17 14:05:23 -0700 |
| commit | 0d84536893e0383dc7469f55f2ee83491d376dbb (patch) | |
| tree | b61c1d6f5f15233d2e12455268b6e7115ebeb027 | |
| parent | d8dcfde07cdfa6f1f77c084c3cf92b58f1483fe3 (diff) | |
completely copy rbac
| -rw-r--r-- | contributors/design-proposals/dynamic-admission-control-configuration.md | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/contributors/design-proposals/dynamic-admission-control-configuration.md b/contributors/design-proposals/dynamic-admission-control-configuration.md index 1a647fd0..d9beb439 100644 --- a/contributors/design-proposals/dynamic-admission-control-configuration.md +++ b/contributors/design-proposals/dynamic-admission-control-configuration.md @@ -96,7 +96,6 @@ type ExternalAdmissionHook struct { // Rules describes what operations on what resources/subresources the webhook cares about. // The webhook cares about an operation if it matches any Rule. - // Each rule must has a unique APIGroup. Rules []Rule // FailurePolicy defines how unrecognized errors from the admission endpoint are handled - @@ -107,12 +106,15 @@ type ExternalAdmissionHook struct { type Rule struct { // Verbs is the list of verbs this hook will be invoked on - POST, PUT, or * // for all operations. Defaults to '*'. + // If '*' is present, the length of the slice must be one. Verbs []OperationType - // APIGroup is the API group the resources belong to. '*' is all groups. - APIGroup string + // APIGroups is the API group the resources belong to. '*' is all groups. + // If '*' is present, the length of the slice must be one. + APIGroups []string // APIVersions are the API versions the resources belong to. '*' is all versions. + // If '*' is present, the length of the slice must be one. APIVersions []string // Resources is a list of resources this rule applies to. @@ -122,6 +124,7 @@ type Rule struct { // 'pods/*' means all subresources of pods. // '*/scale' means all scale subresources. // '*/*' means all resources and their subresources. + // If '*' or '*/*' is present, the length of the slice must be one. Resources []string `json:"resources,omitempty" protobuf:"bytes,3,rep,name=resources"` } @@ -129,8 +132,8 @@ type OperationType string const ( All OperationType = "*" - Create OperationType= "POST" - Update OperationType= "PUT" + Create OperationType= "CREATE" + Update OperationType= "UPDATE" ) // AdmissionHookClientConfig contains the information to make a TLS |