Initial 1Password Operator commit

This commit is contained in:
jillianwilson
2020-12-10 18:07:27 -04:00
commit 824f54b4fa
2651 changed files with 890643 additions and 0 deletions

23
vendor/k8s.io/api/imagepolicy/v1alpha1/doc.go generated vendored Normal file
View File

@@ -0,0 +1,23 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// +k8s:deepcopy-gen=package
// +k8s:protobuf-gen=package
// +k8s:openapi-gen=true
// +groupName=imagepolicy.k8s.io
package v1alpha1 // import "k8s.io/api/imagepolicy/v1alpha1"

1386
vendor/k8s.io/api/imagepolicy/v1alpha1/generated.pb.go generated vendored Normal file

File diff suppressed because it is too large Load Diff

86
vendor/k8s.io/api/imagepolicy/v1alpha1/generated.proto generated vendored Normal file
View File

@@ -0,0 +1,86 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = 'proto2';
package k8s.io.api.imagepolicy.v1alpha1;
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1alpha1";
// ImageReview checks if the set of images in a pod are allowed.
message ImageReview {
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Spec holds information about the pod being evaluated
optional ImageReviewSpec spec = 2;
// Status is filled in by the backend and indicates whether the pod should be allowed.
// +optional
optional ImageReviewStatus status = 3;
}
// ImageReviewContainerSpec is a description of a container within the pod creation request.
message ImageReviewContainerSpec {
// This can be in the form image:tag or image@SHA:012345679abcdef.
// +optional
optional string image = 1;
}
// ImageReviewSpec is a description of the pod creation request.
message ImageReviewSpec {
// Containers is a list of a subset of the information in each container of the Pod being created.
// +optional
repeated ImageReviewContainerSpec containers = 1;
// Annotations is a list of key-value pairs extracted from the Pod's annotations.
// It only includes keys which match the pattern `*.image-policy.k8s.io/*`.
// It is up to each webhook backend to determine how to interpret these annotations, if at all.
// +optional
map<string, string> annotations = 2;
// Namespace is the namespace the pod is being created in.
// +optional
optional string namespace = 3;
}
// ImageReviewStatus is the result of the review for the pod creation request.
message ImageReviewStatus {
// Allowed indicates that all images were allowed to be run.
optional bool allowed = 1;
// Reason should be empty unless Allowed is false in which case it
// may contain a short description of what is wrong. Kubernetes
// may truncate excessively long errors when displaying to the user.
// +optional
optional string reason = 2;
// AuditAnnotations will be added to the attributes object of the
// admission controller request using 'AddAnnotation'. The keys should
// be prefix-less (i.e., the admission controller will add an
// appropriate prefix).
// +optional
map<string, string> auditAnnotations = 3;
}

51
vendor/k8s.io/api/imagepolicy/v1alpha1/register.go generated vendored Normal file
View File

@@ -0,0 +1,51 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
)
// GroupName is the group name for this API.
const GroupName = "imagepolicy.k8s.io"
// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
// Resource takes an unqualified resource and returns a Group qualified GroupResource
func Resource(resource string) schema.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}
var (
// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api.
// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
localSchemeBuilder = &SchemeBuilder
AddToScheme = localSchemeBuilder.AddToScheme
)
// Adds the list of known types to the given scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
&ImageReview{},
)
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

80
vendor/k8s.io/api/imagepolicy/v1alpha1/types.go generated vendored Normal file
View File

@@ -0,0 +1,80 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// +genclient:nonNamespaced
// +genclient:noVerbs
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ImageReview checks if the set of images in a pod are allowed.
type ImageReview struct {
metav1.TypeMeta `json:",inline"`
// +optional
metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Spec holds information about the pod being evaluated
Spec ImageReviewSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`
// Status is filled in by the backend and indicates whether the pod should be allowed.
// +optional
Status ImageReviewStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
}
// ImageReviewSpec is a description of the pod creation request.
type ImageReviewSpec struct {
// Containers is a list of a subset of the information in each container of the Pod being created.
// +optional
Containers []ImageReviewContainerSpec `json:"containers,omitempty" protobuf:"bytes,1,rep,name=containers"`
// Annotations is a list of key-value pairs extracted from the Pod's annotations.
// It only includes keys which match the pattern `*.image-policy.k8s.io/*`.
// It is up to each webhook backend to determine how to interpret these annotations, if at all.
// +optional
Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,2,rep,name=annotations"`
// Namespace is the namespace the pod is being created in.
// +optional
Namespace string `json:"namespace,omitempty" protobuf:"bytes,3,opt,name=namespace"`
}
// ImageReviewContainerSpec is a description of a container within the pod creation request.
type ImageReviewContainerSpec struct {
// This can be in the form image:tag or image@SHA:012345679abcdef.
// +optional
Image string `json:"image,omitempty" protobuf:"bytes,1,opt,name=image"`
// In future, we may add command line overrides, exec health check command lines, and so on.
}
// ImageReviewStatus is the result of the review for the pod creation request.
type ImageReviewStatus struct {
// Allowed indicates that all images were allowed to be run.
Allowed bool `json:"allowed" protobuf:"varint,1,opt,name=allowed"`
// Reason should be empty unless Allowed is false in which case it
// may contain a short description of what is wrong. Kubernetes
// may truncate excessively long errors when displaying to the user.
// +optional
Reason string `json:"reason,omitempty" protobuf:"bytes,2,opt,name=reason"`
// AuditAnnotations will be added to the attributes object of the
// admission controller request using 'AddAnnotation'. The keys should
// be prefix-less (i.e., the admission controller will add an
// appropriate prefix).
// +optional
AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,3,rep,name=auditAnnotations"`
}

View File

@@ -0,0 +1,71 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1alpha1
// This file contains a collection of methods that can be used from go-restful to
// generate Swagger API documentation for its models. Please read this PR for more
// information on the implementation: https://github.com/emicklei/go-restful/pull/215
//
// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if
// they are on one line! For multiple line or blocks that you want to ignore use ---.
// Any context after a --- is ignored.
//
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT.
var map_ImageReview = map[string]string{
"": "ImageReview checks if the set of images in a pod are allowed.",
"spec": "Spec holds information about the pod being evaluated",
"status": "Status is filled in by the backend and indicates whether the pod should be allowed.",
}
func (ImageReview) SwaggerDoc() map[string]string {
return map_ImageReview
}
var map_ImageReviewContainerSpec = map[string]string{
"": "ImageReviewContainerSpec is a description of a container within the pod creation request.",
"image": "This can be in the form image:tag or image@SHA:012345679abcdef.",
}
func (ImageReviewContainerSpec) SwaggerDoc() map[string]string {
return map_ImageReviewContainerSpec
}
var map_ImageReviewSpec = map[string]string{
"": "ImageReviewSpec is a description of the pod creation request.",
"containers": "Containers is a list of a subset of the information in each container of the Pod being created.",
"annotations": "Annotations is a list of key-value pairs extracted from the Pod's annotations. It only includes keys which match the pattern `*.image-policy.k8s.io/*`. It is up to each webhook backend to determine how to interpret these annotations, if at all.",
"namespace": "Namespace is the namespace the pod is being created in.",
}
func (ImageReviewSpec) SwaggerDoc() map[string]string {
return map_ImageReviewSpec
}
var map_ImageReviewStatus = map[string]string{
"": "ImageReviewStatus is the result of the review for the pod creation request.",
"allowed": "Allowed indicates that all images were allowed to be run.",
"reason": "Reason should be empty unless Allowed is false in which case it may contain a short description of what is wrong. Kubernetes may truncate excessively long errors when displaying to the user.",
"auditAnnotations": "AuditAnnotations will be added to the attributes object of the admission controller request using 'AddAnnotation'. The keys should be prefix-less (i.e., the admission controller will add an appropriate prefix).",
}
func (ImageReviewStatus) SwaggerDoc() map[string]string {
return map_ImageReviewStatus
}
// AUTO-GENERATED FUNCTIONS END HERE

View File

@@ -0,0 +1,120 @@
// +build !ignore_autogenerated
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
package v1alpha1
import (
runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ImageReview) DeepCopyInto(out *ImageReview) {
*out = *in
out.TypeMeta = in.TypeMeta
in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
in.Spec.DeepCopyInto(&out.Spec)
in.Status.DeepCopyInto(&out.Status)
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageReview.
func (in *ImageReview) DeepCopy() *ImageReview {
if in == nil {
return nil
}
out := new(ImageReview)
in.DeepCopyInto(out)
return out
}
// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (in *ImageReview) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
}
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ImageReviewContainerSpec) DeepCopyInto(out *ImageReviewContainerSpec) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageReviewContainerSpec.
func (in *ImageReviewContainerSpec) DeepCopy() *ImageReviewContainerSpec {
if in == nil {
return nil
}
out := new(ImageReviewContainerSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ImageReviewSpec) DeepCopyInto(out *ImageReviewSpec) {
*out = *in
if in.Containers != nil {
in, out := &in.Containers, &out.Containers
*out = make([]ImageReviewContainerSpec, len(*in))
copy(*out, *in)
}
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageReviewSpec.
func (in *ImageReviewSpec) DeepCopy() *ImageReviewSpec {
if in == nil {
return nil
}
out := new(ImageReviewSpec)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ImageReviewStatus) DeepCopyInto(out *ImageReviewStatus) {
*out = *in
if in.AuditAnnotations != nil {
in, out := &in.AuditAnnotations, &out.AuditAnnotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageReviewStatus.
func (in *ImageReviewStatus) DeepCopy() *ImageReviewStatus {
if in == nil {
return nil
}
out := new(ImageReviewStatus)
in.DeepCopyInto(out)
return out
}