From fa3682578eb9d2e1bf2fb15d65908bcbfcac840a Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Sun, 31 May 2020 11:57:25 -0700 Subject: [PATCH] Permit configmap list/watch for delegated authentication xref: https://github.com/kubernetes/kubernetes/pull/85004 Signed-off-by: Tamal Saha --- Makefile | 8 ++++---- charts/vault-operator/templates/cluster-role.yaml | 6 +++++- go.mod | 5 +++-- go.sum | 8 ++++---- vendor/k8s.io/api/core/v1/types.go | 1 + vendor/modules.txt | 4 ++-- 6 files changed, 19 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index 03b55d90..cf8afbc7 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ REPO := $(notdir $(shell pwd)) BIN := installer # Produce CRDs that work back to Kubernetes 1.11 (no version conversion) -CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false" +CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false,crdVersions={v1beta1,v1}" # https://github.com/appscodelabs/gengo-builder CODE_GENERATOR_IMAGE ?= appscode/gengo:release-1.18 API_GROUPS ?= installer:v1alpha1 @@ -225,11 +225,11 @@ gen-bindata: .PHONY: gen-values-schema gen-values-schema: - @yq r api/crds/installer.kubevault.com_csivaults.yaml spec.validation.openAPIV3Schema.properties.spec > /tmp/csi-vault-values.openapiv3_schema.yaml + @yq r api/crds/installer.kubevault.com_csivaults.v1.yaml spec.versions[0].schema.openAPIV3Schema.properties.spec > /tmp/csi-vault-values.openapiv3_schema.yaml @yq d /tmp/csi-vault-values.openapiv3_schema.yaml description > charts/csi-vault/values.openapiv3_schema.yaml - @yq r api/crds/installer.kubevault.com_kubevaultoperators.yaml spec.validation.openAPIV3Schema.properties.spec > /tmp/vault-operator-values.openapiv3_schema.yaml + @yq r api/crds/installer.kubevault.com_kubevaultoperators.v1.yaml spec.versions[0].schema.openAPIV3Schema.properties.spec > /tmp/vault-operator-values.openapiv3_schema.yaml @yq d /tmp/vault-operator-values.openapiv3_schema.yaml description > charts/vault-operator/values.openapiv3_schema.yaml - @yq r api/crds/installer.kubevault.com_vaultcatalogs.yaml spec.validation.openAPIV3Schema.properties.spec > /tmp/vault-catalog-values.openapiv3_schema.yaml + @yq r api/crds/installer.kubevault.com_vaultcatalogs.v1.yaml spec.versions[0].schema.openAPIV3Schema.properties.spec > /tmp/vault-catalog-values.openapiv3_schema.yaml @yq d /tmp/vault-catalog-values.openapiv3_schema.yaml description > charts/vault-catalog/values.openapiv3_schema.yaml .PHONY: gen-chart-doc diff --git a/charts/vault-operator/templates/cluster-role.yaml b/charts/vault-operator/templates/cluster-role.yaml index 5c447a45..0c8f4bbf 100644 --- a/charts/vault-operator/templates/cluster-role.yaml +++ b/charts/vault-operator/templates/cluster-role.yaml @@ -43,11 +43,15 @@ rules: - apiGroups: - "" resources: - - configmaps - secrets - services - serviceaccounts verbs: ["create", "get", "patch"] +- apiGroups: + - "" + resources: + - configmaps + verbs: ["create", "get", "list", "watch", "patch"] - apiGroups: - "" resources: diff --git a/go.mod b/go.mod index 579503b2..42075f26 100644 --- a/go.mod +++ b/go.mod @@ -34,14 +34,14 @@ require ( k8s.io/apimachinery v0.18.3 k8s.io/client-go v12.0.0+incompatible k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 - kmodules.xyz/client-go v0.0.0-20200522120609-c6430d66212f + kmodules.xyz/client-go v0.0.0-20200525195850-2fd180961371 kmodules.xyz/crd-schema-fuzz v0.0.0-20200521005638-2433a187de95 sigs.k8s.io/yaml v1.2.0 ) replace ( bitbucket.org/ww/goautoneg => gomodules.xyz/goautoneg v0.0.0-20120707110453-a547fc61f48d - git.apache.org/thrift.git => github.com/apache/thrift v0.12.0 + git.apache.org/thrift.git => github.com/apache/thrift v0.13.0 github.com/Azure/azure-sdk-for-go => github.com/Azure/azure-sdk-for-go v35.0.0+incompatible github.com/Azure/go-ansiterm => github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 github.com/Azure/go-autorest => github.com/Azure/go-autorest v13.0.0+incompatible @@ -57,6 +57,7 @@ replace ( github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.0.0 go.etcd.io/etcd => go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738 google.golang.org/grpc => google.golang.org/grpc v1.26.0 + k8s.io/api => github.com/kmodules/api v0.18.4-0.20200524125823-c8bc107809b9 k8s.io/apimachinery => github.com/kmodules/apimachinery v0.19.0-alpha.0.0.20200520235721-10b58e57a423 k8s.io/apiserver => github.com/kmodules/apiserver v0.18.4-0.20200521000930-14c5f6df9625 k8s.io/client-go => k8s.io/client-go v0.18.3 diff --git a/go.sum b/go.sum index 2bb47a93..aee6c440 100644 --- a/go.sum +++ b/go.sum @@ -219,6 +219,8 @@ github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kmodules/api v0.18.4-0.20200524125823-c8bc107809b9 h1:3WfoOV3g8udvdh1SgCjp93waE4njc5p8Yu6iPdcTPeY= +github.com/kmodules/api v0.18.4-0.20200524125823-c8bc107809b9/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA= github.com/kmodules/apimachinery v0.19.0-alpha.0.0.20200520235721-10b58e57a423 h1:eIx5nBpcokltYCsMIguagM4k2yi04irNqAFVPw4IdjE= github.com/kmodules/apimachinery v0.19.0-alpha.0.0.20200520235721-10b58e57a423/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= github.com/kmodules/apiserver v0.18.4-0.20200521000930-14c5f6df9625 h1:VgTz5R1ePhWVoGGBWsFv0+MkLvXwg6XwvaPMlG7QFKo= @@ -493,8 +495,6 @@ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.18.3 h1:2AJaUQdgUZLoDZHrun21PW2Nx9+ll6cUzvn3IKhSIn0= -k8s.io/api v0.18.3/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA= k8s.io/apiextensions-apiserver v0.18.3 h1:h6oZO+iAgg0HjxmuNnguNdKNB9+wv3O1EBDdDWJViQ0= k8s.io/apiextensions-apiserver v0.18.3/go.mod h1:TMsNGs7DYpMXd+8MOCX8KzPOCx8fnZMoIGB24m03+JE= k8s.io/cli-runtime v0.18.3/go.mod h1:pqbbi4nqRIQhUWAVzen8uE8DD/zcZLwf+8sQYO4lwLk= @@ -514,8 +514,8 @@ k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 h1:Oh3Mzx5pJ+yIumsAD0MOEC k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89 h1:d4vVOjXm687F1iLSP2q3lyPPuyvTUt3aVoBpi2DqRsU= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -kmodules.xyz/client-go v0.0.0-20200522120609-c6430d66212f h1:8UjB4zeASqedORHWpGoeDhRT7C564GZuY2rPsMmqvko= -kmodules.xyz/client-go v0.0.0-20200522120609-c6430d66212f/go.mod h1:sY/eoe4ktxZEoHpr5NpAQ5s22VSwTE8psJtKVeVgLRY= +kmodules.xyz/client-go v0.0.0-20200525195850-2fd180961371 h1:PPawDOMyDHGeDPN8j1epNozaIB/Z7MlJsXpwm/r4jgk= +kmodules.xyz/client-go v0.0.0-20200525195850-2fd180961371/go.mod h1:sY/eoe4ktxZEoHpr5NpAQ5s22VSwTE8psJtKVeVgLRY= kmodules.xyz/crd-schema-fuzz v0.0.0-20200521005638-2433a187de95 h1:v0S/+ftzL6Xrs9XevgchAOJyPKlRQXPiZf87xotj3X4= kmodules.xyz/crd-schema-fuzz v0.0.0-20200521005638-2433a187de95/go.mod h1:jpu8xFsDKd6kAWUAKk8oTu/GQGBWqhrcaDeOJdaCJnk= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7 h1:uuHDyjllyzRyCIvvn0OBjiRB0SgBZGqHNYAmjR7fO50= diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go index b61a86ab..3b780a3e 100644 --- a/vendor/k8s.io/api/core/v1/types.go +++ b/vendor/k8s.io/api/core/v1/types.go @@ -1758,6 +1758,7 @@ type ContainerPort struct { // Protocol for port. Must be UDP, TCP, or SCTP. // Defaults to "TCP". // +optional + // +kubebuilder:default=TCP Protocol Protocol `json:"protocol,omitempty" protobuf:"bytes,4,opt,name=protocol,casttype=Protocol"` // What host IP to bind the external port to. // +optional diff --git a/vendor/modules.txt b/vendor/modules.txt index 04f97dc9..ee8eebaa 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -237,7 +237,7 @@ gopkg.in/inf.v0 gopkg.in/natefinch/lumberjack.v2 # gopkg.in/yaml.v2 v2.2.8 gopkg.in/yaml.v2 -# k8s.io/api v0.18.3 +# k8s.io/api v0.18.3 => github.com/kmodules/api v0.18.4-0.20200524125823-c8bc107809b9 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 k8s.io/api/admissionregistration/v1 @@ -650,7 +650,7 @@ k8s.io/utils/net k8s.io/utils/path k8s.io/utils/pointer k8s.io/utils/trace -# kmodules.xyz/client-go v0.0.0-20200522120609-c6430d66212f +# kmodules.xyz/client-go v0.0.0-20200525195850-2fd180961371 kmodules.xyz/client-go/openapi # kmodules.xyz/crd-schema-fuzz v0.0.0-20200521005638-2433a187de95 kmodules.xyz/crd-schema-fuzz