From 1fafa91da4a738bb96b1c8a0b45b21a82b446270 Mon Sep 17 00:00:00 2001 From: Joe Betz Date: Mon, 20 Apr 2026 16:46:57 -0400 Subject: [PATCH] Consolidate DeclarativeValidationStrategy interface --- pkg/api/testing/validation.go | 12 ++---------- pkg/apis/autoscaling/v1/zz_generated.validations.go | 2 +- pkg/apis/autoscaling/v2/zz_generated.validations.go | 2 +- pkg/apis/batch/v1/zz_generated.validations.go | 2 +- pkg/apis/batch/v1beta1/zz_generated.validations.go | 2 +- pkg/apis/core/v1/zz_generated.validations.go | 2 +- pkg/apis/flowcontrol/v1/zz_generated.validations.go | 2 +- .../flowcontrol/v1beta1/zz_generated.validations.go | 2 +- .../flowcontrol/v1beta2/zz_generated.validations.go | 2 +- .../flowcontrol/v1beta3/zz_generated.validations.go | 2 +- .../resource/v1alpha3/zz_generated.validations.go | 2 +- .../resource/v1beta2/zz_generated.validations.go | 2 +- .../api/admissionregistration/v1/generated.proto | 1 + .../src/k8s.io/api/admissionregistration/v1/types.go | 1 + .../admissionregistration/v1alpha1/generated.proto | 1 + .../api/admissionregistration/v1alpha1/types.go | 1 + .../admissionregistration/v1beta1/generated.proto | 1 + .../api/admissionregistration/v1beta1/types.go | 1 + .../api/apiserverinternal/v1alpha1/generated.proto | 1 + .../k8s.io/api/apiserverinternal/v1alpha1/types.go | 1 + staging/src/k8s.io/api/apps/v1/generated.proto | 4 ++++ staging/src/k8s.io/api/apps/v1/types.go | 4 ++++ staging/src/k8s.io/api/apps/v1beta1/generated.proto | 2 ++ staging/src/k8s.io/api/apps/v1beta1/types.go | 2 ++ staging/src/k8s.io/api/apps/v1beta2/generated.proto | 4 ++++ staging/src/k8s.io/api/apps/v1beta2/types.go | 4 ++++ .../src/k8s.io/api/authentication/v1/generated.proto | 2 ++ staging/src/k8s.io/api/authentication/v1/types.go | 2 ++ .../api/authentication/v1alpha1/generated.proto | 1 + .../src/k8s.io/api/authentication/v1alpha1/types.go | 1 + .../api/authentication/v1beta1/generated.proto | 2 ++ .../src/k8s.io/api/authentication/v1beta1/types.go | 2 ++ .../src/k8s.io/api/authorization/v1/generated.proto | 4 ++++ staging/src/k8s.io/api/authorization/v1/types.go | 4 ++++ .../k8s.io/api/authorization/v1beta1/generated.proto | 4 ++++ .../src/k8s.io/api/authorization/v1beta1/types.go | 4 ++++ .../src/k8s.io/api/autoscaling/v1/generated.proto | 1 + staging/src/k8s.io/api/autoscaling/v1/types.go | 1 + .../src/k8s.io/api/autoscaling/v2/generated.proto | 1 + staging/src/k8s.io/api/autoscaling/v2/types.go | 1 + staging/src/k8s.io/api/batch/v1/generated.proto | 2 ++ staging/src/k8s.io/api/batch/v1/types.go | 2 ++ staging/src/k8s.io/api/batch/v1beta1/generated.proto | 1 + staging/src/k8s.io/api/batch/v1beta1/types.go | 1 + .../k8s.io/api/certificates/v1beta1/generated.proto | 1 + staging/src/k8s.io/api/certificates/v1beta1/types.go | 1 + staging/src/k8s.io/api/core/v1/generated.proto | 10 ++++++++++ staging/src/k8s.io/api/core/v1/types.go | 11 +++++++++++ .../k8s.io/api/extensions/v1beta1/generated.proto | 4 ++++ staging/src/k8s.io/api/extensions/v1beta1/types.go | 4 ++++ .../src/k8s.io/api/flowcontrol/v1/generated.proto | 2 ++ staging/src/k8s.io/api/flowcontrol/v1/types.go | 2 ++ .../k8s.io/api/flowcontrol/v1beta1/generated.proto | 2 ++ staging/src/k8s.io/api/flowcontrol/v1beta1/types.go | 2 ++ .../k8s.io/api/flowcontrol/v1beta2/generated.proto | 2 ++ staging/src/k8s.io/api/flowcontrol/v1beta2/types.go | 2 ++ .../k8s.io/api/flowcontrol/v1beta3/generated.proto | 2 ++ staging/src/k8s.io/api/flowcontrol/v1beta3/types.go | 2 ++ .../k8s.io/api/imagepolicy/v1alpha1/generated.proto | 1 + staging/src/k8s.io/api/imagepolicy/v1alpha1/types.go | 1 + staging/src/k8s.io/api/networking/v1/generated.proto | 2 ++ staging/src/k8s.io/api/networking/v1/types.go | 2 ++ .../k8s.io/api/networking/v1beta1/generated.proto | 2 ++ staging/src/k8s.io/api/networking/v1beta1/types.go | 2 ++ staging/src/k8s.io/api/policy/v1/generated.proto | 1 + staging/src/k8s.io/api/policy/v1/types.go | 1 + .../src/k8s.io/api/policy/v1beta1/generated.proto | 1 + staging/src/k8s.io/api/policy/v1beta1/types.go | 1 + .../src/k8s.io/api/resource/v1alpha3/generated.proto | 1 + staging/src/k8s.io/api/resource/v1alpha3/types.go | 1 + .../src/k8s.io/api/resource/v1beta2/generated.proto | 1 + staging/src/k8s.io/api/resource/v1beta2/types.go | 1 + .../api/storagemigration/v1beta1/generated.proto | 1 + .../src/k8s.io/api/storagemigration/v1beta1/types.go | 1 + .../src/k8s.io/apiserver/pkg/registry/rest/create.go | 10 +--------- .../src/k8s.io/apiserver/pkg/registry/rest/update.go | 10 +--------- .../k8s.io/apiserver/pkg/registry/rest/validate.go | 11 ++++++----- .../apiserver/pkg/registry/rest/validate_test.go | 2 -- 78 files changed, 152 insertions(+), 46 deletions(-) diff --git a/pkg/api/testing/validation.go b/pkg/api/testing/validation.go index d6ce1051065..7aab0fd6d59 100644 --- a/pkg/api/testing/validation.go +++ b/pkg/api/testing/validation.go @@ -291,11 +291,7 @@ func VerifyValidationEquivalence(t *testing.T, ctx context.Context, obj runtime. verifyValidationEquivalence(t, expectedErrs, func(c context.Context) field.ErrorList { errs := strategy.Validate(c, obj) if dv, ok := strategy.(rest.DeclarativeValidationStrategy); ok { - var config rest.DeclarativeValidationConfig - if vc, ok := strategy.(rest.DeclarativeValidationConfigurer); ok { - config = vc.DeclarativeValidationConfig(c, obj, nil) - } - errs = dv.ValidateDeclaratively(c, obj, nil, errs, operation.Create, config) + errs = dv.ValidateDeclaratively(c, obj, nil, errs, operation.Create, dv.DeclarativeValidationConfig(c, obj, nil)) } return errs }, ctx, opts) @@ -330,11 +326,7 @@ func VerifyUpdateValidationEquivalence(t *testing.T, ctx context.Context, obj, o verifyValidationEquivalence(t, expectedErrs, func(c context.Context) field.ErrorList { errs := strategy.ValidateUpdate(c, obj, old) if dv, ok := strategy.(rest.DeclarativeValidationStrategy); ok { - var config rest.DeclarativeValidationConfig - if vc, ok := strategy.(rest.DeclarativeValidationConfigurer); ok { - config = vc.DeclarativeValidationConfig(c, obj, old) - } - errs = dv.ValidateDeclaratively(c, obj, old, errs, operation.Update, config) + errs = dv.ValidateDeclaratively(c, obj, old, errs, operation.Update, dv.DeclarativeValidationConfig(c, obj, old)) } return errs }, ctx, opts) diff --git a/pkg/apis/autoscaling/v1/zz_generated.validations.go b/pkg/apis/autoscaling/v1/zz_generated.validations.go index 1c3a27da4a3..af2758a9591 100644 --- a/pkg/apis/autoscaling/v1/zz_generated.validations.go +++ b/pkg/apis/autoscaling/v1/zz_generated.validations.go @@ -42,7 +42,7 @@ func RegisterValidations(scheme *runtime.Scheme) error { // type HorizontalPodAutoscaler scheme.AddValidationFunc((*autoscalingv1.HorizontalPodAutoscaler)(nil), func(ctx context.Context, op operation.Operation, obj, oldObj interface{}) field.ErrorList { switch op.Request.SubresourcePath() { - case "/": + case "/", "/status": return Validate_HorizontalPodAutoscaler(ctx, op, nil /* fldPath */, obj.(*autoscalingv1.HorizontalPodAutoscaler), safe.Cast[*autoscalingv1.HorizontalPodAutoscaler](oldObj)) } return field.ErrorList{field.InternalError(nil, fmt.Errorf("no validation found for %T, subresource: %v", obj, op.Request.SubresourcePath()))} diff --git a/pkg/apis/autoscaling/v2/zz_generated.validations.go b/pkg/apis/autoscaling/v2/zz_generated.validations.go index 7b9aed557a8..cea94c1aba0 100644 --- a/pkg/apis/autoscaling/v2/zz_generated.validations.go +++ b/pkg/apis/autoscaling/v2/zz_generated.validations.go @@ -42,7 +42,7 @@ func RegisterValidations(scheme *runtime.Scheme) error { // type HorizontalPodAutoscaler scheme.AddValidationFunc((*autoscalingv2.HorizontalPodAutoscaler)(nil), func(ctx context.Context, op operation.Operation, obj, oldObj interface{}) field.ErrorList { switch op.Request.SubresourcePath() { - case "/": + case "/", "/status": return Validate_HorizontalPodAutoscaler(ctx, op, nil /* fldPath */, obj.(*autoscalingv2.HorizontalPodAutoscaler), safe.Cast[*autoscalingv2.HorizontalPodAutoscaler](oldObj)) } return field.ErrorList{field.InternalError(nil, fmt.Errorf("no validation found for %T, subresource: %v", obj, op.Request.SubresourcePath()))} diff --git a/pkg/apis/batch/v1/zz_generated.validations.go b/pkg/apis/batch/v1/zz_generated.validations.go index 10d0dd65c7d..69c8bcecfdb 100644 --- a/pkg/apis/batch/v1/zz_generated.validations.go +++ b/pkg/apis/batch/v1/zz_generated.validations.go @@ -42,7 +42,7 @@ func RegisterValidations(scheme *runtime.Scheme) error { // type CronJob scheme.AddValidationFunc((*batchv1.CronJob)(nil), func(ctx context.Context, op operation.Operation, obj, oldObj interface{}) field.ErrorList { switch op.Request.SubresourcePath() { - case "/": + case "/", "/status": return Validate_CronJob(ctx, op, nil /* fldPath */, obj.(*batchv1.CronJob), safe.Cast[*batchv1.CronJob](oldObj)) } return field.ErrorList{field.InternalError(nil, fmt.Errorf("no validation found for %T, subresource: %v", obj, op.Request.SubresourcePath()))} diff --git a/pkg/apis/batch/v1beta1/zz_generated.validations.go b/pkg/apis/batch/v1beta1/zz_generated.validations.go index f01d5073e30..55d01eaaa1d 100644 --- a/pkg/apis/batch/v1beta1/zz_generated.validations.go +++ b/pkg/apis/batch/v1beta1/zz_generated.validations.go @@ -42,7 +42,7 @@ func RegisterValidations(scheme *runtime.Scheme) error { // type CronJob scheme.AddValidationFunc((*batchv1beta1.CronJob)(nil), func(ctx context.Context, op operation.Operation, obj, oldObj interface{}) field.ErrorList { switch op.Request.SubresourcePath() { - case "/": + case "/", "/status": return Validate_CronJob(ctx, op, nil /* fldPath */, obj.(*batchv1beta1.CronJob), safe.Cast[*batchv1beta1.CronJob](oldObj)) } return field.ErrorList{field.InternalError(nil, fmt.Errorf("no validation found for %T, subresource: %v", obj, op.Request.SubresourcePath()))} diff --git a/pkg/apis/core/v1/zz_generated.validations.go b/pkg/apis/core/v1/zz_generated.validations.go index a8f5fba0157..9668a4fbc11 100644 --- a/pkg/apis/core/v1/zz_generated.validations.go +++ b/pkg/apis/core/v1/zz_generated.validations.go @@ -43,7 +43,7 @@ func RegisterValidations(scheme *runtime.Scheme) error { // type ReplicationController scheme.AddValidationFunc((*corev1.ReplicationController)(nil), func(ctx context.Context, op operation.Operation, obj, oldObj interface{}) field.ErrorList { switch op.Request.SubresourcePath() { - case "/", "/scale": + case "/", "/scale", "/status": return Validate_ReplicationController(ctx, op, nil /* fldPath */, obj.(*corev1.ReplicationController), safe.Cast[*corev1.ReplicationController](oldObj)) } return field.ErrorList{field.InternalError(nil, fmt.Errorf("no validation found for %T, subresource: %v", obj, op.Request.SubresourcePath()))} diff --git a/pkg/apis/flowcontrol/v1/zz_generated.validations.go b/pkg/apis/flowcontrol/v1/zz_generated.validations.go index 8d0f2778d60..5cb5778e886 100644 --- a/pkg/apis/flowcontrol/v1/zz_generated.validations.go +++ b/pkg/apis/flowcontrol/v1/zz_generated.validations.go @@ -42,7 +42,7 @@ func RegisterValidations(scheme *runtime.Scheme) error { // type PriorityLevelConfiguration scheme.AddValidationFunc((*flowcontrolv1.PriorityLevelConfiguration)(nil), func(ctx context.Context, op operation.Operation, obj, oldObj interface{}) field.ErrorList { switch op.Request.SubresourcePath() { - case "/": + case "/", "/status": return Validate_PriorityLevelConfiguration(ctx, op, nil /* fldPath */, obj.(*flowcontrolv1.PriorityLevelConfiguration), safe.Cast[*flowcontrolv1.PriorityLevelConfiguration](oldObj)) } return field.ErrorList{field.InternalError(nil, fmt.Errorf("no validation found for %T, subresource: %v", obj, op.Request.SubresourcePath()))} diff --git a/pkg/apis/flowcontrol/v1beta1/zz_generated.validations.go b/pkg/apis/flowcontrol/v1beta1/zz_generated.validations.go index cd9716c09ad..4fc4c9cc1dd 100644 --- a/pkg/apis/flowcontrol/v1beta1/zz_generated.validations.go +++ b/pkg/apis/flowcontrol/v1beta1/zz_generated.validations.go @@ -42,7 +42,7 @@ func RegisterValidations(scheme *runtime.Scheme) error { // type PriorityLevelConfiguration scheme.AddValidationFunc((*flowcontrolv1beta1.PriorityLevelConfiguration)(nil), func(ctx context.Context, op operation.Operation, obj, oldObj interface{}) field.ErrorList { switch op.Request.SubresourcePath() { - case "/": + case "/", "/status": return Validate_PriorityLevelConfiguration(ctx, op, nil /* fldPath */, obj.(*flowcontrolv1beta1.PriorityLevelConfiguration), safe.Cast[*flowcontrolv1beta1.PriorityLevelConfiguration](oldObj)) } return field.ErrorList{field.InternalError(nil, fmt.Errorf("no validation found for %T, subresource: %v", obj, op.Request.SubresourcePath()))} diff --git a/pkg/apis/flowcontrol/v1beta2/zz_generated.validations.go b/pkg/apis/flowcontrol/v1beta2/zz_generated.validations.go index e35a85610b5..90d62c636cd 100644 --- a/pkg/apis/flowcontrol/v1beta2/zz_generated.validations.go +++ b/pkg/apis/flowcontrol/v1beta2/zz_generated.validations.go @@ -42,7 +42,7 @@ func RegisterValidations(scheme *runtime.Scheme) error { // type PriorityLevelConfiguration scheme.AddValidationFunc((*flowcontrolv1beta2.PriorityLevelConfiguration)(nil), func(ctx context.Context, op operation.Operation, obj, oldObj interface{}) field.ErrorList { switch op.Request.SubresourcePath() { - case "/": + case "/", "/status": return Validate_PriorityLevelConfiguration(ctx, op, nil /* fldPath */, obj.(*flowcontrolv1beta2.PriorityLevelConfiguration), safe.Cast[*flowcontrolv1beta2.PriorityLevelConfiguration](oldObj)) } return field.ErrorList{field.InternalError(nil, fmt.Errorf("no validation found for %T, subresource: %v", obj, op.Request.SubresourcePath()))} diff --git a/pkg/apis/flowcontrol/v1beta3/zz_generated.validations.go b/pkg/apis/flowcontrol/v1beta3/zz_generated.validations.go index 0ba9853ac1f..7eedaf2ec09 100644 --- a/pkg/apis/flowcontrol/v1beta3/zz_generated.validations.go +++ b/pkg/apis/flowcontrol/v1beta3/zz_generated.validations.go @@ -42,7 +42,7 @@ func RegisterValidations(scheme *runtime.Scheme) error { // type PriorityLevelConfiguration scheme.AddValidationFunc((*flowcontrolv1beta3.PriorityLevelConfiguration)(nil), func(ctx context.Context, op operation.Operation, obj, oldObj interface{}) field.ErrorList { switch op.Request.SubresourcePath() { - case "/": + case "/", "/status": return Validate_PriorityLevelConfiguration(ctx, op, nil /* fldPath */, obj.(*flowcontrolv1beta3.PriorityLevelConfiguration), safe.Cast[*flowcontrolv1beta3.PriorityLevelConfiguration](oldObj)) } return field.ErrorList{field.InternalError(nil, fmt.Errorf("no validation found for %T, subresource: %v", obj, op.Request.SubresourcePath()))} diff --git a/pkg/apis/resource/v1alpha3/zz_generated.validations.go b/pkg/apis/resource/v1alpha3/zz_generated.validations.go index 11499dd7664..e2ab02720ac 100644 --- a/pkg/apis/resource/v1alpha3/zz_generated.validations.go +++ b/pkg/apis/resource/v1alpha3/zz_generated.validations.go @@ -44,7 +44,7 @@ func RegisterValidations(scheme *runtime.Scheme) error { // type DeviceTaintRule scheme.AddValidationFunc((*resourcev1alpha3.DeviceTaintRule)(nil), func(ctx context.Context, op operation.Operation, obj, oldObj interface{}) field.ErrorList { switch op.Request.SubresourcePath() { - case "/": + case "/", "/status": return Validate_DeviceTaintRule(ctx, op, nil /* fldPath */, obj.(*resourcev1alpha3.DeviceTaintRule), safe.Cast[*resourcev1alpha3.DeviceTaintRule](oldObj)) } return field.ErrorList{field.InternalError(nil, fmt.Errorf("no validation found for %T, subresource: %v", obj, op.Request.SubresourcePath()))} diff --git a/pkg/apis/resource/v1beta2/zz_generated.validations.go b/pkg/apis/resource/v1beta2/zz_generated.validations.go index 49da3b5a415..082a1074faf 100644 --- a/pkg/apis/resource/v1beta2/zz_generated.validations.go +++ b/pkg/apis/resource/v1beta2/zz_generated.validations.go @@ -53,7 +53,7 @@ func RegisterValidations(scheme *runtime.Scheme) error { // type DeviceTaintRule scheme.AddValidationFunc((*resourcev1beta2.DeviceTaintRule)(nil), func(ctx context.Context, op operation.Operation, obj, oldObj interface{}) field.ErrorList { switch op.Request.SubresourcePath() { - case "/": + case "/", "/status": return Validate_DeviceTaintRule(ctx, op, nil /* fldPath */, obj.(*resourcev1beta2.DeviceTaintRule), safe.Cast[*resourcev1beta2.DeviceTaintRule](oldObj)) } return field.ErrorList{field.InternalError(nil, fmt.Errorf("no validation found for %T, subresource: %v", obj, op.Request.SubresourcePath()))} diff --git a/staging/src/k8s.io/api/admissionregistration/v1/generated.proto b/staging/src/k8s.io/api/admissionregistration/v1/generated.proto index 89c1475b2e0..c93db613475 100644 --- a/staging/src/k8s.io/api/admissionregistration/v1/generated.proto +++ b/staging/src/k8s.io/api/admissionregistration/v1/generated.proto @@ -872,6 +872,7 @@ message TypeChecking { } // ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it. +// +k8s:supportsSubresource="/status" message ValidatingAdmissionPolicy { // metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. // +optional diff --git a/staging/src/k8s.io/api/admissionregistration/v1/types.go b/staging/src/k8s.io/api/admissionregistration/v1/types.go index f7a07b64534..12511ea9e58 100644 --- a/staging/src/k8s.io/api/admissionregistration/v1/types.go +++ b/staging/src/k8s.io/api/admissionregistration/v1/types.go @@ -139,6 +139,7 @@ const ( // +k8s:prerelease-lifecycle-gen:introduced=1.30 // ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it. +// +k8s:supportsSubresource="/status" type ValidatingAdmissionPolicy struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. diff --git a/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.proto b/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.proto index 57c7cd2b1db..fd2e0bc1f33 100644 --- a/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.proto +++ b/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.proto @@ -594,6 +594,7 @@ message TypeChecking { } // ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it. +// +k8s:supportsSubresource="/status" message ValidatingAdmissionPolicy { // metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. // +optional diff --git a/staging/src/k8s.io/api/admissionregistration/v1alpha1/types.go b/staging/src/k8s.io/api/admissionregistration/v1alpha1/types.go index 6a789b2d7f7..235e87e4891 100644 --- a/staging/src/k8s.io/api/admissionregistration/v1alpha1/types.go +++ b/staging/src/k8s.io/api/admissionregistration/v1alpha1/types.go @@ -81,6 +81,7 @@ const ( // +k8s:prerelease-lifecycle-gen:introduced=1.26 // ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it. +// +k8s:supportsSubresource="/status" type ValidatingAdmissionPolicy struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. diff --git a/staging/src/k8s.io/api/admissionregistration/v1beta1/generated.proto b/staging/src/k8s.io/api/admissionregistration/v1beta1/generated.proto index 5fcb74f8bae..9b742269771 100644 --- a/staging/src/k8s.io/api/admissionregistration/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/admissionregistration/v1beta1/generated.proto @@ -820,6 +820,7 @@ message TypeChecking { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=1.28 // ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it. +// +k8s:supportsSubresource="/status" message ValidatingAdmissionPolicy { // metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. // +optional diff --git a/staging/src/k8s.io/api/admissionregistration/v1beta1/types.go b/staging/src/k8s.io/api/admissionregistration/v1beta1/types.go index 734a606f4b0..d1160e9602b 100644 --- a/staging/src/k8s.io/api/admissionregistration/v1beta1/types.go +++ b/staging/src/k8s.io/api/admissionregistration/v1beta1/types.go @@ -93,6 +93,7 @@ const ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=1.28 // ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it. +// +k8s:supportsSubresource="/status" type ValidatingAdmissionPolicy struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. diff --git a/staging/src/k8s.io/api/apiserverinternal/v1alpha1/generated.proto b/staging/src/k8s.io/api/apiserverinternal/v1alpha1/generated.proto index e8f8c339df9..73f007a6517 100644 --- a/staging/src/k8s.io/api/apiserverinternal/v1alpha1/generated.proto +++ b/staging/src/k8s.io/api/apiserverinternal/v1alpha1/generated.proto @@ -55,6 +55,7 @@ message ServerStorageVersion { } // Storage version of a specific resource. +// +k8s:supportsSubresource="/status" message StorageVersion { // metadata is the standard object metadata. // The name is .. diff --git a/staging/src/k8s.io/api/apiserverinternal/v1alpha1/types.go b/staging/src/k8s.io/api/apiserverinternal/v1alpha1/types.go index 69c21fd3c45..88c84044373 100644 --- a/staging/src/k8s.io/api/apiserverinternal/v1alpha1/types.go +++ b/staging/src/k8s.io/api/apiserverinternal/v1alpha1/types.go @@ -25,6 +25,7 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Storage version of a specific resource. +// +k8s:supportsSubresource="/status" type StorageVersion struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object metadata. diff --git a/staging/src/k8s.io/api/apps/v1/generated.proto b/staging/src/k8s.io/api/apps/v1/generated.proto index 42d5415c2fc..5a6bbef8a92 100644 --- a/staging/src/k8s.io/api/apps/v1/generated.proto +++ b/staging/src/k8s.io/api/apps/v1/generated.proto @@ -63,6 +63,7 @@ message ControllerRevisionList { } // DaemonSet represents the configuration of a daemon set. +// +k8s:supportsSubresource="/status" message DaemonSet { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -221,6 +222,7 @@ message DaemonSetUpdateStrategy { } // Deployment enables declarative updates for Pods and ReplicaSets. +// +k8s:supportsSubresource="/status" message Deployment { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -377,6 +379,7 @@ message DeploymentStrategy { } // ReplicaSet ensures that a specified number of pod replicas are running at any given time. +// +k8s:supportsSubresource="/status" message ReplicaSet { // If the Labels of a ReplicaSet are empty, they are defaulted to // be the same as the Pod(s) that the ReplicaSet manages. @@ -598,6 +601,7 @@ message RollingUpdateStatefulSetStrategy { // // The StatefulSet guarantees that a given network identity will always // map to the same storage identity. +// +k8s:supportsSubresource="/status" message StatefulSet { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/apps/v1/types.go b/staging/src/k8s.io/api/apps/v1/types.go index b8989c14063..046274e9654 100644 --- a/staging/src/k8s.io/api/apps/v1/types.go +++ b/staging/src/k8s.io/api/apps/v1/types.go @@ -46,6 +46,7 @@ const ( // // The StatefulSet guarantees that a given network identity will always // map to the same storage identity. +// +k8s:supportsSubresource="/status" type StatefulSet struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -359,6 +360,7 @@ type StatefulSetList struct { // +k8s:prerelease-lifecycle-gen:introduced=1.9 // Deployment enables declarative updates for Pods and ReplicaSets. +// +k8s:supportsSubresource="/status" type Deployment struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -762,6 +764,7 @@ type DaemonSetCondition struct { // +k8s:prerelease-lifecycle-gen:introduced=1.9 // DaemonSet represents the configuration of a daemon set. +// +k8s:supportsSubresource="/status" type DaemonSet struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -813,6 +816,7 @@ type DaemonSetList struct { // +k8s:prerelease-lifecycle-gen:introduced=1.9 // ReplicaSet ensures that a specified number of pod replicas are running at any given time. +// +k8s:supportsSubresource="/status" type ReplicaSet struct { metav1.TypeMeta `json:",inline"` diff --git a/staging/src/k8s.io/api/apps/v1beta1/generated.proto b/staging/src/k8s.io/api/apps/v1beta1/generated.proto index c6f0628e0c0..9826d5303db 100644 --- a/staging/src/k8s.io/api/apps/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/apps/v1beta1/generated.proto @@ -67,6 +67,7 @@ message ControllerRevisionList { // DEPRECATED - This group version of Deployment is deprecated by apps/v1beta2/Deployment. See the release notes for // more information. // Deployment enables declarative updates for Pods and ReplicaSets. +// +k8s:supportsSubresource="/status" message Deployment { // Standard object metadata. // +optional @@ -352,6 +353,7 @@ message ScaleStatus { // // The StatefulSet guarantees that a given network identity will always // map to the same storage identity. +// +k8s:supportsSubresource="/status" message StatefulSet { // +optional optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; diff --git a/staging/src/k8s.io/api/apps/v1beta1/types.go b/staging/src/k8s.io/api/apps/v1beta1/types.go index 4e67338e36a..67e17aceeee 100644 --- a/staging/src/k8s.io/api/apps/v1beta1/types.go +++ b/staging/src/k8s.io/api/apps/v1beta1/types.go @@ -97,6 +97,7 @@ type Scale struct { // // The StatefulSet guarantees that a given network identity will always // map to the same storage identity. +// +k8s:supportsSubresource="/status" type StatefulSet struct { metav1.TypeMeta `json:",inline"` // +optional @@ -403,6 +404,7 @@ type StatefulSetList struct { // DEPRECATED - This group version of Deployment is deprecated by apps/v1beta2/Deployment. See the release notes for // more information. // Deployment enables declarative updates for Pods and ReplicaSets. +// +k8s:supportsSubresource="/status" type Deployment struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. diff --git a/staging/src/k8s.io/api/apps/v1beta2/generated.proto b/staging/src/k8s.io/api/apps/v1beta2/generated.proto index d680c9663e0..4cf242db7f8 100644 --- a/staging/src/k8s.io/api/apps/v1beta2/generated.proto +++ b/staging/src/k8s.io/api/apps/v1beta2/generated.proto @@ -67,6 +67,7 @@ message ControllerRevisionList { // DEPRECATED - This group version of DaemonSet is deprecated by apps/v1/DaemonSet. See the release notes for // more information. // DaemonSet represents the configuration of a daemon set. +// +k8s:supportsSubresource="/status" message DaemonSet { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -227,6 +228,7 @@ message DaemonSetUpdateStrategy { // DEPRECATED - This group version of Deployment is deprecated by apps/v1/Deployment. See the release notes for // more information. // Deployment enables declarative updates for Pods and ReplicaSets. +// +k8s:supportsSubresource="/status" message Deployment { // Standard object metadata. // +optional @@ -384,6 +386,7 @@ message DeploymentStrategy { // DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1/ReplicaSet. See the release notes for // more information. // ReplicaSet ensures that a specified number of pod replicas are running at any given time. +// +k8s:supportsSubresource="/status" message ReplicaSet { // If the Labels of a ReplicaSet are empty, they are defaulted to // be the same as the Pod(s) that the ReplicaSet manages. @@ -651,6 +654,7 @@ message ScaleStatus { // // The StatefulSet guarantees that a given network identity will always // map to the same storage identity. +// +k8s:supportsSubresource="/status" message StatefulSet { // +optional optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; diff --git a/staging/src/k8s.io/api/apps/v1beta2/types.go b/staging/src/k8s.io/api/apps/v1beta2/types.go index d4d4a7e0dc4..b987c1d7ac1 100644 --- a/staging/src/k8s.io/api/apps/v1beta2/types.go +++ b/staging/src/k8s.io/api/apps/v1beta2/types.go @@ -103,6 +103,7 @@ type Scale struct { // // The StatefulSet guarantees that a given network identity will always // map to the same storage identity. +// +k8s:supportsSubresource="/status" type StatefulSet struct { metav1.TypeMeta `json:",inline"` // +optional @@ -413,6 +414,7 @@ type StatefulSetList struct { // DEPRECATED - This group version of Deployment is deprecated by apps/v1/Deployment. See the release notes for // more information. // Deployment enables declarative updates for Pods and ReplicaSets. +// +k8s:supportsSubresource="/status" type Deployment struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. @@ -821,6 +823,7 @@ type DaemonSetCondition struct { // DEPRECATED - This group version of DaemonSet is deprecated by apps/v1/DaemonSet. See the release notes for // more information. // DaemonSet represents the configuration of a daemon set. +// +k8s:supportsSubresource="/status" type DaemonSet struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -877,6 +880,7 @@ type DaemonSetList struct { // DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1/ReplicaSet. See the release notes for // more information. // ReplicaSet ensures that a specified number of pod replicas are running at any given time. +// +k8s:supportsSubresource="/status" type ReplicaSet struct { metav1.TypeMeta `json:",inline"` diff --git a/staging/src/k8s.io/api/authentication/v1/generated.proto b/staging/src/k8s.io/api/authentication/v1/generated.proto index 82ff7c3c51f..9ffbf3fd662 100644 --- a/staging/src/k8s.io/api/authentication/v1/generated.proto +++ b/staging/src/k8s.io/api/authentication/v1/generated.proto @@ -59,6 +59,7 @@ message ExtraValue { // SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. // When using impersonation, users will receive the user info of the user being impersonated. If impersonation or // request header authentication is used, any extra keys will have their case ignored and returned as lowercase. +// +k8s:supportsSubresource="/status" message SelfSubjectReview { // metadata is standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -134,6 +135,7 @@ message TokenRequestStatus { // TokenReview attempts to authenticate a token to a known user. // Note: TokenReview requests may be cached by the webhook token authenticator // plugin in the kube-apiserver. +// +k8s:supportsSubresource="/status" message TokenReview { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/authentication/v1/types.go b/staging/src/k8s.io/api/authentication/v1/types.go index c28bded50a7..d73877ceb69 100644 --- a/staging/src/k8s.io/api/authentication/v1/types.go +++ b/staging/src/k8s.io/api/authentication/v1/types.go @@ -50,6 +50,7 @@ const ( // TokenReview attempts to authenticate a token to a known user. // Note: TokenReview requests may be cached by the webhook token authenticator // plugin in the kube-apiserver. +// +k8s:supportsSubresource="/status" type TokenReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object's metadata. @@ -218,6 +219,7 @@ type BoundObjectReference struct { // SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. // When using impersonation, users will receive the user info of the user being impersonated. If impersonation or // request header authentication is used, any extra keys will have their case ignored and returned as lowercase. +// +k8s:supportsSubresource="/status" type SelfSubjectReview struct { metav1.TypeMeta `json:",inline"` // metadata is standard object's metadata. diff --git a/staging/src/k8s.io/api/authentication/v1alpha1/generated.proto b/staging/src/k8s.io/api/authentication/v1alpha1/generated.proto index 2bf836d730a..19cc7c83a97 100644 --- a/staging/src/k8s.io/api/authentication/v1alpha1/generated.proto +++ b/staging/src/k8s.io/api/authentication/v1alpha1/generated.proto @@ -32,6 +32,7 @@ option go_package = "k8s.io/api/authentication/v1alpha1"; // SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. // When using impersonation, users will receive the user info of the user being impersonated. If impersonation or // request header authentication is used, any extra keys will have their case ignored and returned as lowercase. +// +k8s:supportsSubresource="/status" message SelfSubjectReview { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/authentication/v1alpha1/types.go b/staging/src/k8s.io/api/authentication/v1alpha1/types.go index 7e02470c96a..ab507533341 100644 --- a/staging/src/k8s.io/api/authentication/v1alpha1/types.go +++ b/staging/src/k8s.io/api/authentication/v1alpha1/types.go @@ -30,6 +30,7 @@ import ( // SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. // When using impersonation, users will receive the user info of the user being impersonated. If impersonation or // request header authentication is used, any extra keys will have their case ignored and returned as lowercase. +// +k8s:supportsSubresource="/status" type SelfSubjectReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object's metadata. diff --git a/staging/src/k8s.io/api/authentication/v1beta1/generated.proto b/staging/src/k8s.io/api/authentication/v1beta1/generated.proto index 999c65156de..b10f6861740 100644 --- a/staging/src/k8s.io/api/authentication/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/authentication/v1beta1/generated.proto @@ -41,6 +41,7 @@ message ExtraValue { // SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. // When using impersonation, users will receive the user info of the user being impersonated. If impersonation or // request header authentication is used, any extra keys will have their case ignored and returned as lowercase. +// +k8s:supportsSubresource="/status" message SelfSubjectReview { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -62,6 +63,7 @@ message SelfSubjectReviewStatus { // TokenReview attempts to authenticate a token to a known user. // Note: TokenReview requests may be cached by the webhook token authenticator // plugin in the kube-apiserver. +// +k8s:supportsSubresource="/status" message TokenReview { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/authentication/v1beta1/types.go b/staging/src/k8s.io/api/authentication/v1beta1/types.go index 33dacdb7230..7e135629afb 100644 --- a/staging/src/k8s.io/api/authentication/v1beta1/types.go +++ b/staging/src/k8s.io/api/authentication/v1beta1/types.go @@ -34,6 +34,7 @@ import ( // TokenReview attempts to authenticate a token to a known user. // Note: TokenReview requests may be cached by the webhook token authenticator // plugin in the kube-apiserver. +// +k8s:supportsSubresource="/status" type TokenReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object's metadata. @@ -128,6 +129,7 @@ func (t ExtraValue) String() string { // SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. // When using impersonation, users will receive the user info of the user being impersonated. If impersonation or // request header authentication is used, any extra keys will have their case ignored and returned as lowercase. +// +k8s:supportsSubresource="/status" type SelfSubjectReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object's metadata. diff --git a/staging/src/k8s.io/api/authorization/v1/generated.proto b/staging/src/k8s.io/api/authorization/v1/generated.proto index c47449f911b..7f97bde1261 100644 --- a/staging/src/k8s.io/api/authorization/v1/generated.proto +++ b/staging/src/k8s.io/api/authorization/v1/generated.proto @@ -94,6 +94,7 @@ message LabelSelectorAttributes { // LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. // Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions // checking. +// +k8s:supportsSubresource="/status" message LocalSubjectAccessReview { // metadata is the standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -203,6 +204,7 @@ message ResourceRule { // SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a // spec.namespace means "in all namespaces". Self is a special case, because users should always be able // to check whether they can perform an action +// +k8s:supportsSubresource="/status" message SelfSubjectAccessReview { // metadata is the standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -235,6 +237,7 @@ message SelfSubjectAccessReviewSpec { // or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to // drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. // SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server. +// +k8s:supportsSubresource="/status" message SelfSubjectRulesReview { // metadata is the standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -256,6 +259,7 @@ message SelfSubjectRulesReviewSpec { } // SubjectAccessReview checks whether or not a user or group can perform an action. +// +k8s:supportsSubresource="/status" message SubjectAccessReview { // metadata is the standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/authorization/v1/types.go b/staging/src/k8s.io/api/authorization/v1/types.go index dcc9b0f853b..08eda1b80c1 100644 --- a/staging/src/k8s.io/api/authorization/v1/types.go +++ b/staging/src/k8s.io/api/authorization/v1/types.go @@ -29,6 +29,7 @@ import ( // +k8s:prerelease-lifecycle-gen:introduced=1.6 // SubjectAccessReview checks whether or not a user or group can perform an action. +// +k8s:supportsSubresource="/status" type SubjectAccessReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard list metadata. @@ -53,6 +54,7 @@ type SubjectAccessReview struct { // SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a // spec.namespace means "in all namespaces". Self is a special case, because users should always be able // to check whether they can perform an action +// +k8s:supportsSubresource="/status" type SelfSubjectAccessReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard list metadata. @@ -76,6 +78,7 @@ type SelfSubjectAccessReview struct { // LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. // Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions // checking. +// +k8s:supportsSubresource="/status" type LocalSubjectAccessReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard list metadata. @@ -269,6 +272,7 @@ type SubjectAccessReviewStatus struct { // or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to // drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. // SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server. +// +k8s:supportsSubresource="/status" type SelfSubjectRulesReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard list metadata. diff --git a/staging/src/k8s.io/api/authorization/v1beta1/generated.proto b/staging/src/k8s.io/api/authorization/v1beta1/generated.proto index 8095ab4dbbe..8ce5c404b28 100644 --- a/staging/src/k8s.io/api/authorization/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/authorization/v1beta1/generated.proto @@ -41,6 +41,7 @@ message ExtraValue { // LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. // Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions // checking. +// +k8s:supportsSubresource="/status" message LocalSubjectAccessReview { // metadata is the standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -150,6 +151,7 @@ message ResourceRule { // SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a // spec.namespace means "in all namespaces". Self is a special case, because users should always be able // to check whether they can perform an action +// +k8s:supportsSubresource="/status" message SelfSubjectAccessReview { // metadata is the standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -182,6 +184,7 @@ message SelfSubjectAccessReviewSpec { // or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to // drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. // SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server. +// +k8s:supportsSubresource="/status" message SelfSubjectRulesReview { // metadata is the standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -203,6 +206,7 @@ message SelfSubjectRulesReviewSpec { } // SubjectAccessReview checks whether or not a user or group can perform an action. +// +k8s:supportsSubresource="/status" message SubjectAccessReview { // metadata is the standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/authorization/v1beta1/types.go b/staging/src/k8s.io/api/authorization/v1beta1/types.go index 204559fd205..f07bd7d9e74 100644 --- a/staging/src/k8s.io/api/authorization/v1beta1/types.go +++ b/staging/src/k8s.io/api/authorization/v1beta1/types.go @@ -32,6 +32,7 @@ import ( // +k8s:prerelease-lifecycle-gen:replacement=authorization.k8s.io,v1,SubjectAccessReview // SubjectAccessReview checks whether or not a user or group can perform an action. +// +k8s:supportsSubresource="/status" type SubjectAccessReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard list metadata. @@ -58,6 +59,7 @@ type SubjectAccessReview struct { // SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a // spec.namespace means "in all namespaces". Self is a special case, because users should always be able // to check whether they can perform an action +// +k8s:supportsSubresource="/status" type SelfSubjectAccessReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard list metadata. @@ -83,6 +85,7 @@ type SelfSubjectAccessReview struct { // LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. // Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions // checking. +// +k8s:supportsSubresource="/status" type LocalSubjectAccessReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard list metadata. @@ -224,6 +227,7 @@ type SubjectAccessReviewStatus struct { // or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to // drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. // SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server. +// +k8s:supportsSubresource="/status" type SelfSubjectRulesReview struct { metav1.TypeMeta `json:",inline"` // metadata is the standard list metadata. diff --git a/staging/src/k8s.io/api/autoscaling/v1/generated.proto b/staging/src/k8s.io/api/autoscaling/v1/generated.proto index 6ef1facb6ae..6540c829876 100644 --- a/staging/src/k8s.io/api/autoscaling/v1/generated.proto +++ b/staging/src/k8s.io/api/autoscaling/v1/generated.proto @@ -142,6 +142,7 @@ message ExternalMetricStatus { } // configuration of a horizontal pod autoscaler. +// +k8s:supportsSubresource="/status" message HorizontalPodAutoscaler { // Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata // +optional diff --git a/staging/src/k8s.io/api/autoscaling/v1/types.go b/staging/src/k8s.io/api/autoscaling/v1/types.go index 97222afc080..14ca3737eb9 100644 --- a/staging/src/k8s.io/api/autoscaling/v1/types.go +++ b/staging/src/k8s.io/api/autoscaling/v1/types.go @@ -92,6 +92,7 @@ type HorizontalPodAutoscalerStatus struct { // +k8s:prerelease-lifecycle-gen:introduced=1.2 // configuration of a horizontal pod autoscaler. +// +k8s:supportsSubresource="/status" type HorizontalPodAutoscaler struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/autoscaling/v2/generated.proto b/staging/src/k8s.io/api/autoscaling/v2/generated.proto index f56b8c749d5..b0c49c594ff 100644 --- a/staging/src/k8s.io/api/autoscaling/v2/generated.proto +++ b/staging/src/k8s.io/api/autoscaling/v2/generated.proto @@ -167,6 +167,7 @@ message HPAScalingRules { // HorizontalPodAutoscaler is the configuration for a horizontal pod // autoscaler, which automatically manages the replica count of any resource // implementing the scale subresource based on the metrics specified. +// +k8s:supportsSubresource="/status" message HorizontalPodAutoscaler { // metadata is the standard object metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/autoscaling/v2/types.go b/staging/src/k8s.io/api/autoscaling/v2/types.go index ad10169a01c..6a107b7c94e 100644 --- a/staging/src/k8s.io/api/autoscaling/v2/types.go +++ b/staging/src/k8s.io/api/autoscaling/v2/types.go @@ -31,6 +31,7 @@ import ( // HorizontalPodAutoscaler is the configuration for a horizontal pod // autoscaler, which automatically manages the replica count of any resource // implementing the scale subresource based on the metrics specified. +// +k8s:supportsSubresource="/status" type HorizontalPodAutoscaler struct { metav1.TypeMeta `json:",inline"` // metadata is the standard object metadata. diff --git a/staging/src/k8s.io/api/batch/v1/generated.proto b/staging/src/k8s.io/api/batch/v1/generated.proto index 5c35012852e..b8cacea53f2 100644 --- a/staging/src/k8s.io/api/batch/v1/generated.proto +++ b/staging/src/k8s.io/api/batch/v1/generated.proto @@ -30,6 +30,7 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; option go_package = "k8s.io/api/batch/v1"; // CronJob represents the configuration of a single cron job. +// +k8s:supportsSubresource="/status" message CronJob { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -127,6 +128,7 @@ message CronJobStatus { } // Job represents the configuration of a single job. +// +k8s:supportsSubresource="/status" message Job { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/batch/v1/types.go b/staging/src/k8s.io/api/batch/v1/types.go index d4894e2ef62..08313890ef1 100644 --- a/staging/src/k8s.io/api/batch/v1/types.go +++ b/staging/src/k8s.io/api/batch/v1/types.go @@ -66,6 +66,7 @@ const ( // +k8s:prerelease-lifecycle-gen:introduced=1.2 // Job represents the configuration of a single job. +// +k8s:supportsSubresource="/status" type Job struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -677,6 +678,7 @@ type JobTemplateSpec struct { // +k8s:prerelease-lifecycle-gen:introduced=1.21 // CronJob represents the configuration of a single cron job. +// +k8s:supportsSubresource="/status" type CronJob struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. diff --git a/staging/src/k8s.io/api/batch/v1beta1/generated.proto b/staging/src/k8s.io/api/batch/v1beta1/generated.proto index 47000470c64..91c0f39a359 100644 --- a/staging/src/k8s.io/api/batch/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/batch/v1beta1/generated.proto @@ -31,6 +31,7 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; option go_package = "k8s.io/api/batch/v1beta1"; // CronJob represents the configuration of a single cron job. +// +k8s:supportsSubresource="/status" message CronJob { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/batch/v1beta1/types.go b/staging/src/k8s.io/api/batch/v1beta1/types.go index 9e1a1b4704b..b410e383eb9 100644 --- a/staging/src/k8s.io/api/batch/v1beta1/types.go +++ b/staging/src/k8s.io/api/batch/v1beta1/types.go @@ -43,6 +43,7 @@ type JobTemplateSpec struct { // +k8s:prerelease-lifecycle-gen:replacement=batch,v1,CronJob // CronJob represents the configuration of a single cron job. +// +k8s:supportsSubresource="/status" type CronJob struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. diff --git a/staging/src/k8s.io/api/certificates/v1beta1/generated.proto b/staging/src/k8s.io/api/certificates/v1beta1/generated.proto index cc46dee16d1..8d8712cb8a5 100644 --- a/staging/src/k8s.io/api/certificates/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/certificates/v1beta1/generated.proto @@ -282,6 +282,7 @@ message ExtraValue { // signer. // // Kubelets use this API to implement podCertificate projected volumes +// +k8s:supportsSubresource="/status" message PodCertificateRequest { // metadata contains the object metadata. // diff --git a/staging/src/k8s.io/api/certificates/v1beta1/types.go b/staging/src/k8s.io/api/certificates/v1beta1/types.go index e8ffa41e6d2..45c6ee73633 100644 --- a/staging/src/k8s.io/api/certificates/v1beta1/types.go +++ b/staging/src/k8s.io/api/certificates/v1beta1/types.go @@ -365,6 +365,7 @@ type ClusterTrustBundleList struct { // signer. // // Kubelets use this API to implement podCertificate projected volumes +// +k8s:supportsSubresource="/status" type PodCertificateRequest struct { metav1.TypeMeta `json:",inline"` diff --git a/staging/src/k8s.io/api/core/v1/generated.proto b/staging/src/k8s.io/api/core/v1/generated.proto index 931f87332fb..5087ecd2f13 100644 --- a/staging/src/k8s.io/api/core/v1/generated.proto +++ b/staging/src/k8s.io/api/core/v1/generated.proto @@ -2557,6 +2557,7 @@ message NFSVolumeSource { // Namespace provides a scope for Names. // Use of multiple namespaces is optional. +// +k8s:supportsSubresource="/status" message Namespace { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -2634,6 +2635,8 @@ message NamespaceStatus { // Node is a worker node in Kubernetes. // Each node will have a unique identifier in the cache (i.e. in etcd). +// +k8s:supportsSubresource="/status" +// +k8s:supportsSubresource="/proxy" message Node { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -3135,6 +3138,7 @@ message ObjectReference { // PersistentVolume (PV) is a storage resource provisioned by an administrator. // It is analogous to a node. // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes +// +k8s:supportsSubresource="/status" message PersistentVolume { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -3156,6 +3160,7 @@ message PersistentVolume { } // PersistentVolumeClaim is a user's request for and claim to a persistent volume +// +k8s:supportsSubresource="/status" message PersistentVolumeClaim { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -3675,6 +3680,8 @@ message PhotonPersistentDiskVolumeSource { // Pod is a collection of containers that can run on a host. This resource is created // by clients and scheduled onto hosts. +// +k8s:supportsSubresource="/status" +// +k8s:supportsSubresource="/ephemeralcontainers" message Pod { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -5548,6 +5555,7 @@ message ResourceHealth { } // ResourceQuota sets aggregate quota restrictions enforced per namespace +// +k8s:supportsSubresource="/status" message ResourceQuota { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -6075,6 +6083,8 @@ message SerializedReference { // Service is a named abstraction of software service (for example, mysql) consisting of local port // (for example 3306) that the proxy listens on, and the selector that determines which pods // will answer requests sent through the proxy. +// +k8s:supportsSubresource="/status" +// +k8s:supportsSubresource="/proxy" message Service { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/core/v1/types.go b/staging/src/k8s.io/api/core/v1/types.go index a6b1160d56c..046afacd5cc 100644 --- a/staging/src/k8s.io/api/core/v1/types.go +++ b/staging/src/k8s.io/api/core/v1/types.go @@ -360,6 +360,7 @@ const ( // PersistentVolume (PV) is a storage resource provisioned by an administrator. // It is analogous to a node. // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes +// +k8s:supportsSubresource="/status" type PersistentVolume struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -510,6 +511,7 @@ type PersistentVolumeList struct { // +k8s:prerelease-lifecycle-gen:introduced=1.0 // PersistentVolumeClaim is a user's request for and claim to a persistent volume +// +k8s:supportsSubresource="/status" type PersistentVolumeClaim struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -5506,6 +5508,8 @@ type PodStatusResult struct { // Pod is a collection of containers that can run on a host. This resource is created // by clients and scheduled onto hosts. +// +k8s:supportsSubresource="/status" +// +k8s:supportsSubresource="/ephemeralcontainers" type Pod struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -5698,6 +5702,7 @@ type ReplicationControllerCondition struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +k8s:prerelease-lifecycle-gen:introduced=1.0 // +k8s:supportsSubresource="/scale" +// +k8s:supportsSubresource="/status" // ReplicationController represents the configuration of a replication controller. type ReplicationController struct { @@ -6294,6 +6299,8 @@ type ServicePort struct { // Service is a named abstraction of software service (for example, mysql) consisting of local port // (for example 3306) that the proxy listens on, and the selector that determines which pods // will answer requests sent through the proxy. +// +k8s:supportsSubresource="/status" +// +k8s:supportsSubresource="/proxy" type Service struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -7029,6 +7036,8 @@ type ResourceList map[ResourceName]resource.Quantity // Node is a worker node in Kubernetes. // Each node will have a unique identifier in the cache (i.e. in etcd). +// +k8s:supportsSubresource="/status" +// +k8s:supportsSubresource="/proxy" type Node struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -7156,6 +7165,7 @@ type NamespaceCondition struct { // Namespace provides a scope for Names. // Use of multiple namespaces is optional. +// +k8s:supportsSubresource="/status" type Namespace struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -7891,6 +7901,7 @@ type ResourceQuotaStatus struct { // +k8s:prerelease-lifecycle-gen:introduced=1.0 // ResourceQuota sets aggregate quota restrictions enforced per namespace +// +k8s:supportsSubresource="/status" type ResourceQuota struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. diff --git a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto index f090306686a..7303a214d46 100644 --- a/staging/src/k8s.io/api/extensions/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/extensions/v1beta1/generated.proto @@ -33,6 +33,7 @@ option go_package = "k8s.io/api/extensions/v1beta1"; // DEPRECATED - This group version of DaemonSet is deprecated by apps/v1beta2/DaemonSet. See the release notes for // more information. // DaemonSet represents the configuration of a daemon set. +// +k8s:supportsSubresource="/status" message DaemonSet { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -202,6 +203,7 @@ message DaemonSetUpdateStrategy { // DEPRECATED - This group version of Deployment is deprecated by apps/v1beta2/Deployment. See the release notes for // more information. // Deployment enables declarative updates for Pods and ReplicaSets. +// +k8s:supportsSubresource="/status" message Deployment { // Standard object metadata. // +optional @@ -445,6 +447,7 @@ message IPBlock { // externally-reachable urls, load balance traffic, terminate SSL, offer name // based virtual hosting etc. // DEPRECATED - This group version of Ingress is deprecated by networking.k8s.io/v1beta1 Ingress. See the release notes for more information. +// +k8s:supportsSubresource="/status" message Ingress { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -827,6 +830,7 @@ message NetworkPolicySpec { // DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for // more information. // ReplicaSet ensures that a specified number of pod replicas are running at any given time. +// +k8s:supportsSubresource="/status" message ReplicaSet { // If the Labels of a ReplicaSet are empty, they are defaulted to // be the same as the Pod(s) that the ReplicaSet manages. diff --git a/staging/src/k8s.io/api/extensions/v1beta1/types.go b/staging/src/k8s.io/api/extensions/v1beta1/types.go index 09d143ea604..d8cdad8317e 100644 --- a/staging/src/k8s.io/api/extensions/v1beta1/types.go +++ b/staging/src/k8s.io/api/extensions/v1beta1/types.go @@ -88,6 +88,7 @@ type Scale struct { // DEPRECATED - This group version of Deployment is deprecated by apps/v1beta2/Deployment. See the release notes for // more information. // Deployment enables declarative updates for Pods and ReplicaSets. +// +k8s:supportsSubresource="/status" type Deployment struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. @@ -539,6 +540,7 @@ type DaemonSetCondition struct { // DEPRECATED - This group version of DaemonSet is deprecated by apps/v1beta2/DaemonSet. See the release notes for // more information. // DaemonSet represents the configuration of a daemon set. +// +k8s:supportsSubresource="/status" type DaemonSet struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -603,6 +605,7 @@ type DaemonSetList struct { // externally-reachable urls, load balance traffic, terminate SSL, offer name // based virtual hosting etc. // DEPRECATED - This group version of Ingress is deprecated by networking.k8s.io/v1beta1 Ingress. See the release notes for more information. +// +k8s:supportsSubresource="/status" type Ingress struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -914,6 +917,7 @@ type IngressBackend struct { // DEPRECATED - This group version of ReplicaSet is deprecated by apps/v1beta2/ReplicaSet. See the release notes for // more information. // ReplicaSet ensures that a specified number of pod replicas are running at any given time. +// +k8s:supportsSubresource="/status" type ReplicaSet struct { metav1.TypeMeta `json:",inline"` diff --git a/staging/src/k8s.io/api/flowcontrol/v1/generated.proto b/staging/src/k8s.io/api/flowcontrol/v1/generated.proto index 22ffea2c889..eaea7d6005b 100644 --- a/staging/src/k8s.io/api/flowcontrol/v1/generated.proto +++ b/staging/src/k8s.io/api/flowcontrol/v1/generated.proto @@ -72,6 +72,7 @@ message FlowDistinguisherMethod { // FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with // similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". +// +k8s:supportsSubresource="/status" message FlowSchema { // `metadata` is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -302,6 +303,7 @@ message PolicyRulesWithSubjects { } // PriorityLevelConfiguration represents the configuration of a priority level. +// +k8s:supportsSubresource="/status" message PriorityLevelConfiguration { // `metadata` is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/flowcontrol/v1/types.go b/staging/src/k8s.io/api/flowcontrol/v1/types.go index 8ea8491db78..59d842b4f09 100644 --- a/staging/src/k8s.io/api/flowcontrol/v1/types.go +++ b/staging/src/k8s.io/api/flowcontrol/v1/types.go @@ -110,6 +110,7 @@ const ( // FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with // similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". +// +k8s:supportsSubresource="/status" type FlowSchema struct { metav1.TypeMeta `json:",inline"` // `metadata` is the standard object's metadata. @@ -386,6 +387,7 @@ type FlowSchemaConditionType string // +k8s:prerelease-lifecycle-gen:introduced=1.29 // PriorityLevelConfiguration represents the configuration of a priority level. +// +k8s:supportsSubresource="/status" type PriorityLevelConfiguration struct { metav1.TypeMeta `json:",inline"` // `metadata` is the standard object's metadata. diff --git a/staging/src/k8s.io/api/flowcontrol/v1beta1/generated.proto b/staging/src/k8s.io/api/flowcontrol/v1beta1/generated.proto index 6486ac5b32b..bbe4d2c66fb 100644 --- a/staging/src/k8s.io/api/flowcontrol/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/flowcontrol/v1beta1/generated.proto @@ -72,6 +72,7 @@ message FlowDistinguisherMethod { // FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with // similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". +// +k8s:supportsSubresource="/status" message FlowSchema { // `metadata` is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -295,6 +296,7 @@ message PolicyRulesWithSubjects { } // PriorityLevelConfiguration represents the configuration of a priority level. +// +k8s:supportsSubresource="/status" message PriorityLevelConfiguration { // `metadata` is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/flowcontrol/v1beta1/types.go b/staging/src/k8s.io/api/flowcontrol/v1beta1/types.go index 2e24dea0615..0eb1a9c506c 100644 --- a/staging/src/k8s.io/api/flowcontrol/v1beta1/types.go +++ b/staging/src/k8s.io/api/flowcontrol/v1beta1/types.go @@ -111,6 +111,7 @@ const ( // FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with // similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". +// +k8s:supportsSubresource="/status" type FlowSchema struct { metav1.TypeMeta `json:",inline"` // `metadata` is the standard object's metadata. @@ -387,6 +388,7 @@ type FlowSchemaConditionType string // +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta3,PriorityLevelConfiguration // PriorityLevelConfiguration represents the configuration of a priority level. +// +k8s:supportsSubresource="/status" type PriorityLevelConfiguration struct { metav1.TypeMeta `json:",inline"` // `metadata` is the standard object's metadata. diff --git a/staging/src/k8s.io/api/flowcontrol/v1beta2/generated.proto b/staging/src/k8s.io/api/flowcontrol/v1beta2/generated.proto index 148dc3a0756..83cdb5f169a 100644 --- a/staging/src/k8s.io/api/flowcontrol/v1beta2/generated.proto +++ b/staging/src/k8s.io/api/flowcontrol/v1beta2/generated.proto @@ -72,6 +72,7 @@ message FlowDistinguisherMethod { // FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with // similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". +// +k8s:supportsSubresource="/status" message FlowSchema { // `metadata` is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -295,6 +296,7 @@ message PolicyRulesWithSubjects { } // PriorityLevelConfiguration represents the configuration of a priority level. +// +k8s:supportsSubresource="/status" message PriorityLevelConfiguration { // `metadata` is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/flowcontrol/v1beta2/types.go b/staging/src/k8s.io/api/flowcontrol/v1beta2/types.go index 799d663aa93..3ed36d1bfab 100644 --- a/staging/src/k8s.io/api/flowcontrol/v1beta2/types.go +++ b/staging/src/k8s.io/api/flowcontrol/v1beta2/types.go @@ -111,6 +111,7 @@ const ( // FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with // similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". +// +k8s:supportsSubresource="/status" type FlowSchema struct { metav1.TypeMeta `json:",inline"` // `metadata` is the standard object's metadata. @@ -387,6 +388,7 @@ type FlowSchemaConditionType string // +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1beta3,PriorityLevelConfiguration // PriorityLevelConfiguration represents the configuration of a priority level. +// +k8s:supportsSubresource="/status" type PriorityLevelConfiguration struct { metav1.TypeMeta `json:",inline"` // `metadata` is the standard object's metadata. diff --git a/staging/src/k8s.io/api/flowcontrol/v1beta3/generated.proto b/staging/src/k8s.io/api/flowcontrol/v1beta3/generated.proto index f70ec8e8c07..3260468a545 100644 --- a/staging/src/k8s.io/api/flowcontrol/v1beta3/generated.proto +++ b/staging/src/k8s.io/api/flowcontrol/v1beta3/generated.proto @@ -72,6 +72,7 @@ message FlowDistinguisherMethod { // FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with // similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". +// +k8s:supportsSubresource="/status" message FlowSchema { // `metadata` is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -297,6 +298,7 @@ message PolicyRulesWithSubjects { } // PriorityLevelConfiguration represents the configuration of a priority level. +// +k8s:supportsSubresource="/status" message PriorityLevelConfiguration { // `metadata` is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/flowcontrol/v1beta3/types.go b/staging/src/k8s.io/api/flowcontrol/v1beta3/types.go index 0508b2d93c9..dbecec56941 100644 --- a/staging/src/k8s.io/api/flowcontrol/v1beta3/types.go +++ b/staging/src/k8s.io/api/flowcontrol/v1beta3/types.go @@ -125,6 +125,7 @@ const ( // FlowSchema defines the schema of a group of flows. Note that a flow is made up of a set of inbound API requests with // similar attributes and is identified by a pair of strings: the name of the FlowSchema and a "flow distinguisher". +// +k8s:supportsSubresource="/status" type FlowSchema struct { metav1.TypeMeta `json:",inline"` // `metadata` is the standard object's metadata. @@ -403,6 +404,7 @@ type FlowSchemaConditionType string // +k8s:prerelease-lifecycle-gen:replacement=flowcontrol.apiserver.k8s.io,v1,PriorityLevelConfiguration // PriorityLevelConfiguration represents the configuration of a priority level. +// +k8s:supportsSubresource="/status" type PriorityLevelConfiguration struct { metav1.TypeMeta `json:",inline"` // `metadata` is the standard object's metadata. diff --git a/staging/src/k8s.io/api/imagepolicy/v1alpha1/generated.proto b/staging/src/k8s.io/api/imagepolicy/v1alpha1/generated.proto index 03b1ac45c02..2e3aea22434 100644 --- a/staging/src/k8s.io/api/imagepolicy/v1alpha1/generated.proto +++ b/staging/src/k8s.io/api/imagepolicy/v1alpha1/generated.proto @@ -29,6 +29,7 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; option go_package = "k8s.io/api/imagepolicy/v1alpha1"; // ImageReview checks if the set of images in a pod are allowed. +// +k8s:supportsSubresource="/status" message ImageReview { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/imagepolicy/v1alpha1/types.go b/staging/src/k8s.io/api/imagepolicy/v1alpha1/types.go index cc8f4cf89f2..a93490535e3 100644 --- a/staging/src/k8s.io/api/imagepolicy/v1alpha1/types.go +++ b/staging/src/k8s.io/api/imagepolicy/v1alpha1/types.go @@ -26,6 +26,7 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ImageReview checks if the set of images in a pod are allowed. +// +k8s:supportsSubresource="/status" type ImageReview struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. diff --git a/staging/src/k8s.io/api/networking/v1/generated.proto b/staging/src/k8s.io/api/networking/v1/generated.proto index 26dcfdfcc32..00ae30ea25b 100644 --- a/staging/src/k8s.io/api/networking/v1/generated.proto +++ b/staging/src/k8s.io/api/networking/v1/generated.proto @@ -134,6 +134,7 @@ message IPBlock { // endpoints defined by a backend. An Ingress can be configured to give services // externally-reachable urls, load balance traffic, terminate SSL, offer name // based virtual hosting etc. +// +k8s:supportsSubresource="/status" message Ingress { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -630,6 +631,7 @@ message ServiceBackendPort { // ServiceCIDR defines a range of IP addresses using CIDR format (e.g. 192.168.0.0/24 or 2001:db2::/64). // This range is used to allocate ClusterIPs to Service objects. +// +k8s:supportsSubresource="/status" message ServiceCIDR { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/networking/v1/types.go b/staging/src/k8s.io/api/networking/v1/types.go index a0e737ee15b..58b3692c824 100644 --- a/staging/src/k8s.io/api/networking/v1/types.go +++ b/staging/src/k8s.io/api/networking/v1/types.go @@ -246,6 +246,7 @@ type NetworkPolicyList struct { // endpoints defined by a backend. An Ingress can be configured to give services // externally-reachable urls, load balance traffic, terminate SSL, offer name // based virtual hosting etc. +// +k8s:supportsSubresource="/status" type Ingress struct { metav1.TypeMeta `json:",inline"` @@ -722,6 +723,7 @@ type IPAddressList struct { // ServiceCIDR defines a range of IP addresses using CIDR format (e.g. 192.168.0.0/24 or 2001:db2::/64). // This range is used to allocate ClusterIPs to Service objects. +// +k8s:supportsSubresource="/status" type ServiceCIDR struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. diff --git a/staging/src/k8s.io/api/networking/v1beta1/generated.proto b/staging/src/k8s.io/api/networking/v1beta1/generated.proto index a6944d60346..71430a2b5bc 100644 --- a/staging/src/k8s.io/api/networking/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/networking/v1beta1/generated.proto @@ -117,6 +117,7 @@ message IPAddressSpec { // endpoints defined by a backend. An Ingress can be configured to give services // externally-reachable urls, load balance traffic, terminate SSL, offer name // based virtual hosting etc. +// +k8s:supportsSubresource="/status" message Ingress { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -419,6 +420,7 @@ message ParentReference { // ServiceCIDR defines a range of IP addresses using CIDR format (e.g. 192.168.0.0/24 or 2001:db2::/64). // This range is used to allocate ClusterIPs to Service objects. +// +k8s:supportsSubresource="/status" message ServiceCIDR { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/networking/v1beta1/types.go b/staging/src/k8s.io/api/networking/v1beta1/types.go index 7cd9b2b58b6..e30f77021b9 100644 --- a/staging/src/k8s.io/api/networking/v1beta1/types.go +++ b/staging/src/k8s.io/api/networking/v1beta1/types.go @@ -32,6 +32,7 @@ import ( // endpoints defined by a backend. An Ingress can be configured to give services // externally-reachable urls, load balance traffic, terminate SSL, offer name // based virtual hosting etc. +// +k8s:supportsSubresource="/status" type Ingress struct { metav1.TypeMeta `json:",inline"` @@ -500,6 +501,7 @@ type IPAddressList struct { // ServiceCIDR defines a range of IP addresses using CIDR format (e.g. 192.168.0.0/24 or 2001:db2::/64). // This range is used to allocate ClusterIPs to Service objects. +// +k8s:supportsSubresource="/status" type ServiceCIDR struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. diff --git a/staging/src/k8s.io/api/policy/v1/generated.proto b/staging/src/k8s.io/api/policy/v1/generated.proto index 704cc10b7db..61d8414d6f6 100644 --- a/staging/src/k8s.io/api/policy/v1/generated.proto +++ b/staging/src/k8s.io/api/policy/v1/generated.proto @@ -43,6 +43,7 @@ message Eviction { } // PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods +// +k8s:supportsSubresource="/status" message PodDisruptionBudget { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/policy/v1/types.go b/staging/src/k8s.io/api/policy/v1/types.go index ebf349e3177..62bf5fd7808 100644 --- a/staging/src/k8s.io/api/policy/v1/types.go +++ b/staging/src/k8s.io/api/policy/v1/types.go @@ -174,6 +174,7 @@ const ( // +k8s:prerelease-lifecycle-gen:introduced=1.21 // PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods +// +k8s:supportsSubresource="/status" type PodDisruptionBudget struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. diff --git a/staging/src/k8s.io/api/policy/v1beta1/generated.proto b/staging/src/k8s.io/api/policy/v1beta1/generated.proto index a8200a2d78d..5cc9a417d72 100644 --- a/staging/src/k8s.io/api/policy/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/policy/v1beta1/generated.proto @@ -43,6 +43,7 @@ message Eviction { } // PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods +// +k8s:supportsSubresource="/status" message PodDisruptionBudget { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/policy/v1beta1/types.go b/staging/src/k8s.io/api/policy/v1beta1/types.go index 354c22a3d09..f31ff30a6a0 100644 --- a/staging/src/k8s.io/api/policy/v1beta1/types.go +++ b/staging/src/k8s.io/api/policy/v1beta1/types.go @@ -174,6 +174,7 @@ const ( // +k8s:prerelease-lifecycle-gen:replacement=policy,v1,PodDisruptionBudget // PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods +// +k8s:supportsSubresource="/status" type PodDisruptionBudget struct { metav1.TypeMeta `json:",inline"` diff --git a/staging/src/k8s.io/api/resource/v1alpha3/generated.proto b/staging/src/k8s.io/api/resource/v1alpha3/generated.proto index d6ee3108068..60ad5648ede 100644 --- a/staging/src/k8s.io/api/resource/v1alpha3/generated.proto +++ b/staging/src/k8s.io/api/resource/v1alpha3/generated.proto @@ -142,6 +142,7 @@ message DeviceTaint { // DeviceTaintRule adds one taint to all devices which match the selector. // This has the same effect as if the taint was specified directly // in the ResourceSlice by the DRA driver. +// +k8s:supportsSubresource="/status" message DeviceTaintRule { // Standard object metadata // +optional diff --git a/staging/src/k8s.io/api/resource/v1alpha3/types.go b/staging/src/k8s.io/api/resource/v1alpha3/types.go index 1757c86150c..e7a9fd00fc6 100644 --- a/staging/src/k8s.io/api/resource/v1alpha3/types.go +++ b/staging/src/k8s.io/api/resource/v1alpha3/types.go @@ -203,6 +203,7 @@ const ( // DeviceTaintRule adds one taint to all devices which match the selector. // This has the same effect as if the taint was specified directly // in the ResourceSlice by the DRA driver. +// +k8s:supportsSubresource="/status" type DeviceTaintRule struct { metav1.TypeMeta `json:",inline"` // Standard object metadata diff --git a/staging/src/k8s.io/api/resource/v1beta2/generated.proto b/staging/src/k8s.io/api/resource/v1beta2/generated.proto index cb59f552806..2c2f677f80b 100644 --- a/staging/src/k8s.io/api/resource/v1beta2/generated.proto +++ b/staging/src/k8s.io/api/resource/v1beta2/generated.proto @@ -1238,6 +1238,7 @@ message DeviceTaint { // DeviceTaintRule adds one taint to all devices which match the selector. // This has the same effect as if the taint was specified directly // in the ResourceSlice by the DRA driver. +// +k8s:supportsSubresource="/status" message DeviceTaintRule { // Standard object metadata // +optional diff --git a/staging/src/k8s.io/api/resource/v1beta2/types.go b/staging/src/k8s.io/api/resource/v1beta2/types.go index 2e5777e853c..d53807d8008 100644 --- a/staging/src/k8s.io/api/resource/v1beta2/types.go +++ b/staging/src/k8s.io/api/resource/v1beta2/types.go @@ -852,6 +852,7 @@ const ( // DeviceTaintRule adds one taint to all devices which match the selector. // This has the same effect as if the taint was specified directly // in the ResourceSlice by the DRA driver. +// +k8s:supportsSubresource="/status" type DeviceTaintRule struct { metav1.TypeMeta `json:",inline"` // Standard object metadata diff --git a/staging/src/k8s.io/api/storagemigration/v1beta1/generated.proto b/staging/src/k8s.io/api/storagemigration/v1beta1/generated.proto index d7d08d88c71..ad7b36cea0a 100644 --- a/staging/src/k8s.io/api/storagemigration/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/storagemigration/v1beta1/generated.proto @@ -30,6 +30,7 @@ option go_package = "k8s.io/api/storagemigration/v1beta1"; // StorageVersionMigration represents a migration of stored data to the latest // storage version. +// +k8s:supportsSubresource="/status" message StorageVersionMigration { // Standard object metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/staging/src/k8s.io/api/storagemigration/v1beta1/types.go b/staging/src/k8s.io/api/storagemigration/v1beta1/types.go index 9655f737ae5..63666eb60f1 100644 --- a/staging/src/k8s.io/api/storagemigration/v1beta1/types.go +++ b/staging/src/k8s.io/api/storagemigration/v1beta1/types.go @@ -27,6 +27,7 @@ import ( // StorageVersionMigration represents a migration of stored data to the latest // storage version. +// +k8s:supportsSubresource="/status" type StorageVersionMigration struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. diff --git a/staging/src/k8s.io/apiserver/pkg/registry/rest/create.go b/staging/src/k8s.io/apiserver/pkg/registry/rest/create.go index 8755f60a341..cc9d8b578cf 100644 --- a/staging/src/k8s.io/apiserver/pkg/registry/rest/create.go +++ b/staging/src/k8s.io/apiserver/pkg/registry/rest/create.go @@ -129,7 +129,7 @@ func BeforeCreate(strategy RESTCreateStrategy, ctx context.Context, obj runtime. errs := strategy.Validate(ctx, obj) if dv, ok := strategy.(DeclarativeValidationStrategy); ok { - errs = dv.ValidateDeclaratively(ctx, obj, nil, errs, operation.Create, declarativeValidationOptions(ctx, strategy, obj)) + errs = dv.ValidateDeclaratively(ctx, obj, nil, errs, operation.Create, dv.DeclarativeValidationConfig(ctx, obj, nil)) } if len(errs) > 0 { return errors.NewInvalid(kind.GroupKind(), objectMeta.GetName(), errs) @@ -151,14 +151,6 @@ func BeforeCreate(strategy RESTCreateStrategy, ctx context.Context, obj runtime. return nil } -func declarativeValidationOptions(ctx context.Context, strategy RESTCreateStrategy, obj runtime.Object) DeclarativeValidationConfig { - var config DeclarativeValidationConfig - if vc, ok := strategy.(DeclarativeValidationConfigurer); ok { - config = vc.DeclarativeValidationConfig(ctx, obj, nil) - } - return config -} - // CheckGeneratedNameError checks whether an error that occurred creating a resource is due // to generation being unable to pick a valid name. func CheckGeneratedNameError(ctx context.Context, strategy RESTCreateStrategy, err error, obj runtime.Object) error { diff --git a/staging/src/k8s.io/apiserver/pkg/registry/rest/update.go b/staging/src/k8s.io/apiserver/pkg/registry/rest/update.go index d2b4f68f3ba..d544a1879b1 100644 --- a/staging/src/k8s.io/apiserver/pkg/registry/rest/update.go +++ b/staging/src/k8s.io/apiserver/pkg/registry/rest/update.go @@ -153,7 +153,7 @@ func BeforeUpdate(strategy RESTUpdateStrategy, ctx context.Context, obj, old run errs = append(errs, strategy.ValidateUpdate(ctx, obj, old)...) if dv, ok := strategy.(DeclarativeValidationStrategy); ok { - errs = dv.ValidateDeclaratively(ctx, obj, old, errs, operation.Update, declarativeValidationUpdateOptions(ctx, strategy, obj, old)) + errs = dv.ValidateDeclaratively(ctx, obj, old, errs, operation.Update, dv.DeclarativeValidationConfig(ctx, obj, old)) } if len(errs) > 0 { RecordDuplicateValidationErrors(ctx, kind.GroupKind(), errs) @@ -169,14 +169,6 @@ func BeforeUpdate(strategy RESTUpdateStrategy, ctx context.Context, obj, old run return nil } -func declarativeValidationUpdateOptions(ctx context.Context, strategy RESTUpdateStrategy, obj, old runtime.Object) DeclarativeValidationConfig { - var config DeclarativeValidationConfig - if vc, ok := strategy.(DeclarativeValidationConfigurer); ok { - config = vc.DeclarativeValidationConfig(ctx, obj, old) - } - return config -} - // TransformFunc is a function to transform and return newObj type TransformFunc func(ctx context.Context, newObj runtime.Object, oldObj runtime.Object) (transformedNewObj runtime.Object, err error) diff --git a/staging/src/k8s.io/apiserver/pkg/registry/rest/validate.go b/staging/src/k8s.io/apiserver/pkg/registry/rest/validate.go index 948386eafee..f494d615a07 100644 --- a/staging/src/k8s.io/apiserver/pkg/registry/rest/validate.go +++ b/staging/src/k8s.io/apiserver/pkg/registry/rest/validate.go @@ -43,6 +43,9 @@ type DeclarativeValidationStrategy interface { // validationErrs returned from the strategy's Validate / ValidateUpdate functions (which implement hand-written validation) // and performs migration checks. ValidateDeclaratively(ctx context.Context, obj, oldObj runtime.Object, validationErrs field.ErrorList, opType operation.Type, config DeclarativeValidationConfig) field.ErrorList + + // DeclarativeValidationConfig configures declarative validation for a single request. + DeclarativeValidationConfig(ctx context.Context, obj, oldObj runtime.Object) DeclarativeValidationConfig } // DeclarativeValidation is an implementation of DeclarativeValidationStrategy that @@ -69,10 +72,9 @@ func (d DeclarativeValidation) ValidateDeclaratively(ctx context.Context, obj, o return ValidateDeclarativelyWithMigrationChecks(ctx, d.Scheme, obj, oldObj, validationErrs, opType, config) } -// DeclarativeValidationConfigurer defines how a strategy may opt-in to configuration of declarative validation. -type DeclarativeValidationConfigurer interface { - // DeclarativeValidationConfig configures declarative validation for a single request. - DeclarativeValidationConfig(ctx context.Context, obj, oldObj runtime.Object) DeclarativeValidationConfig +func (d DeclarativeValidation) DeclarativeValidationConfig(ctx context.Context, obj, oldObj runtime.Object) DeclarativeValidationConfig { + // The zero value of DeclarativeValidationConfig is the default. + return DeclarativeValidationConfig{} } // DeclarativeValidationConfig holds configuration for declarative validation. @@ -335,7 +337,6 @@ func createDeclarativeValidationPanicHandler(ctx context.Context, errs *field.Er // panicSafeValidateFunc wraps an validation function with panic recovery logic. // The returned function will execute the wrapped function and handle any panics by // incrementing the panic metric, and logging an error message -// if shouldFail=false, and adding a validation error if shouldFail=true. func panicSafeValidateFunc( validateFunc func(ctx context.Context, scheme *runtime.Scheme, obj, oldObj runtime.Object, o *ValidationConfigOption) field.ErrorList, ) func(ctx context.Context, scheme *runtime.Scheme, obj, oldObj runtime.Object, o *ValidationConfigOption) field.ErrorList { diff --git a/staging/src/k8s.io/apiserver/pkg/registry/rest/validate_test.go b/staging/src/k8s.io/apiserver/pkg/registry/rest/validate_test.go index 1ea2386fe4a..47f407c82f6 100644 --- a/staging/src/k8s.io/apiserver/pkg/registry/rest/validate_test.go +++ b/staging/src/k8s.io/apiserver/pkg/registry/rest/validate_test.go @@ -175,7 +175,6 @@ func TestValidateDeclaratively(t *testing.T) { } else { cfg.OpType = operation.Update } - // takeover is not used here, passing false for shouldFail results := panicSafeValidateFunc(validateDeclaratively)(ctx, scheme, tc.object, tc.oldObject, cfg) matcher := field.ErrorMatcher{}.ByType().ByField().ByOrigin() matcher.Test(t, tc.expected, results) @@ -502,7 +501,6 @@ func TestWithRecover(t *testing.T) { klog.LogToStderr(false) defer klog.LogToStderr(true) - // Pass the enforcement flag to panicSafeValidateFunc wrapped := panicSafeValidateFunc(tc.validateFn) gotErrs := wrapped(ctx, scheme, obj, nil, &ValidationConfigOption{ValidationIdentifier: "test_validationIdentifier", OpType: operation.Create, DeclarativeValidationConfig: DeclarativeValidationConfig{Options: options, DeclarativeEnforcement: tc.enforcementEnabled}})