Skip to content

api bump #20152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
deads2k merged 6 commits into from
Jun 29, 2018
Merged

api bump #20152

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
6e6eaa1
Skip paused ICT on a BC
May 3, 2018
da2835b
Added tests for ICT trigger on BC
May 9, 2018
28dbc7f
SCC: add AllowPrivilegeEscalation/DefaultAllowPrivilegeEscalation opt…
php-coder Jan 31, 2018
94339e3
switch openshift/api back to master
bparees Jun 28, 2018
7d5a9c6
bump(*)
bparees Jun 29, 2018
2a1b2d7
make update
bparees Jun 29, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion api/docs/api/v1.SecurityContextConstraints.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ Expand or mouse-over a field for more information about it.
</div><div style="margin-left:13px;"><span title="(boolean) AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.">allowHostNetwork</span>:
</div><div style="margin-left:13px;"><span title="(boolean) AllowHostPID determines if the policy allows host pid in the containers.">allowHostPID</span>:
</div><div style="margin-left:13px;"><span title="(boolean) AllowHostPorts determines if the policy allows host ports in the containers.">allowHostPorts</span>:
</div><div style="margin-left:13px;"><span title="(boolean) AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.">allowPrivilegeEscalation</span>:
</div><div style="margin-left:13px;"><span title="(boolean) AllowPrivilegedContainer determines if a container can request to be run as privileged.">allowPrivilegedContainer</span>:
</div><details><summary><span title="(array) AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author&#39;s discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use &#39;*&#39;.">allowedCapabilities</span>:
</summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
Expand All @@ -31,7 +32,8 @@ Expand or mouse-over a field for more information about it.
</div></details><div style="margin-left:13px;"><span title="(string) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources">apiVersion</span>:
</div><details><summary><span title="(array) DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.">defaultAddCapabilities</span>:
</summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
</div></details><details><summary><span title="(v1.FSGroupStrategyOptions) FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.">fsGroup</span>:
</div></details><div style="margin-left:13px;"><span title="(boolean) DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.">defaultAllowPrivilegeEscalation</span>:
</div><details><summary><span title="(v1.FSGroupStrategyOptions) FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.">fsGroup</span>:
</summary><details><summary> <span title="(array) Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.">ranges</span>:
</summary><div style="margin-left:13px;"> - <span title="(integer) Max is the end of the range, inclusive.">max</span>:
</div><div style="margin-left:13px;"> <span title="(integer) Min is the start of the range, inclusive.">min</span>:
Expand Down
1 change: 1 addition & 0 deletions api/docs/apis-build.openshift.io/v1.BuildConfig.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -351,6 +351,7 @@ Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-gu
</div><div style="margin-left:13px;"> <span title="(string) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency">resourceVersion</span>:
</div><div style="margin-left:13px;"> <span title="(string) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids">uid</span>:
</div></details><div style="margin-left:13px;"> <span title="(string) lastTriggeredImageID is used internally by the ImageChangeController to save last used image ID for build">lastTriggeredImageID</span>:
</div><div style="margin-left:13px;"> <span title="(boolean) paused is true if this trigger is temporarily disabled. Optional.">paused</span>:
</div></details><div style="margin-left:13px;"> <span title="(string) type is the type of build trigger">type</span>:
</div></details></details><details><summary><span title="(v1.BuildConfigStatus) status holds any relevant information about a build config">status</span>:
</summary><div style="margin-left:13px;"> <span title="(integer) lastVersion is used to inform about number of last triggered build.">lastVersion</span>:
Expand Down
4 changes: 3 additions & 1 deletion api/docs/apis-security.openshift.io/v1.SecurityContextConstraints.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ Expand or mouse-over a field for more information about it.
</div><div style="margin-left:13px;"><span title="(boolean) AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.">allowHostNetwork</span>:
</div><div style="margin-left:13px;"><span title="(boolean) AllowHostPID determines if the policy allows host pid in the containers.">allowHostPID</span>:
</div><div style="margin-left:13px;"><span title="(boolean) AllowHostPorts determines if the policy allows host ports in the containers.">allowHostPorts</span>:
</div><div style="margin-left:13px;"><span title="(boolean) AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.">allowPrivilegeEscalation</span>:
</div><div style="margin-left:13px;"><span title="(boolean) AllowPrivilegedContainer determines if a container can request to be run as privileged.">allowPrivilegedContainer</span>:
</div><details><summary><span title="(array) AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author&#39;s discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use &#39;*&#39;.">allowedCapabilities</span>:
</summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
Expand All @@ -31,7 +32,8 @@ Expand or mouse-over a field for more information about it.
</div></details><div style="margin-left:13px;"><span title="(string) APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources">apiVersion</span>:
</div><details><summary><span title="(array) DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.">defaultAddCapabilities</span>:
</summary><div style="margin-left:13px;">- <span title="(string)">[string]</span>:
</div></details><details><summary><span title="(v1.FSGroupStrategyOptions) FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.">fsGroup</span>:
</div></details><div style="margin-left:13px;"><span title="(boolean) DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.">defaultAllowPrivilegeEscalation</span>:
</div><details><summary><span title="(v1.FSGroupStrategyOptions) FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.">fsGroup</span>:
</summary><details><summary> <span title="(array) Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.">ranges</span>:
</summary><div style="margin-left:13px;"> - <span title="(integer) Max is the end of the range, inclusive.">max</span>:
</div><div style="margin-left:13px;"> <span title="(integer) Min is the start of the range, inclusive.">min</span>:
Expand Down
1 change: 1 addition & 0 deletions api/docs/oapi/v1.BuildConfig.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -351,6 +351,7 @@ Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-gu
</div><div style="margin-left:13px;"> <span title="(string) Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency">resourceVersion</span>:
</div><div style="margin-left:13px;"> <span title="(string) UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids">uid</span>:
</div></details><div style="margin-left:13px;"> <span title="(string) lastTriggeredImageID is used internally by the ImageChangeController to save last used image ID for build">lastTriggeredImageID</span>:
</div><div style="margin-left:13px;"> <span title="(boolean) paused is true if this trigger is temporarily disabled. Optional.">paused</span>:
</div></details><div style="margin-left:13px;"> <span title="(string) type is the type of build trigger">type</span>:
</div></details></details><details><summary><span title="(v1.BuildConfigStatus) status holds any relevant information about a build config">status</span>:
</summary><div style="margin-left:13px;"> <span title="(integer) lastVersion is used to inform about number of last triggered build.">lastVersion</span>:
Expand Down
3 changes: 3 additions & 0 deletions api/protobuf-spec/github_com_openshift_api_build_v1.proto
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions api/protobuf-spec/github_com_openshift_api_security_v1.proto
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions api/swagger-spec/api-v1.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions api/swagger-spec/oapi-v1.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions api/swagger-spec/openshift-openapi-spec.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

27 changes: 15 additions & 12 deletions glide.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion glide.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ import:

# openshift second
- package: github.com/openshift/api
version: 0ce1df2db7debb15eddb25f3ae76df4180777221
version: master
Copy link
Contributor Author

@bparees bparees Jun 29, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@liggitt @deads2k valid?

Copy link
Contributor

@liggitt liggitt Jun 29, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

- package: github.com/openshift/client-go
version: master
- package: github.com/openshift/imagebuilder
Expand Down
3 changes: 3 additions & 0 deletions pkg/api/serialization_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -479,6 +479,9 @@ func originFuzzer(t *testing.T, seed int64) *fuzz.Fuzzer {
scc.SupplementalGroups.Type = supGroupTypes[c.Rand.Intn(len(supGroupTypes))]
fsGroupTypes := []securityapi.FSGroupStrategyType{securityapi.FSGroupStrategyMustRunAs, securityapi.FSGroupStrategyRunAsAny}
scc.FSGroup.Type = fsGroupTypes[c.Rand.Intn(len(fsGroupTypes))]
// avoid the defaulting logic for this field by making it never nil
allowPrivilegeEscalation := c.RandBool()
scc.AllowPrivilegeEscalation = &allowPrivilegeEscalation

// when fuzzing the volume types ensure it is set to avoid the defaulter's expansion.
// Do not use FSTypeAll or host dir setting to steer clear of defaulting mechanics
Expand Down
Loading