| /* |
| Copyright 2016 The Kubernetes Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| package rolebinding |
| |
| import ( |
| "context" |
| |
| "k8s.io/apimachinery/pkg/runtime" |
| "k8s.io/apimachinery/pkg/util/validation/field" |
| "k8s.io/apiserver/pkg/registry/rest" |
| "k8s.io/apiserver/pkg/storage/names" |
| "k8s.io/kubernetes/pkg/api/legacyscheme" |
| "k8s.io/kubernetes/pkg/apis/rbac" |
| "k8s.io/kubernetes/pkg/apis/rbac/validation" |
| ) |
| |
| // strategy implements behavior for RoleBindings |
| type strategy struct { |
| runtime.ObjectTyper |
| names.NameGenerator |
| } |
| |
| // strategy is the default logic that applies when creating and updating |
| // RoleBinding objects. |
| var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator} |
| |
| // Strategy should implement rest.RESTCreateStrategy |
| var _ rest.RESTCreateStrategy = Strategy |
| |
| // Strategy should implement rest.RESTUpdateStrategy |
| var _ rest.RESTUpdateStrategy = Strategy |
| |
| // NamespaceScoped is true for RoleBindings. |
| func (strategy) NamespaceScoped() bool { |
| return true |
| } |
| |
| // AllowCreateOnUpdate is true for RoleBindings. |
| func (strategy) AllowCreateOnUpdate() bool { |
| return true |
| } |
| |
| // PrepareForCreate clears fields that are not allowed to be set by end users |
| // on creation. |
| func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { |
| _ = obj.(*rbac.RoleBinding) |
| } |
| |
| // PrepareForUpdate clears fields that are not allowed to be set by end users on update. |
| func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) { |
| newRoleBinding := obj.(*rbac.RoleBinding) |
| oldRoleBinding := old.(*rbac.RoleBinding) |
| |
| _, _ = newRoleBinding, oldRoleBinding |
| } |
| |
| // Validate validates a new RoleBinding. Validation must check for a correct signature. |
| func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { |
| roleBinding := obj.(*rbac.RoleBinding) |
| return validation.ValidateRoleBinding(roleBinding) |
| } |
| |
| // Canonicalize normalizes the object after validation. |
| func (strategy) Canonicalize(obj runtime.Object) { |
| _ = obj.(*rbac.RoleBinding) |
| } |
| |
| // ValidateUpdate is the default update validation for an end user. |
| func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList { |
| newObj := obj.(*rbac.RoleBinding) |
| errorList := validation.ValidateRoleBinding(newObj) |
| return append(errorList, validation.ValidateRoleBindingUpdate(newObj, old.(*rbac.RoleBinding))...) |
| } |
| |
| // If AllowUnconditionalUpdate() is true and the object specified by |
| // the user does not have a resource version, then generic Update() |
| // populates it with the latest version. Else, it checks that the |
| // version specified by the user matches the version of latest etcd |
| // object. |
| func (strategy) AllowUnconditionalUpdate() bool { |
| return true |
| } |
