openshift · smarterclayton · Jul 13, 2016 · Jul 13, 2016 · Jul 13, 2016 · deads2k
diff --git a/pkg/authorization/api/deep_copy_generated.go b/pkg/authorization/api/deep_copy_generated.go
@@ -14,7 +14,7 @@ import (
 
 func init() {
 	if err := api.Scheme.AddGeneratedDeepCopyFuncs(
-		DeepCopy_api_AuthorizationAttributes,
+		DeepCopy_api_Action,
 		DeepCopy_api_ClusterPolicy,
 		DeepCopy_api_ClusterPolicyBinding,
 		DeepCopy_api_ClusterPolicyBindingList,
@@ -48,7 +48,7 @@ func init() {
 	}
 }
 
-func DeepCopy_api_AuthorizationAttributes(in AuthorizationAttributes, out *AuthorizationAttributes, c *conversion.Cloner) error {
+func DeepCopy_api_Action(in Action, out *Action, c *conversion.Cloner) error {
 	out.Namespace = in.Namespace
 	out.Verb = in.Verb
 	out.Group = in.Group
@@ -77,7 +77,7 @@ func DeepCopy_api_ClusterPolicy(in ClusterPolicy, out *ClusterPolicy, c *convers
 	}
 	if in.Roles != nil {
 		in, out := in.Roles, &out.Roles
-		*out = make(map[string]*ClusterRole)
+		*out = make(ClusterRolesByName)
 		for key, val := range in {
 			if newVal, err := c.DeepCopy(val); err != nil {
 				return err
@@ -106,7 +106,7 @@ func DeepCopy_api_ClusterPolicyBinding(in ClusterPolicyBinding, out *ClusterPoli
 	}
 	if in.RoleBindings != nil {
 		in, out := in.RoleBindings, &out.RoleBindings
-		*out = make(map[string]*ClusterRoleBinding)
+		*out = make(ClusterRoleBindingsByName)
 		for key, val := range in {
 			if newVal, err := c.DeepCopy(val); err != nil {
 				return err
@@ -260,7 +260,7 @@ func DeepCopy_api_LocalResourceAccessReview(in LocalResourceAccessReview, out *L
 	if err := unversioned.DeepCopy_unversioned_TypeMeta(in.TypeMeta, &out.TypeMeta, c); err != nil {
 		return err
 	}
-	if err := DeepCopy_api_AuthorizationAttributes(in.Action, &out.Action, c); err != nil {
+	if err := DeepCopy_api_Action(in.Action, &out.Action, c); err != nil {
 		return err
 	}
 	return nil
@@ -270,7 +270,7 @@ func DeepCopy_api_LocalSubjectAccessReview(in LocalSubjectAccessReview, out *Loc
 	if err := unversioned.DeepCopy_unversioned_TypeMeta(in.TypeMeta, &out.TypeMeta, c); err != nil {
 		return err
 	}
-	if err := DeepCopy_api_AuthorizationAttributes(in.Action, &out.Action, c); err != nil {
+	if err := DeepCopy_api_Action(in.Action, &out.Action, c); err != nil {
 		return err
 	}
 	out.User = in.User
@@ -309,7 +309,7 @@ func DeepCopy_api_Policy(in Policy, out *Policy, c *conversion.Cloner) error {
 	}
 	if in.Roles != nil {
 		in, out := in.Roles, &out.Roles
-		*out = make(map[string]*Role)
+		*out = make(RolesByName)
 		for key, val := range in {
 			if newVal, err := c.DeepCopy(val); err != nil {
 				return err
@@ -338,7 +338,7 @@ func DeepCopy_api_PolicyBinding(in PolicyBinding, out *PolicyBinding, c *convers
 	}
 	if in.RoleBindings != nil {
 		in, out := in.RoleBindings, &out.RoleBindings
-		*out = make(map[string]*RoleBinding)
+		*out = make(RoleBindingsByName)
 		for key, val := range in {
 			if newVal, err := c.DeepCopy(val); err != nil {
 				return err
@@ -468,7 +468,7 @@ func DeepCopy_api_ResourceAccessReview(in ResourceAccessReview, out *ResourceAcc
 	if err := unversioned.DeepCopy_unversioned_TypeMeta(in.TypeMeta, &out.TypeMeta, c); err != nil {
 		return err
 	}
-	if err := DeepCopy_api_AuthorizationAttributes(in.Action, &out.Action, c); err != nil {
+	if err := DeepCopy_api_Action(in.Action, &out.Action, c); err != nil {
 		return err
 	}
 	return nil
@@ -624,7 +624,7 @@ func DeepCopy_api_SubjectAccessReview(in SubjectAccessReview, out *SubjectAccess
 	if err := unversioned.DeepCopy_unversioned_TypeMeta(in.TypeMeta, &out.TypeMeta, c); err != nil {
 		return err
 	}
-	if err := DeepCopy_api_AuthorizationAttributes(in.Action, &out.Action, c); err != nil {
+	if err := DeepCopy_api_Action(in.Action, &out.Action, c); err != nil {
 		return err
 	}
 	out.User = in.User

diff --git a/pkg/authorization/api/types.go b/pkg/authorization/api/types.go
@@ -105,6 +105,8 @@ type RoleBinding struct {
 	RoleRef kapi.ObjectReference
 }
 
+type RolesByName map[string]*Role
+
 // +genclient=true
 
 // Policy is a object that holds all the Roles for a particular namespace.  There is at most
@@ -117,9 +119,11 @@ type Policy struct {
 	LastModified unversioned.Time
 
 	// Roles holds all the Roles held by this Policy, mapped by Role.Name
-	Roles map[string]*Role
+	Roles RolesByName
 }
 
+type RoleBindingsByName map[string]*RoleBinding
+
 // PolicyBinding is a object that holds all the RoleBindings for a particular namespace.  There is
 // one PolicyBinding document per referenced Policy namespace
 type PolicyBinding struct {
@@ -133,7 +137,7 @@ type PolicyBinding struct {
 	// PolicyRef is a reference to the Policy that contains all the Roles that this PolicyBinding's RoleBindings may reference
 	PolicyRef kapi.ObjectReference
 	// RoleBindings holds all the RoleBindings held by this PolicyBinding, mapped by RoleBinding.Name
-	RoleBindings map[string]*RoleBinding
+	RoleBindings RoleBindingsByName
 }
 
 // SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace
@@ -171,8 +175,10 @@ type ResourceAccessReviewResponse struct {
 	// Namespace is the namespace used for the access review
 	Namespace string
 	// Users is the list of users who can perform the action
+	// +genconversion=false
 	Users sets.String
 	// Groups is the list of groups who can perform the action
+	// +genconversion=false
 	Groups sets.String
 
 	// EvaluationError is an indication that some error occurred during resolution, but partial results can still be returned.
@@ -187,7 +193,7 @@ type ResourceAccessReview struct {
 	unversioned.TypeMeta
 
 	// Action describes the action being tested
-	Action AuthorizationAttributes
+	Action
 }
 
 // SubjectAccessReviewResponse describes whether or not a user or group can perform an action
@@ -207,10 +213,11 @@ type SubjectAccessReview struct {
 	unversioned.TypeMeta
 
 	// Action describes the action being tested
-	Action AuthorizationAttributes
+	Action
 	// User is optional.  If both User and Groups are empty, the current authenticated user is used.
 	User string
 	// Groups is optional.  Groups is the list of groups to which the User belongs.
+	// +genconversion=false
 	Groups sets.String
 	// Scopes to use for the evaluation.  Empty means "use the unscoped (full) permissions of the user/groups".
 	// Nil for a self-SAR, means "use the scopes on this request".
@@ -223,27 +230,28 @@ type LocalResourceAccessReview struct {
 	unversioned.TypeMeta
 
 	// Action describes the action being tested
-	Action AuthorizationAttributes
+	Action
 }
 
 // LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace
 type LocalSubjectAccessReview struct {
 	unversioned.TypeMeta
 
 	// Action describes the action being tested.  The Namespace element is FORCED to the current namespace.
-	Action AuthorizationAttributes
+	Action
 	// User is optional.  If both User and Groups are empty, the current authenticated user is used.
 	User string
 	// Groups is optional.  Groups is the list of groups to which the User belongs.
+	// +genconversion=false
 	Groups sets.String
 	// Scopes to use for the evaluation.  Empty means "use the unscoped (full) permissions of the user/groups".
 	// Nil for a self-SAR, means "use the scopes on this request".
 	// Nil for a regular SAR, means the same as empty.
 	Scopes []string
 }
 
-// AuthorizationAttributes describes a request to be authorized
-type AuthorizationAttributes struct {
+// Action describes a request to be authorized
+type Action struct {
 	// Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces
 	Namespace string
 	// Verb is one of: get, list, watch, create, update, delete
@@ -327,6 +335,8 @@ type ClusterRoleBinding struct {
 	RoleRef kapi.ObjectReference
 }
 
+type ClusterRolesByName map[string]*ClusterRole
+
 // ClusterPolicy is a object that holds all the ClusterRoles for a particular namespace.  There is at most
 // one ClusterPolicy document per namespace.
 type ClusterPolicy struct {
@@ -338,9 +348,11 @@ type ClusterPolicy struct {
 	LastModified unversioned.Time
 
 	// Roles holds all the ClusterRoles held by this ClusterPolicy, mapped by Role.Name
-	Roles map[string]*ClusterRole
+	Roles ClusterRolesByName
 }
 
+type ClusterRoleBindingsByName map[string]*ClusterRoleBinding
+
 // ClusterPolicyBinding is a object that holds all the ClusterRoleBindings for a particular namespace.  There is
 // one ClusterPolicyBinding document per referenced ClusterPolicy namespace
 type ClusterPolicyBinding struct {
@@ -354,7 +366,7 @@ type ClusterPolicyBinding struct {
 	// ClusterPolicyRef is a reference to the ClusterPolicy that contains all the ClusterRoles that this ClusterPolicyBinding's RoleBindings may reference
 	PolicyRef kapi.ObjectReference
 	// RoleBindings holds all the RoleBindings held by this ClusterPolicyBinding, mapped by RoleBinding.Name
-	RoleBindings map[string]*ClusterRoleBinding
+	RoleBindings ClusterRoleBindingsByName
 }
 
 // ClusterPolicyList is a collection of ClusterPolicies