diff --git a/hack/update-payload-crds.sh b/hack/update-payload-crds.sh index 6acb8df27d0..123bda7ca1d 100755 --- a/hack/update-payload-crds.sh +++ b/hack/update-payload-crds.sh @@ -4,7 +4,6 @@ source "$(dirname "${BASH_SOURCE}")/lib/init.sh" #TODO(jerzhang): once MOSC/MOSB graduates, update the v1 crds to include them crd_globs="\ - authorization/v1/zz_generated.crd-manifests/*_config-operator_*.crd*yaml\ config/v1/zz_generated.crd-manifests/*_config-operator_*.crd*yaml\ machine/v1/zz_generated.crd-manifests/*.crd*yaml\ operator/v1/zz_generated.crd-manifests//*_config-operator_*.crd*yaml\ diff --git a/payload-manifests/crds/0000_03_config-operator_01_rolebindingrestrictions.crd.yaml b/payload-manifests/crds/0000_03_config-operator_01_rolebindingrestrictions.crd.yaml deleted file mode 100644 index 275e90aeec0..00000000000 --- a/payload-manifests/crds/0000_03_config-operator_01_rolebindingrestrictions.crd.yaml +++ /dev/null @@ -1,225 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - release.openshift.io/bootstrap-required: "true" - name: rolebindingrestrictions.authorization.openshift.io -spec: - group: authorization.openshift.io - names: - kind: RoleBindingRestriction - listKind: RoleBindingRestrictionList - plural: rolebindingrestrictions - singular: rolebindingrestriction - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - RoleBindingRestriction is an object that can be matched against a subject - (user, group, or service account) to determine whether rolebindings on that - subject are allowed in the namespace to which the RoleBindingRestriction - belongs. If any one of those RoleBindingRestriction objects matches - a subject, rolebindings on that subject in the namespace are allowed. - - Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: spec defines the matcher. - properties: - grouprestriction: - description: grouprestriction matches against group subjects. - nullable: true - properties: - groups: - description: |- - groups is a list of groups used to match against an individual user's - groups. If the user is a member of one of the whitelisted groups, the user - is allowed to be bound to a role. - items: - type: string - nullable: true - type: array - labels: - description: Selectors specifies a list of label selectors over - group labels. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - nullable: true - type: array - type: object - serviceaccountrestriction: - description: serviceaccountrestriction matches against service-account - subjects. - nullable: true - properties: - namespaces: - description: namespaces specifies a list of literal namespace - names. - items: - type: string - type: array - serviceaccounts: - description: serviceaccounts specifies a list of literal service-account - names. - items: - description: |- - ServiceAccountReference specifies a service account and namespace by their - names. - properties: - name: - description: name is the name of the service account. - type: string - namespace: - description: |- - namespace is the namespace of the service account. Service accounts from - inside the whitelisted namespaces are allowed to be bound to roles. If - Namespace is empty, then the namespace of the RoleBindingRestriction in - which the ServiceAccountReference is embedded is used. - type: string - type: object - type: array - type: object - userrestriction: - description: userrestriction matches against user subjects. - nullable: true - properties: - groups: - description: groups specifies a list of literal group names. - items: - type: string - nullable: true - type: array - labels: - description: Selectors specifies a list of label selectors over - user labels. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - nullable: true - type: array - users: - description: users specifies a list of literal user names. - items: - type: string - type: array - type: object - type: object - type: object - served: true - storage: true