Struct k8s_openapi::api::authorization::v1::FieldSelectorAttributes
source · pub struct FieldSelectorAttributes {
pub raw_selector: Option<String>,
pub requirements: Option<Vec<FieldSelectorRequirement>>,
}
Expand description
FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
Fields§
§raw_selector: Option<String>
rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver’s *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
requirements: Option<Vec<FieldSelectorRequirement>>
requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
Trait Implementations§
source§impl Clone for FieldSelectorAttributes
impl Clone for FieldSelectorAttributes
source§fn clone(&self) -> FieldSelectorAttributes
fn clone(&self) -> FieldSelectorAttributes
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for FieldSelectorAttributes
impl Debug for FieldSelectorAttributes
source§impl DeepMerge for FieldSelectorAttributes
impl DeepMerge for FieldSelectorAttributes
source§fn merge_from(&mut self, other: Self)
fn merge_from(&mut self, other: Self)
other
into self
.source§impl Default for FieldSelectorAttributes
impl Default for FieldSelectorAttributes
source§fn default() -> FieldSelectorAttributes
fn default() -> FieldSelectorAttributes
source§impl<'de> Deserialize<'de> for FieldSelectorAttributes
impl<'de> Deserialize<'de> for FieldSelectorAttributes
source§fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>where
D: Deserializer<'de>,
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>where
D: Deserializer<'de>,
source§impl PartialEq for FieldSelectorAttributes
impl PartialEq for FieldSelectorAttributes
source§impl Serialize for FieldSelectorAttributes
impl Serialize for FieldSelectorAttributes
impl StructuralPartialEq for FieldSelectorAttributes
Auto Trait Implementations§
impl Freeze for FieldSelectorAttributes
impl RefUnwindSafe for FieldSelectorAttributes
impl Send for FieldSelectorAttributes
impl Sync for FieldSelectorAttributes
impl Unpin for FieldSelectorAttributes
impl UnwindSafe for FieldSelectorAttributes
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)