1#[derive(Clone, Debug, Default, PartialEq)]
5pub struct PolicyRule {
6 pub api_groups: Option<std::vec::Vec<std::string::String>>,
8
9 pub non_resource_urls: Option<std::vec::Vec<std::string::String>>,
11
12 pub resource_names: Option<std::vec::Vec<std::string::String>>,
14
15 pub resources: Option<std::vec::Vec<std::string::String>>,
17
18 pub verbs: std::vec::Vec<std::string::String>,
20}
21
22impl crate::DeepMerge for PolicyRule {
23 fn merge_from(&mut self, other: Self) {
24 crate::merge_strategies::list::atomic(&mut self.api_groups, other.api_groups);
25 crate::merge_strategies::list::atomic(&mut self.non_resource_urls, other.non_resource_urls);
26 crate::merge_strategies::list::atomic(&mut self.resource_names, other.resource_names);
27 crate::merge_strategies::list::atomic(&mut self.resources, other.resources);
28 crate::merge_strategies::list::atomic(&mut self.verbs, other.verbs);
29 }
30}
31
32impl<'de> crate::serde::Deserialize<'de> for PolicyRule {
33 fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
34 #[allow(non_camel_case_types)]
35 enum Field {
36 Key_api_groups,
37 Key_non_resource_urls,
38 Key_resource_names,
39 Key_resources,
40 Key_verbs,
41 Other,
42 }
43
44 impl<'de> crate::serde::Deserialize<'de> for Field {
45 fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
46 struct Visitor;
47
48 impl crate::serde::de::Visitor<'_> for Visitor {
49 type Value = Field;
50
51 fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
52 f.write_str("field identifier")
53 }
54
55 fn visit_str<E>(self, v: &str) -> Result<Self::Value, E> where E: crate::serde::de::Error {
56 Ok(match v {
57 "apiGroups" => Field::Key_api_groups,
58 "nonResourceURLs" => Field::Key_non_resource_urls,
59 "resourceNames" => Field::Key_resource_names,
60 "resources" => Field::Key_resources,
61 "verbs" => Field::Key_verbs,
62 _ => Field::Other,
63 })
64 }
65 }
66
67 deserializer.deserialize_identifier(Visitor)
68 }
69 }
70
71 struct Visitor;
72
73 impl<'de> crate::serde::de::Visitor<'de> for Visitor {
74 type Value = PolicyRule;
75
76 fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
77 f.write_str("PolicyRule")
78 }
79
80 fn visit_map<A>(self, mut map: A) -> Result<Self::Value, A::Error> where A: crate::serde::de::MapAccess<'de> {
81 let mut value_api_groups: Option<std::vec::Vec<std::string::String>> = None;
82 let mut value_non_resource_urls: Option<std::vec::Vec<std::string::String>> = None;
83 let mut value_resource_names: Option<std::vec::Vec<std::string::String>> = None;
84 let mut value_resources: Option<std::vec::Vec<std::string::String>> = None;
85 let mut value_verbs: Option<std::vec::Vec<std::string::String>> = None;
86
87 while let Some(key) = crate::serde::de::MapAccess::next_key::<Field>(&mut map)? {
88 match key {
89 Field::Key_api_groups => value_api_groups = crate::serde::de::MapAccess::next_value(&mut map)?,
90 Field::Key_non_resource_urls => value_non_resource_urls = crate::serde::de::MapAccess::next_value(&mut map)?,
91 Field::Key_resource_names => value_resource_names = crate::serde::de::MapAccess::next_value(&mut map)?,
92 Field::Key_resources => value_resources = crate::serde::de::MapAccess::next_value(&mut map)?,
93 Field::Key_verbs => value_verbs = crate::serde::de::MapAccess::next_value(&mut map)?,
94 Field::Other => { let _: crate::serde::de::IgnoredAny = crate::serde::de::MapAccess::next_value(&mut map)?; },
95 }
96 }
97
98 Ok(PolicyRule {
99 api_groups: value_api_groups,
100 non_resource_urls: value_non_resource_urls,
101 resource_names: value_resource_names,
102 resources: value_resources,
103 verbs: value_verbs.unwrap_or_default(),
104 })
105 }
106 }
107
108 deserializer.deserialize_struct(
109 "PolicyRule",
110 &[
111 "apiGroups",
112 "nonResourceURLs",
113 "resourceNames",
114 "resources",
115 "verbs",
116 ],
117 Visitor,
118 )
119 }
120}
121
122impl crate::serde::Serialize for PolicyRule {
123 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: crate::serde::Serializer {
124 let mut state = serializer.serialize_struct(
125 "PolicyRule",
126 1 +
127 self.api_groups.as_ref().map_or(0, |_| 1) +
128 self.non_resource_urls.as_ref().map_or(0, |_| 1) +
129 self.resource_names.as_ref().map_or(0, |_| 1) +
130 self.resources.as_ref().map_or(0, |_| 1),
131 )?;
132 if let Some(value) = &self.api_groups {
133 crate::serde::ser::SerializeStruct::serialize_field(&mut state, "apiGroups", value)?;
134 }
135 if let Some(value) = &self.non_resource_urls {
136 crate::serde::ser::SerializeStruct::serialize_field(&mut state, "nonResourceURLs", value)?;
137 }
138 if let Some(value) = &self.resource_names {
139 crate::serde::ser::SerializeStruct::serialize_field(&mut state, "resourceNames", value)?;
140 }
141 if let Some(value) = &self.resources {
142 crate::serde::ser::SerializeStruct::serialize_field(&mut state, "resources", value)?;
143 }
144 crate::serde::ser::SerializeStruct::serialize_field(&mut state, "verbs", &self.verbs)?;
145 crate::serde::ser::SerializeStruct::end(state)
146 }
147}
148
149#[cfg(feature = "schemars")]
150impl crate::schemars::JsonSchema for PolicyRule {
151 fn schema_name() -> std::borrow::Cow<'static, str> {
152 "io.k8s.api.rbac.v1.PolicyRule".into()
153 }
154
155 fn json_schema(__gen: &mut crate::schemars::SchemaGenerator) -> crate::schemars::Schema {
156 crate::schemars::json_schema!({
157 "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.",
158 "type": "object",
159 "properties": {
160 "apiGroups": {
161 "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.",
162 "type": "array",
163 "items": {
164 "type": "string",
165 },
166 },
167 "nonResourceURLs": {
168 "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.",
169 "type": "array",
170 "items": {
171 "type": "string",
172 },
173 },
174 "resourceNames": {
175 "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.",
176 "type": "array",
177 "items": {
178 "type": "string",
179 },
180 },
181 "resources": {
182 "description": "Resources is a list of resources this rule applies to. '*' represents all resources.",
183 "type": "array",
184 "items": {
185 "type": "string",
186 },
187 },
188 "verbs": {
189 "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.",
190 "type": "array",
191 "items": {
192 "type": "string",
193 },
194 },
195 },
196 "required": [
197 "verbs",
198 ],
199 })
200 }
201}
202
203#[cfg(feature = "schemars08")]
204impl crate::schemars08::JsonSchema for PolicyRule {
205 fn schema_name() -> std::string::String {
206 "io.k8s.api.rbac.v1.PolicyRule".into()
207 }
208
209 fn json_schema(__gen: &mut crate::schemars08::gen::SchemaGenerator) -> crate::schemars08::schema::Schema {
210 crate::schemars08::schema::Schema::Object(crate::schemars08::schema::SchemaObject {
211 metadata: Some(std::boxed::Box::new(crate::schemars08::schema::Metadata {
212 description: Some("PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.".into()),
213 ..Default::default()
214 })),
215 instance_type: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars08::schema::InstanceType::Object))),
216 object: Some(std::boxed::Box::new(crate::schemars08::schema::ObjectValidation {
217 properties: [
218 (
219 "apiGroups".into(),
220 crate::schemars08::schema::Schema::Object(crate::schemars08::schema::SchemaObject {
221 metadata: Some(std::boxed::Box::new(crate::schemars08::schema::Metadata {
222 description: Some("APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.".into()),
223 ..Default::default()
224 })),
225 instance_type: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars08::schema::InstanceType::Array))),
226 array: Some(std::boxed::Box::new(crate::schemars08::schema::ArrayValidation {
227 items: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(
228 crate::schemars08::schema::Schema::Object(crate::schemars08::schema::SchemaObject {
229 instance_type: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars08::schema::InstanceType::String))),
230 ..Default::default()
231 })
232 ))),
233 ..Default::default()
234 })),
235 ..Default::default()
236 }),
237 ),
238 (
239 "nonResourceURLs".into(),
240 crate::schemars08::schema::Schema::Object(crate::schemars08::schema::SchemaObject {
241 metadata: Some(std::boxed::Box::new(crate::schemars08::schema::Metadata {
242 description: Some("NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.".into()),
243 ..Default::default()
244 })),
245 instance_type: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars08::schema::InstanceType::Array))),
246 array: Some(std::boxed::Box::new(crate::schemars08::schema::ArrayValidation {
247 items: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(
248 crate::schemars08::schema::Schema::Object(crate::schemars08::schema::SchemaObject {
249 instance_type: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars08::schema::InstanceType::String))),
250 ..Default::default()
251 })
252 ))),
253 ..Default::default()
254 })),
255 ..Default::default()
256 }),
257 ),
258 (
259 "resourceNames".into(),
260 crate::schemars08::schema::Schema::Object(crate::schemars08::schema::SchemaObject {
261 metadata: Some(std::boxed::Box::new(crate::schemars08::schema::Metadata {
262 description: Some("ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.".into()),
263 ..Default::default()
264 })),
265 instance_type: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars08::schema::InstanceType::Array))),
266 array: Some(std::boxed::Box::new(crate::schemars08::schema::ArrayValidation {
267 items: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(
268 crate::schemars08::schema::Schema::Object(crate::schemars08::schema::SchemaObject {
269 instance_type: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars08::schema::InstanceType::String))),
270 ..Default::default()
271 })
272 ))),
273 ..Default::default()
274 })),
275 ..Default::default()
276 }),
277 ),
278 (
279 "resources".into(),
280 crate::schemars08::schema::Schema::Object(crate::schemars08::schema::SchemaObject {
281 metadata: Some(std::boxed::Box::new(crate::schemars08::schema::Metadata {
282 description: Some("Resources is a list of resources this rule applies to. '*' represents all resources.".into()),
283 ..Default::default()
284 })),
285 instance_type: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars08::schema::InstanceType::Array))),
286 array: Some(std::boxed::Box::new(crate::schemars08::schema::ArrayValidation {
287 items: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(
288 crate::schemars08::schema::Schema::Object(crate::schemars08::schema::SchemaObject {
289 instance_type: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars08::schema::InstanceType::String))),
290 ..Default::default()
291 })
292 ))),
293 ..Default::default()
294 })),
295 ..Default::default()
296 }),
297 ),
298 (
299 "verbs".into(),
300 crate::schemars08::schema::Schema::Object(crate::schemars08::schema::SchemaObject {
301 metadata: Some(std::boxed::Box::new(crate::schemars08::schema::Metadata {
302 description: Some("Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.".into()),
303 ..Default::default()
304 })),
305 instance_type: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars08::schema::InstanceType::Array))),
306 array: Some(std::boxed::Box::new(crate::schemars08::schema::ArrayValidation {
307 items: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(
308 crate::schemars08::schema::Schema::Object(crate::schemars08::schema::SchemaObject {
309 instance_type: Some(crate::schemars08::schema::SingleOrVec::Single(std::boxed::Box::new(crate::schemars08::schema::InstanceType::String))),
310 ..Default::default()
311 })
312 ))),
313 ..Default::default()
314 })),
315 ..Default::default()
316 }),
317 ),
318 ].into(),
319 required: [
320 "verbs".into(),
321 ].into(),
322 ..Default::default()
323 })),
324 ..Default::default()
325 })
326 }
327}