From 9d64db52e051d429042db5c7570cd8a5c2371a2c Mon Sep 17 00:00:00 2001 From: David Eads Date: Fri, 1 Sep 2017 10:40:47 -0400 Subject: [PATCH 1/2] UPSTREAM: 51636: add reconcile command to kubectl auth --- .../kubernetes/pkg/kubectl/cmd/auth/BUILD | 7 + .../kubernetes/pkg/kubectl/cmd/auth/auth.go | 1 + .../pkg/kubectl/cmd/auth/reconcile.go | 223 ++++++++++++++++++ .../reconciliation/clusterrole_interfaces.go | 5 + .../clusterrolebinding_interfaces.go | 5 + .../rbac/reconciliation/reconcile_role.go | 2 + .../reconciliation/reconcile_rolebindings.go | 2 + .../rbac/reconciliation/role_interfaces.go | 5 + .../reconciliation/rolebinding_interfaces.go | 5 + .../kubectl/cmd/auth/rbac-resource-plus.yaml | 88 +++++++ 10 files changed, 343 insertions(+) create mode 100644 vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/reconcile.go create mode 100644 vendor/k8s.io/kubernetes/test/fixtures/pkg/kubectl/cmd/auth/rbac-resource-plus.yaml diff --git a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/BUILD b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/BUILD index ee161a7aef80..2a68a354a07c 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/BUILD +++ b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/BUILD @@ -11,6 +11,7 @@ go_library( srcs = [ "auth.go", "cani.go", + "reconcile.go", ], tags = ["automanaged"], visibility = [ @@ -18,9 +19,15 @@ go_library( ], deps = [ "//pkg/apis/authorization:go_default_library", + "//pkg/apis/rbac:go_default_library", "//pkg/client/clientset_generated/internalclientset/typed/authorization/internalversion:go_default_library", + "//pkg/client/clientset_generated/internalclientset/typed/core/internalversion:go_default_library", + "//pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion:go_default_library", "//pkg/kubectl/cmd/templates:go_default_library", "//pkg/kubectl/cmd/util:go_default_library", + "//pkg/kubectl/resource:go_default_library", + "//pkg/registry/rbac/reconciliation:go_default_library", + "//vendor/github.com/golang/glog:go_default_library", "//vendor/github.com/spf13/cobra:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/meta:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", diff --git a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/auth.go b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/auth.go index 689767a1d6ae..eb70d3005df3 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/auth.go +++ b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/auth.go @@ -34,6 +34,7 @@ func NewCmdAuth(f cmdutil.Factory, out, errOut io.Writer) *cobra.Command { } cmds.AddCommand(NewCmdCanI(f, out, errOut)) + cmds.AddCommand(NewCmdReconcile(f, out, errOut)) return cmds } diff --git a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/reconcile.go b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/reconcile.go new file mode 100644 index 000000000000..5ce505eec6cf --- /dev/null +++ b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/reconcile.go @@ -0,0 +1,223 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package auth + +import ( + "errors" + "io" + + "github.com/golang/glog" + "github.com/spf13/cobra" + + "k8s.io/kubernetes/pkg/apis/rbac" + internalcoreclient "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/internalversion" + internalrbacclient "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion" + "k8s.io/kubernetes/pkg/kubectl/cmd/templates" + cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" + "k8s.io/kubernetes/pkg/kubectl/resource" + "k8s.io/kubernetes/pkg/registry/rbac/reconciliation" +) + +// ReconcileOptions is the start of the data required to perform the operation. As new fields are added, add them here instead of +// referencing the cmd.Flags() +type ReconcileOptions struct { + ResourceBuilder *resource.Builder + RBACClient internalrbacclient.RbacInterface + CoreClient internalcoreclient.CoreInterface + + Print func(*resource.Info) error + + Out io.Writer + Err io.Writer +} + +var ( + reconcileLong = templates.LongDesc(` + Reconciles rules for RBAC Role, RoleBinding, ClusterRole, and ClusterRole binding objects. + + This is preferred to 'apply' for RBAC resources so that proper rule coverage checks are done.`) + + reconcileExample = templates.Examples(` + # Reconcile rbac resources from a file + kubectl auth reconcile -f my-rbac-rules.yaml`) +) + +func NewCmdReconcile(f cmdutil.Factory, out, err io.Writer) *cobra.Command { + fileOptions := &resource.FilenameOptions{} + o := &ReconcileOptions{ + Out: out, + Err: err, + } + + cmd := &cobra.Command{ + Use: "reconcile -f FILENAME", + Short: "Reconciles rules for RBAC Role, RoleBinding, ClusterRole, and ClusterRole binding objects", + Long: reconcileLong, + Example: reconcileExample, + Run: func(cmd *cobra.Command, args []string) { + cmdutil.CheckErr(o.Complete(cmd, f, args, fileOptions)) + cmdutil.CheckErr(o.Validate()) + cmdutil.CheckErr(o.RunReconcile()) + }, + } + + cmdutil.AddPrinterFlags(cmd) + usage := "identifying the resource to reconcile." + cmdutil.AddFilenameOptionFlags(cmd, fileOptions, usage) + cmd.MarkFlagRequired("filename") + + return cmd +} + +func (o *ReconcileOptions) Complete(cmd *cobra.Command, f cmdutil.Factory, args []string, options *resource.FilenameOptions) error { + if len(args) > 0 { + return errors.New("no arguments are allowed") + } + + namespace, enforceNamespace, err := f.DefaultNamespace() + if err != nil { + return err + } + o.ResourceBuilder = f.NewBuilder(true). + ContinueOnError(). + NamespaceParam(namespace).DefaultNamespace(). + FilenameParam(enforceNamespace, options). + Flatten() + + client, err := f.ClientSet() + if err != nil { + return err + } + o.RBACClient = client.Rbac() + o.CoreClient = client.Core() + + mapper, _ := f.Object() + dryRun := false + output := cmdutil.GetFlagString(cmd, "output") + shortOutput := output == "name" + o.Print = func(info *resource.Info) error { + if len(output) > 0 && !shortOutput { + return cmdutil.PrintResourceInfoForCommand(cmd, info, f, o.Out) + } + cmdutil.PrintSuccess(mapper, shortOutput, o.Out, info.Mapping.Resource, info.Name, dryRun, "reconciled") + return nil + } + + return nil +} + +func (o *ReconcileOptions) Validate() error { + return nil +} + +func (o *ReconcileOptions) RunReconcile() error { + r := o.ResourceBuilder.Do() + err := r.Err() + if err != nil { + return err + } + + err = r.Visit(func(info *resource.Info, err error) error { + if err != nil { + return err + } + + // shallowInfoCopy this is used to later twiddle the Object for printing + // we really need more straightforward printing options + shallowInfoCopy := *info + + switch t := info.Object.(type) { + case *rbac.Role: + reconcileOptions := reconciliation.ReconcileRoleOptions{ + Confirm: true, + RemoveExtraPermissions: false, + Role: reconciliation.RoleRuleOwner{Role: t}, + Client: reconciliation.RoleModifier{ + NamespaceClient: o.CoreClient.Namespaces(), + Client: o.RBACClient, + }, + } + result, err := reconcileOptions.Run() + if err != nil { + return err + } + shallowInfoCopy.Object = result.Role.GetObject() + o.Print(&shallowInfoCopy) + return nil + + case *rbac.ClusterRole: + reconcileOptions := reconciliation.ReconcileRoleOptions{ + Confirm: true, + RemoveExtraPermissions: false, + Role: reconciliation.ClusterRoleRuleOwner{ClusterRole: t}, + Client: reconciliation.ClusterRoleModifier{ + Client: o.RBACClient.ClusterRoles(), + }, + } + result, err := reconcileOptions.Run() + if err != nil { + return err + } + shallowInfoCopy.Object = result.Role.GetObject() + o.Print(&shallowInfoCopy) + return nil + + case *rbac.RoleBinding: + reconcileOptions := reconciliation.ReconcileRoleBindingOptions{ + Confirm: true, + RemoveExtraSubjects: false, + RoleBinding: reconciliation.RoleBindingAdapter{RoleBinding: t}, + Client: reconciliation.RoleBindingClientAdapter{ + Client: o.RBACClient, + NamespaceClient: o.CoreClient.Namespaces(), + }, + } + result, err := reconcileOptions.Run() + if err != nil { + return err + } + shallowInfoCopy.Object = result.RoleBinding.GetObject() + o.Print(&shallowInfoCopy) + return nil + + case *rbac.ClusterRoleBinding: + reconcileOptions := reconciliation.ReconcileRoleBindingOptions{ + Confirm: true, + RemoveExtraSubjects: false, + RoleBinding: reconciliation.ClusterRoleBindingAdapter{ClusterRoleBinding: t}, + Client: reconciliation.ClusterRoleBindingClientAdapter{ + Client: o.RBACClient.ClusterRoleBindings(), + }, + } + result, err := reconcileOptions.Run() + if err != nil { + return err + } + shallowInfoCopy.Object = result.RoleBinding.GetObject() + o.Print(&shallowInfoCopy) + return nil + + default: + glog.V(1).Infof("skipping %#v", info.Object.GetObjectKind()) + // skip ignored resources + } + + return nil + }) + + return err +} diff --git a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/clusterrole_interfaces.go b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/clusterrole_interfaces.go index 93928b20c8ec..f5a7c62816cf 100644 --- a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/clusterrole_interfaces.go +++ b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/clusterrole_interfaces.go @@ -18,6 +18,7 @@ package reconciliation import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/kubernetes/pkg/apis/rbac" "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion" ) @@ -26,6 +27,10 @@ type ClusterRoleRuleOwner struct { ClusterRole *rbac.ClusterRole } +func (o ClusterRoleRuleOwner) GetObject() runtime.Object { + return o.ClusterRole +} + func (o ClusterRoleRuleOwner) GetNamespace() string { return o.ClusterRole.Namespace } diff --git a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/clusterrolebinding_interfaces.go b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/clusterrolebinding_interfaces.go index 79c392d6e910..9430364b6e16 100644 --- a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/clusterrolebinding_interfaces.go +++ b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/clusterrolebinding_interfaces.go @@ -18,6 +18,7 @@ package reconciliation import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/apis/rbac" "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion" @@ -27,6 +28,10 @@ type ClusterRoleBindingAdapter struct { ClusterRoleBinding *rbac.ClusterRoleBinding } +func (o ClusterRoleBindingAdapter) GetObject() runtime.Object { + return o.ClusterRoleBinding +} + func (o ClusterRoleBindingAdapter) GetNamespace() string { return o.ClusterRoleBinding.Namespace } diff --git a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_role.go b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_role.go index c29f105a14d1..2f4bbc456dd6 100644 --- a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_role.go +++ b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_role.go @@ -21,6 +21,7 @@ import ( "reflect" "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/rbac" "k8s.io/kubernetes/pkg/registry/rbac/validation" @@ -42,6 +43,7 @@ type RuleOwnerModifier interface { } type RuleOwner interface { + GetObject() runtime.Object GetNamespace() string GetName() string GetLabels() map[string]string diff --git a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_rolebindings.go b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_rolebindings.go index fcb6eac61d9d..a6836838e1c9 100644 --- a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_rolebindings.go +++ b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/reconcile_rolebindings.go @@ -21,6 +21,7 @@ import ( "reflect" "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/rbac" @@ -34,6 +35,7 @@ type RoleBindingModifier interface { } type RoleBinding interface { + GetObject() runtime.Object GetNamespace() string GetName() string GetUID() types.UID diff --git a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/role_interfaces.go b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/role_interfaces.go index 9cabec623185..78e83f17f9f1 100644 --- a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/role_interfaces.go +++ b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/role_interfaces.go @@ -19,6 +19,7 @@ package reconciliation import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/rbac" core "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/internalversion" @@ -29,6 +30,10 @@ type RoleRuleOwner struct { Role *rbac.Role } +func (o RoleRuleOwner) GetObject() runtime.Object { + return o.Role +} + func (o RoleRuleOwner) GetNamespace() string { return o.Role.Namespace } diff --git a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/rolebinding_interfaces.go b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/rolebinding_interfaces.go index fde4b1e67b71..8ebf592a250e 100644 --- a/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/rolebinding_interfaces.go +++ b/vendor/k8s.io/kubernetes/pkg/registry/rbac/reconciliation/rolebinding_interfaces.go @@ -19,6 +19,7 @@ package reconciliation import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/rbac" @@ -30,6 +31,10 @@ type RoleBindingAdapter struct { RoleBinding *rbac.RoleBinding } +func (o RoleBindingAdapter) GetObject() runtime.Object { + return o.RoleBinding +} + func (o RoleBindingAdapter) GetNamespace() string { return o.RoleBinding.Namespace } diff --git a/vendor/k8s.io/kubernetes/test/fixtures/pkg/kubectl/cmd/auth/rbac-resource-plus.yaml b/vendor/k8s.io/kubernetes/test/fixtures/pkg/kubectl/cmd/auth/rbac-resource-plus.yaml new file mode 100644 index 000000000000..c358d8aa2828 --- /dev/null +++ b/vendor/k8s.io/kubernetes/test/fixtures/pkg/kubectl/cmd/auth/rbac-resource-plus.yaml @@ -0,0 +1,88 @@ +apiVersion: v1 +items: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + test-cmd: auth + name: testing-CR + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +- apiVersion: v1 + kind: Pod + metadata: + name: valid-pod + labels: + name: valid-pod + spec: + containers: + - name: kubernetes-serve-hostname + image: gcr.io/google_containers/serve_hostname + resources: + limits: + cpu: "1" + memory: 512Mi + +- apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + test-cmd: auth + name: testing-CRB + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: testing-CR + subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:masters + +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + test-cmd: auth + name: testing-RB + namespace: some-other-random + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: testing-CR + subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:masters + +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + test-cmd: auth + name: testing-R + namespace: some-other-random + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + +kind: List +metadata: {} From df0ff8b2093128f05956a8496d261364abe9ad2d Mon Sep 17 00:00:00 2001 From: David Eads Date: Fri, 1 Sep 2017 10:43:21 -0400 Subject: [PATCH 2/2] generated --- contrib/completions/bash/oc | 79 +++++++ contrib/completions/bash/openshift | 213 ++++++++++++++++++ contrib/completions/zsh/oc | 79 +++++++ contrib/completions/zsh/openshift | 213 ++++++++++++++++++ docs/man/man1/.files_generated_oc | 1 + docs/man/man1/.files_generated_openshift | 2 + docs/man/man1/oc-auth-reconcile.1 | 3 + docs/man/man1/openshift-cli-auth-reconcile.1 | 3 + docs/man/man1/openshift-kube-auth-reconcile.1 | 3 + 9 files changed, 596 insertions(+) create mode 100644 docs/man/man1/oc-auth-reconcile.1 create mode 100644 docs/man/man1/openshift-cli-auth-reconcile.1 create mode 100644 docs/man/man1/openshift-kube-auth-reconcile.1 diff --git a/contrib/completions/bash/oc b/contrib/completions/bash/oc index 210bd3eb10cb..7cbbdf6bdc94 100644 --- a/contrib/completions/bash/oc +++ b/contrib/completions/bash/oc @@ -6498,11 +6498,90 @@ _oc_auth_can-i() noun_aliases=() } +_oc_auth_reconcile() +{ + last_command="oc_auth_reconcile" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + flags_with_completion+=("--filename") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + two_word_flags+=("-f") + flags_with_completion+=("-f") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--recursive") + flags+=("-R") + local_nonpersistent_flags+=("--recursive") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--as-group=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + flags_with_completion+=("--namespace") + flags_completion+=("__oc_get_namespaces") + two_word_flags+=("-n") + flags_with_completion+=("-n") + flags_completion+=("__oc_get_namespaces") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_flag+=("--filename=") + must_have_one_flag+=("-f") + must_have_one_noun=() + noun_aliases=() +} + _oc_auth() { last_command="oc_auth" commands=() commands+=("can-i") + commands+=("reconcile") flags=() two_word_flags=() diff --git a/contrib/completions/bash/openshift b/contrib/completions/bash/openshift index dd626c4a60c1..0cf72f56cd94 100644 --- a/contrib/completions/bash/openshift +++ b/contrib/completions/bash/openshift @@ -12140,11 +12140,93 @@ _openshift_cli_auth_can-i() noun_aliases=() } +_openshift_cli_auth_reconcile() +{ + last_command="openshift_cli_auth_reconcile" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + flags_with_completion+=("--filename") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + two_word_flags+=("-f") + flags_with_completion+=("-f") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--recursive") + flags+=("-R") + local_nonpersistent_flags+=("--recursive") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--as-group=") + flags+=("--azure-container-registry-config=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + flags_with_completion+=("--namespace") + flags_completion+=("__oc_get_namespaces") + two_word_flags+=("-n") + flags_with_completion+=("-n") + flags_completion+=("__oc_get_namespaces") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + flags+=("--version") + + must_have_one_flag=() + must_have_one_flag+=("--filename=") + must_have_one_flag+=("-f") + must_have_one_noun=() + noun_aliases=() +} + _openshift_cli_auth() { last_command="openshift_cli_auth" commands=() commands+=("can-i") + commands+=("reconcile") flags=() two_word_flags=() @@ -26288,11 +26370,142 @@ _openshift_kube_auth_can-i() noun_aliases=() } +_openshift_kube_auth_reconcile() +{ + last_command="openshift_kube_auth_reconcile" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + flags_with_completion+=("--filename") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + two_word_flags+=("-f") + flags_with_completion+=("-f") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--recursive") + flags+=("-R") + local_nonpersistent_flags+=("--recursive") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--allow-verification-with-non-compliant-keys") + flags+=("--alsologtostderr") + flags+=("--application-metrics-count-limit=") + flags+=("--as=") + flags+=("--as-group=") + flags+=("--azure-container-registry-config=") + flags+=("--boot-id-file=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cloud-provider-gce-lb-src-cidrs=") + flags+=("--cluster=") + flags_with_completion+=("--cluster") + flags_completion+=("__kubectl_config_get_clusters") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--container-hints=") + flags+=("--context=") + flags_with_completion+=("--context") + flags_completion+=("__kubectl_config_get_contexts") + flags+=("--default-not-ready-toleration-seconds=") + flags+=("--default-unreachable-toleration-seconds=") + flags+=("--docker=") + flags+=("--docker-env-metadata-whitelist=") + flags+=("--docker-only") + flags+=("--docker-root=") + flags+=("--enable-load-reader") + flags+=("--event-storage-age-limit=") + flags+=("--event-storage-event-limit=") + flags+=("--global-housekeeping-interval=") + flags+=("--google-json-key=") + flags+=("--housekeeping-interval=") + flags+=("--httptest.serve=") + flags+=("--insecure-skip-tls-verify") + flags+=("--ir-data-source=") + flags+=("--ir-dbname=") + flags+=("--ir-hawkular=") + flags+=("--ir-influxdb-host=") + flags+=("--ir-namespace-only") + flags+=("--ir-password=") + flags+=("--ir-percentile=") + flags+=("--ir-user=") + flags+=("--kubeconfig=") + flags+=("--log-backtrace-at=") + flags+=("--log-cadvisor-usage") + flags+=("--log-dir=") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--logtostderr") + flags+=("--machine-id-file=") + flags+=("--match-server-version") + flags+=("--namespace=") + flags_with_completion+=("--namespace") + flags_completion+=("__kubectl_get_namespaces") + two_word_flags+=("-n") + flags_with_completion+=("-n") + flags_completion+=("__kubectl_get_namespaces") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--stderrthreshold=") + flags+=("--storage-driver-buffer-duration=") + flags+=("--storage-driver-db=") + flags+=("--storage-driver-host=") + flags+=("--storage-driver-password=") + flags+=("--storage-driver-secure") + flags+=("--storage-driver-table=") + flags+=("--storage-driver-user=") + flags+=("--token=") + flags+=("--user=") + flags_with_completion+=("--user") + flags_completion+=("__kubectl_config_get_users") + flags+=("--v=") + two_word_flags+=("-v") + flags+=("--version") + flags+=("--vmodule=") + + must_have_one_flag=() + must_have_one_flag+=("--filename=") + must_have_one_flag+=("-f") + must_have_one_noun=() + noun_aliases=() +} + _openshift_kube_auth() { last_command="openshift_kube_auth" commands=() commands+=("can-i") + commands+=("reconcile") flags=() two_word_flags=() diff --git a/contrib/completions/zsh/oc b/contrib/completions/zsh/oc index 5c3f267922fc..ac10220c1db4 100644 --- a/contrib/completions/zsh/oc +++ b/contrib/completions/zsh/oc @@ -6647,11 +6647,90 @@ _oc_auth_can-i() noun_aliases=() } +_oc_auth_reconcile() +{ + last_command="oc_auth_reconcile" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + flags_with_completion+=("--filename") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + two_word_flags+=("-f") + flags_with_completion+=("-f") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--recursive") + flags+=("-R") + local_nonpersistent_flags+=("--recursive") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--as-group=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + flags_with_completion+=("--namespace") + flags_completion+=("__oc_get_namespaces") + two_word_flags+=("-n") + flags_with_completion+=("-n") + flags_completion+=("__oc_get_namespaces") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_flag+=("--filename=") + must_have_one_flag+=("-f") + must_have_one_noun=() + noun_aliases=() +} + _oc_auth() { last_command="oc_auth" commands=() commands+=("can-i") + commands+=("reconcile") flags=() two_word_flags=() diff --git a/contrib/completions/zsh/openshift b/contrib/completions/zsh/openshift index f3898d45f1d1..347263a1f059 100644 --- a/contrib/completions/zsh/openshift +++ b/contrib/completions/zsh/openshift @@ -12289,11 +12289,93 @@ _openshift_cli_auth_can-i() noun_aliases=() } +_openshift_cli_auth_reconcile() +{ + last_command="openshift_cli_auth_reconcile" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + flags_with_completion+=("--filename") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + two_word_flags+=("-f") + flags_with_completion+=("-f") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--recursive") + flags+=("-R") + local_nonpersistent_flags+=("--recursive") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--as-group=") + flags+=("--azure-container-registry-config=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + flags_with_completion+=("--namespace") + flags_completion+=("__oc_get_namespaces") + two_word_flags+=("-n") + flags_with_completion+=("-n") + flags_completion+=("__oc_get_namespaces") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + flags+=("--version") + + must_have_one_flag=() + must_have_one_flag+=("--filename=") + must_have_one_flag+=("-f") + must_have_one_noun=() + noun_aliases=() +} + _openshift_cli_auth() { last_command="openshift_cli_auth" commands=() commands+=("can-i") + commands+=("reconcile") flags=() two_word_flags=() @@ -26437,11 +26519,142 @@ _openshift_kube_auth_can-i() noun_aliases=() } +_openshift_kube_auth_reconcile() +{ + last_command="openshift_kube_auth_reconcile" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + flags_with_completion+=("--filename") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + two_word_flags+=("-f") + flags_with_completion+=("-f") + flags_completion+=("__handle_filename_extension_flag json|yaml|yml") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--recursive") + flags+=("-R") + local_nonpersistent_flags+=("--recursive") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--allow-verification-with-non-compliant-keys") + flags+=("--alsologtostderr") + flags+=("--application-metrics-count-limit=") + flags+=("--as=") + flags+=("--as-group=") + flags+=("--azure-container-registry-config=") + flags+=("--boot-id-file=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cloud-provider-gce-lb-src-cidrs=") + flags+=("--cluster=") + flags_with_completion+=("--cluster") + flags_completion+=("__kubectl_config_get_clusters") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--container-hints=") + flags+=("--context=") + flags_with_completion+=("--context") + flags_completion+=("__kubectl_config_get_contexts") + flags+=("--default-not-ready-toleration-seconds=") + flags+=("--default-unreachable-toleration-seconds=") + flags+=("--docker=") + flags+=("--docker-env-metadata-whitelist=") + flags+=("--docker-only") + flags+=("--docker-root=") + flags+=("--enable-load-reader") + flags+=("--event-storage-age-limit=") + flags+=("--event-storage-event-limit=") + flags+=("--global-housekeeping-interval=") + flags+=("--google-json-key=") + flags+=("--housekeeping-interval=") + flags+=("--httptest.serve=") + flags+=("--insecure-skip-tls-verify") + flags+=("--ir-data-source=") + flags+=("--ir-dbname=") + flags+=("--ir-hawkular=") + flags+=("--ir-influxdb-host=") + flags+=("--ir-namespace-only") + flags+=("--ir-password=") + flags+=("--ir-percentile=") + flags+=("--ir-user=") + flags+=("--kubeconfig=") + flags+=("--log-backtrace-at=") + flags+=("--log-cadvisor-usage") + flags+=("--log-dir=") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--logtostderr") + flags+=("--machine-id-file=") + flags+=("--match-server-version") + flags+=("--namespace=") + flags_with_completion+=("--namespace") + flags_completion+=("__kubectl_get_namespaces") + two_word_flags+=("-n") + flags_with_completion+=("-n") + flags_completion+=("__kubectl_get_namespaces") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--stderrthreshold=") + flags+=("--storage-driver-buffer-duration=") + flags+=("--storage-driver-db=") + flags+=("--storage-driver-host=") + flags+=("--storage-driver-password=") + flags+=("--storage-driver-secure") + flags+=("--storage-driver-table=") + flags+=("--storage-driver-user=") + flags+=("--token=") + flags+=("--user=") + flags_with_completion+=("--user") + flags_completion+=("__kubectl_config_get_users") + flags+=("--v=") + two_word_flags+=("-v") + flags+=("--version") + flags+=("--vmodule=") + + must_have_one_flag=() + must_have_one_flag+=("--filename=") + must_have_one_flag+=("-f") + must_have_one_noun=() + noun_aliases=() +} + _openshift_kube_auth() { last_command="openshift_kube_auth" commands=() commands+=("can-i") + commands+=("reconcile") flags=() two_word_flags=() diff --git a/docs/man/man1/.files_generated_oc b/docs/man/man1/.files_generated_oc index d4aa6e399f9d..43629560eaaf 100644 --- a/docs/man/man1/.files_generated_oc +++ b/docs/man/man1/.files_generated_oc @@ -103,6 +103,7 @@ oc-apply-view-last-applied.1 oc-apply.1 oc-attach.1 oc-auth-can-i.1 +oc-auth-reconcile.1 oc-auth.1 oc-autoscale.1 oc-build-logs.1 diff --git a/docs/man/man1/.files_generated_openshift b/docs/man/man1/.files_generated_openshift index 061fa3d31508..06f8f222b710 100644 --- a/docs/man/man1/.files_generated_openshift +++ b/docs/man/man1/.files_generated_openshift @@ -201,6 +201,7 @@ openshift-cli-apply-view-last-applied.1 openshift-cli-apply.1 openshift-cli-attach.1 openshift-cli-auth-can-i.1 +openshift-cli-auth-reconcile.1 openshift-cli-auth.1 openshift-cli-autoscale.1 openshift-cli-build-logs.1 @@ -384,6 +385,7 @@ openshift-kube-apply-view-last-applied.1 openshift-kube-apply.1 openshift-kube-attach.1 openshift-kube-auth-can-i.1 +openshift-kube-auth-reconcile.1 openshift-kube-auth.1 openshift-kube-autoscale.1 openshift-kube-certificate-approve.1 diff --git a/docs/man/man1/oc-auth-reconcile.1 b/docs/man/man1/oc-auth-reconcile.1 new file mode 100644 index 000000000000..b6fd7a0f9896 --- /dev/null +++ b/docs/man/man1/oc-auth-reconcile.1 @@ -0,0 +1,3 @@ +This file is autogenerated, but we've stopped checking such files into the +repository to reduce the need for rebases. Please run hack/generate-docs.sh to +populate this file. diff --git a/docs/man/man1/openshift-cli-auth-reconcile.1 b/docs/man/man1/openshift-cli-auth-reconcile.1 new file mode 100644 index 000000000000..b6fd7a0f9896 --- /dev/null +++ b/docs/man/man1/openshift-cli-auth-reconcile.1 @@ -0,0 +1,3 @@ +This file is autogenerated, but we've stopped checking such files into the +repository to reduce the need for rebases. Please run hack/generate-docs.sh to +populate this file. diff --git a/docs/man/man1/openshift-kube-auth-reconcile.1 b/docs/man/man1/openshift-kube-auth-reconcile.1 new file mode 100644 index 000000000000..b6fd7a0f9896 --- /dev/null +++ b/docs/man/man1/openshift-kube-auth-reconcile.1 @@ -0,0 +1,3 @@ +This file is autogenerated, but we've stopped checking such files into the +repository to reduce the need for rebases. Please run hack/generate-docs.sh to +populate this file.