RBAC: Add option to skip rbac check for specified verbs (#93654)

* Add option to skip rbac check for specified verbs

pkg/apis/iam/v0alpha1/register.go

@@ -166,7 +166,7 @@ func AddKnownTypes(scheme *runtime.Scheme, version string) {
 		&ServiceAccountTokenList{},
 		&Team{},
 		&TeamList{},
-		&IdentityDisplayResults{},
+		&DisplayList{},
 		&SSOSetting{},
 		&SSOSettingList{},
 		&TeamBinding{},

pkg/apis/iam/v0alpha1/types_display.go

@@ -7,23 +7,24 @@ import (
 )
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type IdentityDisplayResults struct {
+type DisplayList struct {
 	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
 
 	// Request keys used to lookup the display value
 	// +listType=set
 	Keys []string `json:"keys"`
 
-	// Matching items (the caller may need to remap from keys to results)
-	// +listType=atomic
-	Display []IdentityDisplay `json:"display"`
-
 	// Input keys that were not useable
 	// +listType=set
 	InvalidKeys []string `json:"invalidKeys,omitempty"`
+
+	// Matching items (the caller may need to remap from keys to results)
+	// +listType=atomic
+	Items []Display `json:"display"`
 }
 
-type IdentityDisplay struct {
+type Display struct {
 	Identity IdentityRef `json:"identity"`
 
 	// Display name for identity.

pkg/apis/iam/v0alpha1/types_team.go

@@ -68,7 +68,7 @@ type TeamMemberList struct {
 }
 
 type TeamMember struct {
-	IdentityDisplay `json:",inline"`
+	Display `json:",inline"`
 
 	// External is set if member ship was synced from external IDP.
 	External bool `json:"external,omitempty"`

pkg/apis/iam/v0alpha1/zz_generated.deepcopy.go

@@ -12,56 +12,57 @@ import (
 )
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *IdentityDisplay) DeepCopyInto(out *IdentityDisplay) {
+func (in *Display) DeepCopyInto(out *Display) {
 	*out = *in
 	out.Identity = in.Identity
 	return
 }
 
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityDisplay.
-func (in *IdentityDisplay) DeepCopy() *IdentityDisplay {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Display.
+func (in *Display) DeepCopy() *Display {
 	if in == nil {
 		return nil
 	}
-	out := new(IdentityDisplay)
+	out := new(Display)
 	in.DeepCopyInto(out)
 	return out
 }
 
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *IdentityDisplayResults) DeepCopyInto(out *IdentityDisplayResults) {
+func (in *DisplayList) DeepCopyInto(out *DisplayList) {
 	*out = *in
 	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
 	if in.Keys != nil {
 		in, out := &in.Keys, &out.Keys
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	if in.Display != nil {
-		in, out := &in.Display, &out.Display
-		*out = make([]IdentityDisplay, len(*in))
-		copy(*out, *in)
-	}
 	if in.InvalidKeys != nil {
 		in, out := &in.InvalidKeys, &out.InvalidKeys
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]Display, len(*in))
+		copy(*out, *in)
+	}
 	return
 }
 
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityDisplayResults.
-func (in *IdentityDisplayResults) DeepCopy() *IdentityDisplayResults {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DisplayList.
+func (in *DisplayList) DeepCopy() *DisplayList {
 	if in == nil {
 		return nil
 	}
-	out := new(IdentityDisplayResults)
+	out := new(DisplayList)
 	in.DeepCopyInto(out)
 	return out
 }
 
 // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *IdentityDisplayResults) DeepCopyObject() runtime.Object {
+func (in *DisplayList) DeepCopyObject() runtime.Object {
 	if c := in.DeepCopy(); c != nil {
 		return c
 	}
@@ -440,7 +441,7 @@ func (in *TeamList) DeepCopyObject() runtime.Object {
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *TeamMember) DeepCopyInto(out *TeamMember) {
 	*out = *in
-	out.IdentityDisplay = in.IdentityDisplay
+	out.Display = in.Display
 	return
 }
 

pkg/apis/iam/v0alpha1/zz_generated.openapi.go

@@ -14,8 +14,8 @@ import (
 
 func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition {
 	return map[string]common.OpenAPIDefinition{
-		"github.com/grafana/grafana/pkg/apis/iam/v0alpha1.IdentityDisplay":         schema_pkg_apis_iam_v0alpha1_IdentityDisplay(ref),
-		"github.com/grafana/grafana/pkg/apis/iam/v0alpha1.IdentityDisplayResults":  schema_pkg_apis_iam_v0alpha1_IdentityDisplayResults(ref),
+		"github.com/grafana/grafana/pkg/apis/iam/v0alpha1.Display":                 schema_pkg_apis_iam_v0alpha1_Display(ref),
+		"github.com/grafana/grafana/pkg/apis/iam/v0alpha1.DisplayList":             schema_pkg_apis_iam_v0alpha1_DisplayList(ref),
 		"github.com/grafana/grafana/pkg/apis/iam/v0alpha1.IdentityRef":             schema_pkg_apis_iam_v0alpha1_IdentityRef(ref),
 		"github.com/grafana/grafana/pkg/apis/iam/v0alpha1.SSOSetting":              schema_pkg_apis_iam_v0alpha1_SSOSetting(ref),
 		"github.com/grafana/grafana/pkg/apis/iam/v0alpha1.SSOSettingList":          schema_pkg_apis_iam_v0alpha1_SSOSettingList(ref),
@@ -43,7 +43,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
 	}
 }
 
-func schema_pkg_apis_iam_v0alpha1_IdentityDisplay(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_pkg_apis_iam_v0alpha1_Display(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -86,7 +86,7 @@ func schema_pkg_apis_iam_v0alpha1_IdentityDisplay(ref common.ReferenceCallback)
 	}
 }
 
-func schema_pkg_apis_iam_v0alpha1_IdentityDisplayResults(ref common.ReferenceCallback) common.OpenAPIDefinition {
+func schema_pkg_apis_iam_v0alpha1_DisplayList(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
 			SchemaProps: spec.SchemaProps{
@@ -106,6 +106,12 @@ func schema_pkg_apis_iam_v0alpha1_IdentityDisplayResults(ref common.ReferenceCal
 							Format:      "",
 						},
 					},
+					"metadata": {
+						SchemaProps: spec.SchemaProps{
+							Default: map[string]interface{}{},
+							Ref:     ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"),
+						},
+					},
 					"keys": {
 						VendorExtensible: spec.VendorExtensible{
 							Extensions: spec.Extensions{
@@ -126,25 +132,6 @@ func schema_pkg_apis_iam_v0alpha1_IdentityDisplayResults(ref common.ReferenceCal
 							},
 						},
 					},
-					"display": {
-						VendorExtensible: spec.VendorExtensible{
-							Extensions: spec.Extensions{
-								"x-kubernetes-list-type": "atomic",
-							},
-						},
-						SchemaProps: spec.SchemaProps{
-							Description: "Matching items (the caller may need to remap from keys to results)",
-							Type:        []string{"array"},
-							Items: &spec.SchemaOrArray{
-								Schema: &spec.Schema{
-									SchemaProps: spec.SchemaProps{
-										Default: map[string]interface{}{},
-										Ref:     ref("github.com/grafana/grafana/pkg/apis/iam/v0alpha1.IdentityDisplay"),
-									},
-								},
-							},
-						},
-					},
 					"invalidKeys": {
 						VendorExtensible: spec.VendorExtensible{
 							Extensions: spec.Extensions{
@@ -165,12 +152,31 @@ func schema_pkg_apis_iam_v0alpha1_IdentityDisplayResults(ref common.ReferenceCal
 							},
 						},
 					},
+					"display": {
+						VendorExtensible: spec.VendorExtensible{
+							Extensions: spec.Extensions{
+								"x-kubernetes-list-type": "atomic",
+							},
+						},
+						SchemaProps: spec.SchemaProps{
+							Description: "Matching items (the caller may need to remap from keys to results)",
+							Type:        []string{"array"},
+							Items: &spec.SchemaOrArray{
+								Schema: &spec.Schema{
+									SchemaProps: spec.SchemaProps{
+										Default: map[string]interface{}{},
+										Ref:     ref("github.com/grafana/grafana/pkg/apis/iam/v0alpha1.Display"),
+									},
+								},
+							},
+						},
+					},
 				},
 				Required: []string{"keys", "display"},
 			},
 		},
 		Dependencies: []string{
-			"github.com/grafana/grafana/pkg/apis/iam/v0alpha1.IdentityDisplay"},
+			"github.com/grafana/grafana/pkg/apis/iam/v0alpha1.Display", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"},
 	}
 }
 

pkg/apis/iam/v0alpha1/zz_generated.openapi_violation_exceptions.list

@@ -1,2 +1,4 @@
+API rule violation: list_type_missing,github.com/grafana/grafana/pkg/apis/iam/v0alpha1,DisplayList,Items
 API rule violation: list_type_missing,github.com/grafana/grafana/pkg/apis/iam/v0alpha1,TeamBindingSpec,Subjects
-API rule violation: names_match,github.com/grafana/grafana/pkg/apis/iam/v0alpha1,IdentityDisplay,InternalID
+API rule violation: names_match,github.com/grafana/grafana/pkg/apis/iam/v0alpha1,Display,InternalID
+API rule violation: names_match,github.com/grafana/grafana/pkg/apis/iam/v0alpha1,DisplayList,Items