From 39d93f8cd5b2c63e09947fa6b625f8dd6ba535b0 Mon Sep 17 00:00:00 2001 From: Salvatore Dario Minonne Date: Fri, 13 Jan 2017 12:18:24 +0100 Subject: [PATCH] generated files --- contrib/completions/bash/oadm | 147 +++++ contrib/completions/bash/oc | 326 +++++++++++ contrib/completions/bash/openshift | 513 ++++++++++++++++++ contrib/completions/zsh/oadm | 147 +++++ contrib/completions/zsh/oc | 326 +++++++++++ contrib/completions/zsh/openshift | 513 ++++++++++++++++++ docs/generated/oadm_by_example_content.adoc | 39 ++ docs/generated/oc_by_example_content.adoc | 78 +++ docs/man/man1/.files_generated_oadm | 2 + docs/man/man1/.files_generated_oc | 4 + docs/man/man1/.files_generated_openshift | 6 + docs/man/man1/oadm-policy-review.1 | 161 ++++++ docs/man/man1/oadm-policy-subject-review.1 | 164 ++++++ docs/man/man1/oadm-policy.1 | 2 +- docs/man/man1/oc-adm-policy-review.1 | 161 ++++++ docs/man/man1/oc-adm-policy-subject-review.1 | 164 ++++++ docs/man/man1/oc-adm-policy.1 | 2 +- docs/man/man1/oc-policy-review.1 | 161 ++++++ docs/man/man1/oc-policy-subject-review.1 | 164 ++++++ docs/man/man1/oc-policy.1 | 2 +- docs/man/man1/openshift-admin-policy-review.1 | 161 ++++++ .../openshift-admin-policy-subject-review.1 | 164 ++++++ docs/man/man1/openshift-admin-policy.1 | 2 +- .../man1/openshift-cli-adm-policy-review.1 | 161 ++++++ .../openshift-cli-adm-policy-subject-review.1 | 164 ++++++ docs/man/man1/openshift-cli-adm-policy.1 | 2 +- docs/man/man1/openshift-cli-policy-review.1 | 161 ++++++ .../openshift-cli-policy-subject-review.1 | 164 ++++++ docs/man/man1/openshift-cli-policy.1 | 2 +- 29 files changed, 4057 insertions(+), 6 deletions(-) create mode 100644 docs/man/man1/oadm-policy-review.1 create mode 100644 docs/man/man1/oadm-policy-subject-review.1 create mode 100644 docs/man/man1/oc-adm-policy-review.1 create mode 100644 docs/man/man1/oc-adm-policy-subject-review.1 create mode 100644 docs/man/man1/oc-policy-review.1 create mode 100644 docs/man/man1/oc-policy-subject-review.1 create mode 100644 docs/man/man1/openshift-admin-policy-review.1 create mode 100644 docs/man/man1/openshift-admin-policy-subject-review.1 create mode 100644 docs/man/man1/openshift-cli-adm-policy-review.1 create mode 100644 docs/man/man1/openshift-cli-adm-policy-subject-review.1 create mode 100644 docs/man/man1/openshift-cli-policy-review.1 create mode 100644 docs/man/man1/openshift-cli-policy-subject-review.1 diff --git a/contrib/completions/bash/oadm b/contrib/completions/bash/oadm index fa9d2bde0153..3e21f2f45878 100644 --- a/contrib/completions/bash/oadm +++ b/contrib/completions/bash/oadm @@ -3875,6 +3875,151 @@ _oadm_policy_remove-user() noun_aliases=() } +_oadm_policy_review() +{ + last_command="oadm_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_oadm_policy_subject-review() +{ + last_command="oadm_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _oadm_policy_who-can() { last_command="oadm_policy_who-can" @@ -3942,6 +4087,8 @@ _oadm_policy() commands+=("remove-scc-from-group") commands+=("remove-scc-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() diff --git a/contrib/completions/bash/oc b/contrib/completions/bash/oc index 9603f532dece..3070e3c28e1c 100644 --- a/contrib/completions/bash/oc +++ b/contrib/completions/bash/oc @@ -3933,6 +3933,149 @@ _oc_adm_policy_remove-user() noun_aliases=() } +_oc_adm_policy_review() +{ + last_command="oc_adm_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_oc_adm_policy_subject-review() +{ + last_command="oc_adm_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _oc_adm_policy_who-can() { last_command="oc_adm_policy_who-can" @@ -3999,6 +4142,8 @@ _oc_adm_policy() commands+=("remove-scc-from-group") commands+=("remove-scc-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() @@ -5065,6 +5210,9 @@ _oc_annotate() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -5156,6 +5304,9 @@ _oc_annotate() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -8519,6 +8670,9 @@ _oc_delete() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -8610,6 +8764,9 @@ _oc_delete() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -8969,6 +9126,9 @@ _oc_edit() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -9060,6 +9220,9 @@ _oc_edit() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -9802,6 +9965,9 @@ _oc_get() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -9893,6 +10059,9 @@ _oc_get() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -10339,6 +10508,9 @@ _oc_label() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -10430,6 +10602,9 @@ _oc_label() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -11122,6 +11297,9 @@ _oc_patch() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -11213,6 +11391,9 @@ _oc_patch() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -11576,6 +11757,149 @@ _oc_policy_remove-user() noun_aliases=() } +_oc_policy_review() +{ + last_command="oc_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_oc_policy_subject-review() +{ + last_command="oc_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _oc_policy_who-can() { last_command="oc_policy_who-can" @@ -11632,6 +11956,8 @@ _oc_policy() commands+=("remove-role-from-group") commands+=("remove-role-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() diff --git a/contrib/completions/bash/openshift b/contrib/completions/bash/openshift index ba39d4c3887c..3e417720e356 100644 --- a/contrib/completions/bash/openshift +++ b/contrib/completions/bash/openshift @@ -3875,6 +3875,151 @@ _openshift_admin_policy_remove-user() noun_aliases=() } +_openshift_admin_policy_review() +{ + last_command="openshift_admin_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_openshift_admin_policy_subject-review() +{ + last_command="openshift_admin_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _openshift_admin_policy_who-can() { last_command="openshift_admin_policy_who-can" @@ -3942,6 +4087,8 @@ _openshift_admin_policy() commands+=("remove-scc-from-group") commands+=("remove-scc-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() @@ -8530,6 +8677,151 @@ _openshift_cli_adm_policy_remove-user() noun_aliases=() } +_openshift_cli_adm_policy_review() +{ + last_command="openshift_cli_adm_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_openshift_cli_adm_policy_subject-review() +{ + last_command="openshift_cli_adm_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _openshift_cli_adm_policy_who-can() { last_command="openshift_cli_adm_policy_who-can" @@ -8597,6 +8889,8 @@ _openshift_cli_adm_policy() commands+=("remove-scc-from-group") commands+=("remove-scc-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() @@ -9680,6 +9974,9 @@ _openshift_cli_annotate() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -9771,6 +10068,9 @@ _openshift_cli_annotate() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -13185,6 +13485,9 @@ _openshift_cli_delete() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -13276,6 +13579,9 @@ _openshift_cli_delete() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -13638,6 +13944,9 @@ _openshift_cli_edit() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -13729,6 +14038,9 @@ _openshift_cli_edit() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -14480,6 +14792,9 @@ _openshift_cli_get() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -14571,6 +14886,9 @@ _openshift_cli_get() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -15023,6 +15341,9 @@ _openshift_cli_label() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -15114,6 +15435,9 @@ _openshift_cli_label() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -15815,6 +16139,9 @@ _openshift_cli_patch() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -15906,6 +16233,9 @@ _openshift_cli_patch() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -16276,6 +16606,151 @@ _openshift_cli_policy_remove-user() noun_aliases=() } +_openshift_cli_policy_review() +{ + last_command="openshift_cli_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_openshift_cli_policy_subject-review() +{ + last_command="openshift_cli_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _openshift_cli_policy_who-can() { last_command="openshift_cli_policy_who-can" @@ -16333,6 +16808,8 @@ _openshift_cli_policy() commands+=("remove-role-from-group") commands+=("remove-role-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() @@ -20958,6 +21435,9 @@ _openshift_kube_annotate() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -21049,6 +21529,9 @@ _openshift_kube_annotate() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -25494,6 +25977,9 @@ _openshift_kube_delete() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -25585,6 +26071,9 @@ _openshift_kube_delete() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -26055,6 +26544,9 @@ _openshift_kube_edit() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -26146,6 +26638,9 @@ _openshift_kube_edit() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -26717,6 +27212,9 @@ _openshift_kube_get() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -26808,6 +27306,9 @@ _openshift_kube_get() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -27019,6 +27520,9 @@ _openshift_kube_label() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -27110,6 +27614,9 @@ _openshift_kube_label() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -27600,6 +28107,9 @@ _openshift_kube_patch() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -27691,6 +28201,9 @@ _openshift_kube_patch() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") diff --git a/contrib/completions/zsh/oadm b/contrib/completions/zsh/oadm index 1b45c62d477d..021390cce97c 100644 --- a/contrib/completions/zsh/oadm +++ b/contrib/completions/zsh/oadm @@ -4023,6 +4023,151 @@ _oadm_policy_remove-user() noun_aliases=() } +_oadm_policy_review() +{ + last_command="oadm_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_oadm_policy_subject-review() +{ + last_command="oadm_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _oadm_policy_who-can() { last_command="oadm_policy_who-can" @@ -4090,6 +4235,8 @@ _oadm_policy() commands+=("remove-scc-from-group") commands+=("remove-scc-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() diff --git a/contrib/completions/zsh/oc b/contrib/completions/zsh/oc index 9abdab92ffc5..c89c0f9dece3 100644 --- a/contrib/completions/zsh/oc +++ b/contrib/completions/zsh/oc @@ -4081,6 +4081,149 @@ _oc_adm_policy_remove-user() noun_aliases=() } +_oc_adm_policy_review() +{ + last_command="oc_adm_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_oc_adm_policy_subject-review() +{ + last_command="oc_adm_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _oc_adm_policy_who-can() { last_command="oc_adm_policy_who-can" @@ -4147,6 +4290,8 @@ _oc_adm_policy() commands+=("remove-scc-from-group") commands+=("remove-scc-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() @@ -5213,6 +5358,9 @@ _oc_annotate() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -5304,6 +5452,9 @@ _oc_annotate() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -8667,6 +8818,9 @@ _oc_delete() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -8758,6 +8912,9 @@ _oc_delete() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -9117,6 +9274,9 @@ _oc_edit() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -9208,6 +9368,9 @@ _oc_edit() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -9950,6 +10113,9 @@ _oc_get() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -10041,6 +10207,9 @@ _oc_get() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -10487,6 +10656,9 @@ _oc_label() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -10578,6 +10750,9 @@ _oc_label() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -11270,6 +11445,9 @@ _oc_patch() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -11361,6 +11539,9 @@ _oc_patch() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -11724,6 +11905,149 @@ _oc_policy_remove-user() noun_aliases=() } +_oc_policy_review() +{ + last_command="oc_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_oc_policy_subject-review() +{ + last_command="oc_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _oc_policy_who-can() { last_command="oc_policy_who-can" @@ -11780,6 +12104,8 @@ _oc_policy() commands+=("remove-role-from-group") commands+=("remove-role-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() diff --git a/contrib/completions/zsh/openshift b/contrib/completions/zsh/openshift index a57f47cce4e5..15cfdcfc805e 100644 --- a/contrib/completions/zsh/openshift +++ b/contrib/completions/zsh/openshift @@ -4023,6 +4023,151 @@ _openshift_admin_policy_remove-user() noun_aliases=() } +_openshift_admin_policy_review() +{ + last_command="openshift_admin_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_openshift_admin_policy_subject-review() +{ + last_command="openshift_admin_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _openshift_admin_policy_who-can() { last_command="openshift_admin_policy_who-can" @@ -4090,6 +4235,8 @@ _openshift_admin_policy() commands+=("remove-scc-from-group") commands+=("remove-scc-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() @@ -8678,6 +8825,151 @@ _openshift_cli_adm_policy_remove-user() noun_aliases=() } +_openshift_cli_adm_policy_review() +{ + last_command="openshift_cli_adm_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_openshift_cli_adm_policy_subject-review() +{ + last_command="openshift_cli_adm_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _openshift_cli_adm_policy_who-can() { last_command="openshift_cli_adm_policy_who-can" @@ -8745,6 +9037,8 @@ _openshift_cli_adm_policy() commands+=("remove-scc-from-group") commands+=("remove-scc-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() @@ -9828,6 +10122,9 @@ _openshift_cli_annotate() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -9919,6 +10216,9 @@ _openshift_cli_annotate() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -13333,6 +13633,9 @@ _openshift_cli_delete() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -13424,6 +13727,9 @@ _openshift_cli_delete() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -13786,6 +14092,9 @@ _openshift_cli_edit() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -13877,6 +14186,9 @@ _openshift_cli_edit() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -14628,6 +14940,9 @@ _openshift_cli_get() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -14719,6 +15034,9 @@ _openshift_cli_get() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -15171,6 +15489,9 @@ _openshift_cli_label() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -15262,6 +15583,9 @@ _openshift_cli_label() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -15963,6 +16287,9 @@ _openshift_cli_patch() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -16054,6 +16381,9 @@ _openshift_cli_patch() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -16424,6 +16754,151 @@ _openshift_cli_policy_remove-user() noun_aliases=() } +_openshift_cli_policy_review() +{ + last_command="openshift_cli_policy_review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccounts=") + two_word_flags+=("-s") + local_nonpersistent_flags+=("--serviceaccounts=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + flags+=("--user=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + +_openshift_cli_policy_subject-review() +{ + last_command="openshift_cli_policy_subject-review" + commands=() + + flags=() + two_word_flags=() + local_nonpersistent_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--allow-missing-template-keys") + local_nonpersistent_flags+=("--allow-missing-template-keys") + flags+=("--filename=") + two_word_flags+=("-f") + local_nonpersistent_flags+=("--filename=") + flags+=("--groups=") + two_word_flags+=("-g") + local_nonpersistent_flags+=("--groups=") + flags+=("--no-headers") + local_nonpersistent_flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + local_nonpersistent_flags+=("--output=") + flags+=("--output-version=") + local_nonpersistent_flags+=("--output-version=") + flags+=("--serviceaccount=") + two_word_flags+=("-z") + local_nonpersistent_flags+=("--serviceaccount=") + flags+=("--show-all") + flags+=("-a") + local_nonpersistent_flags+=("--show-all") + flags+=("--show-labels") + local_nonpersistent_flags+=("--show-labels") + flags+=("--sort-by=") + local_nonpersistent_flags+=("--sort-by=") + flags+=("--template=") + flags_with_completion+=("--template") + flags_completion+=("_filedir") + local_nonpersistent_flags+=("--template=") + flags+=("--user=") + two_word_flags+=("-u") + local_nonpersistent_flags+=("--user=") + flags+=("--as=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--context=") + flags+=("--google-json-key=") + flags+=("--insecure-skip-tls-verify") + flags+=("--log-flush-frequency=") + flags+=("--loglevel=") + flags+=("--logspec=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--request-timeout=") + flags+=("--server=") + flags+=("--token=") + + must_have_one_flag=() + must_have_one_noun=() + noun_aliases=() +} + _openshift_cli_policy_who-can() { last_command="openshift_cli_policy_who-can" @@ -16481,6 +16956,8 @@ _openshift_cli_policy() commands+=("remove-role-from-group") commands+=("remove-role-from-user") commands+=("remove-user") + commands+=("review") + commands+=("subject-review") commands+=("who-can") flags=() @@ -21106,6 +21583,9 @@ _openshift_kube_annotate() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -21197,6 +21677,9 @@ _openshift_kube_annotate() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -25642,6 +26125,9 @@ _openshift_kube_delete() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -25733,6 +26219,9 @@ _openshift_kube_delete() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -26203,6 +26692,9 @@ _openshift_kube_edit() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -26294,6 +26786,9 @@ _openshift_kube_edit() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -26865,6 +27360,9 @@ _openshift_kube_get() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -26956,6 +27454,9 @@ _openshift_kube_get() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -27167,6 +27668,9 @@ _openshift_kube_label() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -27258,6 +27762,9 @@ _openshift_kube_label() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") @@ -27748,6 +28255,9 @@ _openshift_kube_patch() must_have_one_noun+=("pod") must_have_one_noun+=("poddisruptionbudget") must_have_one_noun+=("podsecuritypolicy") + must_have_one_noun+=("podsecuritypolicyreview") + must_have_one_noun+=("podsecuritypolicyselfsubjectreview") + must_have_one_noun+=("podsecuritypolicysubjectreview") must_have_one_noun+=("podtemplate") must_have_one_noun+=("policy") must_have_one_noun+=("policybinding") @@ -27839,6 +28349,9 @@ _openshift_kube_patch() noun_aliases+=("poddisruptionbudgets") noun_aliases+=("pods") noun_aliases+=("podsecuritypolicies") + noun_aliases+=("podsecuritypolicyreviews") + noun_aliases+=("podsecuritypolicyselfsubjectreviews") + noun_aliases+=("podsecuritypolicysubjectreviews") noun_aliases+=("podtemplates") noun_aliases+=("policies") noun_aliases+=("policybindings") diff --git a/docs/generated/oadm_by_example_content.adoc b/docs/generated/oadm_by_example_content.adoc index 805679d24d0e..88c8135142a0 100644 --- a/docs/generated/oadm_by_example_content.adoc +++ b/docs/generated/oadm_by_example_content.adoc @@ -579,6 +579,45 @@ Replace cluster SCCs to match the recommended bootstrap policy ==== +== oadm policy review +Checks which ServiceAccount can create a Pod + +==== + +[options="nowrap"] +---- + # Check whether ServiceAccount sa1 and sa2 can admit a Pod with TemplatePodSpec specified in my_resource.yaml + # ServiceAccount specified in myresource.yaml file is ignored + $ oadm policy review -s sa1,sa2 -f my_resource.yaml + + # Check whether ServiceAccount specified in my_resource_with_sa.yaml can admit the Pod + $ oadm policy review -f my_resource_with_sa.yaml + + # Check whether default ServiceAccount can admit the Pod, default is taken since no ServiceAccount is defined in myresource_with_no_sa.yaml + $ oadm policy review -f myresource_with_no_sa.yaml +---- +==== + + +== oadm policy subject-review +Check whether a user or a ServiceAccount can create a Pod. + +==== + +[options="nowrap"] +---- + # Check whether user bob can create a pod specified in myresource.yaml + $ oadm policy subject-review -u bob -f myresource.yaml + + # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml + $ oadm policy subject-review -u bob -g projectAdmin -f myresource.yaml + + # Check whether ServiceAccount specified in podTemplateSpec in myresourcewithsa.yaml can create the Pod + $ oadm policy subject-review -f myresourcewithsa.yaml +---- +==== + + == oadm prune builds Remove old completed and failed builds diff --git a/docs/generated/oc_by_example_content.adoc b/docs/generated/oc_by_example_content.adoc index a2f71ae585ea..c2b104779d64 100644 --- a/docs/generated/oc_by_example_content.adoc +++ b/docs/generated/oc_by_example_content.adoc @@ -579,6 +579,45 @@ Replace cluster SCCs to match the recommended bootstrap policy ==== +== oc adm policy review +Checks which ServiceAccount can create a Pod + +==== + +[options="nowrap"] +---- + # Check whether ServiceAccount sa1 and sa2 can admit a Pod with TemplatePodSpec specified in my_resource.yaml + # ServiceAccount specified in myresource.yaml file is ignored + $ oc adm policy review -s sa1,sa2 -f my_resource.yaml + + # Check whether ServiceAccount specified in my_resource_with_sa.yaml can admit the Pod + $ oc adm policy review -f my_resource_with_sa.yaml + + # Check whether default ServiceAccount can admit the Pod, default is taken since no ServiceAccount is defined in myresource_with_no_sa.yaml + $ oc adm policy review -f myresource_with_no_sa.yaml +---- +==== + + +== oc adm policy subject-review +Check whether a user or a ServiceAccount can create a Pod. + +==== + +[options="nowrap"] +---- + # Check whether user bob can create a pod specified in myresource.yaml + $ oc adm policy subject-review -u bob -f myresource.yaml + + # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml + $ oc adm policy subject-review -u bob -g projectAdmin -f myresource.yaml + + # Check whether ServiceAccount specified in podTemplateSpec in myresourcewithsa.yaml can create the Pod + $ oc adm policy subject-review -f myresourcewithsa.yaml +---- +==== + + == oc adm prune builds Remove old completed and failed builds @@ -2064,6 +2103,45 @@ Add a role to users or serviceaccounts for the current project ==== +== oc policy review +Checks which ServiceAccount can create a Pod + +==== + +[options="nowrap"] +---- + # Check whether ServiceAccount sa1 and sa2 can admit a Pod with TemplatePodSpec specified in my_resource.yaml + # ServiceAccount specified in myresource.yaml file is ignored + $ oc policy review -s sa1,sa2 -f my_resource.yaml + + # Check whether ServiceAccount specified in my_resource_with_sa.yaml can admit the Pod + $ oc policy review -f my_resource_with_sa.yaml + + # Check whether default ServiceAccount can admit the Pod, default is taken since no ServiceAccount is defined in myresource_with_no_sa.yaml + $ oc policy review -f myresource_with_no_sa.yaml +---- +==== + + +== oc policy subject-review +Check whether a user or a ServiceAccount can create a Pod. + +==== + +[options="nowrap"] +---- + # Check whether user bob can create a pod specified in myresource.yaml + $ oc policy subject-review -u bob -f myresource.yaml + + # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml + $ oc policy subject-review -u bob -g projectAdmin -f myresource.yaml + + # Check whether ServiceAccount specified in podTemplateSpec in myresourcewithsa.yaml can create the Pod + $ oc policy subject-review -f myresourcewithsa.yaml +---- +==== + + == oc port-forward Forward one or more local ports to a pod diff --git a/docs/man/man1/.files_generated_oadm b/docs/man/man1/.files_generated_oadm index bfcaadec3328..5415e20b0132 100644 --- a/docs/man/man1/.files_generated_oadm +++ b/docs/man/man1/.files_generated_oadm @@ -70,6 +70,8 @@ oadm-policy-remove-role-from-user.1 oadm-policy-remove-scc-from-group.1 oadm-policy-remove-scc-from-user.1 oadm-policy-remove-user.1 +oadm-policy-review.1 +oadm-policy-subject-review.1 oadm-policy-who-can.1 oadm-policy.1 oadm-prune-builds.1 diff --git a/docs/man/man1/.files_generated_oc b/docs/man/man1/.files_generated_oc index 1aa815983203..027014811bd7 100644 --- a/docs/man/man1/.files_generated_oc +++ b/docs/man/man1/.files_generated_oc @@ -70,6 +70,8 @@ oc-adm-policy-remove-role-from-user.1 oc-adm-policy-remove-scc-from-group.1 oc-adm-policy-remove-scc-from-user.1 oc-adm-policy-remove-user.1 +oc-adm-policy-review.1 +oc-adm-policy-subject-review.1 oc-adm-policy-who-can.1 oc-adm-policy.1 oc-adm-prune-builds.1 @@ -174,6 +176,8 @@ oc-policy-remove-group.1 oc-policy-remove-role-from-group.1 oc-policy-remove-role-from-user.1 oc-policy-remove-user.1 +oc-policy-review.1 +oc-policy-subject-review.1 oc-policy-who-can.1 oc-policy.1 oc-port-forward.1 diff --git a/docs/man/man1/.files_generated_openshift b/docs/man/man1/.files_generated_openshift index 253b79d70547..7d04bad4f2f1 100644 --- a/docs/man/man1/.files_generated_openshift +++ b/docs/man/man1/.files_generated_openshift @@ -70,6 +70,8 @@ openshift-admin-policy-remove-role-from-user.1 openshift-admin-policy-remove-scc-from-group.1 openshift-admin-policy-remove-scc-from-user.1 openshift-admin-policy-remove-user.1 +openshift-admin-policy-review.1 +openshift-admin-policy-subject-review.1 openshift-admin-policy-who-can.1 openshift-admin-policy.1 openshift-admin-prune-builds.1 @@ -159,6 +161,8 @@ openshift-cli-adm-policy-remove-role-from-user.1 openshift-cli-adm-policy-remove-scc-from-group.1 openshift-cli-adm-policy-remove-scc-from-user.1 openshift-cli-adm-policy-remove-user.1 +openshift-cli-adm-policy-review.1 +openshift-cli-adm-policy-subject-review.1 openshift-cli-adm-policy-who-can.1 openshift-cli-adm-policy.1 openshift-cli-adm-prune-builds.1 @@ -263,6 +267,8 @@ openshift-cli-policy-remove-group.1 openshift-cli-policy-remove-role-from-group.1 openshift-cli-policy-remove-role-from-user.1 openshift-cli-policy-remove-user.1 +openshift-cli-policy-review.1 +openshift-cli-policy-subject-review.1 openshift-cli-policy-who-can.1 openshift-cli-policy.1 openshift-cli-port-forward.1 diff --git a/docs/man/man1/oadm-policy-review.1 b/docs/man/man1/oadm-policy-review.1 new file mode 100644 index 000000000000..a3fc7abd9a42 --- /dev/null +++ b/docs/man/man1/oadm-policy-review.1 @@ -0,0 +1,161 @@ +.TH "OADM POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +oadm policy review \- Checks which ServiceAccount can create a Pod + + +.SH SYNOPSIS +.PP +\fBoadm policy review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Checks which ServiceAccount can create a Pod. The Pod is inferred from the PodTemplateSpec in the provided resource. If no ServiceAccount is provided the ServiceAccount specified in podTemplateSpec.spec.serviceAccountName is used, unless the podTemplateSpec.spec.serviceAccountName is empty, in which case "default" is used. If ServiceAccounts are provided the podTemplateSpec.spec.serviceAccountName is ignored. + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + file containing the resource to be checked + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-s\fP, \fB\-\-serviceaccounts\fP=[] + List of ServiceAccount names, comma separated + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=false + When printing, show all resources (default hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + +.PP +\fB\-\-user\fP="" + The name of the kubeconfig user to use + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether ServiceAccount sa1 and sa2 can admit a Pod with TemplatePodSpec specified in my\_resource.yaml + # ServiceAccount specified in myresource.yaml file is ignored + $ oadm policy review \-s sa1,sa2 \-f my\_resource.yaml + + # Check whether ServiceAccount specified in my\_resource\_with\_sa.yaml can admit the Pod + $ oadm policy review \-f my\_resource\_with\_sa.yaml + + # Check whether default ServiceAccount can admit the Pod, default is taken since no ServiceAccount is defined in myresource\_with\_no\_sa.yaml + $ oadm policy review \-f myresource\_with\_no\_sa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBoadm\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/oadm-policy-subject-review.1 b/docs/man/man1/oadm-policy-subject-review.1 new file mode 100644 index 000000000000..5a925eb9fe45 --- /dev/null +++ b/docs/man/man1/oadm-policy-subject-review.1 @@ -0,0 +1,164 @@ +.TH "OADM POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +oadm policy subject\-review \- Check whether a user or a ServiceAccount can create a Pod. + + +.SH SYNOPSIS +.PP +\fBoadm policy subject\-review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Check whether a User, ServiceAccount, Group can create a Pod. If "User" is specified but not "Group", the it is interpreted as "What if User were not member of any groups". If "User" and "Groups" are empty, then the check is performed using only the ServiceAccountName in the PodTemplateSpec + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + Filename containing resource + +.PP +\fB\-g\fP, \fB\-\-groups\fP=[] + List of groups, comma separated + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-z\fP, \fB\-\-serviceaccount\fP="" + service account in the current namespace to use as a user + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=false + When printing, show all resources (default hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + +.PP +\fB\-u\fP, \fB\-\-user\fP="" + User + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether user bob can create a pod specified in myresource.yaml + $ oadm policy subject\-review \-u bob \-f myresource.yaml + + # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml + $ oadm policy subject\-review \-u bob \-g projectAdmin \-f myresource.yaml + + # Check whether ServiceAccount specified in podTemplateSpec in myresourcewithsa.yaml can create the Pod + $ oadm policy subject\-review \-f myresourcewithsa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBoadm\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/oadm-policy.1 b/docs/man/man1/oadm-policy.1 index 3b80f6ddbb69..3bf868085344 100644 --- a/docs/man/man1/oadm-policy.1 +++ b/docs/man/man1/oadm-policy.1 @@ -94,7 +94,7 @@ To see more information on roles and policies, use the 'get' and 'describe' comm .SH SEE ALSO .PP -\fBoadm(1)\fP, \fBoadm\-policy\-add\-cluster\-role\-to\-group(1)\fP, \fBoadm\-policy\-add\-cluster\-role\-to\-user(1)\fP, \fBoadm\-policy\-add\-role\-to\-group(1)\fP, \fBoadm\-policy\-add\-role\-to\-user(1)\fP, \fBoadm\-policy\-add\-scc\-to\-group(1)\fP, \fBoadm\-policy\-add\-scc\-to\-user(1)\fP, \fBoadm\-policy\-reconcile\-cluster\-role\-bindings(1)\fP, \fBoadm\-policy\-reconcile\-cluster\-roles(1)\fP, \fBoadm\-policy\-reconcile\-sccs(1)\fP, \fBoadm\-policy\-remove\-cluster\-role\-from\-group(1)\fP, \fBoadm\-policy\-remove\-cluster\-role\-from\-user(1)\fP, \fBoadm\-policy\-remove\-group(1)\fP, \fBoadm\-policy\-remove\-role\-from\-group(1)\fP, \fBoadm\-policy\-remove\-role\-from\-user(1)\fP, \fBoadm\-policy\-remove\-scc\-from\-group(1)\fP, \fBoadm\-policy\-remove\-scc\-from\-user(1)\fP, \fBoadm\-policy\-remove\-user(1)\fP, \fBoadm\-policy\-who\-can(1)\fP, +\fBoadm(1)\fP, \fBoadm\-policy\-add\-cluster\-role\-to\-group(1)\fP, \fBoadm\-policy\-add\-cluster\-role\-to\-user(1)\fP, \fBoadm\-policy\-add\-role\-to\-group(1)\fP, \fBoadm\-policy\-add\-role\-to\-user(1)\fP, \fBoadm\-policy\-add\-scc\-to\-group(1)\fP, \fBoadm\-policy\-add\-scc\-to\-user(1)\fP, \fBoadm\-policy\-reconcile\-cluster\-role\-bindings(1)\fP, \fBoadm\-policy\-reconcile\-cluster\-roles(1)\fP, \fBoadm\-policy\-reconcile\-sccs(1)\fP, \fBoadm\-policy\-remove\-cluster\-role\-from\-group(1)\fP, \fBoadm\-policy\-remove\-cluster\-role\-from\-user(1)\fP, \fBoadm\-policy\-remove\-group(1)\fP, \fBoadm\-policy\-remove\-role\-from\-group(1)\fP, \fBoadm\-policy\-remove\-role\-from\-user(1)\fP, \fBoadm\-policy\-remove\-scc\-from\-group(1)\fP, \fBoadm\-policy\-remove\-scc\-from\-user(1)\fP, \fBoadm\-policy\-remove\-user(1)\fP, \fBoadm\-policy\-review(1)\fP, \fBoadm\-policy\-subject\-review(1)\fP, \fBoadm\-policy\-who\-can(1)\fP, .SH HISTORY diff --git a/docs/man/man1/oc-adm-policy-review.1 b/docs/man/man1/oc-adm-policy-review.1 new file mode 100644 index 000000000000..66621fe96660 --- /dev/null +++ b/docs/man/man1/oc-adm-policy-review.1 @@ -0,0 +1,161 @@ +.TH "OC ADM POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +oc adm policy review \- Checks which ServiceAccount can create a Pod + + +.SH SYNOPSIS +.PP +\fBoc adm policy review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Checks which ServiceAccount can create a Pod. The Pod is inferred from the PodTemplateSpec in the provided resource. If no ServiceAccount is provided the ServiceAccount specified in podTemplateSpec.spec.serviceAccountName is used, unless the podTemplateSpec.spec.serviceAccountName is empty, in which case "default" is used. If ServiceAccounts are provided the podTemplateSpec.spec.serviceAccountName is ignored. + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + file containing the resource to be checked + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-s\fP, \fB\-\-serviceaccounts\fP=[] + List of ServiceAccount names, comma separated + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=true + When printing, show all resources (false means hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + +.PP +\fB\-\-user\fP="" + The name of the kubeconfig user to use + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether ServiceAccount sa1 and sa2 can admit a Pod with TemplatePodSpec specified in my\_resource.yaml + # ServiceAccount specified in myresource.yaml file is ignored + $ oc adm policy review \-s sa1,sa2 \-f my\_resource.yaml + + # Check whether ServiceAccount specified in my\_resource\_with\_sa.yaml can admit the Pod + $ oc adm policy review \-f my\_resource\_with\_sa.yaml + + # Check whether default ServiceAccount can admit the Pod, default is taken since no ServiceAccount is defined in myresource\_with\_no\_sa.yaml + $ oc adm policy review \-f myresource\_with\_no\_sa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBoc\-adm\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/oc-adm-policy-subject-review.1 b/docs/man/man1/oc-adm-policy-subject-review.1 new file mode 100644 index 000000000000..c1e3df01a0e8 --- /dev/null +++ b/docs/man/man1/oc-adm-policy-subject-review.1 @@ -0,0 +1,164 @@ +.TH "OC ADM POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +oc adm policy subject\-review \- Check whether a user or a ServiceAccount can create a Pod. + + +.SH SYNOPSIS +.PP +\fBoc adm policy subject\-review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Check whether a User, ServiceAccount, Group can create a Pod. If "User" is specified but not "Group", the it is interpreted as "What if User were not member of any groups". If "User" and "Groups" are empty, then the check is performed using only the ServiceAccountName in the PodTemplateSpec + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + Filename containing resource + +.PP +\fB\-g\fP, \fB\-\-groups\fP=[] + List of groups, comma separated + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-z\fP, \fB\-\-serviceaccount\fP="" + service account in the current namespace to use as a user + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=true + When printing, show all resources (false means hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + +.PP +\fB\-u\fP, \fB\-\-user\fP="" + User + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether user bob can create a pod specified in myresource.yaml + $ oc adm policy subject\-review \-u bob \-f myresource.yaml + + # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml + $ oc adm policy subject\-review \-u bob \-g projectAdmin \-f myresource.yaml + + # Check whether ServiceAccount specified in podTemplateSpec in myresourcewithsa.yaml can create the Pod + $ oc adm policy subject\-review \-f myresourcewithsa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBoc\-adm\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/oc-adm-policy.1 b/docs/man/man1/oc-adm-policy.1 index 24031299493a..459ada40fe19 100644 --- a/docs/man/man1/oc-adm-policy.1 +++ b/docs/man/man1/oc-adm-policy.1 @@ -94,7 +94,7 @@ To see more information on roles and policies, use the 'get' and 'describe' comm .SH SEE ALSO .PP -\fBoc\-adm(1)\fP, \fBoc\-adm\-policy\-add\-cluster\-role\-to\-group(1)\fP, \fBoc\-adm\-policy\-add\-cluster\-role\-to\-user(1)\fP, \fBoc\-adm\-policy\-add\-role\-to\-group(1)\fP, \fBoc\-adm\-policy\-add\-role\-to\-user(1)\fP, \fBoc\-adm\-policy\-add\-scc\-to\-group(1)\fP, \fBoc\-adm\-policy\-add\-scc\-to\-user(1)\fP, \fBoc\-adm\-policy\-reconcile\-cluster\-role\-bindings(1)\fP, \fBoc\-adm\-policy\-reconcile\-cluster\-roles(1)\fP, \fBoc\-adm\-policy\-reconcile\-sccs(1)\fP, \fBoc\-adm\-policy\-remove\-cluster\-role\-from\-group(1)\fP, \fBoc\-adm\-policy\-remove\-cluster\-role\-from\-user(1)\fP, \fBoc\-adm\-policy\-remove\-group(1)\fP, \fBoc\-adm\-policy\-remove\-role\-from\-group(1)\fP, \fBoc\-adm\-policy\-remove\-role\-from\-user(1)\fP, \fBoc\-adm\-policy\-remove\-scc\-from\-group(1)\fP, \fBoc\-adm\-policy\-remove\-scc\-from\-user(1)\fP, \fBoc\-adm\-policy\-remove\-user(1)\fP, \fBoc\-adm\-policy\-who\-can(1)\fP, +\fBoc\-adm(1)\fP, \fBoc\-adm\-policy\-add\-cluster\-role\-to\-group(1)\fP, \fBoc\-adm\-policy\-add\-cluster\-role\-to\-user(1)\fP, \fBoc\-adm\-policy\-add\-role\-to\-group(1)\fP, \fBoc\-adm\-policy\-add\-role\-to\-user(1)\fP, \fBoc\-adm\-policy\-add\-scc\-to\-group(1)\fP, \fBoc\-adm\-policy\-add\-scc\-to\-user(1)\fP, \fBoc\-adm\-policy\-reconcile\-cluster\-role\-bindings(1)\fP, \fBoc\-adm\-policy\-reconcile\-cluster\-roles(1)\fP, \fBoc\-adm\-policy\-reconcile\-sccs(1)\fP, \fBoc\-adm\-policy\-remove\-cluster\-role\-from\-group(1)\fP, \fBoc\-adm\-policy\-remove\-cluster\-role\-from\-user(1)\fP, \fBoc\-adm\-policy\-remove\-group(1)\fP, \fBoc\-adm\-policy\-remove\-role\-from\-group(1)\fP, \fBoc\-adm\-policy\-remove\-role\-from\-user(1)\fP, \fBoc\-adm\-policy\-remove\-scc\-from\-group(1)\fP, \fBoc\-adm\-policy\-remove\-scc\-from\-user(1)\fP, \fBoc\-adm\-policy\-remove\-user(1)\fP, \fBoc\-adm\-policy\-review(1)\fP, \fBoc\-adm\-policy\-subject\-review(1)\fP, \fBoc\-adm\-policy\-who\-can(1)\fP, .SH HISTORY diff --git a/docs/man/man1/oc-policy-review.1 b/docs/man/man1/oc-policy-review.1 new file mode 100644 index 000000000000..147843a46873 --- /dev/null +++ b/docs/man/man1/oc-policy-review.1 @@ -0,0 +1,161 @@ +.TH "OC POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +oc policy review \- Checks which ServiceAccount can create a Pod + + +.SH SYNOPSIS +.PP +\fBoc policy review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Checks which ServiceAccount can create a Pod. The Pod is inferred from the PodTemplateSpec in the provided resource. If no ServiceAccount is provided the ServiceAccount specified in podTemplateSpec.spec.serviceAccountName is used, unless the podTemplateSpec.spec.serviceAccountName is empty, in which case "default" is used. If ServiceAccounts are provided the podTemplateSpec.spec.serviceAccountName is ignored. + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + file containing the resource to be checked + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-s\fP, \fB\-\-serviceaccounts\fP=[] + List of ServiceAccount names, comma separated + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=true + When printing, show all resources (false means hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + +.PP +\fB\-\-user\fP="" + The name of the kubeconfig user to use + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether ServiceAccount sa1 and sa2 can admit a Pod with TemplatePodSpec specified in my\_resource.yaml + # ServiceAccount specified in myresource.yaml file is ignored + $ oc policy review \-s sa1,sa2 \-f my\_resource.yaml + + # Check whether ServiceAccount specified in my\_resource\_with\_sa.yaml can admit the Pod + $ oc policy review \-f my\_resource\_with\_sa.yaml + + # Check whether default ServiceAccount can admit the Pod, default is taken since no ServiceAccount is defined in myresource\_with\_no\_sa.yaml + $ oc policy review \-f myresource\_with\_no\_sa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBoc\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/oc-policy-subject-review.1 b/docs/man/man1/oc-policy-subject-review.1 new file mode 100644 index 000000000000..e97cc1abc3a3 --- /dev/null +++ b/docs/man/man1/oc-policy-subject-review.1 @@ -0,0 +1,164 @@ +.TH "OC POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +oc policy subject\-review \- Check whether a user or a ServiceAccount can create a Pod. + + +.SH SYNOPSIS +.PP +\fBoc policy subject\-review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Check whether a User, ServiceAccount, Group can create a Pod. If "User" is specified but not "Group", the it is interpreted as "What if User were not member of any groups". If "User" and "Groups" are empty, then the check is performed using only the ServiceAccountName in the PodTemplateSpec + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + Filename containing resource + +.PP +\fB\-g\fP, \fB\-\-groups\fP=[] + List of groups, comma separated + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-z\fP, \fB\-\-serviceaccount\fP="" + service account in the current namespace to use as a user + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=true + When printing, show all resources (false means hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + +.PP +\fB\-u\fP, \fB\-\-user\fP="" + User + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether user bob can create a pod specified in myresource.yaml + $ oc policy subject\-review \-u bob \-f myresource.yaml + + # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml + $ oc policy subject\-review \-u bob \-g projectAdmin \-f myresource.yaml + + # Check whether ServiceAccount specified in podTemplateSpec in myresourcewithsa.yaml can create the Pod + $ oc policy subject\-review \-f myresourcewithsa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBoc\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/oc-policy.1 b/docs/man/man1/oc-policy.1 index a25bcc39e126..f5dd9a357e70 100644 --- a/docs/man/man1/oc-policy.1 +++ b/docs/man/man1/oc-policy.1 @@ -88,7 +88,7 @@ Manage authorization policy .SH SEE ALSO .PP -\fBoc(1)\fP, \fBoc\-policy\-add\-role\-to\-group(1)\fP, \fBoc\-policy\-add\-role\-to\-user(1)\fP, \fBoc\-policy\-can\-i(1)\fP, \fBoc\-policy\-remove\-group(1)\fP, \fBoc\-policy\-remove\-role\-from\-group(1)\fP, \fBoc\-policy\-remove\-role\-from\-user(1)\fP, \fBoc\-policy\-remove\-user(1)\fP, \fBoc\-policy\-who\-can(1)\fP, +\fBoc(1)\fP, \fBoc\-policy\-add\-role\-to\-group(1)\fP, \fBoc\-policy\-add\-role\-to\-user(1)\fP, \fBoc\-policy\-can\-i(1)\fP, \fBoc\-policy\-remove\-group(1)\fP, \fBoc\-policy\-remove\-role\-from\-group(1)\fP, \fBoc\-policy\-remove\-role\-from\-user(1)\fP, \fBoc\-policy\-remove\-user(1)\fP, \fBoc\-policy\-review(1)\fP, \fBoc\-policy\-subject\-review(1)\fP, \fBoc\-policy\-who\-can(1)\fP, .SH HISTORY diff --git a/docs/man/man1/openshift-admin-policy-review.1 b/docs/man/man1/openshift-admin-policy-review.1 new file mode 100644 index 000000000000..63956eef1b0d --- /dev/null +++ b/docs/man/man1/openshift-admin-policy-review.1 @@ -0,0 +1,161 @@ +.TH "OPENSHIFT ADMIN POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +openshift admin policy review \- Checks which ServiceAccount can create a Pod + + +.SH SYNOPSIS +.PP +\fBopenshift admin policy review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Checks which ServiceAccount can create a Pod. The Pod is inferred from the PodTemplateSpec in the provided resource. If no ServiceAccount is provided the ServiceAccount specified in podTemplateSpec.spec.serviceAccountName is used, unless the podTemplateSpec.spec.serviceAccountName is empty, in which case "default" is used. If ServiceAccounts are provided the podTemplateSpec.spec.serviceAccountName is ignored. + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + file containing the resource to be checked + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-s\fP, \fB\-\-serviceaccounts\fP=[] + List of ServiceAccount names, comma separated + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=false + When printing, show all resources (default hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + +.PP +\fB\-\-user\fP="" + The name of the kubeconfig user to use + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether ServiceAccount sa1 and sa2 can admit a Pod with TemplatePodSpec specified in my\_resource.yaml + # ServiceAccount specified in myresource.yaml file is ignored + $ openshift admin policy review \-s sa1,sa2 \-f my\_resource.yaml + + # Check whether ServiceAccount specified in my\_resource\_with\_sa.yaml can admit the Pod + $ openshift admin policy review \-f my\_resource\_with\_sa.yaml + + # Check whether default ServiceAccount can admit the Pod, default is taken since no ServiceAccount is defined in myresource\_with\_no\_sa.yaml + $ openshift admin policy review \-f myresource\_with\_no\_sa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBopenshift\-admin\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/openshift-admin-policy-subject-review.1 b/docs/man/man1/openshift-admin-policy-subject-review.1 new file mode 100644 index 000000000000..eb1a358a3e88 --- /dev/null +++ b/docs/man/man1/openshift-admin-policy-subject-review.1 @@ -0,0 +1,164 @@ +.TH "OPENSHIFT ADMIN POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +openshift admin policy subject\-review \- Check whether a user or a ServiceAccount can create a Pod. + + +.SH SYNOPSIS +.PP +\fBopenshift admin policy subject\-review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Check whether a User, ServiceAccount, Group can create a Pod. If "User" is specified but not "Group", the it is interpreted as "What if User were not member of any groups". If "User" and "Groups" are empty, then the check is performed using only the ServiceAccountName in the PodTemplateSpec + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + Filename containing resource + +.PP +\fB\-g\fP, \fB\-\-groups\fP=[] + List of groups, comma separated + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-z\fP, \fB\-\-serviceaccount\fP="" + service account in the current namespace to use as a user + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=false + When printing, show all resources (default hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + +.PP +\fB\-u\fP, \fB\-\-user\fP="" + User + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether user bob can create a pod specified in myresource.yaml + $ openshift admin policy subject\-review \-u bob \-f myresource.yaml + + # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml + $ openshift admin policy subject\-review \-u bob \-g projectAdmin \-f myresource.yaml + + # Check whether ServiceAccount specified in podTemplateSpec in myresourcewithsa.yaml can create the Pod + $ openshift admin policy subject\-review \-f myresourcewithsa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBopenshift\-admin\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/openshift-admin-policy.1 b/docs/man/man1/openshift-admin-policy.1 index 48f02d0c42ca..fccba5ac9935 100644 --- a/docs/man/man1/openshift-admin-policy.1 +++ b/docs/man/man1/openshift-admin-policy.1 @@ -94,7 +94,7 @@ To see more information on roles and policies, use the 'get' and 'describe' comm .SH SEE ALSO .PP -\fBopenshift\-admin(1)\fP, \fBopenshift\-admin\-policy\-add\-cluster\-role\-to\-group(1)\fP, \fBopenshift\-admin\-policy\-add\-cluster\-role\-to\-user(1)\fP, \fBopenshift\-admin\-policy\-add\-role\-to\-group(1)\fP, \fBopenshift\-admin\-policy\-add\-role\-to\-user(1)\fP, \fBopenshift\-admin\-policy\-add\-scc\-to\-group(1)\fP, \fBopenshift\-admin\-policy\-add\-scc\-to\-user(1)\fP, \fBopenshift\-admin\-policy\-reconcile\-cluster\-role\-bindings(1)\fP, \fBopenshift\-admin\-policy\-reconcile\-cluster\-roles(1)\fP, \fBopenshift\-admin\-policy\-reconcile\-sccs(1)\fP, \fBopenshift\-admin\-policy\-remove\-cluster\-role\-from\-group(1)\fP, \fBopenshift\-admin\-policy\-remove\-cluster\-role\-from\-user(1)\fP, \fBopenshift\-admin\-policy\-remove\-group(1)\fP, \fBopenshift\-admin\-policy\-remove\-role\-from\-group(1)\fP, \fBopenshift\-admin\-policy\-remove\-role\-from\-user(1)\fP, \fBopenshift\-admin\-policy\-remove\-scc\-from\-group(1)\fP, \fBopenshift\-admin\-policy\-remove\-scc\-from\-user(1)\fP, \fBopenshift\-admin\-policy\-remove\-user(1)\fP, \fBopenshift\-admin\-policy\-who\-can(1)\fP, +\fBopenshift\-admin(1)\fP, \fBopenshift\-admin\-policy\-add\-cluster\-role\-to\-group(1)\fP, \fBopenshift\-admin\-policy\-add\-cluster\-role\-to\-user(1)\fP, \fBopenshift\-admin\-policy\-add\-role\-to\-group(1)\fP, \fBopenshift\-admin\-policy\-add\-role\-to\-user(1)\fP, \fBopenshift\-admin\-policy\-add\-scc\-to\-group(1)\fP, \fBopenshift\-admin\-policy\-add\-scc\-to\-user(1)\fP, \fBopenshift\-admin\-policy\-reconcile\-cluster\-role\-bindings(1)\fP, \fBopenshift\-admin\-policy\-reconcile\-cluster\-roles(1)\fP, \fBopenshift\-admin\-policy\-reconcile\-sccs(1)\fP, \fBopenshift\-admin\-policy\-remove\-cluster\-role\-from\-group(1)\fP, \fBopenshift\-admin\-policy\-remove\-cluster\-role\-from\-user(1)\fP, \fBopenshift\-admin\-policy\-remove\-group(1)\fP, \fBopenshift\-admin\-policy\-remove\-role\-from\-group(1)\fP, \fBopenshift\-admin\-policy\-remove\-role\-from\-user(1)\fP, \fBopenshift\-admin\-policy\-remove\-scc\-from\-group(1)\fP, \fBopenshift\-admin\-policy\-remove\-scc\-from\-user(1)\fP, \fBopenshift\-admin\-policy\-remove\-user(1)\fP, \fBopenshift\-admin\-policy\-review(1)\fP, \fBopenshift\-admin\-policy\-subject\-review(1)\fP, \fBopenshift\-admin\-policy\-who\-can(1)\fP, .SH HISTORY diff --git a/docs/man/man1/openshift-cli-adm-policy-review.1 b/docs/man/man1/openshift-cli-adm-policy-review.1 new file mode 100644 index 000000000000..604eb5bcd30f --- /dev/null +++ b/docs/man/man1/openshift-cli-adm-policy-review.1 @@ -0,0 +1,161 @@ +.TH "OPENSHIFT CLI ADM POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +openshift cli adm policy review \- Checks which ServiceAccount can create a Pod + + +.SH SYNOPSIS +.PP +\fBopenshift cli adm policy review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Checks which ServiceAccount can create a Pod. The Pod is inferred from the PodTemplateSpec in the provided resource. If no ServiceAccount is provided the ServiceAccount specified in podTemplateSpec.spec.serviceAccountName is used, unless the podTemplateSpec.spec.serviceAccountName is empty, in which case "default" is used. If ServiceAccounts are provided the podTemplateSpec.spec.serviceAccountName is ignored. + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + file containing the resource to be checked + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-s\fP, \fB\-\-serviceaccounts\fP=[] + List of ServiceAccount names, comma separated + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=true + When printing, show all resources (false means hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + +.PP +\fB\-\-user\fP="" + The name of the kubeconfig user to use + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether ServiceAccount sa1 and sa2 can admit a Pod with TemplatePodSpec specified in my\_resource.yaml + # ServiceAccount specified in myresource.yaml file is ignored + $ openshift cli adm policy review \-s sa1,sa2 \-f my\_resource.yaml + + # Check whether ServiceAccount specified in my\_resource\_with\_sa.yaml can admit the Pod + $ openshift cli adm policy review \-f my\_resource\_with\_sa.yaml + + # Check whether default ServiceAccount can admit the Pod, default is taken since no ServiceAccount is defined in myresource\_with\_no\_sa.yaml + $ openshift cli adm policy review \-f myresource\_with\_no\_sa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBopenshift\-cli\-adm\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/openshift-cli-adm-policy-subject-review.1 b/docs/man/man1/openshift-cli-adm-policy-subject-review.1 new file mode 100644 index 000000000000..5ea7b578bb94 --- /dev/null +++ b/docs/man/man1/openshift-cli-adm-policy-subject-review.1 @@ -0,0 +1,164 @@ +.TH "OPENSHIFT CLI ADM POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +openshift cli adm policy subject\-review \- Check whether a user or a ServiceAccount can create a Pod. + + +.SH SYNOPSIS +.PP +\fBopenshift cli adm policy subject\-review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Check whether a User, ServiceAccount, Group can create a Pod. If "User" is specified but not "Group", the it is interpreted as "What if User were not member of any groups". If "User" and "Groups" are empty, then the check is performed using only the ServiceAccountName in the PodTemplateSpec + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + Filename containing resource + +.PP +\fB\-g\fP, \fB\-\-groups\fP=[] + List of groups, comma separated + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-z\fP, \fB\-\-serviceaccount\fP="" + service account in the current namespace to use as a user + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=true + When printing, show all resources (false means hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + +.PP +\fB\-u\fP, \fB\-\-user\fP="" + User + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether user bob can create a pod specified in myresource.yaml + $ openshift cli adm policy subject\-review \-u bob \-f myresource.yaml + + # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml + $ openshift cli adm policy subject\-review \-u bob \-g projectAdmin \-f myresource.yaml + + # Check whether ServiceAccount specified in podTemplateSpec in myresourcewithsa.yaml can create the Pod + $ openshift cli adm policy subject\-review \-f myresourcewithsa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBopenshift\-cli\-adm\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/openshift-cli-adm-policy.1 b/docs/man/man1/openshift-cli-adm-policy.1 index 7251d61e1f0f..0efba04d15e1 100644 --- a/docs/man/man1/openshift-cli-adm-policy.1 +++ b/docs/man/man1/openshift-cli-adm-policy.1 @@ -94,7 +94,7 @@ To see more information on roles and policies, use the 'get' and 'describe' comm .SH SEE ALSO .PP -\fBopenshift\-cli\-adm(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-cluster\-role\-to\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-cluster\-role\-to\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-role\-to\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-role\-to\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-scc\-to\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-scc\-to\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-reconcile\-cluster\-role\-bindings(1)\fP, \fBopenshift\-cli\-adm\-policy\-reconcile\-cluster\-roles(1)\fP, \fBopenshift\-cli\-adm\-policy\-reconcile\-sccs(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-cluster\-role\-from\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-cluster\-role\-from\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-role\-from\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-role\-from\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-scc\-from\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-scc\-from\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-who\-can(1)\fP, +\fBopenshift\-cli\-adm(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-cluster\-role\-to\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-cluster\-role\-to\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-role\-to\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-role\-to\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-scc\-to\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-add\-scc\-to\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-reconcile\-cluster\-role\-bindings(1)\fP, \fBopenshift\-cli\-adm\-policy\-reconcile\-cluster\-roles(1)\fP, \fBopenshift\-cli\-adm\-policy\-reconcile\-sccs(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-cluster\-role\-from\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-cluster\-role\-from\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-role\-from\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-role\-from\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-scc\-from\-group(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-scc\-from\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-remove\-user(1)\fP, \fBopenshift\-cli\-adm\-policy\-review(1)\fP, \fBopenshift\-cli\-adm\-policy\-subject\-review(1)\fP, \fBopenshift\-cli\-adm\-policy\-who\-can(1)\fP, .SH HISTORY diff --git a/docs/man/man1/openshift-cli-policy-review.1 b/docs/man/man1/openshift-cli-policy-review.1 new file mode 100644 index 000000000000..7f2e5c3410fd --- /dev/null +++ b/docs/man/man1/openshift-cli-policy-review.1 @@ -0,0 +1,161 @@ +.TH "OPENSHIFT CLI POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +openshift cli policy review \- Checks which ServiceAccount can create a Pod + + +.SH SYNOPSIS +.PP +\fBopenshift cli policy review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Checks which ServiceAccount can create a Pod. The Pod is inferred from the PodTemplateSpec in the provided resource. If no ServiceAccount is provided the ServiceAccount specified in podTemplateSpec.spec.serviceAccountName is used, unless the podTemplateSpec.spec.serviceAccountName is empty, in which case "default" is used. If ServiceAccounts are provided the podTemplateSpec.spec.serviceAccountName is ignored. + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + file containing the resource to be checked + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-s\fP, \fB\-\-serviceaccounts\fP=[] + List of ServiceAccount names, comma separated + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=true + When printing, show all resources (false means hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + +.PP +\fB\-\-user\fP="" + The name of the kubeconfig user to use + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether ServiceAccount sa1 and sa2 can admit a Pod with TemplatePodSpec specified in my\_resource.yaml + # ServiceAccount specified in myresource.yaml file is ignored + $ openshift cli policy review \-s sa1,sa2 \-f my\_resource.yaml + + # Check whether ServiceAccount specified in my\_resource\_with\_sa.yaml can admit the Pod + $ openshift cli policy review \-f my\_resource\_with\_sa.yaml + + # Check whether default ServiceAccount can admit the Pod, default is taken since no ServiceAccount is defined in myresource\_with\_no\_sa.yaml + $ openshift cli policy review \-f myresource\_with\_no\_sa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBopenshift\-cli\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/openshift-cli-policy-subject-review.1 b/docs/man/man1/openshift-cli-policy-subject-review.1 new file mode 100644 index 000000000000..bd57ba2bd25c --- /dev/null +++ b/docs/man/man1/openshift-cli-policy-subject-review.1 @@ -0,0 +1,164 @@ +.TH "OPENSHIFT CLI POLICY" "1" " Openshift CLI User Manuals" "Openshift" "June 2016" "" + + +.SH NAME +.PP +openshift cli policy subject\-review \- Check whether a user or a ServiceAccount can create a Pod. + + +.SH SYNOPSIS +.PP +\fBopenshift cli policy subject\-review\fP [OPTIONS] + + +.SH DESCRIPTION +.PP +Check whether a User, ServiceAccount, Group can create a Pod. If "User" is specified but not "Group", the it is interpreted as "What if User were not member of any groups". If "User" and "Groups" are empty, then the check is performed using only the ServiceAccountName in the PodTemplateSpec + + +.SH OPTIONS +.PP +\fB\-\-allow\-missing\-template\-keys\fP=true + If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats. + +.PP +\fB\-f\fP, \fB\-\-filename\fP="" + Filename containing resource + +.PP +\fB\-g\fP, \fB\-\-groups\fP=[] + List of groups, comma separated + +.PP +\fB\-\-no\-headers\fP=false + When using the default or custom\-column output format, don't print headers. + +.PP +\fB\-o\fP, \fB\-\-output\fP="" + Output format. One of: json|yaml|wide|name|custom\-columns=...|custom\-columns\-file=...|go\-template=...|go\-template\-file=...|jsonpath=...|jsonpath\-file=... See custom columns [ +\[la]http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns\[ra]], golang template [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]] and jsonpath template [ +\[la]http://kubernetes.io/docs/user-guide/jsonpath\[ra]]. + +.PP +\fB\-\-output\-version\fP="" + Output the formatted object with the given group version (for ex: 'extensions/v1beta1'). + +.PP +\fB\-z\fP, \fB\-\-serviceaccount\fP="" + service account in the current namespace to use as a user + +.PP +\fB\-a\fP, \fB\-\-show\-all\fP=true + When printing, show all resources (false means hide terminated pods.) + +.PP +\fB\-\-show\-labels\fP=false + When printing, show all labels as the last column (default hide labels column) + +.PP +\fB\-\-sort\-by\fP="" + If non\-empty, sort list types using this field specification. The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression must be an integer or a string. + +.PP +\fB\-\-template\fP="" + Template string or path to template file to use when \-o=go\-template, \-o=go\-template\-file. The template format is golang templates [ +\[la]http://golang.org/pkg/text/template/#pkg-overview\[ra]]. + +.PP +\fB\-u\fP, \fB\-\-user\fP="" + User + + +.SH OPTIONS INHERITED FROM PARENT COMMANDS +.PP +\fB\-\-api\-version\fP="" + DEPRECATED: The API version to use when talking to the server + +.PP +\fB\-\-as\fP="" + Username to impersonate for the operation + +.PP +\fB\-\-certificate\-authority\fP="" + Path to a cert. file for the certificate authority + +.PP +\fB\-\-client\-certificate\fP="" + Path to a client certificate file for TLS + +.PP +\fB\-\-client\-key\fP="" + Path to a client key file for TLS + +.PP +\fB\-\-cluster\fP="" + The name of the kubeconfig cluster to use + +.PP +\fB\-\-config\fP="" + Path to the config file to use for CLI requests. + +.PP +\fB\-\-context\fP="" + The name of the kubeconfig context to use + +.PP +\fB\-\-google\-json\-key\fP="" + The Google Cloud Platform Service Account JSON Key to use for authentication. + +.PP +\fB\-\-insecure\-skip\-tls\-verify\fP=false + If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure + +.PP +\fB\-\-log\-flush\-frequency\fP=0 + Maximum number of seconds between log flushes + +.PP +\fB\-\-match\-server\-version\fP=false + Require server version to match client version + +.PP +\fB\-n\fP, \fB\-\-namespace\fP="" + If present, the namespace scope for this CLI request + +.PP +\fB\-\-request\-timeout\fP="0" + The length of time to wait before giving up on a single server request. Non\-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. + +.PP +\fB\-\-server\fP="" + The address and port of the Kubernetes API server + +.PP +\fB\-\-token\fP="" + Bearer token for authentication to the API server + + +.SH EXAMPLE +.PP +.RS + +.nf + # Check whether user bob can create a pod specified in myresource.yaml + $ openshift cli policy subject\-review \-u bob \-f myresource.yaml + + # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml + $ openshift cli policy subject\-review \-u bob \-g projectAdmin \-f myresource.yaml + + # Check whether ServiceAccount specified in podTemplateSpec in myresourcewithsa.yaml can create the Pod + $ openshift cli policy subject\-review \-f myresourcewithsa.yaml + +.fi +.RE + + +.SH SEE ALSO +.PP +\fBopenshift\-cli\-policy(1)\fP, + + +.SH HISTORY +.PP +June 2016, Ported from the Kubernetes man\-doc generator diff --git a/docs/man/man1/openshift-cli-policy.1 b/docs/man/man1/openshift-cli-policy.1 index e5a92ff8aa9b..4652da50774b 100644 --- a/docs/man/man1/openshift-cli-policy.1 +++ b/docs/man/man1/openshift-cli-policy.1 @@ -88,7 +88,7 @@ Manage authorization policy .SH SEE ALSO .PP -\fBopenshift\-cli(1)\fP, \fBopenshift\-cli\-policy\-add\-role\-to\-group(1)\fP, \fBopenshift\-cli\-policy\-add\-role\-to\-user(1)\fP, \fBopenshift\-cli\-policy\-can\-i(1)\fP, \fBopenshift\-cli\-policy\-remove\-group(1)\fP, \fBopenshift\-cli\-policy\-remove\-role\-from\-group(1)\fP, \fBopenshift\-cli\-policy\-remove\-role\-from\-user(1)\fP, \fBopenshift\-cli\-policy\-remove\-user(1)\fP, \fBopenshift\-cli\-policy\-who\-can(1)\fP, +\fBopenshift\-cli(1)\fP, \fBopenshift\-cli\-policy\-add\-role\-to\-group(1)\fP, \fBopenshift\-cli\-policy\-add\-role\-to\-user(1)\fP, \fBopenshift\-cli\-policy\-can\-i(1)\fP, \fBopenshift\-cli\-policy\-remove\-group(1)\fP, \fBopenshift\-cli\-policy\-remove\-role\-from\-group(1)\fP, \fBopenshift\-cli\-policy\-remove\-role\-from\-user(1)\fP, \fBopenshift\-cli\-policy\-remove\-user(1)\fP, \fBopenshift\-cli\-policy\-review(1)\fP, \fBopenshift\-cli\-policy\-subject\-review(1)\fP, \fBopenshift\-cli\-policy\-who\-can(1)\fP, .SH HISTORY