k8s_openapi/v1_35/api/authorization/v1/
label_selector_attributes.rs1#[derive(Clone, Debug, Default, PartialEq)]
5pub struct LabelSelectorAttributes {
6 pub raw_selector: Option<std::string::String>,
8
9 pub requirements: Option<std::vec::Vec<crate::apimachinery::pkg::apis::meta::v1::LabelSelectorRequirement>>,
11}
12
13impl crate::DeepMerge for LabelSelectorAttributes {
14 fn merge_from(&mut self, other: Self) {
15 crate::DeepMerge::merge_from(&mut self.raw_selector, other.raw_selector);
16 crate::merge_strategies::list::atomic(&mut self.requirements, other.requirements);
17 }
18}
19
20impl<'de> crate::serde::Deserialize<'de> for LabelSelectorAttributes {
21 fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
22 #[allow(non_camel_case_types)]
23 enum Field {
24 Key_raw_selector,
25 Key_requirements,
26 Other,
27 }
28
29 impl<'de> crate::serde::Deserialize<'de> for Field {
30 fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where D: crate::serde::Deserializer<'de> {
31 struct Visitor;
32
33 impl crate::serde::de::Visitor<'_> for Visitor {
34 type Value = Field;
35
36 fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
37 f.write_str("field identifier")
38 }
39
40 fn visit_str<E>(self, v: &str) -> Result<Self::Value, E> where E: crate::serde::de::Error {
41 Ok(match v {
42 "rawSelector" => Field::Key_raw_selector,
43 "requirements" => Field::Key_requirements,
44 _ => Field::Other,
45 })
46 }
47 }
48
49 deserializer.deserialize_identifier(Visitor)
50 }
51 }
52
53 struct Visitor;
54
55 impl<'de> crate::serde::de::Visitor<'de> for Visitor {
56 type Value = LabelSelectorAttributes;
57
58 fn expecting(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
59 f.write_str("LabelSelectorAttributes")
60 }
61
62 fn visit_map<A>(self, mut map: A) -> Result<Self::Value, A::Error> where A: crate::serde::de::MapAccess<'de> {
63 let mut value_raw_selector: Option<std::string::String> = None;
64 let mut value_requirements: Option<std::vec::Vec<crate::apimachinery::pkg::apis::meta::v1::LabelSelectorRequirement>> = None;
65
66 while let Some(key) = crate::serde::de::MapAccess::next_key::<Field>(&mut map)? {
67 match key {
68 Field::Key_raw_selector => value_raw_selector = crate::serde::de::MapAccess::next_value(&mut map)?,
69 Field::Key_requirements => value_requirements = crate::serde::de::MapAccess::next_value(&mut map)?,
70 Field::Other => { let _: crate::serde::de::IgnoredAny = crate::serde::de::MapAccess::next_value(&mut map)?; },
71 }
72 }
73
74 Ok(LabelSelectorAttributes {
75 raw_selector: value_raw_selector,
76 requirements: value_requirements,
77 })
78 }
79 }
80
81 deserializer.deserialize_struct(
82 "LabelSelectorAttributes",
83 &[
84 "rawSelector",
85 "requirements",
86 ],
87 Visitor,
88 )
89 }
90}
91
92impl crate::serde::Serialize for LabelSelectorAttributes {
93 fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error> where S: crate::serde::Serializer {
94 let mut state = serializer.serialize_struct(
95 "LabelSelectorAttributes",
96 self.raw_selector.as_ref().map_or(0, |_| 1) +
97 self.requirements.as_ref().map_or(0, |_| 1),
98 )?;
99 if let Some(value) = &self.raw_selector {
100 crate::serde::ser::SerializeStruct::serialize_field(&mut state, "rawSelector", value)?;
101 }
102 if let Some(value) = &self.requirements {
103 crate::serde::ser::SerializeStruct::serialize_field(&mut state, "requirements", value)?;
104 }
105 crate::serde::ser::SerializeStruct::end(state)
106 }
107}
108
109#[cfg(feature = "schemars")]
110impl crate::schemars::JsonSchema for LabelSelectorAttributes {
111 fn schema_name() -> std::borrow::Cow<'static, str> {
112 "io.k8s.api.authorization.v1.LabelSelectorAttributes".into()
113 }
114
115 fn json_schema(__gen: &mut crate::schemars::SchemaGenerator) -> crate::schemars::Schema {
116 crate::schemars::json_schema!({
117 "description": "LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.",
118 "type": "object",
119 "properties": {
120 "rawSelector": {
121 "description": "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.",
122 "type": "string",
123 },
124 "requirements": {
125 "description": "requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.",
126 "type": "array",
127 "items": (__gen.subschema_for::<crate::apimachinery::pkg::apis::meta::v1::LabelSelectorRequirement>()),
128 },
129 },
130 })
131 }
132}