Merge pull request #41755 from liggitt/cert-user-extra

Automatic merge from submit-queue Include all user.Info data in CSR object In order to use authorization checks to auto-approve CSRs in the future, we need all the info from the user.Info interface. This mirrors the API fields in the TokenReview API used to return user info, and in the SubjectAccessReview API we use to check authorization. ```release-note The CertificateSigningRequest API added the `extra` field to persist all information about the requesting user. This mirrors the fields in the SubjectAccessReview API used to check authorization. ```
2025-11-01 18:58:18 +00:00 · 2017-02-23 02:24:32 -08:00
parent 567595f550 893928c194
commit 713919990e
17 changed files with 910 additions and 1314 deletions
--- a/pkg/generated/openapi/zz_generated.openapi.go
+++ b/pkg/generated/openapi/zz_generated.openapi.go
@@ -12085,7 +12085,7 @@ func GetOpenAPIDefinitions(ref openapi.ReferenceCallback) map[string]openapi.Ope
 		"k8s.io/kubernetes/pkg/apis/certificates/v1beta1.CertificateSigningRequestSpec": {
 			Schema: spec.Schema{
 				SchemaProps: spec.SchemaProps{
-					Description: "This information is immutable after the request is created. Only the Request and ExtraInfo fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.",
+					Description: "This information is immutable after the request is created. Only the Request and Usages fields can be set on creation, other fields are derived by Kubernetes and cannot be modified by users.",
 					Properties: map[string]spec.Schema{
 						"request": {
 							SchemaProps: spec.SchemaProps{
@@ -12110,20 +12110,22 @@ func GetOpenAPIDefinitions(ref openapi.ReferenceCallback) map[string]openapi.Ope
 						},
 						"username": {
 							SchemaProps: spec.SchemaProps{
-								Description: "Information about the requesting user (if relevant) See user.Info interface for details",
+								Description: "Information about the requesting user. See user.Info interface for details.",
 								Type:        []string{"string"},
 								Format:      "",
 							},
 						},
 						"uid": {
 							SchemaProps: spec.SchemaProps{
-								Type:   []string{"string"},
-								Format: "",
+								Description: "UID information about the requesting user. See user.Info interface for details.",
+								Type:        []string{"string"},
+								Format:      "",
 							},
 						},
 						"groups": {
 							SchemaProps: spec.SchemaProps{
-								Type: []string{"array"},
+								Description: "Group information about the requesting user. See user.Info interface for details.",
+								Type:        []string{"array"},
 								Items: &spec.SchemaOrArray{
 									Schema: &spec.Schema{
 										SchemaProps: spec.SchemaProps{
@@ -12134,6 +12136,27 @@ func GetOpenAPIDefinitions(ref openapi.ReferenceCallback) map[string]openapi.Ope
 								},
 							},
 						},
+						"extra": {
+							SchemaProps: spec.SchemaProps{
+								Description: "Extra information about the requesting user. See user.Info interface for details.",
+								Type:        []string{"object"},
+								AdditionalProperties: &spec.SchemaOrBool{
+									Schema: &spec.Schema{
+										SchemaProps: spec.SchemaProps{
+											Type: []string{"array"},
+											Items: &spec.SchemaOrArray{
+												Schema: &spec.Schema{
+													SchemaProps: spec.SchemaProps{
+														Type:   []string{"string"},
+														Format: "",
+													},
+												},
+											},
+										},
+									},
+								},
+							},
+						},
 					},
 					Required: []string{"request"},
 				},