openshift
diff --git a/‎api-config.yaml
Lines changed: 9 additions & 15 deletions b/‎api-config.yaml
Lines changed: 9 additions & 15 deletions
diff --git a/‎rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc
Lines changed: 0 additions & 60 deletions b/‎rest_api/authorization_apis/localsubjectaccessreview-authorization-k8s-io-v1.adoc
Lines changed: 0 additions & 60 deletions
diff --git a/‎rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc
Lines changed: 0 additions & 60 deletions b/‎rest_api/authorization_apis/selfsubjectaccessreview-authorization-k8s-io-v1.adoc
Lines changed: 0 additions & 60 deletions
diff --git a/‎rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc
Lines changed: 0 additions & 60 deletions b/‎rest_api/authorization_apis/subjectaccessreview-authorization-k8s-io-v1.adoc
Lines changed: 0 additions & 60 deletions
@@ -458,9 +458,6 @@ apiMap:
   - kind: NetworkPolicy
     group: networking.k8s.io
     version: v1
-  - kind: NodeSlicePool
-    group: whereabouts.cni.cncf.io
-    version: v1alpha1
   - kind: OverlappingRangeIPReservation
     group: whereabouts.cni.cncf.io
     version: v1alpha1
@@ -602,21 +599,21 @@ apiMap:
   - kind: CatalogSource
     group: operators.coreos.com
     version: v1alpha1
-  - kind: ClusterCatalog
-    group: olm.operatorframework.io
-    version: v1
-  - kind: ClusterExtension
-    group: olm.operatorframework.io
-    version: v1
+#  - kind: ClusterCatalog
+#    group: catalogd.operatorframework.io
+#    version: v1alpha1
+#  - kind: ClusterExtension
+#    group: olm.operatorframework.io
+#    version: v1alpha1
   - kind: ClusterServiceVersion
     group: operators.coreos.com
     version: v1alpha1
   - kind: InstallPlan
     group: operators.coreos.com
     version: v1alpha1
-  - kind: OLM
-    group: operator.openshift.io
-    version: v1
+#  - kind: OLM
+#    group: operator.openshift.io
+#    version: v1alpha1
   - kind: OLMConfig
     group: operators.coreos.com
     version: v1
@@ -680,9 +677,6 @@ apiMap:
   - kind: HostFirmwareSettings
     group: metal3.io
     version: v1alpha1
-  - kind: HostUpdatePolicy
-    group: metal3.io
-    version: v1alpha1
   - kind: Metal3Remediation
     group: infrastructure.cluster.x-k8s.io
     version: v1beta1
 
@@ -150,18 +150,10 @@ Type::
 |===
 | Property | Type | Description
 
-| `fieldSelector`
-| `object`
-| FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
-
 | `group`
 | `string`
 | Group is the API Group of the Resource.  "*" means all.
 
-| `labelSelector`
-| `object`
-| LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
-
 | `name`
 | `string`
 | Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
@@ -186,58 +178,6 @@ Type::
 | `string`
 | Version is the API Version of the Resource.  "*" means all.
 
-|===
-=== .spec.resourceAttributes.fieldSelector
-Description::
-+
---
-FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `rawSelector`
-| `string`
-| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
-
-| `requirements`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-FieldSelectorRequirement[`array (FieldSelectorRequirement)`]
-| requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
-
-|===
-=== .spec.resourceAttributes.labelSelector
-Description::
-+
---
-LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `rawSelector`
-| `string`
-| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
-
-| `requirements`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelectorRequirement[`array (LabelSelectorRequirement)`]
-| requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
-
 |===
 === .status
 Description::
 
@@ -117,18 +117,10 @@ Type::
 |===
 | Property | Type | Description
 
-| `fieldSelector`
-| `object`
-| FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
-
 | `group`
 | `string`
 | Group is the API Group of the Resource.  "*" means all.
 
-| `labelSelector`
-| `object`
-| LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
-
 | `name`
 | `string`
 | Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
@@ -153,58 +145,6 @@ Type::
 | `string`
 | Version is the API Version of the Resource.  "*" means all.
 
-|===
-=== .spec.resourceAttributes.fieldSelector
-Description::
-+
---
-FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `rawSelector`
-| `string`
-| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
-
-| `requirements`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-FieldSelectorRequirement[`array (FieldSelectorRequirement)`]
-| requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
-
-|===
-=== .spec.resourceAttributes.labelSelector
-Description::
-+
---
-LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `rawSelector`
-| `string`
-| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
-
-| `requirements`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelectorRequirement[`array (LabelSelectorRequirement)`]
-| requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
-
 |===
 === .status
 Description::
 
@@ -150,18 +150,10 @@ Type::
 |===
 | Property | Type | Description
 
-| `fieldSelector`
-| `object`
-| FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
-
 | `group`
 | `string`
 | Group is the API Group of the Resource.  "*" means all.
 
-| `labelSelector`
-| `object`
-| LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
-
 | `name`
 | `string`
 | Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
@@ -186,58 +178,6 @@ Type::
 | `string`
 | Version is the API Version of the Resource.  "*" means all.
 
-|===
-=== .spec.resourceAttributes.fieldSelector
-Description::
-+
---
-FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `rawSelector`
-| `string`
-| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
-
-| `requirements`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-FieldSelectorRequirement[`array (FieldSelectorRequirement)`]
-| requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
-
-|===
-=== .spec.resourceAttributes.labelSelector
-Description::
-+
---
-LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.
---
-
-Type::
-  `object`
-
-
-
-
-[cols="1,1,1",options="header"]
-|===
-| Property | Type | Description
-
-| `rawSelector`
-| `string`
-| rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.
-
-| `requirements`
-| xref:../objects/index.adoc#io-k8s-apimachinery-pkg-apis-meta-v1-LabelSelectorRequirement[`array (LabelSelectorRequirement)`]
-| requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.
-
 |===
 === .status
 Description::