From 3f8d6e921065ea7e11922b4db3d3542740b40ef7 Mon Sep 17 00:00:00 2001 From: p0lyn0mial Date: Thu, 18 May 2017 22:25:01 +0200 Subject: [PATCH] Change all the existing admission init blocks to call a Register function this is a two stage refactor when done there will be no init block in admission plugins. Instead all plugins expose Register function which accept admission.Plugins instance. The registration to global plugin registry happens inside Register func. --- plugin/pkg/admission/admit/admission.go | 7 ++++++- plugin/pkg/admission/alwayspullimages/admission.go | 7 ++++++- plugin/pkg/admission/antiaffinity/admission.go | 7 ++++++- .../pkg/admission/defaulttolerationseconds/admission.go | 7 ++++++- plugin/pkg/admission/deny/admission.go | 7 ++++++- plugin/pkg/admission/exec/admission.go | 9 +++++++-- plugin/pkg/admission/gc/gc_admission.go | 7 ++++++- plugin/pkg/admission/imagepolicy/admission.go | 7 ++++++- plugin/pkg/admission/initialresources/admission.go | 7 ++++++- plugin/pkg/admission/limitranger/admission.go | 7 ++++++- .../pkg/admission/namespace/autoprovision/admission.go | 7 ++++++- plugin/pkg/admission/namespace/exists/admission.go | 7 ++++++- plugin/pkg/admission/namespace/lifecycle/admission.go | 7 ++++++- plugin/pkg/admission/persistentvolume/label/admission.go | 7 ++++++- plugin/pkg/admission/podnodeselector/admission.go | 7 ++++++- plugin/pkg/admission/podpreset/admission.go | 7 ++++++- .../pkg/admission/podtolerationrestriction/admission.go | 5 +++++ plugin/pkg/admission/resourcequota/admission.go | 7 ++++++- .../admission/security/podsecuritypolicy/admission.go | 7 ++++++- plugin/pkg/admission/securitycontext/scdeny/admission.go | 7 ++++++- plugin/pkg/admission/serviceaccount/admission.go | 7 ++++++- plugin/pkg/admission/storageclass/default/admission.go | 7 ++++++- 22 files changed, 132 insertions(+), 22 deletions(-) diff --git a/plugin/pkg/admission/admit/admission.go b/plugin/pkg/admission/admit/admission.go index 2fce351fd45..7899e2d32fa 100644 --- a/plugin/pkg/admission/admit/admission.go +++ b/plugin/pkg/admission/admit/admission.go @@ -24,7 +24,12 @@ import ( ) func init() { - kubeapiserveradmission.Plugins.Register("AlwaysAdmit", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("AlwaysAdmit", func(config io.Reader) (admission.Interface, error) { return NewAlwaysAdmit(), nil }) } diff --git a/plugin/pkg/admission/alwayspullimages/admission.go b/plugin/pkg/admission/alwayspullimages/admission.go index 437d71ea2ba..8b0172eaa28 100644 --- a/plugin/pkg/admission/alwayspullimages/admission.go +++ b/plugin/pkg/admission/alwayspullimages/admission.go @@ -34,7 +34,12 @@ import ( ) func init() { - kubeapiserveradmission.Plugins.Register("AlwaysPullImages", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("AlwaysPullImages", func(config io.Reader) (admission.Interface, error) { return NewAlwaysPullImages(), nil }) } diff --git a/plugin/pkg/admission/antiaffinity/admission.go b/plugin/pkg/admission/antiaffinity/admission.go index 4ec64ef15fb..8aaf89a307f 100644 --- a/plugin/pkg/admission/antiaffinity/admission.go +++ b/plugin/pkg/admission/antiaffinity/admission.go @@ -28,7 +28,12 @@ import ( ) func init() { - kubeapiserveradmission.Plugins.Register("LimitPodHardAntiAffinityTopology", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("LimitPodHardAntiAffinityTopology", func(config io.Reader) (admission.Interface, error) { return NewInterPodAntiAffinity(), nil }) } diff --git a/plugin/pkg/admission/defaulttolerationseconds/admission.go b/plugin/pkg/admission/defaulttolerationseconds/admission.go index a0c9c16e2d1..cbd0c650efc 100644 --- a/plugin/pkg/admission/defaulttolerationseconds/admission.go +++ b/plugin/pkg/admission/defaulttolerationseconds/admission.go @@ -40,7 +40,12 @@ var ( ) func init() { - kubeapiserveradmission.Plugins.Register("DefaultTolerationSeconds", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("DefaultTolerationSeconds", func(config io.Reader) (admission.Interface, error) { return NewDefaultTolerationSeconds(), nil }) } diff --git a/plugin/pkg/admission/deny/admission.go b/plugin/pkg/admission/deny/admission.go index df8c0409116..0c127cfb6f8 100644 --- a/plugin/pkg/admission/deny/admission.go +++ b/plugin/pkg/admission/deny/admission.go @@ -25,7 +25,12 @@ import ( ) func init() { - kubeapiserveradmission.Plugins.Register("AlwaysDeny", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("AlwaysDeny", func(config io.Reader) (admission.Interface, error) { return NewAlwaysDeny(), nil }) } diff --git a/plugin/pkg/admission/exec/admission.go b/plugin/pkg/admission/exec/admission.go index dcdb673b539..bcf7f1dfe1b 100644 --- a/plugin/pkg/admission/exec/admission.go +++ b/plugin/pkg/admission/exec/admission.go @@ -30,13 +30,18 @@ import ( ) func init() { - kubeapiserveradmission.Plugins.Register("DenyEscalatingExec", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("DenyEscalatingExec", func(config io.Reader) (admission.Interface, error) { return NewDenyEscalatingExec(), nil }) // This is for legacy support of the DenyExecOnPrivileged admission controller. Most // of the time DenyEscalatingExec should be preferred. - kubeapiserveradmission.Plugins.Register("DenyExecOnPrivileged", func(config io.Reader) (admission.Interface, error) { + plugins.Register("DenyExecOnPrivileged", func(config io.Reader) (admission.Interface, error) { return NewDenyExecOnPrivileged(), nil }) } diff --git a/plugin/pkg/admission/gc/gc_admission.go b/plugin/pkg/admission/gc/gc_admission.go index 9450eb4fe9c..1f5df17dec9 100644 --- a/plugin/pkg/admission/gc/gc_admission.go +++ b/plugin/pkg/admission/gc/gc_admission.go @@ -32,7 +32,12 @@ import ( ) func init() { - kubeapiserveradmission.Plugins.Register("OwnerReferencesPermissionEnforcement", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("OwnerReferencesPermissionEnforcement", func(config io.Reader) (admission.Interface, error) { // the pods/status endpoint is ignored by this plugin since old kubelets // corrupt them. the pod status strategy ensures status updates cannot mutate // ownerRef. diff --git a/plugin/pkg/admission/imagepolicy/admission.go b/plugin/pkg/admission/imagepolicy/admission.go index cc3819b7663..1edfe576d80 100644 --- a/plugin/pkg/admission/imagepolicy/admission.go +++ b/plugin/pkg/admission/imagepolicy/admission.go @@ -50,7 +50,12 @@ var ( ) func init() { - kubeapiserveradmission.Plugins.Register("ImagePolicyWebhook", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("ImagePolicyWebhook", func(config io.Reader) (admission.Interface, error) { newImagePolicyWebhook, err := NewImagePolicyWebhook(config) if err != nil { return nil, err diff --git a/plugin/pkg/admission/initialresources/admission.go b/plugin/pkg/admission/initialresources/admission.go index 5acef40f4b8..401bb6d20f2 100644 --- a/plugin/pkg/admission/initialresources/admission.go +++ b/plugin/pkg/admission/initialresources/admission.go @@ -47,7 +47,12 @@ const ( // WARNING: this feature is experimental and will definitely change. func init() { - kubeapiserveradmission.Plugins.Register("InitialResources", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("InitialResources", func(config io.Reader) (admission.Interface, error) { // TODO: remove the usage of flags in favor of reading versioned configuration s, err := newDataSource(*source) if err != nil { diff --git a/plugin/pkg/admission/limitranger/admission.go b/plugin/pkg/admission/limitranger/admission.go index 7fcf5ea2aa5..4d16388792b 100644 --- a/plugin/pkg/admission/limitranger/admission.go +++ b/plugin/pkg/admission/limitranger/admission.go @@ -44,7 +44,12 @@ const ( ) func init() { - kubeapiserveradmission.Plugins.Register("LimitRanger", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("LimitRanger", func(config io.Reader) (admission.Interface, error) { return NewLimitRanger(&DefaultLimitRangerActions{}) }) } diff --git a/plugin/pkg/admission/namespace/autoprovision/admission.go b/plugin/pkg/admission/namespace/autoprovision/admission.go index d4054f42ac2..1de5ef6f070 100644 --- a/plugin/pkg/admission/namespace/autoprovision/admission.go +++ b/plugin/pkg/admission/namespace/autoprovision/admission.go @@ -31,7 +31,12 @@ import ( ) func init() { - kubeapiserveradmission.Plugins.Register("NamespaceAutoProvision", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("NamespaceAutoProvision", func(config io.Reader) (admission.Interface, error) { return NewProvision(), nil }) } diff --git a/plugin/pkg/admission/namespace/exists/admission.go b/plugin/pkg/admission/namespace/exists/admission.go index 6b8e348a3a1..81ae1fad32c 100644 --- a/plugin/pkg/admission/namespace/exists/admission.go +++ b/plugin/pkg/admission/namespace/exists/admission.go @@ -31,7 +31,12 @@ import ( ) func init() { - kubeapiserveradmission.Plugins.Register("NamespaceExists", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("NamespaceExists", func(config io.Reader) (admission.Interface, error) { return NewExists(), nil }) } diff --git a/plugin/pkg/admission/namespace/lifecycle/admission.go b/plugin/pkg/admission/namespace/lifecycle/admission.go index bb147584476..65ab0ef1cb0 100644 --- a/plugin/pkg/admission/namespace/lifecycle/admission.go +++ b/plugin/pkg/admission/namespace/lifecycle/admission.go @@ -51,7 +51,12 @@ const ( ) func init() { - kubeapiserveradmission.Plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { return NewLifecycle(sets.NewString(metav1.NamespaceDefault, metav1.NamespaceSystem, metav1.NamespacePublic)) }) } diff --git a/plugin/pkg/admission/persistentvolume/label/admission.go b/plugin/pkg/admission/persistentvolume/label/admission.go index 5bb711d1de7..50ad3018dbc 100644 --- a/plugin/pkg/admission/persistentvolume/label/admission.go +++ b/plugin/pkg/admission/persistentvolume/label/admission.go @@ -33,7 +33,12 @@ import ( ) func init() { - kubeapiserveradmission.Plugins.Register("PersistentVolumeLabel", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("PersistentVolumeLabel", func(config io.Reader) (admission.Interface, error) { persistentVolumeLabelAdmission := NewPersistentVolumeLabel() return persistentVolumeLabelAdmission, nil }) diff --git a/plugin/pkg/admission/podnodeselector/admission.go b/plugin/pkg/admission/podnodeselector/admission.go index fdcda7eda80..2def9ed1eea 100644 --- a/plugin/pkg/admission/podnodeselector/admission.go +++ b/plugin/pkg/admission/podnodeselector/admission.go @@ -40,7 +40,12 @@ import ( var NamespaceNodeSelectors = []string{"scheduler.alpha.kubernetes.io/node-selector"} func init() { - kubeapiserveradmission.Plugins.Register("PodNodeSelector", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("PodNodeSelector", func(config io.Reader) (admission.Interface, error) { // TODO move this to a versioned configuration file format. pluginConfig := readConfig(config) plugin := NewPodNodeSelector(pluginConfig.PodNodeSelectorPluginConfig) diff --git a/plugin/pkg/admission/podpreset/admission.go b/plugin/pkg/admission/podpreset/admission.go index 5948de35866..416c5221b01 100644 --- a/plugin/pkg/admission/podpreset/admission.go +++ b/plugin/pkg/admission/podpreset/admission.go @@ -42,7 +42,12 @@ const ( ) func init() { - kubeapiserveradmission.Plugins.Register(pluginName, func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register(pluginName, func(config io.Reader) (admission.Interface, error) { return NewPlugin(), nil }) } diff --git a/plugin/pkg/admission/podtolerationrestriction/admission.go b/plugin/pkg/admission/podtolerationrestriction/admission.go index 04497436858..6c2b5f0920d 100644 --- a/plugin/pkg/admission/podtolerationrestriction/admission.go +++ b/plugin/pkg/admission/podtolerationrestriction/admission.go @@ -37,6 +37,11 @@ import ( ) func init() { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { kubeapiserveradmission.Plugins.Register("PodTolerationRestriction", func(config io.Reader) (admission.Interface, error) { pluginConfig, err := loadConfiguration(config) if err != nil { diff --git a/plugin/pkg/admission/resourcequota/admission.go b/plugin/pkg/admission/resourcequota/admission.go index 949cde03b4d..0d9f976d287 100644 --- a/plugin/pkg/admission/resourcequota/admission.go +++ b/plugin/pkg/admission/resourcequota/admission.go @@ -33,7 +33,12 @@ import ( ) func init() { - kubeapiserveradmission.Plugins.Register("ResourceQuota", + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("ResourceQuota", func(config io.Reader) (admission.Interface, error) { // load the configuration provided (if any) configuration, err := LoadConfiguration(config) diff --git a/plugin/pkg/admission/security/podsecuritypolicy/admission.go b/plugin/pkg/admission/security/podsecuritypolicy/admission.go index 012e474aa85..d1795a3326f 100644 --- a/plugin/pkg/admission/security/podsecuritypolicy/admission.go +++ b/plugin/pkg/admission/security/podsecuritypolicy/admission.go @@ -45,7 +45,12 @@ const ( ) func init() { - kubeapiserveradmission.Plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { plugin := NewPlugin(psp.NewSimpleStrategyFactory(), getMatchingPolicies, true) return plugin, nil }) diff --git a/plugin/pkg/admission/securitycontext/scdeny/admission.go b/plugin/pkg/admission/securitycontext/scdeny/admission.go index 443cefab681..9f709c3bb3a 100644 --- a/plugin/pkg/admission/securitycontext/scdeny/admission.go +++ b/plugin/pkg/admission/securitycontext/scdeny/admission.go @@ -27,7 +27,12 @@ import ( ) func init() { - kubeapiserveradmission.Plugins.Register("SecurityContextDeny", func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register("SecurityContextDeny", func(config io.Reader) (admission.Interface, error) { return NewSecurityContextDeny(), nil }) } diff --git a/plugin/pkg/admission/serviceaccount/admission.go b/plugin/pkg/admission/serviceaccount/admission.go index 2c21f5d0105..17f35268725 100644 --- a/plugin/pkg/admission/serviceaccount/admission.go +++ b/plugin/pkg/admission/serviceaccount/admission.go @@ -54,7 +54,12 @@ const DefaultAPITokenMountPath = "/var/run/secrets/kubernetes.io/serviceaccount" const PluginName = "ServiceAccount" func init() { - kubeapiserveradmission.Plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { serviceAccountAdmission := NewServiceAccount() return serviceAccountAdmission, nil }) diff --git a/plugin/pkg/admission/storageclass/default/admission.go b/plugin/pkg/admission/storageclass/default/admission.go index 568961badaa..d22e13ed5b8 100644 --- a/plugin/pkg/admission/storageclass/default/admission.go +++ b/plugin/pkg/admission/storageclass/default/admission.go @@ -39,7 +39,12 @@ const ( ) func init() { - kubeapiserveradmission.Plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { + Register(&kubeapiserveradmission.Plugins) +} + +// Register registers a plugin +func Register(plugins *admission.Plugins) { + plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { plugin := newPlugin() return plugin, nil })