fix golint failures in pkg/kubeapiserver/options, rename receiver name of BuiltInAuthorizationOptions to o

This commit is contained in:
yiduyangyi 2020-07-23 18:52:15 +08:00
parent e441c07fe2
commit 0520d75838
3 changed files with 32 additions and 32 deletions

View File

@ -50,82 +50,82 @@ func NewBuiltInAuthorizationOptions() *BuiltInAuthorizationOptions {
}
// Validate checks invalid config combination
func (s *BuiltInAuthorizationOptions) Validate() []error {
if s == nil {
func (o *BuiltInAuthorizationOptions) Validate() []error {
if o == nil {
return nil
}
allErrors := []error{}
if len(s.Modes) == 0 {
if len(o.Modes) == 0 {
allErrors = append(allErrors, fmt.Errorf("at least one authorization-mode must be passed"))
}
modes := sets.NewString(s.Modes...)
for _, mode := range s.Modes {
modes := sets.NewString(o.Modes...)
for _, mode := range o.Modes {
if !authzmodes.IsValidAuthorizationMode(mode) {
allErrors = append(allErrors, fmt.Errorf("authorization-mode %q is not a valid mode", mode))
}
if mode == authzmodes.ModeABAC {
if s.PolicyFile == "" {
allErrors = append(allErrors, fmt.Errorf("authorization-mode ABAC's authorization policy file not passed"))
if o.PolicyFile == "" {
allErrors = append(allErrors, fmt.Errorf("authorization-mode ABAC'o authorization policy file not passed"))
}
}
if mode == authzmodes.ModeWebhook {
if s.WebhookConfigFile == "" {
allErrors = append(allErrors, fmt.Errorf("authorization-mode Webhook's authorization config file not passed"))
if o.WebhookConfigFile == "" {
allErrors = append(allErrors, fmt.Errorf("authorization-mode Webhook'o authorization config file not passed"))
}
}
}
if s.PolicyFile != "" && !modes.Has(authzmodes.ModeABAC) {
if o.PolicyFile != "" && !modes.Has(authzmodes.ModeABAC) {
allErrors = append(allErrors, fmt.Errorf("cannot specify --authorization-policy-file without mode ABAC"))
}
if s.WebhookConfigFile != "" && !modes.Has(authzmodes.ModeWebhook) {
if o.WebhookConfigFile != "" && !modes.Has(authzmodes.ModeWebhook) {
allErrors = append(allErrors, fmt.Errorf("cannot specify --authorization-webhook-config-file without mode Webhook"))
}
if len(s.Modes) != len(modes.List()) {
allErrors = append(allErrors, fmt.Errorf("authorization-mode %q has mode specified more than once", s.Modes))
if len(o.Modes) != len(modes.List()) {
allErrors = append(allErrors, fmt.Errorf("authorization-mode %q has mode specified more than once", o.Modes))
}
return allErrors
}
// AddFlags returns flags of authorization for a API Server
func (s *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet) {
fs.StringSliceVar(&s.Modes, "authorization-mode", s.Modes, ""+
func (o *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet) {
fs.StringSliceVar(&o.Modes, "authorization-mode", o.Modes, ""+
"Ordered list of plug-ins to do authorization on secure port. Comma-delimited list of: "+
strings.Join(authzmodes.AuthorizationModeChoices, ",")+".")
fs.StringVar(&s.PolicyFile, "authorization-policy-file", s.PolicyFile, ""+
fs.StringVar(&o.PolicyFile, "authorization-policy-file", o.PolicyFile, ""+
"File with authorization policy in json line by line format, used with --authorization-mode=ABAC, on the secure port.")
fs.StringVar(&s.WebhookConfigFile, "authorization-webhook-config-file", s.WebhookConfigFile, ""+
fs.StringVar(&o.WebhookConfigFile, "authorization-webhook-config-file", o.WebhookConfigFile, ""+
"File with webhook configuration in kubeconfig format, used with --authorization-mode=Webhook. "+
"The API server will query the remote service to determine access on the API server's secure port.")
"The API server will query the remote service to determine access on the API server'o secure port.")
fs.StringVar(&s.WebhookVersion, "authorization-webhook-version", s.WebhookVersion, ""+
fs.StringVar(&o.WebhookVersion, "authorization-webhook-version", o.WebhookVersion, ""+
"The API version of the authorization.k8s.io SubjectAccessReview to send to and expect from the webhook.")
fs.DurationVar(&s.WebhookCacheAuthorizedTTL, "authorization-webhook-cache-authorized-ttl",
s.WebhookCacheAuthorizedTTL,
fs.DurationVar(&o.WebhookCacheAuthorizedTTL, "authorization-webhook-cache-authorized-ttl",
o.WebhookCacheAuthorizedTTL,
"The duration to cache 'authorized' responses from the webhook authorizer.")
fs.DurationVar(&s.WebhookCacheUnauthorizedTTL,
"authorization-webhook-cache-unauthorized-ttl", s.WebhookCacheUnauthorizedTTL,
fs.DurationVar(&o.WebhookCacheUnauthorizedTTL,
"authorization-webhook-cache-unauthorized-ttl", o.WebhookCacheUnauthorizedTTL,
"The duration to cache 'unauthorized' responses from the webhook authorizer.")
}
// ToAuthorizationConfig convert BuiltInAuthorizationOptions to authorizer.Config
func (s *BuiltInAuthorizationOptions) ToAuthorizationConfig(versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.Config {
func (o *BuiltInAuthorizationOptions) ToAuthorizationConfig(versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.Config {
return authorizer.Config{
AuthorizationModes: s.Modes,
PolicyFile: s.PolicyFile,
WebhookConfigFile: s.WebhookConfigFile,
WebhookVersion: s.WebhookVersion,
WebhookCacheAuthorizedTTL: s.WebhookCacheAuthorizedTTL,
WebhookCacheUnauthorizedTTL: s.WebhookCacheUnauthorizedTTL,
AuthorizationModes: o.Modes,
PolicyFile: o.PolicyFile,
WebhookConfigFile: o.WebhookConfigFile,
WebhookVersion: o.WebhookVersion,
WebhookCacheAuthorizedTTL: o.WebhookCacheAuthorizedTTL,
WebhookCacheUnauthorizedTTL: o.WebhookCacheUnauthorizedTTL,
VersionedInformerFactory: versionedInformerFactory,
}
}

View File

@ -37,7 +37,7 @@ func (s *CloudProviderOptions) Validate() []error {
return allErrors
}
// AddFlags returns flags of cloud provider for a APIServer
// AddFlags returns flags of cloud provider for a API Server
func (s *CloudProviderOptions) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(&s.CloudProvider, "cloud-provider", s.CloudProvider,
"The provider for cloud services. Empty string for no provider.")

View File

@ -28,5 +28,5 @@ var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768}
// DefaultServiceIPCIDR is a CIDR notation of IP range from which to allocate service cluster IPs
var DefaultServiceIPCIDR = net.IPNet{IP: net.ParseIP("10.0.0.0"), Mask: net.CIDRMask(24, 32)}
// DefaultEtcdPathPrefix is the default key prefix of etcd for APIServer
// DefaultEtcdPathPrefix is the default key prefix of etcd for API Server
const DefaultEtcdPathPrefix = "/registry"