mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
install authentication.k8s.io/v1, add tests
This commit is contained in:
parent
529ce5d3aa
commit
09b5d7279f
@ -41,7 +41,7 @@ func buildAuth(nodeName types.NodeName, client clientset.Interface, config compo
|
|||||||
sarClient authorizationclient.SubjectAccessReviewInterface
|
sarClient authorizationclient.SubjectAccessReviewInterface
|
||||||
)
|
)
|
||||||
if client != nil && !reflect.ValueOf(client).IsNil() {
|
if client != nil && !reflect.ValueOf(client).IsNil() {
|
||||||
tokenClient = client.Authentication().TokenReviews()
|
tokenClient = client.AuthenticationV1beta1().TokenReviews()
|
||||||
sarClient = client.AuthorizationV1beta1().SubjectAccessReviews()
|
sarClient = client.AuthorizationV1beta1().SubjectAccessReviews()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -77,6 +77,7 @@ func New() *Generator {
|
|||||||
`k8s.io/kubernetes/pkg/apis/batch/v1`,
|
`k8s.io/kubernetes/pkg/apis/batch/v1`,
|
||||||
`k8s.io/kubernetes/pkg/apis/batch/v2alpha1`,
|
`k8s.io/kubernetes/pkg/apis/batch/v2alpha1`,
|
||||||
`k8s.io/kubernetes/pkg/apis/apps/v1beta1`,
|
`k8s.io/kubernetes/pkg/apis/apps/v1beta1`,
|
||||||
|
`k8s.io/kubernetes/pkg/apis/authentication/v1`,
|
||||||
`k8s.io/kubernetes/pkg/apis/authentication/v1beta1`,
|
`k8s.io/kubernetes/pkg/apis/authentication/v1beta1`,
|
||||||
`k8s.io/kubernetes/pkg/apis/rbac/v1alpha1`,
|
`k8s.io/kubernetes/pkg/apis/rbac/v1alpha1`,
|
||||||
`k8s.io/kubernetes/pkg/apis/rbac/v1beta1`,
|
`k8s.io/kubernetes/pkg/apis/rbac/v1beta1`,
|
||||||
|
@ -120,6 +120,7 @@ pkg/client/informers/informers_generated/storage/v1beta1
|
|||||||
pkg/client/listers/apps/internalversion
|
pkg/client/listers/apps/internalversion
|
||||||
pkg/client/listers/apps/v1beta1
|
pkg/client/listers/apps/v1beta1
|
||||||
pkg/client/listers/authentication/internalversion
|
pkg/client/listers/authentication/internalversion
|
||||||
|
pkg/client/listers/authentication/v1
|
||||||
pkg/client/listers/authentication/v1beta1
|
pkg/client/listers/authentication/v1beta1
|
||||||
pkg/client/listers/authorization/internalversion
|
pkg/client/listers/authorization/internalversion
|
||||||
pkg/client/listers/authorization/v1
|
pkg/client/listers/authorization/v1
|
||||||
|
@ -54,6 +54,7 @@ KUBE_OUTPUT_HOSTBIN="${KUBE_OUTPUT_BINPATH}/$(kube::util::host_platform)"
|
|||||||
KUBE_AVAILABLE_GROUP_VERSIONS="${KUBE_AVAILABLE_GROUP_VERSIONS:-\
|
KUBE_AVAILABLE_GROUP_VERSIONS="${KUBE_AVAILABLE_GROUP_VERSIONS:-\
|
||||||
v1 \
|
v1 \
|
||||||
apps/v1beta1 \
|
apps/v1beta1 \
|
||||||
|
authentication.k8s.io/v1 \
|
||||||
authentication.k8s.io/v1beta1 \
|
authentication.k8s.io/v1beta1 \
|
||||||
authorization.k8s.io/v1 \
|
authorization.k8s.io/v1 \
|
||||||
authorization.k8s.io/v1beta1 \
|
authorization.k8s.io/v1beta1 \
|
||||||
|
@ -3240,7 +3240,8 @@ __EOF__
|
|||||||
|
|
||||||
# check webhook token authentication endpoint, kubectl doesn't actually display the returned object so this isn't super useful
|
# check webhook token authentication endpoint, kubectl doesn't actually display the returned object so this isn't super useful
|
||||||
# but it proves that works
|
# but it proves that works
|
||||||
kubectl create -f test/fixtures/pkg/kubectl/cmd/create/tokenreview.json --validate=false
|
kubectl create -f test/fixtures/pkg/kubectl/cmd/create/tokenreview-v1beta1.json --validate=false
|
||||||
|
kubectl create -f test/fixtures/pkg/kubectl/cmd/create/tokenreview-v1.json --validate=false
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
@ -25,6 +25,7 @@ import (
|
|||||||
"k8s.io/apimachinery/pkg/util/sets"
|
"k8s.io/apimachinery/pkg/util/sets"
|
||||||
"k8s.io/kubernetes/pkg/api"
|
"k8s.io/kubernetes/pkg/api"
|
||||||
"k8s.io/kubernetes/pkg/apis/authentication"
|
"k8s.io/kubernetes/pkg/apis/authentication"
|
||||||
|
"k8s.io/kubernetes/pkg/apis/authentication/v1"
|
||||||
"k8s.io/kubernetes/pkg/apis/authentication/v1beta1"
|
"k8s.io/kubernetes/pkg/apis/authentication/v1beta1"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -37,13 +38,14 @@ func Install(groupFactoryRegistry announced.APIGroupFactoryRegistry, registry *r
|
|||||||
if err := announced.NewGroupMetaFactory(
|
if err := announced.NewGroupMetaFactory(
|
||||||
&announced.GroupMetaFactoryArgs{
|
&announced.GroupMetaFactoryArgs{
|
||||||
GroupName: authentication.GroupName,
|
GroupName: authentication.GroupName,
|
||||||
VersionPreferenceOrder: []string{v1beta1.SchemeGroupVersion.Version},
|
VersionPreferenceOrder: []string{v1.SchemeGroupVersion.Version, v1beta1.SchemeGroupVersion.Version},
|
||||||
ImportPrefix: "k8s.io/kubernetes/pkg/apis/authentication",
|
ImportPrefix: "k8s.io/kubernetes/pkg/apis/authentication",
|
||||||
RootScopedKinds: sets.NewString("TokenReview"),
|
RootScopedKinds: sets.NewString("TokenReview"),
|
||||||
AddInternalObjectsToScheme: authentication.AddToScheme,
|
AddInternalObjectsToScheme: authentication.AddToScheme,
|
||||||
},
|
},
|
||||||
announced.VersionToSchemeFunc{
|
announced.VersionToSchemeFunc{
|
||||||
v1beta1.SchemeGroupVersion.Version: v1beta1.AddToScheme,
|
v1beta1.SchemeGroupVersion.Version: v1beta1.AddToScheme,
|
||||||
|
v1.SchemeGroupVersion.Version: v1.AddToScheme,
|
||||||
},
|
},
|
||||||
).Announce(groupFactoryRegistry).RegisterAndEnable(registry, scheme); err != nil {
|
).Announce(groupFactoryRegistry).RegisterAndEnable(registry, scheme); err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
|
@ -0,0 +1,27 @@
|
|||||||
|
/*
|
||||||
|
Copyright 2017 The Kubernetes Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package fake
|
||||||
|
|
||||||
|
import (
|
||||||
|
core "k8s.io/client-go/testing"
|
||||||
|
authenticationapi "k8s.io/kubernetes/pkg/apis/authentication/v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (c *FakeTokenReviews) Create(tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error) {
|
||||||
|
obj, err := c.Fake.Invokes(core.NewRootCreateAction(authenticationapi.SchemeGroupVersion.WithResource("tokenreviews"), tokenReview), &authenticationapi.TokenReview{})
|
||||||
|
return obj.(*authenticationapi.TokenReview), err
|
||||||
|
}
|
@ -15,5 +15,3 @@ limitations under the License.
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
package v1
|
package v1
|
||||||
|
|
||||||
type TokenReviewExpansion interface{}
|
|
||||||
|
@ -0,0 +1,35 @@
|
|||||||
|
/*
|
||||||
|
Copyright 2017 The Kubernetes Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package v1
|
||||||
|
|
||||||
|
import (
|
||||||
|
authenticationapi "k8s.io/kubernetes/pkg/apis/authentication/v1"
|
||||||
|
)
|
||||||
|
|
||||||
|
type TokenReviewExpansion interface {
|
||||||
|
Create(tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *tokenReviews) Create(tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error) {
|
||||||
|
result = &authenticationapi.TokenReview{}
|
||||||
|
err = c.client.Post().
|
||||||
|
Resource("tokenreviews").
|
||||||
|
Body(tokenReview).
|
||||||
|
Do().
|
||||||
|
Into(result)
|
||||||
|
return
|
||||||
|
}
|
@ -533,6 +533,7 @@ var ignoredResources = map[schema.GroupVersionResource]struct{}{
|
|||||||
schema.GroupVersionResource{Group: "", Version: "v1", Resource: "componentstatuses"}: {},
|
schema.GroupVersionResource{Group: "", Version: "v1", Resource: "componentstatuses"}: {},
|
||||||
schema.GroupVersionResource{Group: "", Version: "v1", Resource: "events"}: {},
|
schema.GroupVersionResource{Group: "", Version: "v1", Resource: "events"}: {},
|
||||||
schema.GroupVersionResource{Group: "authentication.k8s.io", Version: "v1beta1", Resource: "tokenreviews"}: {},
|
schema.GroupVersionResource{Group: "authentication.k8s.io", Version: "v1beta1", Resource: "tokenreviews"}: {},
|
||||||
|
schema.GroupVersionResource{Group: "authentication.k8s.io", Version: "v1", Resource: "tokenreviews"}: {},
|
||||||
schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1beta1", Resource: "subjectaccessreviews"}: {},
|
schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1beta1", Resource: "subjectaccessreviews"}: {},
|
||||||
schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1beta1", Resource: "selfsubjectaccessreviews"}: {},
|
schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1beta1", Resource: "selfsubjectaccessreviews"}: {},
|
||||||
schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1beta1", Resource: "localsubjectaccessreviews"}: {},
|
schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1beta1", Resource: "localsubjectaccessreviews"}: {},
|
||||||
|
@ -35,6 +35,7 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/api"
|
"k8s.io/kubernetes/pkg/api"
|
||||||
apiv1 "k8s.io/kubernetes/pkg/api/v1"
|
apiv1 "k8s.io/kubernetes/pkg/api/v1"
|
||||||
appsapi "k8s.io/kubernetes/pkg/apis/apps/v1beta1"
|
appsapi "k8s.io/kubernetes/pkg/apis/apps/v1beta1"
|
||||||
|
authenticationv1 "k8s.io/kubernetes/pkg/apis/authentication/v1"
|
||||||
authenticationv1beta1 "k8s.io/kubernetes/pkg/apis/authentication/v1beta1"
|
authenticationv1beta1 "k8s.io/kubernetes/pkg/apis/authentication/v1beta1"
|
||||||
authorizationapiv1 "k8s.io/kubernetes/pkg/apis/authorization/v1"
|
authorizationapiv1 "k8s.io/kubernetes/pkg/apis/authorization/v1"
|
||||||
authorizationapiv1beta1 "k8s.io/kubernetes/pkg/apis/authorization/v1beta1"
|
authorizationapiv1beta1 "k8s.io/kubernetes/pkg/apis/authorization/v1beta1"
|
||||||
@ -392,6 +393,7 @@ func DefaultAPIResourceConfigSource() *genericapiserver.ResourceConfig {
|
|||||||
apiv1.SchemeGroupVersion,
|
apiv1.SchemeGroupVersion,
|
||||||
extensionsapiv1beta1.SchemeGroupVersion,
|
extensionsapiv1beta1.SchemeGroupVersion,
|
||||||
batchapiv1.SchemeGroupVersion,
|
batchapiv1.SchemeGroupVersion,
|
||||||
|
authenticationv1.SchemeGroupVersion,
|
||||||
authenticationv1beta1.SchemeGroupVersion,
|
authenticationv1beta1.SchemeGroupVersion,
|
||||||
autoscalingapiv1.SchemeGroupVersion,
|
autoscalingapiv1.SchemeGroupVersion,
|
||||||
appsapi.SchemeGroupVersion,
|
appsapi.SchemeGroupVersion,
|
||||||
|
@ -23,6 +23,7 @@ import (
|
|||||||
genericapiserver "k8s.io/apiserver/pkg/server"
|
genericapiserver "k8s.io/apiserver/pkg/server"
|
||||||
"k8s.io/kubernetes/pkg/api"
|
"k8s.io/kubernetes/pkg/api"
|
||||||
"k8s.io/kubernetes/pkg/apis/authentication"
|
"k8s.io/kubernetes/pkg/apis/authentication"
|
||||||
|
authenticationv1 "k8s.io/kubernetes/pkg/apis/authentication/v1"
|
||||||
authenticationv1beta1 "k8s.io/kubernetes/pkg/apis/authentication/v1beta1"
|
authenticationv1beta1 "k8s.io/kubernetes/pkg/apis/authentication/v1beta1"
|
||||||
"k8s.io/kubernetes/pkg/registry/authentication/tokenreview"
|
"k8s.io/kubernetes/pkg/registry/authentication/tokenreview"
|
||||||
)
|
)
|
||||||
@ -43,6 +44,10 @@ func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource genericapise
|
|||||||
apiGroupInfo.VersionedResourcesStorageMap[authenticationv1beta1.SchemeGroupVersion.Version] = p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter)
|
apiGroupInfo.VersionedResourcesStorageMap[authenticationv1beta1.SchemeGroupVersion.Version] = p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter)
|
||||||
apiGroupInfo.GroupMeta.GroupVersion = authenticationv1beta1.SchemeGroupVersion
|
apiGroupInfo.GroupMeta.GroupVersion = authenticationv1beta1.SchemeGroupVersion
|
||||||
}
|
}
|
||||||
|
if apiResourceConfigSource.AnyResourcesForVersionEnabled(authenticationv1.SchemeGroupVersion) {
|
||||||
|
apiGroupInfo.VersionedResourcesStorageMap[authenticationv1.SchemeGroupVersion.Version] = p.v1Storage(apiResourceConfigSource, restOptionsGetter)
|
||||||
|
apiGroupInfo.GroupMeta.GroupVersion = authenticationv1.SchemeGroupVersion
|
||||||
|
}
|
||||||
|
|
||||||
return apiGroupInfo, true
|
return apiGroupInfo, true
|
||||||
}
|
}
|
||||||
@ -61,6 +66,20 @@ func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource genericapise
|
|||||||
return storage
|
return storage
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p RESTStorageProvider) v1Storage(apiResourceConfigSource genericapiserver.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage {
|
||||||
|
version := authenticationv1.SchemeGroupVersion
|
||||||
|
|
||||||
|
storage := map[string]rest.Storage{}
|
||||||
|
if apiResourceConfigSource.AnyResourcesForVersionEnabled(authenticationv1.SchemeGroupVersion) {
|
||||||
|
if apiResourceConfigSource.ResourceEnabled(version.WithResource("tokenreviews")) {
|
||||||
|
tokenReviewStorage := tokenreview.NewREST(p.Authenticator)
|
||||||
|
storage["tokenreviews"] = tokenReviewStorage
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return storage
|
||||||
|
}
|
||||||
|
|
||||||
func (p RESTStorageProvider) GroupName() string {
|
func (p RESTStorageProvider) GroupName() string {
|
||||||
return authentication.GroupName
|
return authentication.GroupName
|
||||||
}
|
}
|
||||||
|
7
test/fixtures/pkg/kubectl/cmd/create/tokenreview-v1.json
vendored
Normal file
7
test/fixtures/pkg/kubectl/cmd/create/tokenreview-v1.json
vendored
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
{
|
||||||
|
"apiVersion": "authentication.k8s.io/v1",
|
||||||
|
"kind": "TokenReview",
|
||||||
|
"spec": {
|
||||||
|
"token": "test-token"
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user