Merge pull request #4263 from smarterclayton/simplify_apiserver

Remove layers of indirection between apiinstaller and resthandler
2025-09-09 05:01:46 +00:00 · 2015-02-12 10:03:41 -05:00
parent 371349f858 e6fdac1365
commit 0a2d713803
31 changed files with 1159 additions and 977 deletions
--- a/test/integration/auth_test.go
+++ b/test/integration/auth_test.go
@@ -78,6 +78,20 @@ var aPod string = `
  }%s
 }
 `
+var aPodInBar string = `
+{
+  "kind": "Pod",
+  "apiVersion": "v1beta1",
+  "id": "a",
+  "desiredState": {
+    "manifest": {
+      "version": "v1beta1",
+      "id": "a",
+      "containers": [{ "name": "foo", "image": "bar/foo", }]
+    }
+  }%s
+}
+`
 var aRC string = `
 {
  "kind": "ReplicationController",
@@ -126,7 +140,6 @@ var aEvent string = `
 {
  "kind": "Event",
  "apiVersion": "v1beta1",
-  "namespace": "default",
  "id": "a",
  "involvedObject": {
    "kind": "Minion",
@@ -162,6 +175,7 @@ var timeoutFlag = "?timeout=60s"
 // Requests to try.  Each one should be forbidden or not forbidden
 // depending on the authentication and authorization setup of the master.
 var code200 = map[int]bool{200: true}
+var code201 = map[int]bool{201: true}
 var code400 = map[int]bool{400: true}
 var code403 = map[int]bool{403: true}
 var code404 = map[int]bool{404: true}
@@ -184,7 +198,7 @@ func getTestRequests() []struct {
 	}{
 		// Normal methods on pods
 		{"GET", "/api/v1beta1/pods", "", code200},
-		{"POST", "/api/v1beta1/pods" + timeoutFlag, aPod, code200},
+		{"POST", "/api/v1beta1/pods" + timeoutFlag, aPod, code201},
 		{"PUT", "/api/v1beta1/pods/a" + timeoutFlag, aPod, code200},
 		{"GET", "/api/v1beta1/pods", "", code200},
 		{"GET", "/api/v1beta1/pods/a", "", code200},
@@ -204,7 +218,7 @@ func getTestRequests() []struct {

 		// Normal methods on services
 		{"GET", "/api/v1beta1/services", "", code200},
-		{"POST", "/api/v1beta1/services" + timeoutFlag, aService, code200},
+		{"POST", "/api/v1beta1/services" + timeoutFlag, aService, code201},
 		{"PUT", "/api/v1beta1/services/a" + timeoutFlag, aService, code200},
 		{"GET", "/api/v1beta1/services", "", code200},
 		{"GET", "/api/v1beta1/services/a", "", code200},
@@ -212,7 +226,7 @@ func getTestRequests() []struct {

 		// Normal methods on replicationControllers
 		{"GET", "/api/v1beta1/replicationControllers", "", code200},
-		{"POST", "/api/v1beta1/replicationControllers" + timeoutFlag, aRC, code200},
+		{"POST", "/api/v1beta1/replicationControllers" + timeoutFlag, aRC, code201},
 		{"PUT", "/api/v1beta1/replicationControllers/a" + timeoutFlag, aRC, code200},
 		{"GET", "/api/v1beta1/replicationControllers", "", code200},
 		{"GET", "/api/v1beta1/replicationControllers/a", "", code200},
@@ -220,7 +234,7 @@ func getTestRequests() []struct {

 		// Normal methods on endpoints
 		{"GET", "/api/v1beta1/endpoints", "", code200},
-		{"POST", "/api/v1beta1/endpoints" + timeoutFlag, aEndpoints, code200},
+		{"POST", "/api/v1beta1/endpoints" + timeoutFlag, aEndpoints, code201},
 		{"PUT", "/api/v1beta1/endpoints/a" + timeoutFlag, aEndpoints, code200},
 		{"GET", "/api/v1beta1/endpoints", "", code200},
 		{"GET", "/api/v1beta1/endpoints/a", "", code200},
@@ -228,7 +242,7 @@ func getTestRequests() []struct {

 		// Normal methods on minions
 		{"GET", "/api/v1beta1/minions", "", code200},
-		{"POST", "/api/v1beta1/minions" + timeoutFlag, aMinion, code200},
+		{"POST", "/api/v1beta1/minions" + timeoutFlag, aMinion, code201},
 		{"PUT", "/api/v1beta1/minions/a" + timeoutFlag, aMinion, code409}, // See #2115 about why 409
 		{"GET", "/api/v1beta1/minions", "", code200},
 		{"GET", "/api/v1beta1/minions/a", "", code200},
@@ -236,7 +250,7 @@ func getTestRequests() []struct {

 		// Normal methods on events
 		{"GET", "/api/v1beta1/events", "", code200},
-		{"POST", "/api/v1beta1/events" + timeoutFlag, aEvent, code200},
+		{"POST", "/api/v1beta1/events" + timeoutFlag, aEvent, code201},
 		{"PUT", "/api/v1beta1/events/a" + timeoutFlag, aEvent, code200},
 		{"GET", "/api/v1beta1/events", "", code200},
 		{"GET", "/api/v1beta1/events", "", code200},
@@ -245,8 +259,8 @@ func getTestRequests() []struct {

 		// Normal methods on bindings
 		{"GET", "/api/v1beta1/bindings", "", code405},              // Bindings are write-only
-		{"POST", "/api/v1beta1/pods" + timeoutFlag, aPod, code200}, // Need a pod to bind or you get a 404
-		{"POST", "/api/v1beta1/bindings" + timeoutFlag, aBinding, code200},
+		{"POST", "/api/v1beta1/pods" + timeoutFlag, aPod, code201}, // Need a pod to bind or you get a 404
+		{"POST", "/api/v1beta1/bindings" + timeoutFlag, aBinding, code201},
 		{"PUT", "/api/v1beta1/bindings/a" + timeoutFlag, aBinding, code404},
 		{"GET", "/api/v1beta1/bindings", "", code405},
 		{"GET", "/api/v1beta1/bindings/a", "", code404}, // No bindings instances
@@ -316,14 +330,16 @@ func TestAuthModeAlwaysAllow(t *testing.T) {
 		t.Logf("case %v", r)
 		var bodyStr string
 		if r.body != "" {
-			bodyStr = fmt.Sprintf(r.body, "")
+			sub := ""
 			if r.verb == "PUT" && r.body != "" {
 				// For update operations, insert previous resource version
 				if resVersion := previousResourceVersion[getPreviousResourceVersionKey(r.URL, "")]; resVersion != 0 {
-					resourceVersionJson := fmt.Sprintf(",\r\n\"resourceVersion\": %v", resVersion)
-					bodyStr = fmt.Sprintf(r.body, resourceVersionJson)
+					sub += fmt.Sprintf(",\r\n\"resourceVersion\": %v", resVersion)
 				}
+				namespace := "default"
+				sub += fmt.Sprintf(",\r\n\"namespace\": %v", namespace)
 			}
+			bodyStr = fmt.Sprintf(r.body, sub)
 		}
 		bodyBytes := bytes.NewReader([]byte(bodyStr))
 		req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
@@ -483,14 +499,16 @@ func TestAliceNotForbiddenOrUnauthorized(t *testing.T) {
 		t.Logf("case %v", r)
 		var bodyStr string
 		if r.body != "" {
-			bodyStr = fmt.Sprintf(r.body, "")
+			sub := ""
 			if r.verb == "PUT" && r.body != "" {
 				// For update operations, insert previous resource version
 				if resVersion := previousResourceVersion[getPreviousResourceVersionKey(r.URL, "")]; resVersion != 0 {
-					resourceVersionJson := fmt.Sprintf(",\r\n\"resourceVersion\": %v", resVersion)
-					bodyStr = fmt.Sprintf(r.body, resourceVersionJson)
+					sub += fmt.Sprintf(",\r\n\"resourceVersion\": %v", resVersion)
 				}
+				namespace := "default"
+				sub += fmt.Sprintf(",\r\n\"namespace\": %v", namespace)
 			}
+			bodyStr = fmt.Sprintf(r.body, sub)
 		}
 		bodyBytes := bytes.NewReader([]byte(bodyStr))
 		req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
@@ -705,24 +723,25 @@ func TestNamespaceAuthorization(t *testing.T) {
 	requests := []struct {
 		verb        string
 		URL         string
+		namespace   string
 		body        string
 		statusCodes map[int]bool // allowed status codes.
 	}{

-		{"POST", "/api/v1beta1/pods" + timeoutFlag + "&namespace=foo", aPod, code200},
-		{"GET", "/api/v1beta1/pods?namespace=foo", "", code200},
-		{"GET", "/api/v1beta1/pods/a?namespace=foo", "", code200},
-		{"DELETE", "/api/v1beta1/pods/a" + timeoutFlag + "&namespace=foo", "", code200},
+		{"POST", "/api/v1beta1/pods" + timeoutFlag + "&namespace=foo", "foo", aPod, code201},
+		{"GET", "/api/v1beta1/pods?namespace=foo", "foo", "", code200},
+		{"GET", "/api/v1beta1/pods/a?namespace=foo", "foo", "", code200},
+		{"DELETE", "/api/v1beta1/pods/a" + timeoutFlag + "&namespace=foo", "foo", "", code200},

-		{"POST", "/api/v1beta1/pods" + timeoutFlag + "&namespace=bar", aPod, code403},
-		{"GET", "/api/v1beta1/pods?namespace=bar", "", code403},
-		{"GET", "/api/v1beta1/pods/a?namespace=bar", "", code403},
-		{"DELETE", "/api/v1beta1/pods/a" + timeoutFlag + "&namespace=bar", "", code403},
+		{"POST", "/api/v1beta1/pods" + timeoutFlag + "&namespace=bar", "bar", aPod, code403},
+		{"GET", "/api/v1beta1/pods?namespace=bar", "bar", "", code403},
+		{"GET", "/api/v1beta1/pods/a?namespace=bar", "bar", "", code403},
+		{"DELETE", "/api/v1beta1/pods/a" + timeoutFlag + "&namespace=bar", "bar", "", code403},

-		{"POST", "/api/v1beta1/pods" + timeoutFlag, aPod, code403},
-		{"GET", "/api/v1beta1/pods", "", code403},
-		{"GET", "/api/v1beta1/pods/a", "", code403},
-		{"DELETE", "/api/v1beta1/pods/a" + timeoutFlag, "", code403},
+		{"POST", "/api/v1beta1/pods" + timeoutFlag, "", aPod, code403},
+		{"GET", "/api/v1beta1/pods", "", "", code403},
+		{"GET", "/api/v1beta1/pods/a", "", "", code403},
+		{"DELETE", "/api/v1beta1/pods/a" + timeoutFlag, "", "", code403},
 	}

 	for _, r := range requests {
@@ -730,14 +749,19 @@ func TestNamespaceAuthorization(t *testing.T) {
 		t.Logf("case %v", r)
 		var bodyStr string
 		if r.body != "" {
-			bodyStr = fmt.Sprintf(r.body, "")
+			sub := ""
 			if r.verb == "PUT" && r.body != "" {
 				// For update operations, insert previous resource version
 				if resVersion := previousResourceVersion[getPreviousResourceVersionKey(r.URL, "")]; resVersion != 0 {
-					resourceVersionJson := fmt.Sprintf(",\r\n\"resourceVersion\": %v", resVersion)
-					bodyStr = fmt.Sprintf(r.body, resourceVersionJson)
+					sub += fmt.Sprintf(",\r\n\"resourceVersion\": %v", resVersion)
 				}
+				namespace := r.namespace
+				if len(namespace) == 0 {
+					namespace = "default"
+				}
+				sub += fmt.Sprintf(",\r\n\"namespace\": %v", namespace)
 			}
+			bodyStr = fmt.Sprintf(r.body, sub)
 		}
 		bodyBytes := bytes.NewReader([]byte(bodyStr))
 		req, err := http.NewRequest(r.verb, s.URL+r.URL, bodyBytes)
@@ -815,7 +839,7 @@ func TestKindAuthorization(t *testing.T) {
 		body        string
 		statusCodes map[int]bool // allowed status codes.
 	}{
-		{"POST", "/api/v1beta1/services" + timeoutFlag, aService, code200},
+		{"POST", "/api/v1beta1/services" + timeoutFlag, aService, code201},
 		{"GET", "/api/v1beta1/services", "", code200},
 		{"GET", "/api/v1beta1/services/a", "", code200},
 		{"DELETE", "/api/v1beta1/services/a" + timeoutFlag, "", code200},