mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-04 18:00:08 +00:00
Clean up v1alpha1 serving for authorization API
This commit is contained in:
Jordan Liggitt
parent
2f9fb220ba
commit
161a817812
@ -18,7 +18,6 @@ package rest
|
||||
|
||||
import (
|
||||
authenticationv1 "k8s.io/api/authentication/v1"
|
||||
authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1"
|
||||
authenticationv1beta1 "k8s.io/api/authentication/v1beta1"
|
||||
"k8s.io/apiserver/pkg/authentication/authenticator"
|
||||
"k8s.io/apiserver/pkg/registry/generic"
|
||||
@ -46,10 +45,6 @@ func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorag
|
||||
// If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities.
|
||||
// TODO refactor the plumbing to provide the information in the APIGroupInfo
|
||||
|
||||
if storageMap := p.v1alpha1Storage(apiResourceConfigSource, restOptionsGetter); len(storageMap) > 0 {
|
||||
apiGroupInfo.VersionedResourcesStorageMap[authenticationv1alpha1.SchemeGroupVersion.Version] = storageMap
|
||||
}
|
||||
|
||||
if storageMap := p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter); len(storageMap) > 0 {
|
||||
apiGroupInfo.VersionedResourcesStorageMap[authenticationv1beta1.SchemeGroupVersion.Version] = storageMap
|
||||
}
|
||||
@ -77,17 +72,6 @@ func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.API
|
||||
return storage
|
||||
}
|
||||
|
||||
func (p RESTStorageProvider) v1alpha1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage {
|
||||
storage := map[string]rest.Storage{}
|
||||
|
||||
// selfsubjectreviews
|
||||
if resource := "selfsubjectreviews"; apiResourceConfigSource.ResourceEnabled(authenticationv1alpha1.SchemeGroupVersion.WithResource(resource)) {
|
||||
selfSRStorage := selfsubjectreview.NewREST()
|
||||
storage[resource] = selfSRStorage
|
||||
}
|
||||
return storage
|
||||
}
|
||||
|
||||
func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage {
|
||||
storage := map[string]rest.Storage{}
|
||||
|
||||
|
||||
@ -26,7 +26,6 @@ import (
|
||||
"testing"
|
||||
|
||||
authenticationv1 "k8s.io/api/authentication/v1"
|
||||
authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1"
|
||||
authenticationv1beta1 "k8s.io/api/authentication/v1beta1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apiserver/pkg/authentication/authenticator"
|
||||
@ -39,7 +38,7 @@ import (
|
||||
|
||||
func TestGetsSelfAttributes(t *testing.T) {
|
||||
// KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE allows for APIs pending removal to not block tests
|
||||
// TODO: Remove this line once authentication v1alpha1 types to be removed in 1.32 are fully removed
|
||||
// TODO: Remove this line when oldest emulation version is 1.34, along with removal of v1beta1 SelfSubjectReview (unservable by default but still servable via this envvar in 1.33)
|
||||
t.Setenv("KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE", "true")
|
||||
|
||||
tests := []struct {
|
||||
@ -98,7 +97,6 @@ func TestGetsSelfAttributes(t *testing.T) {
|
||||
|
||||
kubeClient, _, tearDownFn := framework.StartTestServer(tCtx, t, framework.TestServerSetup{
|
||||
ModifyServerRunOptions: func(opts *options.ServerRunOptions) {
|
||||
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1alpha1=true")
|
||||
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1beta1=true")
|
||||
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1=true")
|
||||
opts.Authorization.Modes = []string{"AlwaysAllow"}
|
||||
@ -121,85 +119,58 @@ func TestGetsSelfAttributes(t *testing.T) {
|
||||
response = tc.userInfo
|
||||
respMu.Unlock()
|
||||
|
||||
res, err := kubeClient.AuthenticationV1alpha1().
|
||||
SelfSubjectReviews().
|
||||
Create(tCtx, &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
|
||||
if res == nil {
|
||||
t.Fatalf("empty response")
|
||||
}
|
||||
|
||||
if res.Status.UserInfo.Username != tc.expectedName {
|
||||
t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, res.Status.UserInfo.Username)
|
||||
}
|
||||
|
||||
if res.Status.UserInfo.UID != tc.expectedUID {
|
||||
t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, res.Status.UserInfo.UID)
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(res.Status.UserInfo.Groups, tc.expectedGroups) {
|
||||
t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, res.Status.UserInfo.Groups)
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(res.Status.UserInfo.Extra, tc.expectedExtra) {
|
||||
t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, res.Status.UserInfo.Extra)
|
||||
}
|
||||
|
||||
res2, err := kubeClient.AuthenticationV1beta1().
|
||||
resBeta, err := kubeClient.AuthenticationV1beta1().
|
||||
SelfSubjectReviews().
|
||||
Create(tCtx, &authenticationv1beta1.SelfSubjectReview{}, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
|
||||
if res2 == nil {
|
||||
if resBeta == nil {
|
||||
t.Fatalf("empty response")
|
||||
}
|
||||
|
||||
if res2.Status.UserInfo.Username != tc.expectedName {
|
||||
t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, res.Status.UserInfo.Username)
|
||||
if resBeta.Status.UserInfo.Username != tc.expectedName {
|
||||
t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, resBeta.Status.UserInfo.Username)
|
||||
}
|
||||
|
||||
if res2.Status.UserInfo.UID != tc.expectedUID {
|
||||
t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, res.Status.UserInfo.UID)
|
||||
if resBeta.Status.UserInfo.UID != tc.expectedUID {
|
||||
t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, resBeta.Status.UserInfo.UID)
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(res2.Status.UserInfo.Groups, tc.expectedGroups) {
|
||||
t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, res.Status.UserInfo.Groups)
|
||||
if !reflect.DeepEqual(resBeta.Status.UserInfo.Groups, tc.expectedGroups) {
|
||||
t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, resBeta.Status.UserInfo.Groups)
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(res2.Status.UserInfo.Extra, tc.expectedExtra) {
|
||||
t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, res.Status.UserInfo.Extra)
|
||||
if !reflect.DeepEqual(resBeta.Status.UserInfo.Extra, tc.expectedExtra) {
|
||||
t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, resBeta.Status.UserInfo.Extra)
|
||||
}
|
||||
|
||||
res3, err := kubeClient.AuthenticationV1().
|
||||
resV1, err := kubeClient.AuthenticationV1().
|
||||
SelfSubjectReviews().
|
||||
Create(context.TODO(), &authenticationv1.SelfSubjectReview{}, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
|
||||
if res3 == nil {
|
||||
if resV1 == nil {
|
||||
t.Fatalf("empty response")
|
||||
}
|
||||
|
||||
if res3.Status.UserInfo.Username != tc.expectedName {
|
||||
t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, res.Status.UserInfo.Username)
|
||||
if resV1.Status.UserInfo.Username != tc.expectedName {
|
||||
t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, resV1.Status.UserInfo.Username)
|
||||
}
|
||||
|
||||
if res3.Status.UserInfo.UID != tc.expectedUID {
|
||||
t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, res.Status.UserInfo.UID)
|
||||
if resV1.Status.UserInfo.UID != tc.expectedUID {
|
||||
t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, resV1.Status.UserInfo.UID)
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(res3.Status.UserInfo.Groups, tc.expectedGroups) {
|
||||
t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, res.Status.UserInfo.Groups)
|
||||
if !reflect.DeepEqual(resV1.Status.UserInfo.Groups, tc.expectedGroups) {
|
||||
t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, resV1.Status.UserInfo.Groups)
|
||||
}
|
||||
|
||||
if !reflect.DeepEqual(res3.Status.UserInfo.Extra, tc.expectedExtra) {
|
||||
t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, res.Status.UserInfo.Extra)
|
||||
if !reflect.DeepEqual(resV1.Status.UserInfo.Extra, tc.expectedExtra) {
|
||||
t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, resV1.Status.UserInfo.Extra)
|
||||
}
|
||||
})
|
||||
}
|
||||
@ -212,7 +183,6 @@ func TestGetsSelfAttributesError(t *testing.T) {
|
||||
tCtx := ktesting.Init(t)
|
||||
kubeClient, _, tearDownFn := framework.StartTestServer(tCtx, t, framework.TestServerSetup{
|
||||
ModifyServerRunOptions: func(opts *options.ServerRunOptions) {
|
||||
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1alpha1=true")
|
||||
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1beta1=true")
|
||||
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1=true")
|
||||
opts.Authorization.Modes = []string{"AlwaysAllow"}
|
||||
@ -237,22 +207,6 @@ func TestGetsSelfAttributesError(t *testing.T) {
|
||||
|
||||
expected := fmt.Errorf("Unauthorized")
|
||||
|
||||
{ // v1alpha1
|
||||
toggle.Store(!toggle.Load().(bool))
|
||||
|
||||
_, err := kubeClient.AuthenticationV1alpha1().
|
||||
SelfSubjectReviews().
|
||||
Create(tCtx, &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{})
|
||||
if err == nil {
|
||||
t.Fatalf("expected error: %v, got nil", err)
|
||||
}
|
||||
|
||||
toggle.Store(!toggle.Load().(bool))
|
||||
if expected.Error() != err.Error() {
|
||||
t.Fatalf("expected error: %v, got %v", expected, err)
|
||||
}
|
||||
}
|
||||
|
||||
{ // v1beta1
|
||||
toggle.Store(!toggle.Load().(bool))
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user