From 1d0d98dbc5bf2f8d828cec0dd65a48559117126e Mon Sep 17 00:00:00 2001 From: Aaron Crickenberger Date: Thu, 20 Jun 2019 11:40:37 -0700 Subject: [PATCH] add import-alias for k8s.io/api/policy/v1beta1 --- hack/.import-aliases | 3 +- test/e2e/apps/disruption.go | 14 ++-- test/e2e/auth/pod_security_policy.go | 72 +++++++++---------- .../autoscaling/cluster_size_autoscaling.go | 10 +-- test/e2e/framework/psp_util.go | 28 ++++---- test/e2e/storage/pd.go | 4 +- 6 files changed, 66 insertions(+), 65 deletions(-) diff --git a/hack/.import-aliases b/hack/.import-aliases index 4b96f066410..405cc4cabed 100644 --- a/hack/.import-aliases +++ b/hack/.import-aliases @@ -22,5 +22,6 @@ "k8s.io/api/networking/v1": "networkingv1", "k8s.io/api/networking/v1beta1": "networkingv1beta1", "k8s.io/api/node/v1alpha1": "nodev1alpha1", - "k8s.io/api/node/v1beta1": "nodev1beta1" + "k8s.io/api/node/v1beta1": "nodev1beta1", + "k8s.io/api/policy/v1beta1": "policyv1beta1" } \ No newline at end of file diff --git a/test/e2e/apps/disruption.go b/test/e2e/apps/disruption.go index 93c4e22e5ec..ce545e2cf27 100644 --- a/test/e2e/apps/disruption.go +++ b/test/e2e/apps/disruption.go @@ -25,7 +25,7 @@ import ( appsv1 "k8s.io/api/apps/v1" "k8s.io/api/core/v1" - policy "k8s.io/api/policy/v1beta1" + policyv1beta1 "k8s.io/api/policy/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/wait" @@ -168,7 +168,7 @@ var _ = SIGDescribe("DisruptionController", func() { pod, err := locateRunningPod(cs, ns) framework.ExpectNoError(err) - e := &policy.Eviction{ + e := &policyv1beta1.Eviction{ ObjectMeta: metav1.ObjectMeta{ Name: pod.Name, Namespace: ns, @@ -208,7 +208,7 @@ var _ = SIGDescribe("DisruptionController", func() { framework.ExpectNoError(err) waitForPodsOrDie(cs, ns, 3) // make sure that they are running and so would be evictable with a different pdb - e := &policy.Eviction{ + e := &policyv1beta1.Eviction{ ObjectMeta: metav1.ObjectMeta{ Name: pod.Name, Namespace: ns, @@ -228,12 +228,12 @@ var _ = SIGDescribe("DisruptionController", func() { }) func createPDBMinAvailableOrDie(cs kubernetes.Interface, ns string, minAvailable intstr.IntOrString) { - pdb := policy.PodDisruptionBudget{ + pdb := policyv1beta1.PodDisruptionBudget{ ObjectMeta: metav1.ObjectMeta{ Name: "foo", Namespace: ns, }, - Spec: policy.PodDisruptionBudgetSpec{ + Spec: policyv1beta1.PodDisruptionBudgetSpec{ Selector: &metav1.LabelSelector{MatchLabels: map[string]string{"foo": "bar"}}, MinAvailable: &minAvailable, }, @@ -244,12 +244,12 @@ func createPDBMinAvailableOrDie(cs kubernetes.Interface, ns string, minAvailable } func createPDBMaxUnavailableOrDie(cs kubernetes.Interface, ns string, maxUnavailable intstr.IntOrString) { - pdb := policy.PodDisruptionBudget{ + pdb := policyv1beta1.PodDisruptionBudget{ ObjectMeta: metav1.ObjectMeta{ Name: "foo", Namespace: ns, }, - Spec: policy.PodDisruptionBudgetSpec{ + Spec: policyv1beta1.PodDisruptionBudgetSpec{ Selector: &metav1.LabelSelector{MatchLabels: map[string]string{"foo": "bar"}}, MaxUnavailable: &maxUnavailable, }, diff --git a/test/e2e/auth/pod_security_policy.go b/test/e2e/auth/pod_security_policy.go index 4ac448b02ef..5fe75438382 100644 --- a/test/e2e/auth/pod_security_policy.go +++ b/test/e2e/auth/pod_security_policy.go @@ -20,7 +20,7 @@ import ( "fmt" v1 "k8s.io/api/core/v1" - policy "k8s.io/api/policy/v1beta1" + policyv1beta1 "k8s.io/api/policy/v1beta1" rbacv1 "k8s.io/api/rbac/v1" apierrs "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -208,7 +208,7 @@ func testPrivilegedPods(tester func(pod *v1.Pod)) { } // createAndBindPSP creates a PSP in the policy API group. -func createAndBindPSP(f *framework.Framework, pspTemplate *policy.PodSecurityPolicy) (psp *policy.PodSecurityPolicy, cleanup func()) { +func createAndBindPSP(f *framework.Framework, pspTemplate *policyv1beta1.PodSecurityPolicy) (psp *policyv1beta1.PodSecurityPolicy, cleanup func()) { // Create the PodSecurityPolicy object. psp = pspTemplate.DeepCopy() // Add the namespace to the name to ensure uniqueness and tie it to the namespace. @@ -274,35 +274,35 @@ func restrictedPod(name string) *v1.Pod { } // privilegedPSPInPolicy creates a PodSecurityPolicy (in the "policy" API Group) that allows everything. -func privilegedPSP(name string) *policy.PodSecurityPolicy { - return &policy.PodSecurityPolicy{ +func privilegedPSP(name string) *policyv1beta1.PodSecurityPolicy { + return &policyv1beta1.PodSecurityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: name, Annotations: map[string]string{seccomp.AllowedProfilesAnnotationKey: seccomp.AllowAny}, }, - Spec: policy.PodSecurityPolicySpec{ + Spec: policyv1beta1.PodSecurityPolicySpec{ Privileged: true, AllowPrivilegeEscalation: utilpointer.BoolPtr(true), AllowedCapabilities: []v1.Capability{"*"}, - Volumes: []policy.FSType{policy.All}, + Volumes: []policyv1beta1.FSType{policyv1beta1.All}, HostNetwork: true, - HostPorts: []policy.HostPortRange{{Min: 0, Max: 65535}}, + HostPorts: []policyv1beta1.HostPortRange{{Min: 0, Max: 65535}}, HostIPC: true, HostPID: true, - RunAsUser: policy.RunAsUserStrategyOptions{ - Rule: policy.RunAsUserStrategyRunAsAny, + RunAsUser: policyv1beta1.RunAsUserStrategyOptions{ + Rule: policyv1beta1.RunAsUserStrategyRunAsAny, }, - RunAsGroup: &policy.RunAsGroupStrategyOptions{ - Rule: policy.RunAsGroupStrategyRunAsAny, + RunAsGroup: &policyv1beta1.RunAsGroupStrategyOptions{ + Rule: policyv1beta1.RunAsGroupStrategyRunAsAny, }, - SELinux: policy.SELinuxStrategyOptions{ - Rule: policy.SELinuxStrategyRunAsAny, + SELinux: policyv1beta1.SELinuxStrategyOptions{ + Rule: policyv1beta1.SELinuxStrategyRunAsAny, }, - SupplementalGroups: policy.SupplementalGroupsStrategyOptions{ - Rule: policy.SupplementalGroupsStrategyRunAsAny, + SupplementalGroups: policyv1beta1.SupplementalGroupsStrategyOptions{ + Rule: policyv1beta1.SupplementalGroupsStrategyRunAsAny, }, - FSGroup: policy.FSGroupStrategyOptions{ - Rule: policy.FSGroupStrategyRunAsAny, + FSGroup: policyv1beta1.FSGroupStrategyOptions{ + Rule: policyv1beta1.FSGroupStrategyRunAsAny, }, ReadOnlyRootFilesystem: false, }, @@ -310,8 +310,8 @@ func privilegedPSP(name string) *policy.PodSecurityPolicy { } // restrictedPSPInPolicy creates a PodSecurityPolicy (in the "policy" API Group) that is most strict. -func restrictedPSP(name string) *policy.PodSecurityPolicy { - return &policy.PodSecurityPolicy{ +func restrictedPSP(name string) *policyv1beta1.PodSecurityPolicy { + return &policyv1beta1.PodSecurityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: name, Annotations: map[string]string{ @@ -321,7 +321,7 @@ func restrictedPSP(name string) *policy.PodSecurityPolicy { apparmor.DefaultProfileAnnotationKey: apparmor.ProfileRuntimeDefault, }, }, - Spec: policy.PodSecurityPolicySpec{ + Spec: policyv1beta1.PodSecurityPolicySpec{ Privileged: false, AllowPrivilegeEscalation: utilpointer.BoolPtr(false), RequiredDropCapabilities: []v1.Capability{ @@ -337,32 +337,32 @@ func restrictedPSP(name string) *policy.PodSecurityPolicy { "SETUID", "SYS_CHROOT", }, - Volumes: []policy.FSType{ - policy.ConfigMap, - policy.EmptyDir, - policy.PersistentVolumeClaim, + Volumes: []policyv1beta1.FSType{ + policyv1beta1.ConfigMap, + policyv1beta1.EmptyDir, + policyv1beta1.PersistentVolumeClaim, "projected", - policy.Secret, + policyv1beta1.Secret, }, HostNetwork: false, HostIPC: false, HostPID: false, - RunAsUser: policy.RunAsUserStrategyOptions{ - Rule: policy.RunAsUserStrategyMustRunAsNonRoot, + RunAsUser: policyv1beta1.RunAsUserStrategyOptions{ + Rule: policyv1beta1.RunAsUserStrategyMustRunAsNonRoot, }, - RunAsGroup: &policy.RunAsGroupStrategyOptions{ - Rule: policy.RunAsGroupStrategyMustRunAs, - Ranges: []policy.IDRange{ + RunAsGroup: &policyv1beta1.RunAsGroupStrategyOptions{ + Rule: policyv1beta1.RunAsGroupStrategyMustRunAs, + Ranges: []policyv1beta1.IDRange{ {Min: nobodyUser, Max: nobodyUser}}, }, - SELinux: policy.SELinuxStrategyOptions{ - Rule: policy.SELinuxStrategyRunAsAny, + SELinux: policyv1beta1.SELinuxStrategyOptions{ + Rule: policyv1beta1.SELinuxStrategyRunAsAny, }, - SupplementalGroups: policy.SupplementalGroupsStrategyOptions{ - Rule: policy.SupplementalGroupsStrategyRunAsAny, + SupplementalGroups: policyv1beta1.SupplementalGroupsStrategyOptions{ + Rule: policyv1beta1.SupplementalGroupsStrategyRunAsAny, }, - FSGroup: policy.FSGroupStrategyOptions{ - Rule: policy.FSGroupStrategyRunAsAny, + FSGroup: policyv1beta1.FSGroupStrategyOptions{ + Rule: policyv1beta1.FSGroupStrategyRunAsAny, }, ReadOnlyRootFilesystem: false, }, diff --git a/test/e2e/autoscaling/cluster_size_autoscaling.go b/test/e2e/autoscaling/cluster_size_autoscaling.go index 8bd49f0c12f..4a8d2e6572f 100644 --- a/test/e2e/autoscaling/cluster_size_autoscaling.go +++ b/test/e2e/autoscaling/cluster_size_autoscaling.go @@ -29,7 +29,7 @@ import ( "time" "k8s.io/api/core/v1" - policy "k8s.io/api/policy/v1beta1" + policyv1beta1 "k8s.io/api/policy/v1beta1" schedulerapi "k8s.io/api/scheduling/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -1015,12 +1015,12 @@ func runDrainTest(f *framework.Framework, migSizes map[string]int, namespace str ginkgo.By("Create a PodDisruptionBudget") minAvailable := intstr.FromInt(numPods - pdbSize) - pdb := &policy.PodDisruptionBudget{ + pdb := &policyv1beta1.PodDisruptionBudget{ ObjectMeta: metav1.ObjectMeta{ Name: "test_pdb", Namespace: namespace, }, - Spec: policy.PodDisruptionBudgetSpec{ + Spec: policyv1beta1.PodDisruptionBudgetSpec{ Selector: &metav1.LabelSelector{MatchLabels: labelMap}, MinAvailable: &minAvailable, }, @@ -1891,12 +1891,12 @@ func addKubeSystemPdbs(f *framework.Framework) (func(), error) { labelMap := map[string]string{"k8s-app": pdbData.label} pdbName := fmt.Sprintf("test-pdb-for-%v", pdbData.label) minAvailable := intstr.FromInt(pdbData.minAvailable) - pdb := &policy.PodDisruptionBudget{ + pdb := &policyv1beta1.PodDisruptionBudget{ ObjectMeta: metav1.ObjectMeta{ Name: pdbName, Namespace: "kube-system", }, - Spec: policy.PodDisruptionBudgetSpec{ + Spec: policyv1beta1.PodDisruptionBudgetSpec{ Selector: &metav1.LabelSelector{MatchLabels: labelMap}, MinAvailable: &minAvailable, }, diff --git a/test/e2e/framework/psp_util.go b/test/e2e/framework/psp_util.go index e2489e4a805..c4fa5a76c74 100644 --- a/test/e2e/framework/psp_util.go +++ b/test/e2e/framework/psp_util.go @@ -21,7 +21,7 @@ import ( "sync" v1 "k8s.io/api/core/v1" - policy "k8s.io/api/policy/v1beta1" + policyv1beta1 "k8s.io/api/policy/v1beta1" rbacv1 "k8s.io/api/rbac/v1" apierrs "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -44,33 +44,33 @@ var ( ) // privilegedPSP creates a PodSecurityPolicy that allows everything. -func privilegedPSP(name string) *policy.PodSecurityPolicy { +func privilegedPSP(name string) *policyv1beta1.PodSecurityPolicy { allowPrivilegeEscalation := true - return &policy.PodSecurityPolicy{ + return &policyv1beta1.PodSecurityPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: name, Annotations: map[string]string{seccomp.AllowedProfilesAnnotationKey: seccomp.AllowAny}, }, - Spec: policy.PodSecurityPolicySpec{ + Spec: policyv1beta1.PodSecurityPolicySpec{ Privileged: true, AllowPrivilegeEscalation: &allowPrivilegeEscalation, AllowedCapabilities: []v1.Capability{"*"}, - Volumes: []policy.FSType{policy.All}, + Volumes: []policyv1beta1.FSType{policyv1beta1.All}, HostNetwork: true, - HostPorts: []policy.HostPortRange{{Min: 0, Max: 65535}}, + HostPorts: []policyv1beta1.HostPortRange{{Min: 0, Max: 65535}}, HostIPC: true, HostPID: true, - RunAsUser: policy.RunAsUserStrategyOptions{ - Rule: policy.RunAsUserStrategyRunAsAny, + RunAsUser: policyv1beta1.RunAsUserStrategyOptions{ + Rule: policyv1beta1.RunAsUserStrategyRunAsAny, }, - SELinux: policy.SELinuxStrategyOptions{ - Rule: policy.SELinuxStrategyRunAsAny, + SELinux: policyv1beta1.SELinuxStrategyOptions{ + Rule: policyv1beta1.SELinuxStrategyRunAsAny, }, - SupplementalGroups: policy.SupplementalGroupsStrategyOptions{ - Rule: policy.SupplementalGroupsStrategyRunAsAny, + SupplementalGroups: policyv1beta1.SupplementalGroupsStrategyOptions{ + Rule: policyv1beta1.SupplementalGroupsStrategyRunAsAny, }, - FSGroup: policy.FSGroupStrategyOptions{ - Rule: policy.FSGroupStrategyRunAsAny, + FSGroup: policyv1beta1.FSGroupStrategyOptions{ + Rule: policyv1beta1.FSGroupStrategyRunAsAny, }, ReadOnlyRootFilesystem: false, AllowedUnsafeSysctls: []string{"*"}, diff --git a/test/e2e/storage/pd.go b/test/e2e/storage/pd.go index 07bdafb4bc5..a1cd496cc3a 100644 --- a/test/e2e/storage/pd.go +++ b/test/e2e/storage/pd.go @@ -30,7 +30,7 @@ import ( "github.com/onsi/ginkgo" "github.com/onsi/gomega" v1 "k8s.io/api/core/v1" - policy "k8s.io/api/policy/v1beta1" + policyv1beta1 "k8s.io/api/policy/v1beta1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -411,7 +411,7 @@ var _ = utils.SIGDescribe("Pod Disks", func() { framework.ExpectNoError(podClient.Delete(host0Pod.Name, metav1.NewDeleteOptions(0)), "Unable to delete host0Pod") } else if disruptOp == evictPod { - evictTarget := &policy.Eviction{ + evictTarget := &policyv1beta1.Eviction{ ObjectMeta: metav1.ObjectMeta{ Name: host0Pod.Name, Namespace: ns,