mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Fixes lint errors in kubeapiserver packages
Fixes lint errors in kubeapiserver/admission, kubeapiserver/authorizer, kubeapiserver/authenticator. Also enables lint testing of these directories. Fixed go format. Fixed changes from config.
This commit is contained in:
parent
774b18491f
commit
2af982abb9
@ -504,7 +504,7 @@ func buildGenericConfig(
|
|||||||
genericConfig.DisabledPostStartHooks.Insert(rbacrest.PostStartHookName)
|
genericConfig.DisabledPostStartHooks.Insert(rbacrest.PostStartHookName)
|
||||||
}
|
}
|
||||||
|
|
||||||
admissionConfig := &kubeapiserveradmission.AdmissionConfig{
|
admissionConfig := &kubeapiserveradmission.Config{
|
||||||
ExternalInformers: versionedInformers,
|
ExternalInformers: versionedInformers,
|
||||||
LoopbackClientConfig: genericConfig.LoopbackClientConfig,
|
LoopbackClientConfig: genericConfig.LoopbackClientConfig,
|
||||||
CloudConfigFile: s.CloudProvider.CloudConfigFile,
|
CloudConfigFile: s.CloudProvider.CloudConfigFile,
|
||||||
|
@ -134,10 +134,6 @@ pkg/credentialprovider/gcp
|
|||||||
pkg/credentialprovider/rancher
|
pkg/credentialprovider/rancher
|
||||||
pkg/features
|
pkg/features
|
||||||
pkg/kubeapiserver
|
pkg/kubeapiserver
|
||||||
pkg/kubeapiserver/admission
|
|
||||||
pkg/kubeapiserver/authenticator
|
|
||||||
pkg/kubeapiserver/authorizer
|
|
||||||
pkg/kubeapiserver/authorizer/modes
|
|
||||||
pkg/kubeapiserver/options
|
pkg/kubeapiserver/options
|
||||||
pkg/kubectl
|
pkg/kubectl
|
||||||
pkg/kubectl/apps
|
pkg/kubectl/apps
|
||||||
|
@ -37,14 +37,15 @@ import (
|
|||||||
quotainstall "k8s.io/kubernetes/pkg/quota/v1/install"
|
quotainstall "k8s.io/kubernetes/pkg/quota/v1/install"
|
||||||
)
|
)
|
||||||
|
|
||||||
// AdmissionConfig holds the configuration for initializing the admission plugins
|
// Config holds the configuration needed to for initialize the admission plugins
|
||||||
type AdmissionConfig struct {
|
type Config struct {
|
||||||
CloudConfigFile string
|
CloudConfigFile string
|
||||||
LoopbackClientConfig *rest.Config
|
LoopbackClientConfig *rest.Config
|
||||||
ExternalInformers externalinformers.SharedInformerFactory
|
ExternalInformers externalinformers.SharedInformerFactory
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *AdmissionConfig) New(proxyTransport *http.Transport, serviceResolver webhook.ServiceResolver) ([]admission.PluginInitializer, server.PostStartHookFunc, error) {
|
// New sets up the plugins and admission start hooks needed for admission
|
||||||
|
func (c *Config) New(proxyTransport *http.Transport, serviceResolver webhook.ServiceResolver) ([]admission.PluginInitializer, server.PostStartHookFunc, error) {
|
||||||
webhookAuthResolverWrapper := webhook.NewDefaultAuthenticationInfoResolverWrapper(proxyTransport, c.LoopbackClientConfig)
|
webhookAuthResolverWrapper := webhook.NewDefaultAuthenticationInfoResolverWrapper(proxyTransport, c.LoopbackClientConfig)
|
||||||
webhookPluginInitializer := webhookinit.NewPluginInitializer(webhookAuthResolverWrapper, serviceResolver)
|
webhookPluginInitializer := webhookinit.NewPluginInitializer(webhookAuthResolverWrapper, serviceResolver)
|
||||||
|
|
||||||
|
@ -33,8 +33,8 @@ type WantsCloudConfigAdmissionPlugin struct {
|
|||||||
cloudConfig []byte
|
cloudConfig []byte
|
||||||
}
|
}
|
||||||
|
|
||||||
func (self *WantsCloudConfigAdmissionPlugin) SetCloudConfig(cloudConfig []byte) {
|
func (p *WantsCloudConfigAdmissionPlugin) SetCloudConfig(cloudConfig []byte) {
|
||||||
self.cloudConfig = cloudConfig
|
p.cloudConfig = cloudConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestCloudConfigAdmissionPlugin(t *testing.T) {
|
func TestCloudConfigAdmissionPlugin(t *testing.T) {
|
||||||
|
@ -38,13 +38,15 @@ import (
|
|||||||
"k8s.io/apiserver/plugin/pkg/authenticator/request/basicauth"
|
"k8s.io/apiserver/plugin/pkg/authenticator/request/basicauth"
|
||||||
"k8s.io/apiserver/plugin/pkg/authenticator/token/oidc"
|
"k8s.io/apiserver/plugin/pkg/authenticator/token/oidc"
|
||||||
"k8s.io/apiserver/plugin/pkg/authenticator/token/webhook"
|
"k8s.io/apiserver/plugin/pkg/authenticator/token/webhook"
|
||||||
|
// Initialize all known client auth plugins.
|
||||||
_ "k8s.io/client-go/plugin/pkg/client/auth"
|
_ "k8s.io/client-go/plugin/pkg/client/auth"
|
||||||
certutil "k8s.io/client-go/util/cert"
|
certutil "k8s.io/client-go/util/cert"
|
||||||
"k8s.io/kubernetes/pkg/features"
|
"k8s.io/kubernetes/pkg/features"
|
||||||
"k8s.io/kubernetes/pkg/serviceaccount"
|
"k8s.io/kubernetes/pkg/serviceaccount"
|
||||||
)
|
)
|
||||||
|
|
||||||
type AuthenticatorConfig struct {
|
// Config contains the data on how to authenticate a request to the Kube API Server
|
||||||
|
type Config struct {
|
||||||
Anonymous bool
|
Anonymous bool
|
||||||
BasicAuthFile string
|
BasicAuthFile string
|
||||||
BootstrapToken bool
|
BootstrapToken bool
|
||||||
@ -78,7 +80,7 @@ type AuthenticatorConfig struct {
|
|||||||
|
|
||||||
// New returns an authenticator.Request or an error that supports the standard
|
// New returns an authenticator.Request or an error that supports the standard
|
||||||
// Kubernetes authentication mechanisms.
|
// Kubernetes authentication mechanisms.
|
||||||
func (config AuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDefinitions, error) {
|
func (config Config) New() (authenticator.Request, *spec.SecurityDefinitions, error) {
|
||||||
var authenticators []authenticator.Request
|
var authenticators []authenticator.Request
|
||||||
var tokenAuthenticators []authenticator.Token
|
var tokenAuthenticators []authenticator.Token
|
||||||
securityDefinitions := spec.SecurityDefinitions{}
|
securityDefinitions := spec.SecurityDefinitions{}
|
||||||
|
@ -33,7 +33,8 @@ import (
|
|||||||
"k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy"
|
"k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy"
|
||||||
)
|
)
|
||||||
|
|
||||||
type AuthorizationConfig struct {
|
// Config contains the data on how to authorize a request to the Kube API Server
|
||||||
|
type Config struct {
|
||||||
AuthorizationModes []string
|
AuthorizationModes []string
|
||||||
|
|
||||||
// Options for ModeABAC
|
// Options for ModeABAC
|
||||||
@ -55,7 +56,7 @@ type AuthorizationConfig struct {
|
|||||||
|
|
||||||
// New returns the right sort of union of multiple authorizer.Authorizer objects
|
// New returns the right sort of union of multiple authorizer.Authorizer objects
|
||||||
// based on the authorizationMode or an error.
|
// based on the authorizationMode or an error.
|
||||||
func (config AuthorizationConfig) New() (authorizer.Authorizer, authorizer.RuleResolver, error) {
|
func (config Config) New() (authorizer.Authorizer, authorizer.RuleResolver, error) {
|
||||||
if len(config.AuthorizationModes) == 0 {
|
if len(config.AuthorizationModes) == 0 {
|
||||||
return nil, nil, fmt.Errorf("at least one authorization mode must be passed")
|
return nil, nil, fmt.Errorf("at least one authorization mode must be passed")
|
||||||
}
|
}
|
||||||
|
@ -19,14 +19,21 @@ package modes
|
|||||||
import "k8s.io/apimachinery/pkg/util/sets"
|
import "k8s.io/apimachinery/pkg/util/sets"
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
// ModeAlwaysAllow is the mode to set all requests as authorized
|
||||||
ModeAlwaysAllow string = "AlwaysAllow"
|
ModeAlwaysAllow string = "AlwaysAllow"
|
||||||
ModeAlwaysDeny string = "AlwaysDeny"
|
// ModeAlwaysDeny is the mode to set no requests as authorized
|
||||||
ModeABAC string = "ABAC"
|
ModeAlwaysDeny string = "AlwaysDeny"
|
||||||
ModeWebhook string = "Webhook"
|
// ModeABAC is the mode to use Attribute Based Access Control to authorize
|
||||||
ModeRBAC string = "RBAC"
|
ModeABAC string = "ABAC"
|
||||||
ModeNode string = "Node"
|
// ModeWebhook is the mode to make an external webhook call to authorize
|
||||||
|
ModeWebhook string = "Webhook"
|
||||||
|
// ModeRBAC is the mode to use Role Based Access Control to authorize
|
||||||
|
ModeRBAC string = "RBAC"
|
||||||
|
// ModeNode is an authorization mode that authorizes API requests made by kubelets.
|
||||||
|
ModeNode string = "Node"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// AuthorizationModeChoices is the list of supported authorization modes
|
||||||
var AuthorizationModeChoices = []string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABAC, ModeWebhook, ModeRBAC, ModeNode}
|
var AuthorizationModeChoices = []string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABAC, ModeWebhook, ModeRBAC, ModeNode}
|
||||||
|
|
||||||
// IsValidAuthorizationMode returns true if the given authorization mode is a valid one for the apiserver
|
// IsValidAuthorizationMode returns true if the given authorization mode is a valid one for the apiserver
|
||||||
|
@ -292,8 +292,8 @@ func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() kubeauthenticator.AuthenticatorConfig {
|
func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() kubeauthenticator.Config {
|
||||||
ret := kubeauthenticator.AuthenticatorConfig{
|
ret := kubeauthenticator.Config{
|
||||||
TokenSuccessCacheTTL: s.TokenSuccessCacheTTL,
|
TokenSuccessCacheTTL: s.TokenSuccessCacheTTL,
|
||||||
TokenFailureCacheTTL: s.TokenFailureCacheTTL,
|
TokenFailureCacheTTL: s.TokenFailureCacheTTL,
|
||||||
}
|
}
|
||||||
|
@ -138,7 +138,7 @@ func TestToAuthenticationConfig(t *testing.T) {
|
|||||||
TokenFailureCacheTTL: 0,
|
TokenFailureCacheTTL: 0,
|
||||||
}
|
}
|
||||||
|
|
||||||
expectConfig := kubeauthenticator.AuthenticatorConfig{
|
expectConfig := kubeauthenticator.Config{
|
||||||
APIAudiences: authenticator.Audiences{"http://foo.bar.com"},
|
APIAudiences: authenticator.Audiences{"http://foo.bar.com"},
|
||||||
Anonymous: false,
|
Anonymous: false,
|
||||||
BasicAuthFile: "/testBasicAuthFile",
|
BasicAuthFile: "/testBasicAuthFile",
|
||||||
|
@ -109,8 +109,8 @@ func (s *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet) {
|
|||||||
"The duration to cache 'unauthorized' responses from the webhook authorizer.")
|
"The duration to cache 'unauthorized' responses from the webhook authorizer.")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *BuiltInAuthorizationOptions) ToAuthorizationConfig(versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.AuthorizationConfig {
|
func (s *BuiltInAuthorizationOptions) ToAuthorizationConfig(versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.Config {
|
||||||
return authorizer.AuthorizationConfig{
|
return authorizer.Config{
|
||||||
AuthorizationModes: s.Modes,
|
AuthorizationModes: s.Modes,
|
||||||
PolicyFile: s.PolicyFile,
|
PolicyFile: s.PolicyFile,
|
||||||
WebhookConfigFile: s.WebhookConfigFile,
|
WebhookConfigFile: s.WebhookConfigFile,
|
||||||
|
Loading…
Reference in New Issue
Block a user