Fixes lint errors in kubeapiserver packages

Fixes lint errors in kubeapiserver/admission, kubeapiserver/authorizer,
kubeapiserver/authenticator. Also enables lint testing of these
directories.
Fixed go format.
Fixed changes from config.
This commit is contained in:
walter 2018-10-11 00:00:29 -07:00
parent 774b18491f
commit 2af982abb9
10 changed files with 31 additions and 24 deletions

View File

@ -504,7 +504,7 @@ func buildGenericConfig(
genericConfig.DisabledPostStartHooks.Insert(rbacrest.PostStartHookName) genericConfig.DisabledPostStartHooks.Insert(rbacrest.PostStartHookName)
} }
admissionConfig := &kubeapiserveradmission.AdmissionConfig{ admissionConfig := &kubeapiserveradmission.Config{
ExternalInformers: versionedInformers, ExternalInformers: versionedInformers,
LoopbackClientConfig: genericConfig.LoopbackClientConfig, LoopbackClientConfig: genericConfig.LoopbackClientConfig,
CloudConfigFile: s.CloudProvider.CloudConfigFile, CloudConfigFile: s.CloudProvider.CloudConfigFile,

View File

@ -134,10 +134,6 @@ pkg/credentialprovider/gcp
pkg/credentialprovider/rancher pkg/credentialprovider/rancher
pkg/features pkg/features
pkg/kubeapiserver pkg/kubeapiserver
pkg/kubeapiserver/admission
pkg/kubeapiserver/authenticator
pkg/kubeapiserver/authorizer
pkg/kubeapiserver/authorizer/modes
pkg/kubeapiserver/options pkg/kubeapiserver/options
pkg/kubectl pkg/kubectl
pkg/kubectl/apps pkg/kubectl/apps

View File

@ -37,14 +37,15 @@ import (
quotainstall "k8s.io/kubernetes/pkg/quota/v1/install" quotainstall "k8s.io/kubernetes/pkg/quota/v1/install"
) )
// AdmissionConfig holds the configuration for initializing the admission plugins // Config holds the configuration needed to for initialize the admission plugins
type AdmissionConfig struct { type Config struct {
CloudConfigFile string CloudConfigFile string
LoopbackClientConfig *rest.Config LoopbackClientConfig *rest.Config
ExternalInformers externalinformers.SharedInformerFactory ExternalInformers externalinformers.SharedInformerFactory
} }
func (c *AdmissionConfig) New(proxyTransport *http.Transport, serviceResolver webhook.ServiceResolver) ([]admission.PluginInitializer, server.PostStartHookFunc, error) { // New sets up the plugins and admission start hooks needed for admission
func (c *Config) New(proxyTransport *http.Transport, serviceResolver webhook.ServiceResolver) ([]admission.PluginInitializer, server.PostStartHookFunc, error) {
webhookAuthResolverWrapper := webhook.NewDefaultAuthenticationInfoResolverWrapper(proxyTransport, c.LoopbackClientConfig) webhookAuthResolverWrapper := webhook.NewDefaultAuthenticationInfoResolverWrapper(proxyTransport, c.LoopbackClientConfig)
webhookPluginInitializer := webhookinit.NewPluginInitializer(webhookAuthResolverWrapper, serviceResolver) webhookPluginInitializer := webhookinit.NewPluginInitializer(webhookAuthResolverWrapper, serviceResolver)

View File

@ -33,8 +33,8 @@ type WantsCloudConfigAdmissionPlugin struct {
cloudConfig []byte cloudConfig []byte
} }
func (self *WantsCloudConfigAdmissionPlugin) SetCloudConfig(cloudConfig []byte) { func (p *WantsCloudConfigAdmissionPlugin) SetCloudConfig(cloudConfig []byte) {
self.cloudConfig = cloudConfig p.cloudConfig = cloudConfig
} }
func TestCloudConfigAdmissionPlugin(t *testing.T) { func TestCloudConfigAdmissionPlugin(t *testing.T) {

View File

@ -38,13 +38,15 @@ import (
"k8s.io/apiserver/plugin/pkg/authenticator/request/basicauth" "k8s.io/apiserver/plugin/pkg/authenticator/request/basicauth"
"k8s.io/apiserver/plugin/pkg/authenticator/token/oidc" "k8s.io/apiserver/plugin/pkg/authenticator/token/oidc"
"k8s.io/apiserver/plugin/pkg/authenticator/token/webhook" "k8s.io/apiserver/plugin/pkg/authenticator/token/webhook"
// Initialize all known client auth plugins.
_ "k8s.io/client-go/plugin/pkg/client/auth" _ "k8s.io/client-go/plugin/pkg/client/auth"
certutil "k8s.io/client-go/util/cert" certutil "k8s.io/client-go/util/cert"
"k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/pkg/features"
"k8s.io/kubernetes/pkg/serviceaccount" "k8s.io/kubernetes/pkg/serviceaccount"
) )
type AuthenticatorConfig struct { // Config contains the data on how to authenticate a request to the Kube API Server
type Config struct {
Anonymous bool Anonymous bool
BasicAuthFile string BasicAuthFile string
BootstrapToken bool BootstrapToken bool
@ -78,7 +80,7 @@ type AuthenticatorConfig struct {
// New returns an authenticator.Request or an error that supports the standard // New returns an authenticator.Request or an error that supports the standard
// Kubernetes authentication mechanisms. // Kubernetes authentication mechanisms.
func (config AuthenticatorConfig) New() (authenticator.Request, *spec.SecurityDefinitions, error) { func (config Config) New() (authenticator.Request, *spec.SecurityDefinitions, error) {
var authenticators []authenticator.Request var authenticators []authenticator.Request
var tokenAuthenticators []authenticator.Token var tokenAuthenticators []authenticator.Token
securityDefinitions := spec.SecurityDefinitions{} securityDefinitions := spec.SecurityDefinitions{}

View File

@ -33,7 +33,8 @@ import (
"k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy" "k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy"
) )
type AuthorizationConfig struct { // Config contains the data on how to authorize a request to the Kube API Server
type Config struct {
AuthorizationModes []string AuthorizationModes []string
// Options for ModeABAC // Options for ModeABAC
@ -55,7 +56,7 @@ type AuthorizationConfig struct {
// New returns the right sort of union of multiple authorizer.Authorizer objects // New returns the right sort of union of multiple authorizer.Authorizer objects
// based on the authorizationMode or an error. // based on the authorizationMode or an error.
func (config AuthorizationConfig) New() (authorizer.Authorizer, authorizer.RuleResolver, error) { func (config Config) New() (authorizer.Authorizer, authorizer.RuleResolver, error) {
if len(config.AuthorizationModes) == 0 { if len(config.AuthorizationModes) == 0 {
return nil, nil, fmt.Errorf("at least one authorization mode must be passed") return nil, nil, fmt.Errorf("at least one authorization mode must be passed")
} }

View File

@ -19,14 +19,21 @@ package modes
import "k8s.io/apimachinery/pkg/util/sets" import "k8s.io/apimachinery/pkg/util/sets"
const ( const (
// ModeAlwaysAllow is the mode to set all requests as authorized
ModeAlwaysAllow string = "AlwaysAllow" ModeAlwaysAllow string = "AlwaysAllow"
ModeAlwaysDeny string = "AlwaysDeny" // ModeAlwaysDeny is the mode to set no requests as authorized
ModeABAC string = "ABAC" ModeAlwaysDeny string = "AlwaysDeny"
ModeWebhook string = "Webhook" // ModeABAC is the mode to use Attribute Based Access Control to authorize
ModeRBAC string = "RBAC" ModeABAC string = "ABAC"
ModeNode string = "Node" // ModeWebhook is the mode to make an external webhook call to authorize
ModeWebhook string = "Webhook"
// ModeRBAC is the mode to use Role Based Access Control to authorize
ModeRBAC string = "RBAC"
// ModeNode is an authorization mode that authorizes API requests made by kubelets.
ModeNode string = "Node"
) )
// AuthorizationModeChoices is the list of supported authorization modes
var AuthorizationModeChoices = []string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABAC, ModeWebhook, ModeRBAC, ModeNode} var AuthorizationModeChoices = []string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABAC, ModeWebhook, ModeRBAC, ModeNode}
// IsValidAuthorizationMode returns true if the given authorization mode is a valid one for the apiserver // IsValidAuthorizationMode returns true if the given authorization mode is a valid one for the apiserver

View File

@ -292,8 +292,8 @@ func (s *BuiltInAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
} }
} }
func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() kubeauthenticator.AuthenticatorConfig { func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() kubeauthenticator.Config {
ret := kubeauthenticator.AuthenticatorConfig{ ret := kubeauthenticator.Config{
TokenSuccessCacheTTL: s.TokenSuccessCacheTTL, TokenSuccessCacheTTL: s.TokenSuccessCacheTTL,
TokenFailureCacheTTL: s.TokenFailureCacheTTL, TokenFailureCacheTTL: s.TokenFailureCacheTTL,
} }

View File

@ -138,7 +138,7 @@ func TestToAuthenticationConfig(t *testing.T) {
TokenFailureCacheTTL: 0, TokenFailureCacheTTL: 0,
} }
expectConfig := kubeauthenticator.AuthenticatorConfig{ expectConfig := kubeauthenticator.Config{
APIAudiences: authenticator.Audiences{"http://foo.bar.com"}, APIAudiences: authenticator.Audiences{"http://foo.bar.com"},
Anonymous: false, Anonymous: false,
BasicAuthFile: "/testBasicAuthFile", BasicAuthFile: "/testBasicAuthFile",

View File

@ -109,8 +109,8 @@ func (s *BuiltInAuthorizationOptions) AddFlags(fs *pflag.FlagSet) {
"The duration to cache 'unauthorized' responses from the webhook authorizer.") "The duration to cache 'unauthorized' responses from the webhook authorizer.")
} }
func (s *BuiltInAuthorizationOptions) ToAuthorizationConfig(versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.AuthorizationConfig { func (s *BuiltInAuthorizationOptions) ToAuthorizationConfig(versionedInformerFactory versionedinformers.SharedInformerFactory) authorizer.Config {
return authorizer.AuthorizationConfig{ return authorizer.Config{
AuthorizationModes: s.Modes, AuthorizationModes: s.Modes,
PolicyFile: s.PolicyFile, PolicyFile: s.PolicyFile,
WebhookConfigFile: s.WebhookConfigFile, WebhookConfigFile: s.WebhookConfigFile,