From 32a2c2d05cc29ad16ea3b002d341f7c78ad7dc66 Mon Sep 17 00:00:00 2001 From: deads2k Date: Thu, 19 Jan 2017 10:07:51 -0500 Subject: [PATCH] remove old restclient --- .../fake/generator_fake_for_group.go | 2 +- .../generators/generator_for_clientset.go | 2 +- .../generators/generator_for_group.go | 2 +- .../generators/generator_for_type.go | 2 +- pkg/client/restclient/BUILD | 100 - pkg/client/restclient/OWNERS | 24 - pkg/client/restclient/client.go | 258 --- pkg/client/restclient/client_test.go | 340 ---- pkg/client/restclient/config.go | 380 ---- pkg/client/restclient/config_test.go | 231 --- pkg/client/restclient/plugin.go | 73 - pkg/client/restclient/plugin_test.go | 311 --- pkg/client/restclient/request.go | 1200 ------------ pkg/client/restclient/request_test.go | 1710 ----------------- pkg/client/restclient/transport.go | 98 - pkg/client/restclient/url_utils.go | 90 - pkg/client/restclient/url_utils_test.go | 61 - pkg/client/restclient/urlbackoff.go | 107 -- pkg/client/restclient/urlbackoff_test.go | 79 - pkg/client/restclient/versions.go | 88 - pkg/util/cert/BUILD | 46 - pkg/util/cert/cert.go | 207 -- pkg/util/cert/csr.go | 63 - pkg/util/cert/io.go | 129 -- pkg/util/cert/pem.go | 107 -- pkg/util/testing/BUILD | 38 - pkg/util/testing/fake_handler.go | 139 -- pkg/util/testing/tmpdir.go | 44 - staging/copy.sh | 16 +- .../client-go/pkg}/util/cert/csr_test.go | 0 .../util/cert/testdata/dontUseThisKey.pem | 0 .../client-go/pkg}/util/cert/triple/BUILD | 0 .../client-go/pkg}/util/cert/triple/triple.go | 0 .../client-go/pkg/util/clock/clock_test.go | 184 ++ .../pkg/util/flowcontrol/backoff_test.go | 195 ++ .../pkg/util/flowcontrol/throttle_test.go | 177 ++ .../pkg/util/integer/integer_test.go | 244 +++ .../pkg}/util/testing/fake_handler_test.go | 0 staging/src/k8s.io/client-go/rest/request.go | 62 +- .../src/k8s.io/client-go/rest/request_test.go | 27 + 40 files changed, 894 insertions(+), 5942 deletions(-) delete mode 100644 pkg/client/restclient/BUILD delete mode 100755 pkg/client/restclient/OWNERS delete mode 100644 pkg/client/restclient/client.go delete mode 100644 pkg/client/restclient/client_test.go delete mode 100644 pkg/client/restclient/config.go delete mode 100644 pkg/client/restclient/config_test.go delete mode 100644 pkg/client/restclient/plugin.go delete mode 100644 pkg/client/restclient/plugin_test.go delete mode 100644 pkg/client/restclient/request.go delete mode 100755 pkg/client/restclient/request_test.go delete mode 100644 pkg/client/restclient/transport.go delete mode 100644 pkg/client/restclient/url_utils.go delete mode 100644 pkg/client/restclient/url_utils_test.go delete mode 100644 pkg/client/restclient/urlbackoff.go delete mode 100644 pkg/client/restclient/urlbackoff_test.go delete mode 100644 pkg/client/restclient/versions.go delete mode 100644 pkg/util/cert/BUILD delete mode 100644 pkg/util/cert/cert.go delete mode 100644 pkg/util/cert/csr.go delete mode 100644 pkg/util/cert/io.go delete mode 100644 pkg/util/cert/pem.go delete mode 100644 pkg/util/testing/BUILD delete mode 100644 pkg/util/testing/fake_handler.go delete mode 100644 pkg/util/testing/tmpdir.go rename {pkg => staging/src/k8s.io/client-go/pkg}/util/cert/csr_test.go (100%) rename {pkg => staging/src/k8s.io/client-go/pkg}/util/cert/testdata/dontUseThisKey.pem (100%) rename {pkg => staging/src/k8s.io/client-go/pkg}/util/cert/triple/BUILD (100%) rename {pkg => staging/src/k8s.io/client-go/pkg}/util/cert/triple/triple.go (100%) create mode 100644 staging/src/k8s.io/client-go/pkg/util/clock/clock_test.go create mode 100644 staging/src/k8s.io/client-go/pkg/util/flowcontrol/backoff_test.go create mode 100644 staging/src/k8s.io/client-go/pkg/util/flowcontrol/throttle_test.go create mode 100644 staging/src/k8s.io/client-go/pkg/util/integer/integer_test.go rename {pkg => staging/src/k8s.io/client-go/pkg}/util/testing/fake_handler_test.go (100%) diff --git a/cmd/libs/go2idl/client-gen/generators/fake/generator_fake_for_group.go b/cmd/libs/go2idl/client-gen/generators/fake/generator_fake_for_group.go index fdd4f2daa7b..e39137141db 100644 --- a/cmd/libs/go2idl/client-gen/generators/fake/generator_fake_for_group.go +++ b/cmd/libs/go2idl/client-gen/generators/fake/generator_fake_for_group.go @@ -60,7 +60,7 @@ func (g *genFakeForGroup) Imports(c *generator.Context) (imports []string) { func (g *genFakeForGroup) GenerateType(c *generator.Context, t *types.Type, w io.Writer) error { sw := generator.NewSnippetWriter(w, c, "$", "$") const pkgTestingCore = "k8s.io/kubernetes/pkg/client/testing/core" - const pkgRESTClient = "k8s.io/kubernetes/pkg/client/restclient" + const pkgRESTClient = "k8s.io/client-go/rest" m := map[string]interface{}{ "group": g.group, "GroupVersion": namer.IC(g.group) + namer.IC(g.version), diff --git a/cmd/libs/go2idl/client-gen/generators/generator_for_clientset.go b/cmd/libs/go2idl/client-gen/generators/generator_for_clientset.go index 7b790459431..f4309498db0 100644 --- a/cmd/libs/go2idl/client-gen/generators/generator_for_clientset.go +++ b/cmd/libs/go2idl/client-gen/generators/generator_for_clientset.go @@ -73,7 +73,7 @@ func (g *genClientset) GenerateType(c *generator.Context, t *types.Type, w io.Wr // perhaps we can adapt the go2ild framework to this kind of usage. sw := generator.NewSnippetWriter(w, c, "$", "$") const pkgDiscovery = "k8s.io/kubernetes/pkg/client/typed/discovery" - const pkgRESTClient = "k8s.io/kubernetes/pkg/client/restclient" + const pkgRESTClient = "k8s.io/client-go/rest" allGroups := clientgentypes.ToGroupVersionPackages(g.groups) diff --git a/cmd/libs/go2idl/client-gen/generators/generator_for_group.go b/cmd/libs/go2idl/client-gen/generators/generator_for_group.go index 7dabf1eabe9..158ab9dbbc9 100644 --- a/cmd/libs/go2idl/client-gen/generators/generator_for_group.go +++ b/cmd/libs/go2idl/client-gen/generators/generator_for_group.go @@ -57,7 +57,7 @@ func (g *genGroup) Imports(c *generator.Context) (imports []string) { func (g *genGroup) GenerateType(c *generator.Context, t *types.Type, w io.Writer) error { sw := generator.NewSnippetWriter(w, c, "$", "$") - const pkgRESTClient = "k8s.io/kubernetes/pkg/client/restclient" + const pkgRESTClient = "k8s.io/client-go/rest" const pkgAPI = "k8s.io/kubernetes/pkg/api" const pkgSerializer = "k8s.io/apimachinery/pkg/runtime/serializer" const pkgUnversioned = "k8s.io/kubernetes/pkg/api/unversioned" diff --git a/cmd/libs/go2idl/client-gen/generators/generator_for_type.go b/cmd/libs/go2idl/client-gen/generators/generator_for_type.go index 4963cd54f98..fb3414f9877 100644 --- a/cmd/libs/go2idl/client-gen/generators/generator_for_type.go +++ b/cmd/libs/go2idl/client-gen/generators/generator_for_type.go @@ -84,7 +84,7 @@ func (g *genClientForType) GenerateType(c *generator.Context, t *types.Type, w i "Group": namer.IC(g.group), "GroupVersion": namer.IC(g.group) + namer.IC(g.version), "watchInterface": c.Universe.Type(types.Name{Package: "k8s.io/apimachinery/pkg/watch", Name: "Interface"}), - "RESTClientInterface": c.Universe.Type(types.Name{Package: "k8s.io/kubernetes/pkg/client/restclient", Name: "Interface"}), + "RESTClientInterface": c.Universe.Type(types.Name{Package: "k8s.io/client-go/rest", Name: "Interface"}), "apiParameterCodec": c.Universe.Type(types.Name{Package: "k8s.io/kubernetes/pkg/api", Name: "ParameterCodec"}), "PatchType": c.Universe.Type(types.Name{Package: "k8s.io/apimachinery/pkg/types", Name: "PatchType"}), "namespaced": namespaced, diff --git a/pkg/client/restclient/BUILD b/pkg/client/restclient/BUILD deleted file mode 100644 index 90ad1ecfc04..00000000000 --- a/pkg/client/restclient/BUILD +++ /dev/null @@ -1,100 +0,0 @@ -package(default_visibility = ["//visibility:public"]) - -licenses(["notice"]) - -load( - "@io_bazel_rules_go//go:def.bzl", - "go_library", - "go_test", -) - -go_library( - name = "go_default_library", - srcs = [ - "client.go", - "config.go", - "plugin.go", - "request.go", - "transport.go", - "url_utils.go", - "urlbackoff.go", - "versions.go", - ], - tags = ["automanaged"], - deps = [ - "//pkg/api:go_default_library", - "//pkg/api/v1:go_default_library", - "//pkg/api/validation/path:go_default_library", - "//pkg/client/metrics:go_default_library", - "//pkg/util/cert:go_default_library", - "//pkg/version:go_default_library", - "//vendor:github.com/golang/glog", - "//vendor:k8s.io/apimachinery/pkg/api/errors", - "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1", - "//vendor:k8s.io/apimachinery/pkg/fields", - "//vendor:k8s.io/apimachinery/pkg/labels", - "//vendor:k8s.io/apimachinery/pkg/runtime", - "//vendor:k8s.io/apimachinery/pkg/runtime/schema", - "//vendor:k8s.io/apimachinery/pkg/runtime/serializer/streaming", - "//vendor:k8s.io/apimachinery/pkg/types", - "//vendor:k8s.io/apimachinery/pkg/util/net", - "//vendor:k8s.io/apimachinery/pkg/util/sets", - "//vendor:k8s.io/apimachinery/pkg/watch", - "//vendor:k8s.io/client-go/pkg/util/flowcontrol", - "//vendor:k8s.io/client-go/rest/watch", - "//vendor:k8s.io/client-go/tools/clientcmd/api", - "//vendor:k8s.io/client-go/transport", - ], -) - -go_test( - name = "go_default_test", - srcs = [ - "client_test.go", - "config_test.go", - "plugin_test.go", - "request_test.go", - "url_utils_test.go", - "urlbackoff_test.go", - ], - library = ":go_default_library", - tags = ["automanaged"], - deps = [ - "//pkg/api:go_default_library", - "//pkg/api/testapi:go_default_library", - "//pkg/api/v1:go_default_library", - "//pkg/util/httpstream:go_default_library", - "//pkg/util/intstr:go_default_library", - "//pkg/util/testing:go_default_library", - "//vendor:github.com/google/gofuzz", - "//vendor:k8s.io/apimachinery/pkg/api/errors", - "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1", - "//vendor:k8s.io/apimachinery/pkg/labels", - "//vendor:k8s.io/apimachinery/pkg/runtime", - "//vendor:k8s.io/apimachinery/pkg/runtime/schema", - "//vendor:k8s.io/apimachinery/pkg/runtime/serializer/streaming", - "//vendor:k8s.io/apimachinery/pkg/types", - "//vendor:k8s.io/apimachinery/pkg/util/diff", - "//vendor:k8s.io/apimachinery/pkg/watch", - "//vendor:k8s.io/client-go/pkg/util/clock", - "//vendor:k8s.io/client-go/pkg/util/flowcontrol", - "//vendor:k8s.io/client-go/rest/watch", - "//vendor:k8s.io/client-go/tools/clientcmd/api", - ], -) - -filegroup( - name = "package-srcs", - srcs = glob(["**"]), - tags = ["automanaged"], - visibility = ["//visibility:private"], -) - -filegroup( - name = "all-srcs", - srcs = [ - ":package-srcs", - "//pkg/client/restclient/fake:all-srcs", - ], - tags = ["automanaged"], -) diff --git a/pkg/client/restclient/OWNERS b/pkg/client/restclient/OWNERS deleted file mode 100755 index 8d97da007d4..00000000000 --- a/pkg/client/restclient/OWNERS +++ /dev/null @@ -1,24 +0,0 @@ -reviewers: -- thockin -- smarterclayton -- caesarxuchao -- wojtek-t -- deads2k -- brendandburns -- liggitt -- nikhiljindal -- gmarek -- erictune -- sttts -- luxas -- dims -- errordeveloper -- hongchaodeng -- krousey -- resouer -- cjcullen -- rmmh -- lixiaobing10051267 -- asalkeld -- juanvallejo -- lojies diff --git a/pkg/client/restclient/client.go b/pkg/client/restclient/client.go deleted file mode 100644 index 141e08e92b9..00000000000 --- a/pkg/client/restclient/client.go +++ /dev/null @@ -1,258 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "fmt" - "mime" - "net/http" - "net/url" - "os" - "strconv" - "strings" - "time" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" - "k8s.io/client-go/pkg/util/flowcontrol" -) - -const ( - // Environment variables: Note that the duration should be long enough that the backoff - // persists for some reasonable time (i.e. 120 seconds). The typical base might be "1". - envBackoffBase = "KUBE_CLIENT_BACKOFF_BASE" - envBackoffDuration = "KUBE_CLIENT_BACKOFF_DURATION" -) - -// Interface captures the set of operations for generically interacting with Kubernetes REST apis. -type Interface interface { - GetRateLimiter() flowcontrol.RateLimiter - Verb(verb string) *Request - Post() *Request - Put() *Request - Patch(pt types.PatchType) *Request - Get() *Request - Delete() *Request - APIVersion() schema.GroupVersion -} - -// RESTClient imposes common Kubernetes API conventions on a set of resource paths. -// The baseURL is expected to point to an HTTP or HTTPS path that is the parent -// of one or more resources. The server should return a decodable API resource -// object, or an api.Status object which contains information about the reason for -// any failure. -// -// Most consumers should use client.New() to get a Kubernetes API client. -type RESTClient struct { - // base is the root URL for all invocations of the client - base *url.URL - // versionedAPIPath is a path segment connecting the base URL to the resource root - versionedAPIPath string - - // contentConfig is the information used to communicate with the server. - contentConfig ContentConfig - - // serializers contain all serializers for underlying content type. - serializers Serializers - - // creates BackoffManager that is passed to requests. - createBackoffMgr func() BackoffManager - - // TODO extract this into a wrapper interface via the RESTClient interface in kubectl. - Throttle flowcontrol.RateLimiter - - // Set specific behavior of the client. If not set http.DefaultClient will be used. - Client *http.Client -} - -type Serializers struct { - Encoder runtime.Encoder - Decoder runtime.Decoder - StreamingSerializer runtime.Serializer - Framer runtime.Framer - RenegotiatedDecoder func(contentType string, params map[string]string) (runtime.Decoder, error) -} - -// NewRESTClient creates a new RESTClient. This client performs generic REST functions -// such as Get, Put, Post, and Delete on specified paths. Codec controls encoding and -// decoding of responses from the server. -func NewRESTClient(baseURL *url.URL, versionedAPIPath string, config ContentConfig, maxQPS float32, maxBurst int, rateLimiter flowcontrol.RateLimiter, client *http.Client) (*RESTClient, error) { - base := *baseURL - if !strings.HasSuffix(base.Path, "/") { - base.Path += "/" - } - base.RawQuery = "" - base.Fragment = "" - - if config.GroupVersion == nil { - config.GroupVersion = &schema.GroupVersion{} - } - if len(config.ContentType) == 0 { - config.ContentType = "application/json" - } - serializers, err := createSerializers(config) - if err != nil { - return nil, err - } - - var throttle flowcontrol.RateLimiter - if maxQPS > 0 && rateLimiter == nil { - throttle = flowcontrol.NewTokenBucketRateLimiter(maxQPS, maxBurst) - } else if rateLimiter != nil { - throttle = rateLimiter - } - return &RESTClient{ - base: &base, - versionedAPIPath: versionedAPIPath, - contentConfig: config, - serializers: *serializers, - createBackoffMgr: readExpBackoffConfig, - Throttle: throttle, - Client: client, - }, nil -} - -// GetRateLimiter returns rate limier for a given client, or nil if it's called on a nil client -func (c *RESTClient) GetRateLimiter() flowcontrol.RateLimiter { - if c == nil { - return nil - } - return c.Throttle -} - -// readExpBackoffConfig handles the internal logic of determining what the -// backoff policy is. By default if no information is available, NoBackoff. -// TODO Generalize this see #17727 . -func readExpBackoffConfig() BackoffManager { - backoffBase := os.Getenv(envBackoffBase) - backoffDuration := os.Getenv(envBackoffDuration) - - backoffBaseInt, errBase := strconv.ParseInt(backoffBase, 10, 64) - backoffDurationInt, errDuration := strconv.ParseInt(backoffDuration, 10, 64) - if errBase != nil || errDuration != nil { - return &NoBackoff{} - } - return &URLBackoff{ - Backoff: flowcontrol.NewBackOff( - time.Duration(backoffBaseInt)*time.Second, - time.Duration(backoffDurationInt)*time.Second)} -} - -// createSerializers creates all necessary serializers for given contentType. -// TODO: the negotiated serializer passed to this method should probably return -// serializers that control decoding and versioning without this package -// being aware of the types. Depends on whether RESTClient must deal with -// generic infrastructure. -func createSerializers(config ContentConfig) (*Serializers, error) { - mediaTypes := config.NegotiatedSerializer.SupportedMediaTypes() - contentType := config.ContentType - mediaType, _, err := mime.ParseMediaType(contentType) - if err != nil { - return nil, fmt.Errorf("the content type specified in the client configuration is not recognized: %v", err) - } - info, ok := runtime.SerializerInfoForMediaType(mediaTypes, mediaType) - if !ok { - if len(contentType) != 0 || len(mediaTypes) == 0 { - return nil, fmt.Errorf("no serializers registered for %s", contentType) - } - info = mediaTypes[0] - } - - internalGV := schema.GroupVersions{ - { - Group: config.GroupVersion.Group, - Version: runtime.APIVersionInternal, - }, - // always include the legacy group as a decoding target to handle non-error `Status` return types - { - Group: "", - Version: runtime.APIVersionInternal, - }, - } - - s := &Serializers{ - Encoder: config.NegotiatedSerializer.EncoderForVersion(info.Serializer, *config.GroupVersion), - Decoder: config.NegotiatedSerializer.DecoderToVersion(info.Serializer, internalGV), - - RenegotiatedDecoder: func(contentType string, params map[string]string) (runtime.Decoder, error) { - info, ok := runtime.SerializerInfoForMediaType(mediaTypes, contentType) - if !ok { - return nil, fmt.Errorf("serializer for %s not registered", contentType) - } - return config.NegotiatedSerializer.DecoderToVersion(info.Serializer, internalGV), nil - }, - } - if info.StreamSerializer != nil { - s.StreamingSerializer = info.StreamSerializer.Serializer - s.Framer = info.StreamSerializer.Framer - } - - return s, nil -} - -// Verb begins a request with a verb (GET, POST, PUT, DELETE). -// -// Example usage of RESTClient's request building interface: -// c, err := NewRESTClient(...) -// if err != nil { ... } -// resp, err := c.Verb("GET"). -// Path("pods"). -// SelectorParam("labels", "area=staging"). -// Timeout(10*time.Second). -// Do() -// if err != nil { ... } -// list, ok := resp.(*api.PodList) -// -func (c *RESTClient) Verb(verb string) *Request { - backoff := c.createBackoffMgr() - - if c.Client == nil { - return NewRequest(nil, verb, c.base, c.versionedAPIPath, c.contentConfig, c.serializers, backoff, c.Throttle) - } - return NewRequest(c.Client, verb, c.base, c.versionedAPIPath, c.contentConfig, c.serializers, backoff, c.Throttle) -} - -// Post begins a POST request. Short for c.Verb("POST"). -func (c *RESTClient) Post() *Request { - return c.Verb("POST") -} - -// Put begins a PUT request. Short for c.Verb("PUT"). -func (c *RESTClient) Put() *Request { - return c.Verb("PUT") -} - -// Patch begins a PATCH request. Short for c.Verb("Patch"). -func (c *RESTClient) Patch(pt types.PatchType) *Request { - return c.Verb("PATCH").SetHeader("Content-Type", string(pt)) -} - -// Get begins a GET request. Short for c.Verb("GET"). -func (c *RESTClient) Get() *Request { - return c.Verb("GET") -} - -// Delete begins a DELETE request. Short for c.Verb("DELETE"). -func (c *RESTClient) Delete() *Request { - return c.Verb("DELETE") -} - -// APIVersion returns the APIVersion this RESTClient is expected to use. -func (c *RESTClient) APIVersion() schema.GroupVersion { - return *c.contentConfig.GroupVersion -} diff --git a/pkg/client/restclient/client_test.go b/pkg/client/restclient/client_test.go deleted file mode 100644 index 11d019d9fc6..00000000000 --- a/pkg/client/restclient/client_test.go +++ /dev/null @@ -1,340 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "net/http" - "net/http/httptest" - "net/url" - "os" - "reflect" - "testing" - "time" - - "fmt" - - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/diff" - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/api/testapi" - utiltesting "k8s.io/kubernetes/pkg/util/testing" -) - -type TestParam struct { - actualError error - expectingError bool - actualCreated bool - expCreated bool - expStatus *metav1.Status - testBody bool - testBodyErrorIsNotNil bool -} - -// TestSerializer makes sure that you're always able to decode an unversioned API object -func TestSerializer(t *testing.T) { - contentConfig := ContentConfig{ - ContentType: "application/json", - GroupVersion: &schema.GroupVersion{Group: "other", Version: runtime.APIVersionInternal}, - NegotiatedSerializer: api.Codecs, - } - - serializer, err := createSerializers(contentConfig) - if err != nil { - t.Fatal(err) - } - // bytes based on actual return from API server when encoding an "unversioned" object - obj, err := runtime.Decode(serializer.Decoder, []byte(`{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Success"}`)) - t.Log(obj) - if err != nil { - t.Fatal(err) - } -} - -func TestDoRequestSuccess(t *testing.T) { - testServer, fakeHandler, status := testServerEnv(t, 200) - defer testServer.Close() - - c, err := restClient(testServer) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - body, err := c.Get().Prefix("test").Do().Raw() - - testParam := TestParam{actualError: err, expectingError: false, expCreated: true, - expStatus: status, testBody: true, testBodyErrorIsNotNil: false} - validate(testParam, t, body, fakeHandler) -} - -func TestDoRequestFailed(t *testing.T) { - status := &metav1.Status{ - Code: http.StatusNotFound, - Status: metav1.StatusFailure, - Reason: metav1.StatusReasonNotFound, - Message: " \"\" not found", - Details: &metav1.StatusDetails{}, - } - expectedBody, _ := runtime.Encode(testapi.Default.Codec(), status) - fakeHandler := utiltesting.FakeHandler{ - StatusCode: 404, - ResponseBody: string(expectedBody), - T: t, - } - testServer := httptest.NewServer(&fakeHandler) - defer testServer.Close() - - c, err := restClient(testServer) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - err = c.Get().Do().Error() - if err == nil { - t.Errorf("unexpected non-error") - } - ss, ok := err.(errors.APIStatus) - if !ok { - t.Errorf("unexpected error type %v", err) - } - actual := ss.Status() - if !reflect.DeepEqual(status, &actual) { - t.Errorf("Unexpected mis-match: %s", diff.ObjectReflectDiff(status, &actual)) - } -} - -func TestDoRawRequestFailed(t *testing.T) { - status := &metav1.Status{ - Code: http.StatusNotFound, - Status: metav1.StatusFailure, - Reason: metav1.StatusReasonNotFound, - Message: "the server could not find the requested resource", - Details: &metav1.StatusDetails{ - Causes: []metav1.StatusCause{ - {Type: metav1.CauseTypeUnexpectedServerResponse, Message: "unknown"}, - }, - }, - } - expectedBody, _ := runtime.Encode(testapi.Default.Codec(), status) - fakeHandler := utiltesting.FakeHandler{ - StatusCode: 404, - ResponseBody: string(expectedBody), - T: t, - } - testServer := httptest.NewServer(&fakeHandler) - defer testServer.Close() - - c, err := restClient(testServer) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - body, err := c.Get().Do().Raw() - - if err == nil || body == nil { - t.Errorf("unexpected non-error: %#v", body) - } - ss, ok := err.(errors.APIStatus) - if !ok { - t.Errorf("unexpected error type %v", err) - } - actual := ss.Status() - if !reflect.DeepEqual(status, &actual) { - t.Errorf("Unexpected mis-match: %s", diff.ObjectReflectDiff(status, &actual)) - } -} - -func TestDoRequestCreated(t *testing.T) { - testServer, fakeHandler, status := testServerEnv(t, 201) - defer testServer.Close() - - c, err := restClient(testServer) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - created := false - body, err := c.Get().Prefix("test").Do().WasCreated(&created).Raw() - - testParam := TestParam{actualError: err, expectingError: false, expCreated: true, - expStatus: status, testBody: false} - validate(testParam, t, body, fakeHandler) -} - -func TestDoRequestNotCreated(t *testing.T) { - testServer, fakeHandler, expectedStatus := testServerEnv(t, 202) - defer testServer.Close() - c, err := restClient(testServer) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - created := false - body, err := c.Get().Prefix("test").Do().WasCreated(&created).Raw() - testParam := TestParam{actualError: err, expectingError: false, expCreated: false, - expStatus: expectedStatus, testBody: false} - validate(testParam, t, body, fakeHandler) -} - -func TestDoRequestAcceptedNoContentReturned(t *testing.T) { - testServer, fakeHandler, _ := testServerEnv(t, 204) - defer testServer.Close() - - c, err := restClient(testServer) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - created := false - body, err := c.Get().Prefix("test").Do().WasCreated(&created).Raw() - testParam := TestParam{actualError: err, expectingError: false, expCreated: false, - testBody: false} - validate(testParam, t, body, fakeHandler) -} - -func TestBadRequest(t *testing.T) { - testServer, fakeHandler, _ := testServerEnv(t, 400) - defer testServer.Close() - c, err := restClient(testServer) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - created := false - body, err := c.Get().Prefix("test").Do().WasCreated(&created).Raw() - testParam := TestParam{actualError: err, expectingError: true, expCreated: false, - testBody: true} - validate(testParam, t, body, fakeHandler) -} - -func validate(testParam TestParam, t *testing.T, body []byte, fakeHandler *utiltesting.FakeHandler) { - switch { - case testParam.expectingError && testParam.actualError == nil: - t.Errorf("Expected error") - case !testParam.expectingError && testParam.actualError != nil: - t.Error(testParam.actualError) - } - if !testParam.expCreated { - if testParam.actualCreated { - t.Errorf("Expected object not to be created") - } - } - statusOut, err := runtime.Decode(testapi.Default.Codec(), body) - if testParam.testBody { - if testParam.testBodyErrorIsNotNil { - if err == nil { - t.Errorf("Expected Error") - } - } - } - - if testParam.expStatus != nil { - if !reflect.DeepEqual(testParam.expStatus, statusOut) { - t.Errorf("Unexpected mis-match. Expected %#v. Saw %#v", testParam.expStatus, statusOut) - } - } - fakeHandler.ValidateRequest(t, "/"+api.Registry.GroupOrDie(api.GroupName).GroupVersion.String()+"/test", "GET", nil) - -} - -func TestHttpMethods(t *testing.T) { - testServer, _, _ := testServerEnv(t, 200) - defer testServer.Close() - c, _ := restClient(testServer) - - request := c.Post() - if request == nil { - t.Errorf("Post : Object returned should not be nil") - } - - request = c.Get() - if request == nil { - t.Errorf("Get: Object returned should not be nil") - } - - request = c.Put() - if request == nil { - t.Errorf("Put : Object returned should not be nil") - } - - request = c.Delete() - if request == nil { - t.Errorf("Delete : Object returned should not be nil") - } - - request = c.Patch(types.JSONPatchType) - if request == nil { - t.Errorf("Patch : Object returned should not be nil") - } -} - -func TestCreateBackoffManager(t *testing.T) { - - theUrl, _ := url.Parse("http://localhost") - - // 1 second base backoff + duration of 2 seconds -> exponential backoff for requests. - os.Setenv(envBackoffBase, "1") - os.Setenv(envBackoffDuration, "2") - backoff := readExpBackoffConfig() - backoff.UpdateBackoff(theUrl, nil, 500) - backoff.UpdateBackoff(theUrl, nil, 500) - if backoff.CalculateBackoff(theUrl)/time.Second != 2 { - t.Errorf("Backoff env not working.") - } - - // 0 duration -> no backoff. - os.Setenv(envBackoffBase, "1") - os.Setenv(envBackoffDuration, "0") - backoff.UpdateBackoff(theUrl, nil, 500) - backoff.UpdateBackoff(theUrl, nil, 500) - backoff = readExpBackoffConfig() - if backoff.CalculateBackoff(theUrl)/time.Second != 0 { - t.Errorf("Zero backoff duration, but backoff still occuring.") - } - - // No env -> No backoff. - os.Setenv(envBackoffBase, "") - os.Setenv(envBackoffDuration, "") - backoff = readExpBackoffConfig() - backoff.UpdateBackoff(theUrl, nil, 500) - backoff.UpdateBackoff(theUrl, nil, 500) - if backoff.CalculateBackoff(theUrl)/time.Second != 0 { - t.Errorf("Backoff should have been 0.") - } - -} - -func testServerEnv(t *testing.T, statusCode int) (*httptest.Server, *utiltesting.FakeHandler, *metav1.Status) { - status := &metav1.Status{Status: fmt.Sprintf("%s", metav1.StatusSuccess)} - expectedBody, _ := runtime.Encode(testapi.Default.Codec(), status) - fakeHandler := utiltesting.FakeHandler{ - StatusCode: statusCode, - ResponseBody: string(expectedBody), - T: t, - } - testServer := httptest.NewServer(&fakeHandler) - return testServer, &fakeHandler, status -} - -func restClient(testServer *httptest.Server) (*RESTClient, error) { - c, err := RESTClientFor(&Config{ - Host: testServer.URL, - ContentConfig: ContentConfig{ - GroupVersion: &api.Registry.GroupOrDie(api.GroupName).GroupVersion, - NegotiatedSerializer: testapi.Default.NegotiatedSerializer(), - }, - Username: "user", - Password: "pass", - }) - return c, err -} diff --git a/pkg/client/restclient/config.go b/pkg/client/restclient/config.go deleted file mode 100644 index 1e6a992df16..00000000000 --- a/pkg/client/restclient/config.go +++ /dev/null @@ -1,380 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "fmt" - "io/ioutil" - "net" - "net/http" - "os" - "path" - gruntime "runtime" - "strings" - "time" - - "github.com/golang/glog" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/client-go/pkg/util/flowcontrol" - clientcmdapi "k8s.io/client-go/tools/clientcmd/api" - "k8s.io/kubernetes/pkg/api" - certutil "k8s.io/kubernetes/pkg/util/cert" - "k8s.io/kubernetes/pkg/version" -) - -const ( - DefaultQPS float32 = 5.0 - DefaultBurst int = 10 -) - -// Config holds the common attributes that can be passed to a Kubernetes client on -// initialization. -type Config struct { - // Host must be a host string, a host:port pair, or a URL to the base of the apiserver. - // If a URL is given then the (optional) Path of that URL represents a prefix that must - // be appended to all request URIs used to access the apiserver. This allows a frontend - // proxy to easily relocate all of the apiserver endpoints. - Host string - // APIPath is a sub-path that points to an API root. - APIPath string - // Prefix is the sub path of the server. If not specified, the client will set - // a default value. Use "/" to indicate the server root should be used - Prefix string - - // ContentConfig contains settings that affect how objects are transformed when - // sent to the server. - ContentConfig - - // Server requires Basic authentication - Username string - Password string - - // Server requires Bearer authentication. This client will not attempt to use - // refresh tokens for an OAuth2 flow. - // TODO: demonstrate an OAuth2 compatible client. - BearerToken string - - // Impersonate is the configuration that RESTClient will use for impersonation. - Impersonate ImpersonationConfig - - // Server requires plugin-specified authentication. - AuthProvider *clientcmdapi.AuthProviderConfig - - // Callback to persist config for AuthProvider. - AuthConfigPersister AuthProviderConfigPersister - - // TLSClientConfig contains settings to enable transport layer security - TLSClientConfig - - // Server should be accessed without verifying the TLS - // certificate. For testing only. - Insecure bool - - // UserAgent is an optional field that specifies the caller of this request. - UserAgent string - - // Transport may be used for custom HTTP behavior. This attribute may not - // be specified with the TLS client certificate options. Use WrapTransport - // for most client level operations. - Transport http.RoundTripper - // WrapTransport will be invoked for custom HTTP behavior after the underlying - // transport is initialized (either the transport created from TLSClientConfig, - // Transport, or http.DefaultTransport). The config may layer other RoundTrippers - // on top of the returned RoundTripper. - WrapTransport func(rt http.RoundTripper) http.RoundTripper - - // QPS indicates the maximum QPS to the master from this client. - // If it's zero, the created RESTClient will use DefaultQPS: 5 - QPS float32 - - // Maximum burst for throttle. - // If it's zero, the created RESTClient will use DefaultBurst: 10. - Burst int - - // Rate limiter for limiting connections to the master from this client. If present overwrites QPS/Burst - RateLimiter flowcontrol.RateLimiter - - // The maximum length of time to wait before giving up on a server request. A value of zero means no timeout. - Timeout time.Duration - - // Version forces a specific version to be used (if registered) - // Do we need this? - // Version string -} - -// ImpersonationConfig has all the available impersonation options -type ImpersonationConfig struct { - // UserName is the username to impersonate on each request. - UserName string - // Groups are the groups to impersonate on each request. - Groups []string - // Extra is a free-form field which can be used to link some authentication information - // to authorization information. This field allows you to impersonate it. - Extra map[string][]string -} - -// TLSClientConfig contains settings to enable transport layer security -type TLSClientConfig struct { - // Server requires TLS client certificate authentication - CertFile string - // Server requires TLS client certificate authentication - KeyFile string - // Trusted root certificates for server - CAFile string - - // CertData holds PEM-encoded bytes (typically read from a client certificate file). - // CertData takes precedence over CertFile - CertData []byte - // KeyData holds PEM-encoded bytes (typically read from a client certificate key file). - // KeyData takes precedence over KeyFile - KeyData []byte - // CAData holds PEM-encoded bytes (typically read from a root certificates bundle). - // CAData takes precedence over CAFile - CAData []byte -} - -type ContentConfig struct { - // AcceptContentTypes specifies the types the client will accept and is optional. - // If not set, ContentType will be used to define the Accept header - AcceptContentTypes string - // ContentType specifies the wire format used to communicate with the server. - // This value will be set as the Accept header on requests made to the server, and - // as the default content type on any object sent to the server. If not set, - // "application/json" is used. - ContentType string - // GroupVersion is the API version to talk to. Must be provided when initializing - // a RESTClient directly. When initializing a Client, will be set with the default - // code version. - GroupVersion *schema.GroupVersion - // NegotiatedSerializer is used for obtaining encoders and decoders for multiple - // supported media types. - NegotiatedSerializer runtime.NegotiatedSerializer -} - -// RESTClientFor returns a RESTClient that satisfies the requested attributes on a client Config -// object. Note that a RESTClient may require fields that are optional when initializing a Client. -// A RESTClient created by this method is generic - it expects to operate on an API that follows -// the Kubernetes conventions, but may not be the Kubernetes API. -func RESTClientFor(config *Config) (*RESTClient, error) { - if config.GroupVersion == nil { - return nil, fmt.Errorf("GroupVersion is required when initializing a RESTClient") - } - if config.NegotiatedSerializer == nil { - return nil, fmt.Errorf("NegotiatedSerializer is required when initializing a RESTClient") - } - qps := config.QPS - if config.QPS == 0.0 { - qps = DefaultQPS - } - burst := config.Burst - if config.Burst == 0 { - burst = DefaultBurst - } - - baseURL, versionedAPIPath, err := defaultServerUrlFor(config) - if err != nil { - return nil, err - } - - transport, err := TransportFor(config) - if err != nil { - return nil, err - } - - var httpClient *http.Client - if transport != http.DefaultTransport { - httpClient = &http.Client{Transport: transport} - if config.Timeout > 0 { - httpClient.Timeout = config.Timeout - } - } - - return NewRESTClient(baseURL, versionedAPIPath, config.ContentConfig, qps, burst, config.RateLimiter, httpClient) -} - -// UnversionedRESTClientFor is the same as RESTClientFor, except that it allows -// the config.Version to be empty. -func UnversionedRESTClientFor(config *Config) (*RESTClient, error) { - if config.NegotiatedSerializer == nil { - return nil, fmt.Errorf("NeogitatedSerializer is required when initializing a RESTClient") - } - - baseURL, versionedAPIPath, err := defaultServerUrlFor(config) - if err != nil { - return nil, err - } - - transport, err := TransportFor(config) - if err != nil { - return nil, err - } - - var httpClient *http.Client - if transport != http.DefaultTransport { - httpClient = &http.Client{Transport: transport} - if config.Timeout > 0 { - httpClient.Timeout = config.Timeout - } - } - - versionConfig := config.ContentConfig - if versionConfig.GroupVersion == nil { - v := metav1.SchemeGroupVersion - versionConfig.GroupVersion = &v - } - - return NewRESTClient(baseURL, versionedAPIPath, versionConfig, config.QPS, config.Burst, config.RateLimiter, httpClient) -} - -// SetKubernetesDefaults sets default values on the provided client config for accessing the -// Kubernetes API or returns an error if any of the defaults are impossible or invalid. -func SetKubernetesDefaults(config *Config) error { - if len(config.UserAgent) == 0 { - config.UserAgent = DefaultKubernetesUserAgent() - } - return nil -} - -// DefaultKubernetesUserAgent returns the default user agent that clients can use. -func DefaultKubernetesUserAgent() string { - commit := version.Get().GitCommit - if len(commit) > 7 { - commit = commit[:7] - } - if len(commit) == 0 { - commit = "unknown" - } - version := version.Get().GitVersion - seg := strings.SplitN(version, "-", 2) - version = seg[0] - return fmt.Sprintf("%s/%s (%s/%s) kubernetes/%s", path.Base(os.Args[0]), version, gruntime.GOOS, gruntime.GOARCH, commit) -} - -// InClusterConfig returns a config object which uses the service account -// kubernetes gives to pods. It's intended for clients that expect to be -// running inside a pod running on kubernetes. It will return an error if -// called from a process not running in a kubernetes environment. -func InClusterConfig() (*Config, error) { - host, port := os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT") - if len(host) == 0 || len(port) == 0 { - return nil, fmt.Errorf("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined") - } - - token, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/" + api.ServiceAccountTokenKey) - if err != nil { - return nil, err - } - tlsClientConfig := TLSClientConfig{} - rootCAFile := "/var/run/secrets/kubernetes.io/serviceaccount/" + api.ServiceAccountRootCAKey - if _, err := certutil.NewPool(rootCAFile); err != nil { - glog.Errorf("Expected to load root CA config from %s, but got err: %v", rootCAFile, err) - } else { - tlsClientConfig.CAFile = rootCAFile - } - - return &Config{ - // TODO: switch to using cluster DNS. - Host: "https://" + net.JoinHostPort(host, port), - BearerToken: string(token), - TLSClientConfig: tlsClientConfig, - }, nil -} - -// IsConfigTransportTLS returns true if and only if the provided -// config will result in a protected connection to the server when it -// is passed to restclient.RESTClientFor(). Use to determine when to -// send credentials over the wire. -// -// Note: the Insecure flag is ignored when testing for this value, so MITM attacks are -// still possible. -func IsConfigTransportTLS(config Config) bool { - baseURL, _, err := defaultServerUrlFor(&config) - if err != nil { - return false - } - return baseURL.Scheme == "https" -} - -// LoadTLSFiles copies the data from the CertFile, KeyFile, and CAFile fields into the CertData, -// KeyData, and CAFile fields, or returns an error. If no error is returned, all three fields are -// either populated or were empty to start. -func LoadTLSFiles(c *Config) error { - var err error - c.CAData, err = dataFromSliceOrFile(c.CAData, c.CAFile) - if err != nil { - return err - } - - c.CertData, err = dataFromSliceOrFile(c.CertData, c.CertFile) - if err != nil { - return err - } - - c.KeyData, err = dataFromSliceOrFile(c.KeyData, c.KeyFile) - if err != nil { - return err - } - return nil -} - -// dataFromSliceOrFile returns data from the slice (if non-empty), or from the file, -// or an error if an error occurred reading the file -func dataFromSliceOrFile(data []byte, file string) ([]byte, error) { - if len(data) > 0 { - return data, nil - } - if len(file) > 0 { - fileData, err := ioutil.ReadFile(file) - if err != nil { - return []byte{}, err - } - return fileData, nil - } - return nil, nil -} - -func AddUserAgent(config *Config, userAgent string) *Config { - fullUserAgent := DefaultKubernetesUserAgent() + "/" + userAgent - config.UserAgent = fullUserAgent - return config -} - -// AnonymousClientConfig returns a copy of the given config with all user credentials (cert/key, bearer token, and username/password) removed -func AnonymousClientConfig(config *Config) *Config { - // copy only known safe fields - return &Config{ - Host: config.Host, - APIPath: config.APIPath, - Prefix: config.Prefix, - ContentConfig: config.ContentConfig, - TLSClientConfig: TLSClientConfig{ - CAFile: config.TLSClientConfig.CAFile, - CAData: config.TLSClientConfig.CAData, - }, - RateLimiter: config.RateLimiter, - Insecure: config.Insecure, - UserAgent: config.UserAgent, - Transport: config.Transport, - WrapTransport: config.WrapTransport, - QPS: config.QPS, - Burst: config.Burst, - Timeout: config.Timeout, - } -} diff --git a/pkg/client/restclient/config_test.go b/pkg/client/restclient/config_test.go deleted file mode 100644 index 5cdb36b67f3..00000000000 --- a/pkg/client/restclient/config_test.go +++ /dev/null @@ -1,231 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "io" - "net/http" - "reflect" - "strings" - "testing" - - fuzz "github.com/google/gofuzz" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/diff" - "k8s.io/client-go/pkg/util/flowcontrol" - clientcmdapi "k8s.io/client-go/tools/clientcmd/api" - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/api/testapi" -) - -func TestIsConfigTransportTLS(t *testing.T) { - testCases := []struct { - Config *Config - TransportTLS bool - }{ - { - Config: &Config{}, - TransportTLS: false, - }, - { - Config: &Config{ - Host: "https://localhost", - }, - TransportTLS: true, - }, - { - Config: &Config{ - Host: "localhost", - TLSClientConfig: TLSClientConfig{ - CertFile: "foo", - }, - }, - TransportTLS: true, - }, - { - Config: &Config{ - Host: "///:://localhost", - TLSClientConfig: TLSClientConfig{ - CertFile: "foo", - }, - }, - TransportTLS: false, - }, - { - Config: &Config{ - Host: "1.2.3.4:567", - Insecure: true, - }, - TransportTLS: true, - }, - } - for _, testCase := range testCases { - if err := SetKubernetesDefaults(testCase.Config); err != nil { - t.Errorf("setting defaults failed for %#v: %v", testCase.Config, err) - continue - } - useTLS := IsConfigTransportTLS(*testCase.Config) - if testCase.TransportTLS != useTLS { - t.Errorf("expected %v for %#v", testCase.TransportTLS, testCase.Config) - } - } -} - -func TestSetKubernetesDefaultsUserAgent(t *testing.T) { - config := &Config{} - if err := SetKubernetesDefaults(config); err != nil { - t.Errorf("unexpected error: %v", err) - } - if !strings.Contains(config.UserAgent, "kubernetes/") { - t.Errorf("no user agent set: %#v", config) - } -} - -func TestRESTClientRequires(t *testing.T) { - if _, err := RESTClientFor(&Config{Host: "127.0.0.1", ContentConfig: ContentConfig{NegotiatedSerializer: testapi.Default.NegotiatedSerializer()}}); err == nil { - t.Errorf("unexpected non-error") - } - if _, err := RESTClientFor(&Config{Host: "127.0.0.1", ContentConfig: ContentConfig{GroupVersion: &api.Registry.GroupOrDie(api.GroupName).GroupVersion}}); err == nil { - t.Errorf("unexpected non-error") - } - if _, err := RESTClientFor(&Config{Host: "127.0.0.1", ContentConfig: ContentConfig{GroupVersion: &api.Registry.GroupOrDie(api.GroupName).GroupVersion, NegotiatedSerializer: testapi.Default.NegotiatedSerializer()}}); err != nil { - t.Errorf("unexpected error: %v", err) - } -} - -type fakeLimiter struct { - FakeSaturation float64 - FakeQPS float32 -} - -func (t *fakeLimiter) TryAccept() bool { - return true -} - -func (t *fakeLimiter) Saturation() float64 { - return t.FakeSaturation -} - -func (t *fakeLimiter) QPS() float32 { - return t.FakeQPS -} - -func (t *fakeLimiter) Stop() {} - -func (t *fakeLimiter) Accept() {} - -type fakeCodec struct{} - -func (c *fakeCodec) Decode([]byte, *schema.GroupVersionKind, runtime.Object) (runtime.Object, *schema.GroupVersionKind, error) { - return nil, nil, nil -} - -func (c *fakeCodec) Encode(obj runtime.Object, stream io.Writer) error { - return nil -} - -type fakeRoundTripper struct{} - -func (r *fakeRoundTripper) RoundTrip(*http.Request) (*http.Response, error) { - return nil, nil -} - -var fakeWrapperFunc = func(http.RoundTripper) http.RoundTripper { - return &fakeRoundTripper{} -} - -type fakeNegotiatedSerializer struct{} - -func (n *fakeNegotiatedSerializer) SupportedMediaTypes() []runtime.SerializerInfo { - return nil -} - -func (n *fakeNegotiatedSerializer) EncoderForVersion(serializer runtime.Encoder, gv runtime.GroupVersioner) runtime.Encoder { - return &fakeCodec{} -} - -func (n *fakeNegotiatedSerializer) DecoderToVersion(serializer runtime.Decoder, gv runtime.GroupVersioner) runtime.Decoder { - return &fakeCodec{} -} - -func TestAnonymousConfig(t *testing.T) { - f := fuzz.New().NilChance(0.0).NumElements(1, 1) - f.Funcs( - func(r *runtime.Codec, f fuzz.Continue) { - codec := &fakeCodec{} - f.Fuzz(codec) - *r = codec - }, - func(r *http.RoundTripper, f fuzz.Continue) { - roundTripper := &fakeRoundTripper{} - f.Fuzz(roundTripper) - *r = roundTripper - }, - func(fn *func(http.RoundTripper) http.RoundTripper, f fuzz.Continue) { - *fn = fakeWrapperFunc - }, - func(r *runtime.NegotiatedSerializer, f fuzz.Continue) { - serializer := &fakeNegotiatedSerializer{} - f.Fuzz(serializer) - *r = serializer - }, - func(r *flowcontrol.RateLimiter, f fuzz.Continue) { - limiter := &fakeLimiter{} - f.Fuzz(limiter) - *r = limiter - }, - // Authentication does not require fuzzer - func(r *AuthProviderConfigPersister, f fuzz.Continue) {}, - func(r *clientcmdapi.AuthProviderConfig, f fuzz.Continue) { - r.Config = map[string]string{} - }, - ) - for i := 0; i < 20; i++ { - original := &Config{} - f.Fuzz(original) - actual := AnonymousClientConfig(original) - expected := *original - - // this is the list of known security related fields, add to this list if a new field - // is added to Config, update AnonymousClientConfig to preserve the field otherwise. - expected.Impersonate = ImpersonationConfig{} - expected.BearerToken = "" - expected.Username = "" - expected.Password = "" - expected.AuthProvider = nil - expected.AuthConfigPersister = nil - expected.TLSClientConfig.CertData = nil - expected.TLSClientConfig.CertFile = "" - expected.TLSClientConfig.KeyData = nil - expected.TLSClientConfig.KeyFile = "" - - // The DeepEqual cannot handle the func comparison, so we just verify if the - // function return the expected object. - if actual.WrapTransport == nil || !reflect.DeepEqual(expected.WrapTransport(nil), &fakeRoundTripper{}) { - t.Fatalf("AnonymousClientConfig dropped the WrapTransport field") - } else { - actual.WrapTransport = nil - expected.WrapTransport = nil - } - - if !reflect.DeepEqual(*actual, expected) { - t.Fatalf("AnonymousClientConfig dropped unexpected fields, identify whether they are security related or not: %s", diff.ObjectGoPrintDiff(expected, actual)) - } - } -} diff --git a/pkg/client/restclient/plugin.go b/pkg/client/restclient/plugin.go deleted file mode 100644 index f4978810bc3..00000000000 --- a/pkg/client/restclient/plugin.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "fmt" - "net/http" - "sync" - - "github.com/golang/glog" - - clientcmdapi "k8s.io/client-go/tools/clientcmd/api" -) - -type AuthProvider interface { - // WrapTransport allows the plugin to create a modified RoundTripper that - // attaches authorization headers (or other info) to requests. - WrapTransport(http.RoundTripper) http.RoundTripper - // Login allows the plugin to initialize its configuration. It must not - // require direct user interaction. - Login() error -} - -// Factory generates an AuthProvider plugin. -// clusterAddress is the address of the current cluster. -// config is the initial configuration for this plugin. -// persister allows the plugin to save updated configuration. -type Factory func(clusterAddress string, config map[string]string, persister AuthProviderConfigPersister) (AuthProvider, error) - -// AuthProviderConfigPersister allows a plugin to persist configuration info -// for just itself. -type AuthProviderConfigPersister interface { - Persist(map[string]string) error -} - -// All registered auth provider plugins. -var pluginsLock sync.Mutex -var plugins = make(map[string]Factory) - -func RegisterAuthProviderPlugin(name string, plugin Factory) error { - pluginsLock.Lock() - defer pluginsLock.Unlock() - if _, found := plugins[name]; found { - return fmt.Errorf("Auth Provider Plugin %q was registered twice", name) - } - glog.V(4).Infof("Registered Auth Provider Plugin %q", name) - plugins[name] = plugin - return nil -} - -func GetAuthProvider(clusterAddress string, apc *clientcmdapi.AuthProviderConfig, persister AuthProviderConfigPersister) (AuthProvider, error) { - pluginsLock.Lock() - defer pluginsLock.Unlock() - p, ok := plugins[apc.Name] - if !ok { - return nil, fmt.Errorf("No Auth Provider found for name %q", apc.Name) - } - return p(clusterAddress, apc.Config, persister) -} diff --git a/pkg/client/restclient/plugin_test.go b/pkg/client/restclient/plugin_test.go deleted file mode 100644 index bb7c06d9163..00000000000 --- a/pkg/client/restclient/plugin_test.go +++ /dev/null @@ -1,311 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "fmt" - "net/http" - "reflect" - "strconv" - "testing" - - clientcmdapi "k8s.io/client-go/tools/clientcmd/api" -) - -func TestAuthPluginWrapTransport(t *testing.T) { - if err := RegisterAuthProviderPlugin("pluginA", pluginAProvider); err != nil { - t.Errorf("Unexpected error: failed to register pluginA: %v", err) - } - if err := RegisterAuthProviderPlugin("pluginB", pluginBProvider); err != nil { - t.Errorf("Unexpected error: failed to register pluginB: %v", err) - } - if err := RegisterAuthProviderPlugin("pluginFail", pluginFailProvider); err != nil { - t.Errorf("Unexpected error: failed to register pluginFail: %v", err) - } - testCases := []struct { - useWrapTransport bool - plugin string - expectErr bool - expectPluginA bool - expectPluginB bool - }{ - {false, "", false, false, false}, - {false, "pluginA", false, true, false}, - {false, "pluginB", false, false, true}, - {false, "pluginFail", true, false, false}, - {false, "pluginUnknown", true, false, false}, - } - for i, tc := range testCases { - c := Config{} - if tc.useWrapTransport { - // Specify an existing WrapTransport in the config to make sure that - // plugins play nicely. - c.WrapTransport = func(rt http.RoundTripper) http.RoundTripper { - return &wrapTransport{rt} - } - } - if len(tc.plugin) != 0 { - c.AuthProvider = &clientcmdapi.AuthProviderConfig{Name: tc.plugin} - } - tConfig, err := c.TransportConfig() - if err != nil { - // Unknown/bad plugins are expected to fail here. - if !tc.expectErr { - t.Errorf("%d. Did not expect errors loading Auth Plugin: %q. Got: %v", i, tc.plugin, err) - } - continue - } - var fullyWrappedTransport http.RoundTripper - fullyWrappedTransport = &emptyTransport{} - if tConfig.WrapTransport != nil { - fullyWrappedTransport = tConfig.WrapTransport(&emptyTransport{}) - } - res, err := fullyWrappedTransport.RoundTrip(&http.Request{}) - if err != nil { - t.Errorf("%d. Unexpected error in RoundTrip: %v", i, err) - continue - } - hasWrapTransport := res.Header.Get("wrapTransport") == "Y" - hasPluginA := res.Header.Get("pluginA") == "Y" - hasPluginB := res.Header.Get("pluginB") == "Y" - if hasWrapTransport != tc.useWrapTransport { - t.Errorf("%d. Expected Existing config.WrapTransport: %t; Got: %t", i, tc.useWrapTransport, hasWrapTransport) - } - if hasPluginA != tc.expectPluginA { - t.Errorf("%d. Expected Plugin A: %t; Got: %t", i, tc.expectPluginA, hasPluginA) - } - if hasPluginB != tc.expectPluginB { - t.Errorf("%d. Expected Plugin B: %t; Got: %t", i, tc.expectPluginB, hasPluginB) - } - } -} - -func TestAuthPluginPersist(t *testing.T) { - // register pluginA by a different name so we don't collide across tests. - if err := RegisterAuthProviderPlugin("pluginA2", pluginAProvider); err != nil { - t.Errorf("Unexpected error: failed to register pluginA: %v", err) - } - if err := RegisterAuthProviderPlugin("pluginPersist", pluginPersistProvider); err != nil { - t.Errorf("Unexpected error: failed to register pluginPersist: %v", err) - } - fooBarConfig := map[string]string{"foo": "bar"} - testCases := []struct { - plugin string - startingConfig map[string]string - expectedConfigAfterLogin map[string]string - expectedConfigAfterRoundTrip map[string]string - }{ - // non-persisting plugins should work fine without modifying config. - {"pluginA2", map[string]string{}, map[string]string{}, map[string]string{}}, - {"pluginA2", fooBarConfig, fooBarConfig, fooBarConfig}, - // plugins that persist config should be able to persist when they want. - { - "pluginPersist", - map[string]string{}, - map[string]string{ - "login": "Y", - }, - map[string]string{ - "login": "Y", - "roundTrips": "1", - }, - }, - { - "pluginPersist", - map[string]string{ - "login": "Y", - "roundTrips": "123", - }, - map[string]string{ - "login": "Y", - "roundTrips": "123", - }, - map[string]string{ - "login": "Y", - "roundTrips": "124", - }, - }, - } - for i, tc := range testCases { - cfg := &clientcmdapi.AuthProviderConfig{ - Name: tc.plugin, - Config: tc.startingConfig, - } - persister := &inMemoryPersister{make(map[string]string)} - persister.Persist(tc.startingConfig) - plugin, err := GetAuthProvider("127.0.0.1", cfg, persister) - if err != nil { - t.Errorf("%d. Unexpected error: failed to get plugin %q: %v", i, tc.plugin, err) - } - if err := plugin.Login(); err != nil { - t.Errorf("%d. Unexpected error calling Login() w/ plugin %q: %v", i, tc.plugin, err) - } - // Make sure the plugin persisted what we expect after Login(). - if !reflect.DeepEqual(persister.savedConfig, tc.expectedConfigAfterLogin) { - t.Errorf("%d. Unexpected persisted config after calling %s.Login(): \nGot:\n%v\nExpected:\n%v", - i, tc.plugin, persister.savedConfig, tc.expectedConfigAfterLogin) - } - if _, err := plugin.WrapTransport(&emptyTransport{}).RoundTrip(&http.Request{}); err != nil { - t.Errorf("%d. Unexpected error round-tripping w/ plugin %q: %v", i, tc.plugin, err) - } - // Make sure the plugin persisted what we expect after RoundTrip(). - if !reflect.DeepEqual(persister.savedConfig, tc.expectedConfigAfterRoundTrip) { - t.Errorf("%d. Unexpected persisted config after calling %s.WrapTransport.RoundTrip(): \nGot:\n%v\nExpected:\n%v", - i, tc.plugin, persister.savedConfig, tc.expectedConfigAfterLogin) - } - } - -} - -// emptyTransport provides an empty http.Response with an initialized header -// to allow wrapping RoundTrippers to set header values. -type emptyTransport struct{} - -func (*emptyTransport) RoundTrip(req *http.Request) (*http.Response, error) { - res := &http.Response{ - Header: make(map[string][]string), - } - return res, nil -} - -// wrapTransport sets "wrapTransport" = "Y" on the response. -type wrapTransport struct { - rt http.RoundTripper -} - -func (w *wrapTransport) RoundTrip(req *http.Request) (*http.Response, error) { - res, err := w.rt.RoundTrip(req) - if err != nil { - return nil, err - } - res.Header.Add("wrapTransport", "Y") - return res, nil -} - -// wrapTransportA sets "pluginA" = "Y" on the response. -type wrapTransportA struct { - rt http.RoundTripper -} - -func (w *wrapTransportA) RoundTrip(req *http.Request) (*http.Response, error) { - res, err := w.rt.RoundTrip(req) - if err != nil { - return nil, err - } - res.Header.Add("pluginA", "Y") - return res, nil -} - -type pluginA struct{} - -func (*pluginA) WrapTransport(rt http.RoundTripper) http.RoundTripper { - return &wrapTransportA{rt} -} - -func (*pluginA) Login() error { return nil } - -func pluginAProvider(string, map[string]string, AuthProviderConfigPersister) (AuthProvider, error) { - return &pluginA{}, nil -} - -// wrapTransportB sets "pluginB" = "Y" on the response. -type wrapTransportB struct { - rt http.RoundTripper -} - -func (w *wrapTransportB) RoundTrip(req *http.Request) (*http.Response, error) { - res, err := w.rt.RoundTrip(req) - if err != nil { - return nil, err - } - res.Header.Add("pluginB", "Y") - return res, nil -} - -type pluginB struct{} - -func (*pluginB) WrapTransport(rt http.RoundTripper) http.RoundTripper { - return &wrapTransportB{rt} -} - -func (*pluginB) Login() error { return nil } - -func pluginBProvider(string, map[string]string, AuthProviderConfigPersister) (AuthProvider, error) { - return &pluginB{}, nil -} - -// pluginFailProvider simulates a registered AuthPlugin that fails to load. -func pluginFailProvider(string, map[string]string, AuthProviderConfigPersister) (AuthProvider, error) { - return nil, fmt.Errorf("Failed to load AuthProvider") -} - -type inMemoryPersister struct { - savedConfig map[string]string -} - -func (i *inMemoryPersister) Persist(config map[string]string) error { - i.savedConfig = make(map[string]string) - for k, v := range config { - i.savedConfig[k] = v - } - return nil -} - -// wrapTransportPersist increments the "roundTrips" entry from the config when -// roundTrip is called. -type wrapTransportPersist struct { - rt http.RoundTripper - config map[string]string - persister AuthProviderConfigPersister -} - -func (w *wrapTransportPersist) RoundTrip(req *http.Request) (*http.Response, error) { - roundTrips := 0 - if rtVal, ok := w.config["roundTrips"]; ok { - var err error - roundTrips, err = strconv.Atoi(rtVal) - if err != nil { - return nil, err - } - } - roundTrips++ - w.config["roundTrips"] = fmt.Sprintf("%d", roundTrips) - if err := w.persister.Persist(w.config); err != nil { - return nil, err - } - return w.rt.RoundTrip(req) -} - -type pluginPersist struct { - config map[string]string - persister AuthProviderConfigPersister -} - -func (p *pluginPersist) WrapTransport(rt http.RoundTripper) http.RoundTripper { - return &wrapTransportPersist{rt, p.config, p.persister} -} - -// Login sets the config entry "login" to "Y". -func (p *pluginPersist) Login() error { - p.config["login"] = "Y" - p.persister.Persist(p.config) - return nil -} - -func pluginPersistProvider(_ string, config map[string]string, persister AuthProviderConfigPersister) (AuthProvider, error) { - return &pluginPersist{config, persister}, nil -} diff --git a/pkg/client/restclient/request.go b/pkg/client/restclient/request.go deleted file mode 100644 index 48878b4a686..00000000000 --- a/pkg/client/restclient/request.go +++ /dev/null @@ -1,1200 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "bytes" - "context" - "encoding/hex" - "fmt" - "io" - "io/ioutil" - "mime" - "net/http" - "net/url" - "path" - "reflect" - "strconv" - "strings" - "time" - - "github.com/golang/glog" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer/streaming" - "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/pkg/util/flowcontrol" - restclientwatch "k8s.io/client-go/rest/watch" - "k8s.io/kubernetes/pkg/api/v1" - pathvalidation "k8s.io/kubernetes/pkg/api/validation/path" - "k8s.io/kubernetes/pkg/client/metrics" -) - -var ( - // specialParams lists parameters that are handled specially and which users of Request - // are therefore not allowed to set manually. - specialParams = sets.NewString("timeout") - - // longThrottleLatency defines threshold for logging requests. All requests being - // throttle for more than longThrottleLatency will be logged. - longThrottleLatency = 50 * time.Millisecond -) - -// HTTPClient is an interface for testing a request object. -type HTTPClient interface { - Do(req *http.Request) (*http.Response, error) -} - -// ResponseWrapper is an interface for getting a response. -// The response may be either accessed as a raw data (the whole output is put into memory) or as a stream. -type ResponseWrapper interface { - DoRaw() ([]byte, error) - Stream() (io.ReadCloser, error) -} - -// RequestConstructionError is returned when there's an error assembling a request. -type RequestConstructionError struct { - Err error -} - -// Error returns a textual description of 'r'. -func (r *RequestConstructionError) Error() string { - return fmt.Sprintf("request construction error: '%v'", r.Err) -} - -// Request allows for building up a request to a server in a chained fashion. -// Any errors are stored until the end of your call, so you only have to -// check once. -type Request struct { - // required - client HTTPClient - verb string - - baseURL *url.URL - content ContentConfig - serializers Serializers - - // generic components accessible via method setters - pathPrefix string - subpath string - params url.Values - headers http.Header - - // structural elements of the request that are part of the Kubernetes API conventions - namespace string - namespaceSet bool - resource string - resourceName string - subresource string - timeout time.Duration - - // output - err error - body io.Reader - - // This is only used for per-request timeouts, deadlines, and cancellations. - ctx context.Context - - backoffMgr BackoffManager - throttle flowcontrol.RateLimiter -} - -// NewRequest creates a new request helper object for accessing runtime.Objects on a server. -func NewRequest(client HTTPClient, verb string, baseURL *url.URL, versionedAPIPath string, content ContentConfig, serializers Serializers, backoff BackoffManager, throttle flowcontrol.RateLimiter) *Request { - if backoff == nil { - glog.V(2).Infof("Not implementing request backoff strategy.") - backoff = &NoBackoff{} - } - - pathPrefix := "/" - if baseURL != nil { - pathPrefix = path.Join(pathPrefix, baseURL.Path) - } - r := &Request{ - client: client, - verb: verb, - baseURL: baseURL, - pathPrefix: path.Join(pathPrefix, versionedAPIPath), - content: content, - serializers: serializers, - backoffMgr: backoff, - throttle: throttle, - } - switch { - case len(content.AcceptContentTypes) > 0: - r.SetHeader("Accept", content.AcceptContentTypes) - case len(content.ContentType) > 0: - r.SetHeader("Accept", content.ContentType+", */*") - } - return r -} - -// Prefix adds segments to the relative beginning to the request path. These -// items will be placed before the optional Namespace, Resource, or Name sections. -// Setting AbsPath will clear any previously set Prefix segments -func (r *Request) Prefix(segments ...string) *Request { - if r.err != nil { - return r - } - r.pathPrefix = path.Join(r.pathPrefix, path.Join(segments...)) - return r -} - -// Suffix appends segments to the end of the path. These items will be placed after the prefix and optional -// Namespace, Resource, or Name sections. -func (r *Request) Suffix(segments ...string) *Request { - if r.err != nil { - return r - } - r.subpath = path.Join(r.subpath, path.Join(segments...)) - return r -} - -// Resource sets the resource to access (/[ns//]) -func (r *Request) Resource(resource string) *Request { - if r.err != nil { - return r - } - if len(r.resource) != 0 { - r.err = fmt.Errorf("resource already set to %q, cannot change to %q", r.resource, resource) - return r - } - if msgs := pathvalidation.IsValidPathSegmentName(resource); len(msgs) != 0 { - r.err = fmt.Errorf("invalid resource %q: %v", resource, msgs) - return r - } - r.resource = resource - return r -} - -// SubResource sets a sub-resource path which can be multiple segments segment after the resource -// name but before the suffix. -func (r *Request) SubResource(subresources ...string) *Request { - if r.err != nil { - return r - } - subresource := path.Join(subresources...) - if len(r.subresource) != 0 { - r.err = fmt.Errorf("subresource already set to %q, cannot change to %q", r.resource, subresource) - return r - } - for _, s := range subresources { - if msgs := pathvalidation.IsValidPathSegmentName(s); len(msgs) != 0 { - r.err = fmt.Errorf("invalid subresource %q: %v", s, msgs) - return r - } - } - r.subresource = subresource - return r -} - -// Name sets the name of a resource to access (/[ns//]) -func (r *Request) Name(resourceName string) *Request { - if r.err != nil { - return r - } - if len(resourceName) == 0 { - r.err = fmt.Errorf("resource name may not be empty") - return r - } - if len(r.resourceName) != 0 { - r.err = fmt.Errorf("resource name already set to %q, cannot change to %q", r.resourceName, resourceName) - return r - } - if msgs := pathvalidation.IsValidPathSegmentName(resourceName); len(msgs) != 0 { - r.err = fmt.Errorf("invalid resource name %q: %v", resourceName, msgs) - return r - } - r.resourceName = resourceName - return r -} - -// Namespace applies the namespace scope to a request (/[ns//]) -func (r *Request) Namespace(namespace string) *Request { - if r.err != nil { - return r - } - if r.namespaceSet { - r.err = fmt.Errorf("namespace already set to %q, cannot change to %q", r.namespace, namespace) - return r - } - if msgs := pathvalidation.IsValidPathSegmentName(namespace); len(msgs) != 0 { - r.err = fmt.Errorf("invalid namespace %q: %v", namespace, msgs) - return r - } - r.namespaceSet = true - r.namespace = namespace - return r -} - -// NamespaceIfScoped is a convenience function to set a namespace if scoped is true -func (r *Request) NamespaceIfScoped(namespace string, scoped bool) *Request { - if scoped { - return r.Namespace(namespace) - } - return r -} - -// AbsPath overwrites an existing path with the segments provided. Trailing slashes are preserved -// when a single segment is passed. -func (r *Request) AbsPath(segments ...string) *Request { - if r.err != nil { - return r - } - r.pathPrefix = path.Join(r.baseURL.Path, path.Join(segments...)) - if len(segments) == 1 && (len(r.baseURL.Path) > 1 || len(segments[0]) > 1) && strings.HasSuffix(segments[0], "/") { - // preserve any trailing slashes for legacy behavior - r.pathPrefix += "/" - } - return r -} - -// RequestURI overwrites existing path and parameters with the value of the provided server relative -// URI. Some parameters (those in specialParameters) cannot be overwritten. -func (r *Request) RequestURI(uri string) *Request { - if r.err != nil { - return r - } - locator, err := url.Parse(uri) - if err != nil { - r.err = err - return r - } - r.pathPrefix = locator.Path - if len(locator.Query()) > 0 { - if r.params == nil { - r.params = make(url.Values) - } - for k, v := range locator.Query() { - r.params[k] = v - } - } - return r -} - -const ( - // A constant that clients can use to refer in a field selector to the object name field. - // Will be automatically emitted as the correct name for the API version. - nodeUnschedulable = "spec.unschedulable" - objectNameField = "metadata.name" - podHost = "spec.nodeName" - podStatus = "status.phase" - secretType = "type" - - eventReason = "reason" - eventSource = "source" - eventType = "type" - eventInvolvedKind = "involvedObject.kind" - eventInvolvedNamespace = "involvedObject.namespace" - eventInvolvedName = "involvedObject.name" - eventInvolvedUID = "involvedObject.uid" - eventInvolvedAPIVersion = "involvedObject.apiVersion" - eventInvolvedResourceVersion = "involvedObject.resourceVersion" - eventInvolvedFieldPath = "involvedObject.fieldPath" -) - -type clientFieldNameToAPIVersionFieldName map[string]string - -func (c clientFieldNameToAPIVersionFieldName) filterField(field, value string) (newField, newValue string, err error) { - newFieldName, ok := c[field] - if !ok { - return "", "", fmt.Errorf("%v - %v - no field mapping defined", field, value) - } - return newFieldName, value, nil -} - -type resourceTypeToFieldMapping map[string]clientFieldNameToAPIVersionFieldName - -func (r resourceTypeToFieldMapping) filterField(resourceType, field, value string) (newField, newValue string, err error) { - fMapping, ok := r[resourceType] - if !ok { - return "", "", fmt.Errorf("%v - %v - %v - no field mapping defined", resourceType, field, value) - } - return fMapping.filterField(field, value) -} - -type versionToResourceToFieldMapping map[schema.GroupVersion]resourceTypeToFieldMapping - -// filterField transforms the given field/value selector for the given groupVersion and resource -func (v versionToResourceToFieldMapping) filterField(groupVersion *schema.GroupVersion, resourceType, field, value string) (newField, newValue string, err error) { - rMapping, ok := v[*groupVersion] - if !ok { - // no groupVersion overrides registered, default to identity mapping - return field, value, nil - } - newField, newValue, err = rMapping.filterField(resourceType, field, value) - if err != nil { - // no groupVersionResource overrides registered, default to identity mapping - return field, value, nil - } - return newField, newValue, nil -} - -var fieldMappings = versionToResourceToFieldMapping{ - v1.SchemeGroupVersion: resourceTypeToFieldMapping{ - "nodes": clientFieldNameToAPIVersionFieldName{ - objectNameField: objectNameField, - nodeUnschedulable: nodeUnschedulable, - }, - "pods": clientFieldNameToAPIVersionFieldName{ - objectNameField: objectNameField, - podHost: podHost, - podStatus: podStatus, - }, - "secrets": clientFieldNameToAPIVersionFieldName{ - secretType: secretType, - }, - "serviceAccounts": clientFieldNameToAPIVersionFieldName{ - objectNameField: objectNameField, - }, - "endpoints": clientFieldNameToAPIVersionFieldName{ - objectNameField: objectNameField, - }, - "events": clientFieldNameToAPIVersionFieldName{ - objectNameField: objectNameField, - eventReason: eventReason, - eventSource: eventSource, - eventType: eventType, - eventInvolvedKind: eventInvolvedKind, - eventInvolvedNamespace: eventInvolvedNamespace, - eventInvolvedName: eventInvolvedName, - eventInvolvedUID: eventInvolvedUID, - eventInvolvedAPIVersion: eventInvolvedAPIVersion, - eventInvolvedResourceVersion: eventInvolvedResourceVersion, - eventInvolvedFieldPath: eventInvolvedFieldPath, - }, - }, -} - -// FieldsSelectorParam adds the given selector as a query parameter with the name paramName. -func (r *Request) FieldsSelectorParam(s fields.Selector) *Request { - if r.err != nil { - return r - } - if s == nil { - return r - } - if s.Empty() { - return r - } - s2, err := s.Transform(func(field, value string) (newField, newValue string, err error) { - return fieldMappings.filterField(r.content.GroupVersion, r.resource, field, value) - }) - if err != nil { - r.err = err - return r - } - return r.setParam(metav1.FieldSelectorQueryParam(r.content.GroupVersion.String()), s2.String()) -} - -// LabelsSelectorParam adds the given selector as a query parameter -func (r *Request) LabelsSelectorParam(s labels.Selector) *Request { - if r.err != nil { - return r - } - if s == nil { - return r - } - if s.Empty() { - return r - } - return r.setParam(metav1.LabelSelectorQueryParam(r.content.GroupVersion.String()), s.String()) -} - -// UintParam creates a query parameter with the given value. -func (r *Request) UintParam(paramName string, u uint64) *Request { - if r.err != nil { - return r - } - return r.setParam(paramName, strconv.FormatUint(u, 10)) -} - -// Param creates a query parameter with the given string value. -func (r *Request) Param(paramName, s string) *Request { - if r.err != nil { - return r - } - return r.setParam(paramName, s) -} - -// VersionedParams will take the provided object, serialize it to a map[string][]string using the -// implicit RESTClient API version and the default parameter codec, and then add those as parameters -// to the request. Use this to provide versioned query parameters from client libraries. -func (r *Request) VersionedParams(obj runtime.Object, codec runtime.ParameterCodec) *Request { - if r.err != nil { - return r - } - params, err := codec.EncodeParameters(obj, *r.content.GroupVersion) - if err != nil { - r.err = err - return r - } - for k, v := range params { - for _, value := range v { - // TODO: Move it to setParam method, once we get rid of - // FieldSelectorParam & LabelSelectorParam methods. - if k == metav1.LabelSelectorQueryParam(r.content.GroupVersion.String()) && value == "" { - // Don't set an empty selector for backward compatibility. - // Since there is no way to get the difference between empty - // and unspecified string, we don't set it to avoid having - // labelSelector= param in every request. - continue - } - if k == metav1.FieldSelectorQueryParam(r.content.GroupVersion.String()) { - if len(value) == 0 { - // Don't set an empty selector for backward compatibility. - // Since there is no way to get the difference between empty - // and unspecified string, we don't set it to avoid having - // fieldSelector= param in every request. - continue - } - // TODO: Filtering should be handled somewhere else. - selector, err := fields.ParseSelector(value) - if err != nil { - r.err = fmt.Errorf("unparsable field selector: %v", err) - return r - } - filteredSelector, err := selector.Transform( - func(field, value string) (newField, newValue string, err error) { - return fieldMappings.filterField(r.content.GroupVersion, r.resource, field, value) - }) - if err != nil { - r.err = fmt.Errorf("untransformable field selector: %v", err) - return r - } - value = filteredSelector.String() - } - - r.setParam(k, value) - } - } - return r -} - -func (r *Request) setParam(paramName, value string) *Request { - if specialParams.Has(paramName) { - r.err = fmt.Errorf("must set %v through the corresponding function, not directly.", paramName) - return r - } - if r.params == nil { - r.params = make(url.Values) - } - r.params[paramName] = append(r.params[paramName], value) - return r -} - -func (r *Request) SetHeader(key, value string) *Request { - if r.headers == nil { - r.headers = http.Header{} - } - r.headers.Set(key, value) - return r -} - -// Timeout makes the request use the given duration as a timeout. Sets the "timeout" -// parameter. -func (r *Request) Timeout(d time.Duration) *Request { - if r.err != nil { - return r - } - r.timeout = d - return r -} - -// Body makes the request use obj as the body. Optional. -// If obj is a string, try to read a file of that name. -// If obj is a []byte, send it directly. -// If obj is an io.Reader, use it directly. -// If obj is a runtime.Object, marshal it correctly, and set Content-Type header. -// If obj is a runtime.Object and nil, do nothing. -// Otherwise, set an error. -func (r *Request) Body(obj interface{}) *Request { - if r.err != nil { - return r - } - switch t := obj.(type) { - case string: - data, err := ioutil.ReadFile(t) - if err != nil { - r.err = err - return r - } - glogBody("Request Body", data) - r.body = bytes.NewReader(data) - case []byte: - glogBody("Request Body", t) - r.body = bytes.NewReader(t) - case io.Reader: - r.body = t - case runtime.Object: - // callers may pass typed interface pointers, therefore we must check nil with reflection - if reflect.ValueOf(t).IsNil() { - return r - } - data, err := runtime.Encode(r.serializers.Encoder, t) - if err != nil { - r.err = err - return r - } - glogBody("Request Body", data) - r.body = bytes.NewReader(data) - r.SetHeader("Content-Type", r.content.ContentType) - default: - r.err = fmt.Errorf("unknown type used for body: %+v", obj) - } - return r -} - -// Context adds a context to the request. Contexts are only used for -// timeouts, deadlines, and cancellations. -func (r *Request) Context(ctx context.Context) *Request { - r.ctx = ctx - return r -} - -// URL returns the current working URL. -func (r *Request) URL() *url.URL { - p := r.pathPrefix - if r.namespaceSet && len(r.namespace) > 0 { - p = path.Join(p, "namespaces", r.namespace) - } - if len(r.resource) != 0 { - p = path.Join(p, strings.ToLower(r.resource)) - } - // Join trims trailing slashes, so preserve r.pathPrefix's trailing slash for backwards compatibility if nothing was changed - if len(r.resourceName) != 0 || len(r.subpath) != 0 || len(r.subresource) != 0 { - p = path.Join(p, r.resourceName, r.subresource, r.subpath) - } - - finalURL := &url.URL{} - if r.baseURL != nil { - *finalURL = *r.baseURL - } - finalURL.Path = p - - query := url.Values{} - for key, values := range r.params { - for _, value := range values { - query.Add(key, value) - } - } - - // timeout is handled specially here. - if r.timeout != 0 { - query.Set("timeout", r.timeout.String()) - } - finalURL.RawQuery = query.Encode() - return finalURL -} - -// finalURLTemplate is similar to URL(), but will make all specific parameter values equal -// - instead of name or namespace, "{name}" and "{namespace}" will be used, and all query -// parameters will be reset. This creates a copy of the request so as not to change the -// underyling object. This means some useful request info (like the types of field -// selectors in use) will be lost. -// TODO: preserve field selector keys -func (r Request) finalURLTemplate() url.URL { - if len(r.resourceName) != 0 { - r.resourceName = "{name}" - } - if r.namespaceSet && len(r.namespace) != 0 { - r.namespace = "{namespace}" - } - newParams := url.Values{} - v := []string{"{value}"} - for k := range r.params { - newParams[k] = v - } - r.params = newParams - url := r.URL() - return *url -} - -func (r *Request) tryThrottle() { - now := time.Now() - if r.throttle != nil { - r.throttle.Accept() - } - if latency := time.Since(now); latency > longThrottleLatency { - glog.V(4).Infof("Throttling request took %v, request: %s:%s", latency, r.verb, r.URL().String()) - } -} - -// Watch attempts to begin watching the requested location. -// Returns a watch.Interface, or an error. -func (r *Request) Watch() (watch.Interface, error) { - // We specifically don't want to rate limit watches, so we - // don't use r.throttle here. - if r.err != nil { - return nil, r.err - } - if r.serializers.Framer == nil { - return nil, fmt.Errorf("watching resources is not possible with this client (content-type: %s)", r.content.ContentType) - } - - url := r.URL().String() - req, err := http.NewRequest(r.verb, url, r.body) - if err != nil { - return nil, err - } - if r.ctx != nil { - req = req.WithContext(r.ctx) - } - req.Header = r.headers - client := r.client - if client == nil { - client = http.DefaultClient - } - r.backoffMgr.Sleep(r.backoffMgr.CalculateBackoff(r.URL())) - resp, err := client.Do(req) - updateURLMetrics(r, resp, err) - if r.baseURL != nil { - if err != nil { - r.backoffMgr.UpdateBackoff(r.baseURL, err, 0) - } else { - r.backoffMgr.UpdateBackoff(r.baseURL, err, resp.StatusCode) - } - } - if err != nil { - // The watch stream mechanism handles many common partial data errors, so closed - // connections can be retried in many cases. - if net.IsProbableEOF(err) { - return watch.NewEmptyWatch(), nil - } - return nil, err - } - if resp.StatusCode != http.StatusOK { - defer resp.Body.Close() - if result := r.transformResponse(resp, req); result.err != nil { - return nil, result.err - } - return nil, fmt.Errorf("for request '%+v', got status: %v", url, resp.StatusCode) - } - framer := r.serializers.Framer.NewFrameReader(resp.Body) - decoder := streaming.NewDecoder(framer, r.serializers.StreamingSerializer) - return watch.NewStreamWatcher(restclientwatch.NewDecoder(decoder, r.serializers.Decoder)), nil -} - -// updateURLMetrics is a convenience function for pushing metrics. -// It also handles corner cases for incomplete/invalid request data. -func updateURLMetrics(req *Request, resp *http.Response, err error) { - url := "none" - if req.baseURL != nil { - url = req.baseURL.Host - } - - // Errors can be arbitrary strings. Unbound label cardinality is not suitable for a metric - // system so we just report them as ``. - if err != nil { - metrics.RequestResult.Increment("", req.verb, url) - } else { - //Metrics for failure codes - metrics.RequestResult.Increment(strconv.Itoa(resp.StatusCode), req.verb, url) - } -} - -// Stream formats and executes the request, and offers streaming of the response. -// Returns io.ReadCloser which could be used for streaming of the response, or an error -// Any non-2xx http status code causes an error. If we get a non-2xx code, we try to convert the body into an APIStatus object. -// If we can, we return that as an error. Otherwise, we create an error that lists the http status and the content of the response. -func (r *Request) Stream() (io.ReadCloser, error) { - if r.err != nil { - return nil, r.err - } - - r.tryThrottle() - - url := r.URL().String() - req, err := http.NewRequest(r.verb, url, nil) - if err != nil { - return nil, err - } - if r.ctx != nil { - req = req.WithContext(r.ctx) - } - req.Header = r.headers - client := r.client - if client == nil { - client = http.DefaultClient - } - r.backoffMgr.Sleep(r.backoffMgr.CalculateBackoff(r.URL())) - resp, err := client.Do(req) - updateURLMetrics(r, resp, err) - if r.baseURL != nil { - if err != nil { - r.backoffMgr.UpdateBackoff(r.URL(), err, 0) - } else { - r.backoffMgr.UpdateBackoff(r.URL(), err, resp.StatusCode) - } - } - if err != nil { - return nil, err - } - - switch { - case (resp.StatusCode >= 200) && (resp.StatusCode < 300): - return resp.Body, nil - - default: - // ensure we close the body before returning the error - defer resp.Body.Close() - - result := r.transformResponse(resp, req) - err := result.Error() - if err == nil { - err = fmt.Errorf("%d while accessing %v: %s", result.statusCode, url, string(result.body)) - } - return nil, err - } -} - -// request connects to the server and invokes the provided function when a server response is -// received. It handles retry behavior and up front validation of requests. It will invoke -// fn at most once. It will return an error if a problem occurred prior to connecting to the -// server - the provided function is responsible for handling server errors. -func (r *Request) request(fn func(*http.Request, *http.Response)) error { - //Metrics for total request latency - start := time.Now() - defer func() { - metrics.RequestLatency.Observe(r.verb, r.finalURLTemplate(), time.Since(start)) - }() - - if r.err != nil { - glog.V(4).Infof("Error in request: %v", r.err) - return r.err - } - - // TODO: added to catch programmer errors (invoking operations with an object with an empty namespace) - if (r.verb == "GET" || r.verb == "PUT" || r.verb == "DELETE") && r.namespaceSet && len(r.resourceName) > 0 && len(r.namespace) == 0 { - return fmt.Errorf("an empty namespace may not be set when a resource name is provided") - } - if (r.verb == "POST") && r.namespaceSet && len(r.namespace) == 0 { - return fmt.Errorf("an empty namespace may not be set during creation") - } - - client := r.client - if client == nil { - client = http.DefaultClient - } - - // Right now we make about ten retry attempts if we get a Retry-After response. - // TODO: Change to a timeout based approach. - maxRetries := 10 - retries := 0 - for { - url := r.URL().String() - req, err := http.NewRequest(r.verb, url, r.body) - if err != nil { - return err - } - if r.ctx != nil { - req = req.WithContext(r.ctx) - } - req.Header = r.headers - - r.backoffMgr.Sleep(r.backoffMgr.CalculateBackoff(r.URL())) - if retries > 0 { - // We are retrying the request that we already send to apiserver - // at least once before. - // This request should also be throttled with the client-internal throttler. - r.tryThrottle() - } - resp, err := client.Do(req) - updateURLMetrics(r, resp, err) - if err != nil { - r.backoffMgr.UpdateBackoff(r.URL(), err, 0) - } else { - r.backoffMgr.UpdateBackoff(r.URL(), err, resp.StatusCode) - } - if err != nil { - // "Connection reset by peer" is usually a transient error. - // Thus in case of "GET" operations, we simply retry it. - // We are not automatically retrying "write" operations, as - // they are not idempotent. - if !net.IsConnectionReset(err) || r.verb != "GET" { - return err - } - // For the purpose of retry, we set the artificial "retry-after" response. - // TODO: Should we clean the original response if it exists? - resp = &http.Response{ - StatusCode: http.StatusInternalServerError, - Header: http.Header{"Retry-After": []string{"1"}}, - Body: ioutil.NopCloser(bytes.NewReader([]byte{})), - } - } - - done := func() bool { - // Ensure the response body is fully read and closed - // before we reconnect, so that we reuse the same TCP - // connection. - defer func() { - const maxBodySlurpSize = 2 << 10 - if resp.ContentLength <= maxBodySlurpSize { - io.Copy(ioutil.Discard, &io.LimitedReader{R: resp.Body, N: maxBodySlurpSize}) - } - resp.Body.Close() - }() - - retries++ - if seconds, wait := checkWait(resp); wait && retries < maxRetries { - if seeker, ok := r.body.(io.Seeker); ok && r.body != nil { - _, err := seeker.Seek(0, 0) - if err != nil { - glog.V(4).Infof("Could not retry request, can't Seek() back to beginning of body for %T", r.body) - fn(req, resp) - return true - } - } - - glog.V(4).Infof("Got a Retry-After %s response for attempt %d to %v", seconds, retries, url) - r.backoffMgr.Sleep(time.Duration(seconds) * time.Second) - return false - } - fn(req, resp) - return true - }() - if done { - return nil - } - } -} - -// Do formats and executes the request. Returns a Result object for easy response -// processing. -// -// Error type: -// * If the request can't be constructed, or an error happened earlier while building its -// arguments: *RequestConstructionError -// * If the server responds with a status: *errors.StatusError or *errors.UnexpectedObjectError -// * http.Client.Do errors are returned directly. -func (r *Request) Do() Result { - r.tryThrottle() - - var result Result - err := r.request(func(req *http.Request, resp *http.Response) { - result = r.transformResponse(resp, req) - }) - if err != nil { - return Result{err: err} - } - return result -} - -// DoRaw executes the request but does not process the response body. -func (r *Request) DoRaw() ([]byte, error) { - r.tryThrottle() - - var result Result - err := r.request(func(req *http.Request, resp *http.Response) { - result.body, result.err = ioutil.ReadAll(resp.Body) - glogBody("Response Body", result.body) - if resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusPartialContent { - result.err = r.transformUnstructuredResponseError(resp, req, result.body) - } - }) - if err != nil { - return nil, err - } - return result.body, result.err -} - -// transformResponse converts an API response into a structured API object -func (r *Request) transformResponse(resp *http.Response, req *http.Request) Result { - var body []byte - if resp.Body != nil { - if data, err := ioutil.ReadAll(resp.Body); err == nil { - body = data - } - } - - glogBody("Response Body", body) - - // verify the content type is accurate - contentType := resp.Header.Get("Content-Type") - decoder := r.serializers.Decoder - if len(contentType) > 0 && (decoder == nil || (len(r.content.ContentType) > 0 && contentType != r.content.ContentType)) { - mediaType, params, err := mime.ParseMediaType(contentType) - if err != nil { - return Result{err: errors.NewInternalError(err)} - } - decoder, err = r.serializers.RenegotiatedDecoder(mediaType, params) - if err != nil { - // if we fail to negotiate a decoder, treat this as an unstructured error - switch { - case resp.StatusCode == http.StatusSwitchingProtocols: - // no-op, we've been upgraded - case resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusPartialContent: - return Result{err: r.transformUnstructuredResponseError(resp, req, body)} - } - return Result{ - body: body, - contentType: contentType, - statusCode: resp.StatusCode, - } - } - } - - switch { - case resp.StatusCode == http.StatusSwitchingProtocols: - // no-op, we've been upgraded - case resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusPartialContent: - // calculate an unstructured error from the response which the Result object may use if the caller - // did not return a structured error. - retryAfter, _ := retryAfterSeconds(resp) - err := r.newUnstructuredResponseError(body, isTextResponse(resp), resp.StatusCode, req.Method, retryAfter) - return Result{ - body: body, - contentType: contentType, - statusCode: resp.StatusCode, - decoder: decoder, - err: err, - } - } - - return Result{ - body: body, - contentType: contentType, - statusCode: resp.StatusCode, - decoder: decoder, - } -} - -// glogBody logs a body output that could be either JSON or protobuf. It explicitly guards against -// allocating a new string for the body output unless necessary. Uses a simple heuristic to determine -// whether the body is printable. -func glogBody(prefix string, body []byte) { - if glog.V(8) { - if bytes.IndexFunc(body, func(r rune) bool { - return r < 0x0a - }) != -1 { - glog.Infof("%s:\n%s", prefix, hex.Dump(body)) - } else { - glog.Infof("%s: %s", prefix, string(body)) - } - } -} - -// maxUnstructuredResponseTextBytes is an upper bound on how much output to include in the unstructured error. -const maxUnstructuredResponseTextBytes = 2048 - -// transformUnstructuredResponseError handles an error from the server that is not in a structured form. -// It is expected to transform any response that is not recognizable as a clear server sent error from the -// K8S API using the information provided with the request. In practice, HTTP proxies and client libraries -// introduce a level of uncertainty to the responses returned by servers that in common use result in -// unexpected responses. The rough structure is: -// -// 1. Assume the server sends you something sane - JSON + well defined error objects + proper codes -// - this is the happy path -// - when you get this output, trust what the server sends -// 2. Guard against empty fields / bodies in received JSON and attempt to cull sufficient info from them to -// generate a reasonable facsimile of the original failure. -// - Be sure to use a distinct error type or flag that allows a client to distinguish between this and error 1 above -// 3. Handle true disconnect failures / completely malformed data by moving up to a more generic client error -// 4. Distinguish between various connection failures like SSL certificates, timeouts, proxy errors, unexpected -// initial contact, the presence of mismatched body contents from posted content types -// - Give these a separate distinct error type and capture as much as possible of the original message -// -// TODO: introduce transformation of generic http.Client.Do() errors that separates 4. -func (r *Request) transformUnstructuredResponseError(resp *http.Response, req *http.Request, body []byte) error { - if body == nil && resp.Body != nil { - if data, err := ioutil.ReadAll(&io.LimitedReader{R: resp.Body, N: maxUnstructuredResponseTextBytes}); err == nil { - body = data - } - } - retryAfter, _ := retryAfterSeconds(resp) - return r.newUnstructuredResponseError(body, isTextResponse(resp), resp.StatusCode, req.Method, retryAfter) -} - -// newUnstructuredResponseError instantiates the appropriate generic error for the provided input. It also logs the body. -func (r *Request) newUnstructuredResponseError(body []byte, isTextResponse bool, statusCode int, method string, retryAfter int) error { - // cap the amount of output we create - if len(body) > maxUnstructuredResponseTextBytes { - body = body[:maxUnstructuredResponseTextBytes] - } - - message := "unknown" - if isTextResponse { - message = strings.TrimSpace(string(body)) - } - return errors.NewGenericServerResponse( - statusCode, - method, - schema.GroupResource{ - Group: r.content.GroupVersion.Group, - Resource: r.resource, - }, - r.resourceName, - message, - retryAfter, - true, - ) -} - -// isTextResponse returns true if the response appears to be a textual media type. -func isTextResponse(resp *http.Response) bool { - contentType := resp.Header.Get("Content-Type") - if len(contentType) == 0 { - return true - } - media, _, err := mime.ParseMediaType(contentType) - if err != nil { - return false - } - return strings.HasPrefix(media, "text/") -} - -// checkWait returns true along with a number of seconds if the server instructed us to wait -// before retrying. -func checkWait(resp *http.Response) (int, bool) { - switch r := resp.StatusCode; { - // any 500 error code and 429 can trigger a wait - case r == errors.StatusTooManyRequests, r >= 500: - default: - return 0, false - } - i, ok := retryAfterSeconds(resp) - return i, ok -} - -// retryAfterSeconds returns the value of the Retry-After header and true, or 0 and false if -// the header was missing or not a valid number. -func retryAfterSeconds(resp *http.Response) (int, bool) { - if h := resp.Header.Get("Retry-After"); len(h) > 0 { - if i, err := strconv.Atoi(h); err == nil { - return i, true - } - } - return 0, false -} - -// Result contains the result of calling Request.Do(). -type Result struct { - body []byte - contentType string - err error - statusCode int - - decoder runtime.Decoder -} - -// Raw returns the raw result. -func (r Result) Raw() ([]byte, error) { - return r.body, r.err -} - -// Get returns the result as an object, which means it passes through the decoder. -// If the returned object is of type Status and has .Status != StatusSuccess, the -// additional information in Status will be used to enrich the error. -func (r Result) Get() (runtime.Object, error) { - if r.err != nil { - // Check whether the result has a Status object in the body and prefer that. - return nil, r.Error() - } - if r.decoder == nil { - return nil, fmt.Errorf("serializer for %s doesn't exist", r.contentType) - } - - // decode, but if the result is Status return that as an error instead. - out, _, err := r.decoder.Decode(r.body, nil, nil) - if err != nil { - return nil, err - } - switch t := out.(type) { - case *metav1.Status: - // any status besides StatusSuccess is considered an error. - if t.Status != metav1.StatusSuccess { - return nil, errors.FromObject(t) - } - } - return out, nil -} - -// StatusCode returns the HTTP status code of the request. (Only valid if no -// error was returned.) -func (r Result) StatusCode(statusCode *int) Result { - *statusCode = r.statusCode - return r -} - -// Into stores the result into obj, if possible. If obj is nil it is ignored. -// If the returned object is of type Status and has .Status != StatusSuccess, the -// additional information in Status will be used to enrich the error. -func (r Result) Into(obj runtime.Object) error { - if r.err != nil { - // Check whether the result has a Status object in the body and prefer that. - return r.Error() - } - if r.decoder == nil { - return fmt.Errorf("serializer for %s doesn't exist", r.contentType) - } - - out, _, err := r.decoder.Decode(r.body, nil, obj) - if err != nil || out == obj { - return err - } - // if a different object is returned, see if it is Status and avoid double decoding - // the object. - switch t := out.(type) { - case *metav1.Status: - // any status besides StatusSuccess is considered an error. - if t.Status != metav1.StatusSuccess { - return errors.FromObject(t) - } - } - return nil -} - -// WasCreated updates the provided bool pointer to whether the server returned -// 201 created or a different response. -func (r Result) WasCreated(wasCreated *bool) Result { - *wasCreated = r.statusCode == http.StatusCreated - return r -} - -// Error returns the error executing the request, nil if no error occurred. -// If the returned object is of type Status and has Status != StatusSuccess, the -// additional information in Status will be used to enrich the error. -// See the Request.Do() comment for what errors you might get. -func (r Result) Error() error { - // if we have received an unexpected server error, and we have a body and decoder, we can try to extract - // a Status object. - if r.err == nil || !errors.IsUnexpectedServerError(r.err) || len(r.body) == 0 || r.decoder == nil { - return r.err - } - - // attempt to convert the body into a Status object - // to be backwards compatible with old servers that do not return a version, default to "v1" - out, _, err := r.decoder.Decode(r.body, &schema.GroupVersionKind{Version: "v1"}, nil) - if err != nil { - glog.V(5).Infof("body was not decodable (unable to check for Status): %v", err) - return r.err - } - switch t := out.(type) { - case *metav1.Status: - // because we default the kind, we *must* check for StatusFailure - if t.Status == metav1.StatusFailure { - return errors.FromObject(t) - } - } - return r.err -} diff --git a/pkg/client/restclient/request_test.go b/pkg/client/restclient/request_test.go deleted file mode 100755 index 3a94ce03026..00000000000 --- a/pkg/client/restclient/request_test.go +++ /dev/null @@ -1,1710 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "bytes" - "context" - "errors" - "fmt" - "io" - "io/ioutil" - "net" - "net/http" - "net/http/httptest" - "net/url" - "os" - "reflect" - "strings" - "syscall" - "testing" - "time" - - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer/streaming" - "k8s.io/apimachinery/pkg/util/diff" - "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/pkg/util/clock" - "k8s.io/client-go/pkg/util/flowcontrol" - restclientwatch "k8s.io/client-go/rest/watch" - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/api/testapi" - "k8s.io/kubernetes/pkg/api/v1" - "k8s.io/kubernetes/pkg/util/httpstream" - "k8s.io/kubernetes/pkg/util/intstr" - utiltesting "k8s.io/kubernetes/pkg/util/testing" -) - -func TestNewRequestSetsAccept(t *testing.T) { - r := NewRequest(nil, "get", &url.URL{Path: "/path/"}, "", ContentConfig{}, Serializers{}, nil, nil) - if r.headers.Get("Accept") != "" { - t.Errorf("unexpected headers: %#v", r.headers) - } - r = NewRequest(nil, "get", &url.URL{Path: "/path/"}, "", ContentConfig{ContentType: "application/other"}, Serializers{}, nil, nil) - if r.headers.Get("Accept") != "application/other, */*" { - t.Errorf("unexpected headers: %#v", r.headers) - } -} - -type clientFunc func(req *http.Request) (*http.Response, error) - -func (f clientFunc) Do(req *http.Request) (*http.Response, error) { - return f(req) -} - -func TestRequestSetsHeaders(t *testing.T) { - server := clientFunc(func(req *http.Request) (*http.Response, error) { - if req.Header.Get("Accept") != "application/other, */*" { - t.Errorf("unexpected headers: %#v", req.Header) - } - return &http.Response{ - StatusCode: http.StatusForbidden, - Body: ioutil.NopCloser(bytes.NewReader([]byte{})), - }, nil - }) - config := defaultContentConfig() - config.ContentType = "application/other" - serializers := defaultSerializers() - r := NewRequest(server, "get", &url.URL{Path: "/path"}, "", config, serializers, nil, nil) - - // Check if all "issue" methods are setting headers. - _ = r.Do() - _, _ = r.Watch() - _, _ = r.Stream() -} - -func TestRequestWithErrorWontChange(t *testing.T) { - original := Request{ - err: errors.New("test"), - content: ContentConfig{GroupVersion: &api.Registry.GroupOrDie(api.GroupName).GroupVersion}, - } - r := original - changed := r.Param("foo", "bar"). - LabelsSelectorParam(labels.Set{"a": "b"}.AsSelector()). - UintParam("uint", 1). - AbsPath("/abs"). - Prefix("test"). - Suffix("testing"). - Namespace("new"). - Resource("foos"). - Name("bars"). - Body("foo"). - Timeout(time.Millisecond) - if changed != &r { - t.Errorf("returned request should point to the same object") - } - if !reflect.DeepEqual(changed, &original) { - t.Errorf("expected %#v, got %#v", &original, changed) - } -} - -func TestRequestPreservesBaseTrailingSlash(t *testing.T) { - r := &Request{baseURL: &url.URL{}, pathPrefix: "/path/"} - if s := r.URL().String(); s != "/path/" { - t.Errorf("trailing slash should be preserved: %s", s) - } -} - -func TestRequestAbsPathPreservesTrailingSlash(t *testing.T) { - r := (&Request{baseURL: &url.URL{}}).AbsPath("/foo/") - if s := r.URL().String(); s != "/foo/" { - t.Errorf("trailing slash should be preserved: %s", s) - } - - r = (&Request{baseURL: &url.URL{}}).AbsPath("/foo/") - if s := r.URL().String(); s != "/foo/" { - t.Errorf("trailing slash should be preserved: %s", s) - } -} - -func TestRequestAbsPathJoins(t *testing.T) { - r := (&Request{baseURL: &url.URL{}}).AbsPath("foo/bar", "baz") - if s := r.URL().String(); s != "foo/bar/baz" { - t.Errorf("trailing slash should be preserved: %s", s) - } -} - -func TestRequestSetsNamespace(t *testing.T) { - r := (&Request{ - baseURL: &url.URL{ - Path: "/", - }, - }).Namespace("foo") - if r.namespace == "" { - t.Errorf("namespace should be set: %#v", r) - } - - if s := r.URL().String(); s != "namespaces/foo" { - t.Errorf("namespace should be in path: %s", s) - } -} - -func TestRequestOrdersNamespaceInPath(t *testing.T) { - r := (&Request{ - baseURL: &url.URL{}, - pathPrefix: "/test/", - }).Name("bar").Resource("baz").Namespace("foo") - if s := r.URL().String(); s != "/test/namespaces/foo/baz/bar" { - t.Errorf("namespace should be in order in path: %s", s) - } -} - -func TestRequestOrdersSubResource(t *testing.T) { - r := (&Request{ - baseURL: &url.URL{}, - pathPrefix: "/test/", - }).Name("bar").Resource("baz").Namespace("foo").Suffix("test").SubResource("a", "b") - if s := r.URL().String(); s != "/test/namespaces/foo/baz/bar/a/b/test" { - t.Errorf("namespace should be in order in path: %s", s) - } -} - -func TestRequestSetTwiceError(t *testing.T) { - if (&Request{}).Name("bar").Name("baz").err == nil { - t.Errorf("setting name twice should result in error") - } - if (&Request{}).Namespace("bar").Namespace("baz").err == nil { - t.Errorf("setting namespace twice should result in error") - } - if (&Request{}).Resource("bar").Resource("baz").err == nil { - t.Errorf("setting resource twice should result in error") - } - if (&Request{}).SubResource("bar").SubResource("baz").err == nil { - t.Errorf("setting subresource twice should result in error") - } -} - -func TestInvalidSegments(t *testing.T) { - invalidSegments := []string{".", "..", "test/segment", "test%2bsegment"} - setters := map[string]func(string, *Request){ - "namespace": func(s string, r *Request) { r.Namespace(s) }, - "resource": func(s string, r *Request) { r.Resource(s) }, - "name": func(s string, r *Request) { r.Name(s) }, - "subresource": func(s string, r *Request) { r.SubResource(s) }, - } - for _, invalidSegment := range invalidSegments { - for setterName, setter := range setters { - r := &Request{} - setter(invalidSegment, r) - if r.err == nil { - t.Errorf("%s: %s: expected error, got none", setterName, invalidSegment) - } - } - } -} - -func TestRequestParam(t *testing.T) { - r := (&Request{}).Param("foo", "a") - if !reflect.DeepEqual(r.params, url.Values{"foo": []string{"a"}}) { - t.Errorf("should have set a param: %#v", r) - } - - r.Param("bar", "1") - r.Param("bar", "2") - if !reflect.DeepEqual(r.params, url.Values{"foo": []string{"a"}, "bar": []string{"1", "2"}}) { - t.Errorf("should have set a param: %#v", r) - } -} - -func TestRequestVersionedParams(t *testing.T) { - r := (&Request{content: ContentConfig{GroupVersion: &v1.SchemeGroupVersion}}).Param("foo", "a") - if !reflect.DeepEqual(r.params, url.Values{"foo": []string{"a"}}) { - t.Errorf("should have set a param: %#v", r) - } - r.VersionedParams(&api.PodLogOptions{Follow: true, Container: "bar"}, api.ParameterCodec) - - if !reflect.DeepEqual(r.params, url.Values{ - "foo": []string{"a"}, - "container": []string{"bar"}, - "follow": []string{"true"}, - }) { - t.Errorf("should have set a param: %#v", r) - } -} - -func TestRequestVersionedParamsFromListOptions(t *testing.T) { - r := &Request{content: ContentConfig{GroupVersion: &v1.SchemeGroupVersion}} - r.VersionedParams(&api.ListOptions{ResourceVersion: "1"}, api.ParameterCodec) - if !reflect.DeepEqual(r.params, url.Values{ - "resourceVersion": []string{"1"}, - }) { - t.Errorf("should have set a param: %#v", r) - } - - var timeout int64 = 10 - r.VersionedParams(&api.ListOptions{ResourceVersion: "2", TimeoutSeconds: &timeout}, api.ParameterCodec) - if !reflect.DeepEqual(r.params, url.Values{ - "resourceVersion": []string{"1", "2"}, - "timeoutSeconds": []string{"10"}, - }) { - t.Errorf("should have set a param: %#v", r) - } -} - -func TestRequestURI(t *testing.T) { - r := (&Request{}).Param("foo", "a") - r.Prefix("other") - r.RequestURI("/test?foo=b&a=b&c=1&c=2") - if r.pathPrefix != "/test" { - t.Errorf("path is wrong: %#v", r) - } - if !reflect.DeepEqual(r.params, url.Values{"a": []string{"b"}, "foo": []string{"b"}, "c": []string{"1", "2"}}) { - t.Errorf("should have set a param: %#v", r) - } -} - -type NotAnAPIObject struct{} - -func (obj NotAnAPIObject) GroupVersionKind() *schema.GroupVersionKind { return nil } -func (obj NotAnAPIObject) SetGroupVersionKind(gvk *schema.GroupVersionKind) {} - -func defaultContentConfig() ContentConfig { - return ContentConfig{ - GroupVersion: &api.Registry.GroupOrDie(api.GroupName).GroupVersion, - NegotiatedSerializer: testapi.Default.NegotiatedSerializer(), - } -} - -func defaultSerializers() Serializers { - return Serializers{ - Encoder: testapi.Default.Codec(), - Decoder: testapi.Default.Codec(), - StreamingSerializer: testapi.Default.Codec(), - Framer: runtime.DefaultFramer, - RenegotiatedDecoder: func(contentType string, params map[string]string) (runtime.Decoder, error) { - return testapi.Default.Codec(), nil - }, - } -} - -func TestRequestBody(t *testing.T) { - // test unknown type - r := (&Request{}).Body([]string{"test"}) - if r.err == nil || r.body != nil { - t.Errorf("should have set err and left body nil: %#v", r) - } - - // test error set when failing to read file - f, err := ioutil.TempFile("", "test") - if err != nil { - t.Fatalf("unable to create temp file") - } - defer f.Close() - os.Remove(f.Name()) - r = (&Request{}).Body(f.Name()) - if r.err == nil || r.body != nil { - t.Errorf("should have set err and left body nil: %#v", r) - } - - // test unencodable api object - r = (&Request{content: defaultContentConfig()}).Body(&NotAnAPIObject{}) - if r.err == nil || r.body != nil { - t.Errorf("should have set err and left body nil: %#v", r) - } -} - -func TestResultIntoWithErrReturnsErr(t *testing.T) { - res := Result{err: errors.New("test")} - if err := res.Into(&api.Pod{}); err != res.err { - t.Errorf("should have returned exact error from result") - } -} - -func TestURLTemplate(t *testing.T) { - uri, _ := url.Parse("http://localhost") - r := NewRequest(nil, "POST", uri, "", ContentConfig{GroupVersion: &schema.GroupVersion{Group: "test"}}, Serializers{}, nil, nil) - r.Prefix("pre1").Resource("r1").Namespace("ns").Name("nm").Param("p0", "v0") - full := r.URL() - if full.String() != "http://localhost/pre1/namespaces/ns/r1/nm?p0=v0" { - t.Errorf("unexpected initial URL: %s", full) - } - actualURL := r.finalURLTemplate() - actual := actualURL.String() - expected := "http://localhost/pre1/namespaces/%7Bnamespace%7D/r1/%7Bname%7D?p0=%7Bvalue%7D" - if actual != expected { - t.Errorf("unexpected URL template: %s %s", actual, expected) - } - if r.URL().String() != full.String() { - t.Errorf("creating URL template changed request: %s -> %s", full.String(), r.URL().String()) - } -} - -func TestTransformResponse(t *testing.T) { - invalid := []byte("aaaaa") - uri, _ := url.Parse("http://localhost") - testCases := []struct { - Response *http.Response - Data []byte - Created bool - Error bool - ErrFn func(err error) bool - }{ - {Response: &http.Response{StatusCode: 200}, Data: []byte{}}, - {Response: &http.Response{StatusCode: 201}, Data: []byte{}, Created: true}, - {Response: &http.Response{StatusCode: 199}, Error: true}, - {Response: &http.Response{StatusCode: 500}, Error: true}, - {Response: &http.Response{StatusCode: 422}, Error: true}, - {Response: &http.Response{StatusCode: 409}, Error: true}, - {Response: &http.Response{StatusCode: 404}, Error: true}, - {Response: &http.Response{StatusCode: 401}, Error: true}, - { - Response: &http.Response{ - StatusCode: 401, - Header: http.Header{"Content-Type": []string{"application/json"}}, - Body: ioutil.NopCloser(bytes.NewReader(invalid)), - }, - Error: true, - ErrFn: func(err error) bool { - return err.Error() != "aaaaa" && apierrors.IsUnauthorized(err) - }, - }, - { - Response: &http.Response{ - StatusCode: 401, - Header: http.Header{"Content-Type": []string{"text/any"}}, - Body: ioutil.NopCloser(bytes.NewReader(invalid)), - }, - Error: true, - ErrFn: func(err error) bool { - return strings.Contains(err.Error(), "server has asked for the client to provide") && apierrors.IsUnauthorized(err) - }, - }, - {Response: &http.Response{StatusCode: 403}, Error: true}, - {Response: &http.Response{StatusCode: 200, Body: ioutil.NopCloser(bytes.NewReader(invalid))}, Data: invalid}, - {Response: &http.Response{StatusCode: 200, Body: ioutil.NopCloser(bytes.NewReader(invalid))}, Data: invalid}, - } - for i, test := range testCases { - r := NewRequest(nil, "", uri, "", defaultContentConfig(), defaultSerializers(), nil, nil) - if test.Response.Body == nil { - test.Response.Body = ioutil.NopCloser(bytes.NewReader([]byte{})) - } - result := r.transformResponse(test.Response, &http.Request{}) - response, created, err := result.body, result.statusCode == http.StatusCreated, result.err - hasErr := err != nil - if hasErr != test.Error { - t.Errorf("%d: unexpected error: %t %v", i, test.Error, err) - } else if hasErr && test.Response.StatusCode > 399 { - status, ok := err.(apierrors.APIStatus) - if !ok { - t.Errorf("%d: response should have been transformable into APIStatus: %v", i, err) - continue - } - if int(status.Status().Code) != test.Response.StatusCode { - t.Errorf("%d: status code did not match response: %#v", i, status.Status()) - } - } - if test.ErrFn != nil && !test.ErrFn(err) { - t.Errorf("%d: error function did not match: %v", i, err) - } - if !(test.Data == nil && response == nil) && !api.Semantic.DeepDerivative(test.Data, response) { - t.Errorf("%d: unexpected response: %#v %#v", i, test.Data, response) - } - if test.Created != created { - t.Errorf("%d: expected created %t, got %t", i, test.Created, created) - } - } -} - -type renegotiator struct { - called bool - contentType string - params map[string]string - decoder runtime.Decoder - err error -} - -func (r *renegotiator) invoke(contentType string, params map[string]string) (runtime.Decoder, error) { - r.called = true - r.contentType = contentType - r.params = params - return r.decoder, r.err -} - -func TestTransformResponseNegotiate(t *testing.T) { - invalid := []byte("aaaaa") - uri, _ := url.Parse("http://localhost") - testCases := []struct { - Response *http.Response - Data []byte - Created bool - Error bool - ErrFn func(err error) bool - - ContentType string - Called bool - ExpectContentType string - Decoder runtime.Decoder - NegotiateErr error - }{ - { - ContentType: "application/json", - Response: &http.Response{ - StatusCode: 401, - Header: http.Header{"Content-Type": []string{"application/json"}}, - Body: ioutil.NopCloser(bytes.NewReader(invalid)), - }, - Error: true, - ErrFn: func(err error) bool { - return err.Error() != "aaaaa" && apierrors.IsUnauthorized(err) - }, - }, - { - ContentType: "application/json", - Response: &http.Response{ - StatusCode: 401, - Header: http.Header{"Content-Type": []string{"application/protobuf"}}, - Body: ioutil.NopCloser(bytes.NewReader(invalid)), - }, - Decoder: testapi.Default.Codec(), - - Called: true, - ExpectContentType: "application/protobuf", - - Error: true, - ErrFn: func(err error) bool { - return err.Error() != "aaaaa" && apierrors.IsUnauthorized(err) - }, - }, - { - ContentType: "application/json", - Response: &http.Response{ - StatusCode: 500, - Header: http.Header{"Content-Type": []string{"application/,others"}}, - }, - Decoder: testapi.Default.Codec(), - - Error: true, - ErrFn: func(err error) bool { - return err.Error() == "Internal error occurred: mime: expected token after slash" && err.(apierrors.APIStatus).Status().Code == 500 - }, - }, - { - // no negotiation when no content type specified - Response: &http.Response{ - StatusCode: 200, - Header: http.Header{"Content-Type": []string{"text/any"}}, - Body: ioutil.NopCloser(bytes.NewReader(invalid)), - }, - Decoder: testapi.Default.Codec(), - }, - { - // no negotiation when no response content type specified - ContentType: "text/any", - Response: &http.Response{ - StatusCode: 200, - Body: ioutil.NopCloser(bytes.NewReader(invalid)), - }, - Decoder: testapi.Default.Codec(), - }, - { - // unrecognized content type is not handled - ContentType: "application/json", - Response: &http.Response{ - StatusCode: 404, - Header: http.Header{"Content-Type": []string{"application/unrecognized"}}, - Body: ioutil.NopCloser(bytes.NewReader(invalid)), - }, - Decoder: testapi.Default.Codec(), - - NegotiateErr: fmt.Errorf("aaaa"), - Called: true, - ExpectContentType: "application/unrecognized", - - Error: true, - ErrFn: func(err error) bool { - return err.Error() != "aaaaa" && apierrors.IsNotFound(err) - }, - }, - } - for i, test := range testCases { - serializers := defaultSerializers() - negotiator := &renegotiator{ - decoder: test.Decoder, - err: test.NegotiateErr, - } - serializers.RenegotiatedDecoder = negotiator.invoke - contentConfig := defaultContentConfig() - contentConfig.ContentType = test.ContentType - r := NewRequest(nil, "", uri, "", contentConfig, serializers, nil, nil) - if test.Response.Body == nil { - test.Response.Body = ioutil.NopCloser(bytes.NewReader([]byte{})) - } - result := r.transformResponse(test.Response, &http.Request{}) - _, err := result.body, result.err - hasErr := err != nil - if hasErr != test.Error { - t.Errorf("%d: unexpected error: %t %v", i, test.Error, err) - continue - } else if hasErr && test.Response.StatusCode > 399 { - status, ok := err.(apierrors.APIStatus) - if !ok { - t.Errorf("%d: response should have been transformable into APIStatus: %v", i, err) - continue - } - if int(status.Status().Code) != test.Response.StatusCode { - t.Errorf("%d: status code did not match response: %#v", i, status.Status()) - } - } - if test.ErrFn != nil && !test.ErrFn(err) { - t.Errorf("%d: error function did not match: %v", i, err) - } - if negotiator.called != test.Called { - t.Errorf("%d: negotiator called %t != %t", i, negotiator.called, test.Called) - } - if !test.Called { - continue - } - if negotiator.contentType != test.ExpectContentType { - t.Errorf("%d: unexpected content type: %s", i, negotiator.contentType) - } - } -} - -func TestTransformUnstructuredError(t *testing.T) { - testCases := []struct { - Req *http.Request - Res *http.Response - - Resource string - Name string - - ErrFn func(error) bool - Transformed error - }{ - { - Resource: "foo", - Name: "bar", - Req: &http.Request{ - Method: "POST", - }, - Res: &http.Response{ - StatusCode: http.StatusConflict, - Body: ioutil.NopCloser(bytes.NewReader(nil)), - }, - ErrFn: apierrors.IsAlreadyExists, - }, - { - Resource: "foo", - Name: "bar", - Req: &http.Request{ - Method: "PUT", - }, - Res: &http.Response{ - StatusCode: http.StatusConflict, - Body: ioutil.NopCloser(bytes.NewReader(nil)), - }, - ErrFn: apierrors.IsConflict, - }, - { - Resource: "foo", - Name: "bar", - Req: &http.Request{}, - Res: &http.Response{ - StatusCode: http.StatusNotFound, - Body: ioutil.NopCloser(bytes.NewReader(nil)), - }, - ErrFn: apierrors.IsNotFound, - }, - { - Req: &http.Request{}, - Res: &http.Response{ - StatusCode: http.StatusBadRequest, - Body: ioutil.NopCloser(bytes.NewReader(nil)), - }, - ErrFn: apierrors.IsBadRequest, - }, - { - // status in response overrides transformed result - Req: &http.Request{}, - Res: &http.Response{StatusCode: http.StatusBadRequest, Body: ioutil.NopCloser(bytes.NewReader([]byte(`{"kind":"Status","apiVersion":"v1","status":"Failure","code":404}`)))}, - ErrFn: apierrors.IsBadRequest, - Transformed: &apierrors.StatusError{ - ErrStatus: metav1.Status{Status: metav1.StatusFailure, Code: http.StatusNotFound}, - }, - }, - { - // successful status is ignored - Req: &http.Request{}, - Res: &http.Response{StatusCode: http.StatusBadRequest, Body: ioutil.NopCloser(bytes.NewReader([]byte(`{"kind":"Status","apiVersion":"v1","status":"Success","code":404}`)))}, - ErrFn: apierrors.IsBadRequest, - }, - { - // empty object does not change result - Req: &http.Request{}, - Res: &http.Response{StatusCode: http.StatusBadRequest, Body: ioutil.NopCloser(bytes.NewReader([]byte(`{}`)))}, - ErrFn: apierrors.IsBadRequest, - }, - { - // we default apiVersion for backwards compatibility with old clients - // TODO: potentially remove in 1.7 - Req: &http.Request{}, - Res: &http.Response{StatusCode: http.StatusBadRequest, Body: ioutil.NopCloser(bytes.NewReader([]byte(`{"kind":"Status","status":"Failure","code":404}`)))}, - ErrFn: apierrors.IsBadRequest, - Transformed: &apierrors.StatusError{ - ErrStatus: metav1.Status{Status: metav1.StatusFailure, Code: http.StatusNotFound}, - }, - }, - { - // we do not default kind - Req: &http.Request{}, - Res: &http.Response{StatusCode: http.StatusBadRequest, Body: ioutil.NopCloser(bytes.NewReader([]byte(`{"status":"Failure","code":404}`)))}, - ErrFn: apierrors.IsBadRequest, - }, - } - - for i, testCase := range testCases { - r := &Request{ - content: defaultContentConfig(), - serializers: defaultSerializers(), - resourceName: testCase.Name, - resource: testCase.Resource, - } - result := r.transformResponse(testCase.Res, testCase.Req) - err := result.err - if !testCase.ErrFn(err) { - t.Errorf("unexpected error: %v", err) - continue - } - if !apierrors.IsUnexpectedServerError(err) { - t.Errorf("%d: unexpected error type: %v", i, err) - } - if len(testCase.Name) != 0 && !strings.Contains(err.Error(), testCase.Name) { - t.Errorf("unexpected error string: %s", err) - } - if len(testCase.Resource) != 0 && !strings.Contains(err.Error(), testCase.Resource) { - t.Errorf("unexpected error string: %s", err) - } - - // verify Error() properly transforms the error - transformed := result.Error() - expect := testCase.Transformed - if expect == nil { - expect = err - } - if !reflect.DeepEqual(expect, transformed) { - t.Errorf("%d: unexpected Error(): %s", i, diff.ObjectReflectDiff(expect, transformed)) - } - - // verify result.Get properly transforms the error - if _, err := result.Get(); !reflect.DeepEqual(expect, err) { - t.Errorf("%d: unexpected error on Get(): %s", i, diff.ObjectReflectDiff(expect, err)) - } - - // verify result.Into properly handles the error - if err := result.Into(&api.Pod{}); !reflect.DeepEqual(expect, err) { - t.Errorf("%d: unexpected error on Into(): %s", i, diff.ObjectReflectDiff(expect, err)) - } - - // verify result.Raw leaves the error in the untransformed state - if _, err := result.Raw(); !reflect.DeepEqual(result.err, err) { - t.Errorf("%d: unexpected error on Raw(): %s", i, diff.ObjectReflectDiff(expect, err)) - } - } -} - -func TestRequestWatch(t *testing.T) { - testCases := []struct { - Request *Request - Err bool - ErrFn func(error) bool - Empty bool - }{ - { - Request: &Request{err: errors.New("bail")}, - Err: true, - }, - { - Request: &Request{baseURL: &url.URL{}, pathPrefix: "%"}, - Err: true, - }, - { - Request: &Request{ - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return nil, errors.New("err") - }), - baseURL: &url.URL{}, - }, - Err: true, - }, - { - Request: &Request{ - content: defaultContentConfig(), - serializers: defaultSerializers(), - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return &http.Response{ - StatusCode: http.StatusForbidden, - Body: ioutil.NopCloser(bytes.NewReader([]byte{})), - }, nil - }), - baseURL: &url.URL{}, - }, - Err: true, - ErrFn: func(err error) bool { - return apierrors.IsForbidden(err) - }, - }, - { - Request: &Request{ - content: defaultContentConfig(), - serializers: defaultSerializers(), - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return &http.Response{ - StatusCode: http.StatusUnauthorized, - Body: ioutil.NopCloser(bytes.NewReader([]byte{})), - }, nil - }), - baseURL: &url.URL{}, - }, - Err: true, - ErrFn: func(err error) bool { - return apierrors.IsUnauthorized(err) - }, - }, - { - Request: &Request{ - content: defaultContentConfig(), - serializers: defaultSerializers(), - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return &http.Response{ - StatusCode: http.StatusUnauthorized, - Body: ioutil.NopCloser(bytes.NewReader([]byte(runtime.EncodeOrDie(testapi.Default.Codec(), &metav1.Status{ - Status: metav1.StatusFailure, - Reason: metav1.StatusReasonUnauthorized, - })))), - }, nil - }), - baseURL: &url.URL{}, - }, - Err: true, - ErrFn: func(err error) bool { - return apierrors.IsUnauthorized(err) - }, - }, - { - Request: &Request{ - serializers: defaultSerializers(), - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return nil, io.EOF - }), - baseURL: &url.URL{}, - }, - Empty: true, - }, - { - Request: &Request{ - serializers: defaultSerializers(), - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return nil, &url.Error{Err: io.EOF} - }), - baseURL: &url.URL{}, - }, - Empty: true, - }, - { - Request: &Request{ - serializers: defaultSerializers(), - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return nil, errors.New("http: can't write HTTP request on broken connection") - }), - baseURL: &url.URL{}, - }, - Empty: true, - }, - { - Request: &Request{ - serializers: defaultSerializers(), - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return nil, errors.New("foo: connection reset by peer") - }), - baseURL: &url.URL{}, - }, - Empty: true, - }, - } - for i, testCase := range testCases { - t.Logf("testcase %v", testCase.Request) - testCase.Request.backoffMgr = &NoBackoff{} - watch, err := testCase.Request.Watch() - hasErr := err != nil - if hasErr != testCase.Err { - t.Errorf("%d: expected %t, got %t: %v", i, testCase.Err, hasErr, err) - continue - } - if testCase.ErrFn != nil && !testCase.ErrFn(err) { - t.Errorf("%d: error not valid: %v", i, err) - } - if hasErr && watch != nil { - t.Errorf("%d: watch should be nil when error is returned", i) - continue - } - if testCase.Empty { - _, ok := <-watch.ResultChan() - if ok { - t.Errorf("%d: expected the watch to be empty: %#v", i, watch) - } - } - } -} - -func TestRequestStream(t *testing.T) { - testCases := []struct { - Request *Request - Err bool - ErrFn func(error) bool - }{ - { - Request: &Request{err: errors.New("bail")}, - Err: true, - }, - { - Request: &Request{baseURL: &url.URL{}, pathPrefix: "%"}, - Err: true, - }, - { - Request: &Request{ - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return nil, errors.New("err") - }), - baseURL: &url.URL{}, - }, - Err: true, - }, - { - Request: &Request{ - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return &http.Response{ - StatusCode: http.StatusUnauthorized, - Body: ioutil.NopCloser(bytes.NewReader([]byte(runtime.EncodeOrDie(testapi.Default.Codec(), &metav1.Status{ - Status: metav1.StatusFailure, - Reason: metav1.StatusReasonUnauthorized, - })))), - }, nil - }), - content: defaultContentConfig(), - serializers: defaultSerializers(), - baseURL: &url.URL{}, - }, - Err: true, - }, - { - Request: &Request{ - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return &http.Response{ - StatusCode: http.StatusBadRequest, - Body: ioutil.NopCloser(bytes.NewReader([]byte(`{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"a container name must be specified for pod kube-dns-v20-mz5cv, choose one of: [kubedns dnsmasq healthz]","reason":"BadRequest","code":400}`))), - }, nil - }), - content: defaultContentConfig(), - serializers: defaultSerializers(), - baseURL: &url.URL{}, - }, - Err: true, - ErrFn: func(err error) bool { - if err.Error() == "a container name must be specified for pod kube-dns-v20-mz5cv, choose one of: [kubedns dnsmasq healthz]" { - return true - } - return false - }, - }, - } - for i, testCase := range testCases { - testCase.Request.backoffMgr = &NoBackoff{} - body, err := testCase.Request.Stream() - hasErr := err != nil - if hasErr != testCase.Err { - t.Errorf("%d: expected %t, got %t: %v", i, testCase.Err, hasErr, err) - } - if hasErr && body != nil { - t.Errorf("%d: body should be nil when error is returned", i) - } - - if hasErr { - if testCase.ErrFn != nil && !testCase.ErrFn(err) { - t.Errorf("unexpected error: %v", err) - } - } - } -} - -type fakeUpgradeConnection struct{} - -func (c *fakeUpgradeConnection) CreateStream(headers http.Header) (httpstream.Stream, error) { - return nil, nil -} -func (c *fakeUpgradeConnection) Close() error { - return nil -} -func (c *fakeUpgradeConnection) CloseChan() <-chan bool { - return make(chan bool) -} -func (c *fakeUpgradeConnection) SetIdleTimeout(timeout time.Duration) { -} - -type fakeUpgradeRoundTripper struct { - req *http.Request - conn httpstream.Connection -} - -func (f *fakeUpgradeRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - f.req = req - b := []byte{} - body := ioutil.NopCloser(bytes.NewReader(b)) - resp := &http.Response{ - StatusCode: 101, - Body: body, - } - return resp, nil -} - -func (f *fakeUpgradeRoundTripper) NewConnection(resp *http.Response) (httpstream.Connection, error) { - return f.conn, nil -} - -func TestRequestDo(t *testing.T) { - testCases := []struct { - Request *Request - Err bool - }{ - { - Request: &Request{err: errors.New("bail")}, - Err: true, - }, - { - Request: &Request{baseURL: &url.URL{}, pathPrefix: "%"}, - Err: true, - }, - { - Request: &Request{ - client: clientFunc(func(req *http.Request) (*http.Response, error) { - return nil, errors.New("err") - }), - baseURL: &url.URL{}, - }, - Err: true, - }, - } - for i, testCase := range testCases { - testCase.Request.backoffMgr = &NoBackoff{} - body, err := testCase.Request.Do().Raw() - hasErr := err != nil - if hasErr != testCase.Err { - t.Errorf("%d: expected %t, got %t: %v", i, testCase.Err, hasErr, err) - } - if hasErr && body != nil { - t.Errorf("%d: body should be nil when error is returned", i) - } - } -} - -func TestDoRequestNewWay(t *testing.T) { - reqBody := "request body" - expectedObj := &api.Service{Spec: api.ServiceSpec{Ports: []api.ServicePort{{ - Protocol: "TCP", - Port: 12345, - TargetPort: intstr.FromInt(12345), - }}}} - expectedBody, _ := runtime.Encode(testapi.Default.Codec(), expectedObj) - fakeHandler := utiltesting.FakeHandler{ - StatusCode: 200, - ResponseBody: string(expectedBody), - T: t, - } - testServer := httptest.NewServer(&fakeHandler) - defer testServer.Close() - c := testRESTClient(t, testServer) - obj, err := c.Verb("POST"). - Prefix("foo", "bar"). - Suffix("baz"). - Timeout(time.Second). - Body([]byte(reqBody)). - Do().Get() - if err != nil { - t.Errorf("Unexpected error: %v %#v", err, err) - return - } - if obj == nil { - t.Error("nil obj") - } else if !api.Semantic.DeepDerivative(expectedObj, obj) { - t.Errorf("Expected: %#v, got %#v", expectedObj, obj) - } - requestURL := testapi.Default.ResourcePathWithPrefix("foo/bar", "", "", "baz") - requestURL += "?timeout=1s" - fakeHandler.ValidateRequest(t, requestURL, "POST", &reqBody) -} - -// This test assumes that the client implementation backs off exponentially, for an individual request. -func TestBackoffLifecycle(t *testing.T) { - count := 0 - testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - count++ - t.Logf("Attempt %d", count) - if count == 5 || count == 9 { - w.WriteHeader(http.StatusOK) - return - } else { - w.WriteHeader(http.StatusGatewayTimeout) - return - } - })) - defer testServer.Close() - c := testRESTClient(t, testServer) - - // Test backoff recovery and increase. This correlates to the constants - // which are used in the server implementation returning StatusOK above. - seconds := []int{0, 1, 2, 4, 8, 0, 1, 2, 4, 0} - request := c.Verb("POST").Prefix("backofftest").Suffix("abc") - clock := clock.FakeClock{} - request.backoffMgr = &URLBackoff{ - // Use a fake backoff here to avoid flakes and speed the test up. - Backoff: flowcontrol.NewFakeBackOff( - time.Duration(1)*time.Second, - time.Duration(200)*time.Second, - &clock, - )} - - for _, sec := range seconds { - thisBackoff := request.backoffMgr.CalculateBackoff(request.URL()) - t.Logf("Current backoff %v", thisBackoff) - if thisBackoff != time.Duration(sec)*time.Second { - t.Errorf("Backoff is %v instead of %v", thisBackoff, sec) - } - now := clock.Now() - request.DoRaw() - elapsed := clock.Since(now) - if clock.Since(now) != thisBackoff { - t.Errorf("CalculatedBackoff not honored by clock: Expected time of %v, but got %v ", thisBackoff, elapsed) - } - } -} - -type testBackoffManager struct { - sleeps []time.Duration -} - -func (b *testBackoffManager) UpdateBackoff(actualUrl *url.URL, err error, responseCode int) { -} - -func (b *testBackoffManager) CalculateBackoff(actualUrl *url.URL) time.Duration { - return time.Duration(0) -} - -func (b *testBackoffManager) Sleep(d time.Duration) { - b.sleeps = append(b.sleeps, d) -} - -func TestCheckRetryClosesBody(t *testing.T) { - count := 0 - ch := make(chan struct{}) - testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - count++ - t.Logf("attempt %d", count) - if count >= 5 { - w.WriteHeader(http.StatusOK) - close(ch) - return - } - w.Header().Set("Retry-After", "1") - http.Error(w, "Too many requests, please try again later.", apierrors.StatusTooManyRequests) - })) - defer testServer.Close() - - backoffMgr := &testBackoffManager{} - expectedSleeps := []time.Duration{0, time.Second, 0, time.Second, 0, time.Second, 0, time.Second, 0} - - c := testRESTClient(t, testServer) - c.createBackoffMgr = func() BackoffManager { return backoffMgr } - _, err := c.Verb("POST"). - Prefix("foo", "bar"). - Suffix("baz"). - Timeout(time.Second). - Body([]byte(strings.Repeat("abcd", 1000))). - DoRaw() - if err != nil { - t.Fatalf("Unexpected error: %v %#v", err, err) - } - <-ch - if count != 5 { - t.Errorf("unexpected retries: %d", count) - } - if !reflect.DeepEqual(backoffMgr.sleeps, expectedSleeps) { - t.Errorf("unexpected sleeps, expected: %v, got: %v", expectedSleeps, backoffMgr.sleeps) - } -} - -func TestConnectionResetByPeerIsRetried(t *testing.T) { - count := 0 - backoff := &testBackoffManager{} - req := &Request{ - verb: "GET", - client: clientFunc(func(req *http.Request) (*http.Response, error) { - count++ - if count >= 3 { - return &http.Response{ - StatusCode: 200, - Body: ioutil.NopCloser(bytes.NewReader([]byte{})), - }, nil - } - return nil, &net.OpError{Err: syscall.ECONNRESET} - }), - backoffMgr: backoff, - } - // We expect two retries of "connection reset by peer" and the success. - _, err := req.Do().Raw() - if err != nil { - t.Errorf("Unexpected error: %v", err) - } - // We have a sleep before each retry (including the initial one) and for - // every "retry-after" call - thus 5 together. - if len(backoff.sleeps) != 5 { - t.Errorf("Expected 5 retries, got: %d", len(backoff.sleeps)) - } -} - -func TestCheckRetryHandles429And5xx(t *testing.T) { - count := 0 - ch := make(chan struct{}) - testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - data, err := ioutil.ReadAll(req.Body) - if err != nil { - t.Fatalf("unable to read request body: %v", err) - } - if !bytes.Equal(data, []byte(strings.Repeat("abcd", 1000))) { - t.Fatalf("retry did not send a complete body: %s", data) - } - t.Logf("attempt %d", count) - if count >= 4 { - w.WriteHeader(http.StatusOK) - close(ch) - return - } - w.Header().Set("Retry-After", "0") - w.WriteHeader([]int{apierrors.StatusTooManyRequests, 500, 501, 504}[count]) - count++ - })) - defer testServer.Close() - - c := testRESTClient(t, testServer) - _, err := c.Verb("POST"). - Prefix("foo", "bar"). - Suffix("baz"). - Timeout(time.Second). - Body([]byte(strings.Repeat("abcd", 1000))). - DoRaw() - if err != nil { - t.Fatalf("Unexpected error: %v %#v", err, err) - } - <-ch - if count != 4 { - t.Errorf("unexpected retries: %d", count) - } -} - -func BenchmarkCheckRetryClosesBody(b *testing.B) { - count := 0 - testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - count++ - if count%3 == 0 { - w.WriteHeader(http.StatusOK) - return - } - w.Header().Set("Retry-After", "0") - w.WriteHeader(apierrors.StatusTooManyRequests) - })) - defer testServer.Close() - - c := testRESTClient(b, testServer) - r := c.Verb("POST"). - Prefix("foo", "bar"). - Suffix("baz"). - Timeout(time.Second). - Body([]byte(strings.Repeat("abcd", 1000))) - - for i := 0; i < b.N; i++ { - if _, err := r.DoRaw(); err != nil { - b.Fatalf("Unexpected error: %v %#v", err, err) - } - } -} - -func TestDoRequestNewWayReader(t *testing.T) { - reqObj := &api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo"}} - reqBodyExpected, _ := runtime.Encode(testapi.Default.Codec(), reqObj) - expectedObj := &api.Service{Spec: api.ServiceSpec{Ports: []api.ServicePort{{ - Protocol: "TCP", - Port: 12345, - TargetPort: intstr.FromInt(12345), - }}}} - expectedBody, _ := runtime.Encode(testapi.Default.Codec(), expectedObj) - fakeHandler := utiltesting.FakeHandler{ - StatusCode: 200, - ResponseBody: string(expectedBody), - T: t, - } - testServer := httptest.NewServer(&fakeHandler) - defer testServer.Close() - c := testRESTClient(t, testServer) - obj, err := c.Verb("POST"). - Resource("bar"). - Name("baz"). - Prefix("foo"). - LabelsSelectorParam(labels.Set{"name": "foo"}.AsSelector()). - Timeout(time.Second). - Body(bytes.NewBuffer(reqBodyExpected)). - Do().Get() - if err != nil { - t.Errorf("Unexpected error: %v %#v", err, err) - return - } - if obj == nil { - t.Error("nil obj") - } else if !api.Semantic.DeepDerivative(expectedObj, obj) { - t.Errorf("Expected: %#v, got %#v", expectedObj, obj) - } - tmpStr := string(reqBodyExpected) - requestURL := testapi.Default.ResourcePathWithPrefix("foo", "bar", "", "baz") - requestURL += "?" + metav1.LabelSelectorQueryParam(api.Registry.GroupOrDie(api.GroupName).GroupVersion.String()) + "=name%3Dfoo&timeout=1s" - fakeHandler.ValidateRequest(t, requestURL, "POST", &tmpStr) -} - -func TestDoRequestNewWayObj(t *testing.T) { - reqObj := &api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo"}} - reqBodyExpected, _ := runtime.Encode(testapi.Default.Codec(), reqObj) - expectedObj := &api.Service{Spec: api.ServiceSpec{Ports: []api.ServicePort{{ - Protocol: "TCP", - Port: 12345, - TargetPort: intstr.FromInt(12345), - }}}} - expectedBody, _ := runtime.Encode(testapi.Default.Codec(), expectedObj) - fakeHandler := utiltesting.FakeHandler{ - StatusCode: 200, - ResponseBody: string(expectedBody), - T: t, - } - testServer := httptest.NewServer(&fakeHandler) - defer testServer.Close() - c := testRESTClient(t, testServer) - obj, err := c.Verb("POST"). - Suffix("baz"). - Name("bar"). - Resource("foo"). - LabelsSelectorParam(labels.Set{"name": "foo"}.AsSelector()). - Timeout(time.Second). - Body(reqObj). - Do().Get() - if err != nil { - t.Errorf("Unexpected error: %v %#v", err, err) - return - } - if obj == nil { - t.Error("nil obj") - } else if !api.Semantic.DeepDerivative(expectedObj, obj) { - t.Errorf("Expected: %#v, got %#v", expectedObj, obj) - } - tmpStr := string(reqBodyExpected) - requestURL := testapi.Default.ResourcePath("foo", "", "bar/baz") - requestURL += "?" + metav1.LabelSelectorQueryParam(api.Registry.GroupOrDie(api.GroupName).GroupVersion.String()) + "=name%3Dfoo&timeout=1s" - fakeHandler.ValidateRequest(t, requestURL, "POST", &tmpStr) -} - -func TestDoRequestNewWayFile(t *testing.T) { - reqObj := &api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo"}} - reqBodyExpected, err := runtime.Encode(testapi.Default.Codec(), reqObj) - if err != nil { - t.Errorf("unexpected error: %v", err) - } - - file, err := ioutil.TempFile("", "foo") - if err != nil { - t.Errorf("unexpected error: %v", err) - } - defer file.Close() - defer os.Remove(file.Name()) - - _, err = file.Write(reqBodyExpected) - if err != nil { - t.Errorf("unexpected error: %v", err) - } - - expectedObj := &api.Service{Spec: api.ServiceSpec{Ports: []api.ServicePort{{ - Protocol: "TCP", - Port: 12345, - TargetPort: intstr.FromInt(12345), - }}}} - expectedBody, _ := runtime.Encode(testapi.Default.Codec(), expectedObj) - fakeHandler := utiltesting.FakeHandler{ - StatusCode: 200, - ResponseBody: string(expectedBody), - T: t, - } - testServer := httptest.NewServer(&fakeHandler) - defer testServer.Close() - c := testRESTClient(t, testServer) - wasCreated := true - obj, err := c.Verb("POST"). - Prefix("foo/bar", "baz"). - Timeout(time.Second). - Body(file.Name()). - Do().WasCreated(&wasCreated).Get() - if err != nil { - t.Errorf("Unexpected error: %v %#v", err, err) - return - } - if obj == nil { - t.Error("nil obj") - } else if !api.Semantic.DeepDerivative(expectedObj, obj) { - t.Errorf("Expected: %#v, got %#v", expectedObj, obj) - } - if wasCreated { - t.Errorf("expected object was created") - } - tmpStr := string(reqBodyExpected) - requestURL := testapi.Default.ResourcePathWithPrefix("foo/bar/baz", "", "", "") - requestURL += "?timeout=1s" - fakeHandler.ValidateRequest(t, requestURL, "POST", &tmpStr) -} - -func TestWasCreated(t *testing.T) { - reqObj := &api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo"}} - reqBodyExpected, err := runtime.Encode(testapi.Default.Codec(), reqObj) - if err != nil { - t.Errorf("unexpected error: %v", err) - } - - expectedObj := &api.Service{Spec: api.ServiceSpec{Ports: []api.ServicePort{{ - Protocol: "TCP", - Port: 12345, - TargetPort: intstr.FromInt(12345), - }}}} - expectedBody, _ := runtime.Encode(testapi.Default.Codec(), expectedObj) - fakeHandler := utiltesting.FakeHandler{ - StatusCode: 201, - ResponseBody: string(expectedBody), - T: t, - } - testServer := httptest.NewServer(&fakeHandler) - defer testServer.Close() - c := testRESTClient(t, testServer) - wasCreated := false - obj, err := c.Verb("PUT"). - Prefix("foo/bar", "baz"). - Timeout(time.Second). - Body(reqBodyExpected). - Do().WasCreated(&wasCreated).Get() - if err != nil { - t.Errorf("Unexpected error: %v %#v", err, err) - return - } - if obj == nil { - t.Error("nil obj") - } else if !api.Semantic.DeepDerivative(expectedObj, obj) { - t.Errorf("Expected: %#v, got %#v", expectedObj, obj) - } - if !wasCreated { - t.Errorf("Expected object was created") - } - - tmpStr := string(reqBodyExpected) - requestURL := testapi.Default.ResourcePathWithPrefix("foo/bar/baz", "", "", "") - requestURL += "?timeout=1s" - fakeHandler.ValidateRequest(t, requestURL, "PUT", &tmpStr) -} - -func TestVerbs(t *testing.T) { - c := testRESTClient(t, nil) - if r := c.Post(); r.verb != "POST" { - t.Errorf("Post verb is wrong") - } - if r := c.Put(); r.verb != "PUT" { - t.Errorf("Put verb is wrong") - } - if r := c.Get(); r.verb != "GET" { - t.Errorf("Get verb is wrong") - } - if r := c.Delete(); r.verb != "DELETE" { - t.Errorf("Delete verb is wrong") - } -} - -func TestAbsPath(t *testing.T) { - for i, tc := range []struct { - configPrefix string - resourcePrefix string - absPath string - wantsAbsPath string - }{ - {"/", "", "", "/"}, - {"", "", "/", "/"}, - {"", "", "/api", "/api"}, - {"", "", "/api/", "/api/"}, - {"", "", "/apis", "/apis"}, - {"", "/foo", "/bar/foo", "/bar/foo"}, - {"", "/api/foo/123", "/bar/foo", "/bar/foo"}, - {"/p1", "", "", "/p1"}, - {"/p1", "", "/", "/p1/"}, - {"/p1", "", "/api", "/p1/api"}, - {"/p1", "", "/apis", "/p1/apis"}, - {"/p1", "/r1", "/apis", "/p1/apis"}, - {"/p1", "/api/r1", "/apis", "/p1/apis"}, - {"/p1/api/p2", "", "", "/p1/api/p2"}, - {"/p1/api/p2", "", "/", "/p1/api/p2/"}, - {"/p1/api/p2", "", "/api", "/p1/api/p2/api"}, - {"/p1/api/p2", "", "/api/", "/p1/api/p2/api/"}, - {"/p1/api/p2", "/r1", "/api/", "/p1/api/p2/api/"}, - {"/p1/api/p2", "/api/r1", "/api/", "/p1/api/p2/api/"}, - } { - u, _ := url.Parse("http://localhost:123" + tc.configPrefix) - r := NewRequest(nil, "POST", u, "", ContentConfig{GroupVersion: &schema.GroupVersion{Group: "test"}}, Serializers{}, nil, nil).Prefix(tc.resourcePrefix).AbsPath(tc.absPath) - if r.pathPrefix != tc.wantsAbsPath { - t.Errorf("test case %d failed, unexpected path: %q, expected %q", i, r.pathPrefix, tc.wantsAbsPath) - } - } -} - -func TestUintParam(t *testing.T) { - table := []struct { - name string - testVal uint64 - expectStr string - }{ - {"foo", 31415, "http://localhost?foo=31415"}, - {"bar", 42, "http://localhost?bar=42"}, - {"baz", 0, "http://localhost?baz=0"}, - } - - for _, item := range table { - u, _ := url.Parse("http://localhost") - r := NewRequest(nil, "GET", u, "", ContentConfig{GroupVersion: &schema.GroupVersion{Group: "test"}}, Serializers{}, nil, nil).AbsPath("").UintParam(item.name, item.testVal) - if e, a := item.expectStr, r.URL().String(); e != a { - t.Errorf("expected %v, got %v", e, a) - } - } -} - -func TestUnacceptableParamNames(t *testing.T) { - table := []struct { - name string - testVal string - expectSuccess bool - }{ - {"timeout", "42", false}, - } - - for _, item := range table { - c := testRESTClient(t, nil) - r := c.Get().setParam(item.name, item.testVal) - if e, a := item.expectSuccess, r.err == nil; e != a { - t.Errorf("expected %v, got %v (%v)", e, a, r.err) - } - } -} - -func TestBody(t *testing.T) { - const data = "test payload" - - obj := &api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "foo"}} - bodyExpected, _ := runtime.Encode(testapi.Default.Codec(), obj) - - f, err := ioutil.TempFile("", "test_body") - if err != nil { - t.Fatalf("TempFile error: %v", err) - } - if _, err := f.WriteString(data); err != nil { - t.Fatalf("TempFile.WriteString error: %v", err) - } - f.Close() - defer os.Remove(f.Name()) - - var nilObject *api.DeleteOptions - typedObject := interface{}(nilObject) - c := testRESTClient(t, nil) - tests := []struct { - input interface{} - expected string - headers map[string]string - }{ - {[]byte(data), data, nil}, - {f.Name(), data, nil}, - {strings.NewReader(data), data, nil}, - {obj, string(bodyExpected), map[string]string{"Content-Type": "application/json"}}, - {typedObject, "", nil}, - } - for i, tt := range tests { - r := c.Post().Body(tt.input) - if r.err != nil { - t.Errorf("%d: r.Body(%#v) error: %v", i, tt, r.err) - continue - } - if tt.headers != nil { - for k, v := range tt.headers { - if r.headers.Get(k) != v { - t.Errorf("%d: r.headers[%q] = %q; want %q", i, k, v, v) - } - } - } - - if r.body == nil { - if len(tt.expected) != 0 { - t.Errorf("%d: r.body = %q; want %q", i, r.body, tt.expected) - } - continue - } - buf := make([]byte, len(tt.expected)) - if _, err := r.body.Read(buf); err != nil { - t.Errorf("%d: r.body.Read error: %v", i, err) - continue - } - body := string(buf) - if body != tt.expected { - t.Errorf("%d: r.body = %q; want %q", i, body, tt.expected) - } - } -} - -func TestWatch(t *testing.T) { - var table = []struct { - t watch.EventType - obj runtime.Object - }{ - {watch.Added, &api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "first"}}}, - {watch.Modified, &api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "second"}}}, - {watch.Deleted, &api.Pod{ObjectMeta: metav1.ObjectMeta{Name: "last"}}}, - } - - testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - flusher, ok := w.(http.Flusher) - if !ok { - panic("need flusher!") - } - - w.Header().Set("Transfer-Encoding", "chunked") - w.WriteHeader(http.StatusOK) - flusher.Flush() - - encoder := restclientwatch.NewEncoder(streaming.NewEncoder(w, testapi.Default.Codec()), testapi.Default.Codec()) - for _, item := range table { - if err := encoder.Encode(&watch.Event{Type: item.t, Object: item.obj}); err != nil { - panic(err) - } - flusher.Flush() - } - })) - defer testServer.Close() - - s := testRESTClient(t, testServer) - watching, err := s.Get().Prefix("path/to/watch/thing").Watch() - if err != nil { - t.Fatalf("Unexpected error") - } - - for _, item := range table { - got, ok := <-watching.ResultChan() - if !ok { - t.Fatalf("Unexpected early close") - } - if e, a := item.t, got.Type; e != a { - t.Errorf("Expected %v, got %v", e, a) - } - if e, a := item.obj, got.Object; !api.Semantic.DeepDerivative(e, a) { - t.Errorf("Expected %v, got %v", e, a) - } - } - - _, ok := <-watching.ResultChan() - if ok { - t.Fatal("Unexpected non-close") - } -} - -func TestStream(t *testing.T) { - expectedBody := "expected body" - - testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - flusher, ok := w.(http.Flusher) - if !ok { - panic("need flusher!") - } - w.Header().Set("Transfer-Encoding", "chunked") - w.WriteHeader(http.StatusOK) - w.Write([]byte(expectedBody)) - flusher.Flush() - })) - defer testServer.Close() - - s := testRESTClient(t, testServer) - readCloser, err := s.Get().Prefix("path/to/stream/thing").Stream() - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - defer readCloser.Close() - buf := new(bytes.Buffer) - buf.ReadFrom(readCloser) - resultBody := buf.String() - - if expectedBody != resultBody { - t.Errorf("Expected %s, got %s", expectedBody, resultBody) - } -} - -func testRESTClient(t testing.TB, srv *httptest.Server) *RESTClient { - baseURL, _ := url.Parse("http://localhost") - if srv != nil { - var err error - baseURL, err = url.Parse(srv.URL) - if err != nil { - t.Fatalf("failed to parse test URL: %v", err) - } - } - versionedAPIPath := testapi.Default.ResourcePath("", "", "") - client, err := NewRESTClient(baseURL, versionedAPIPath, defaultContentConfig(), 0, 0, nil, nil) - if err != nil { - t.Fatalf("failed to create a client: %v", err) - } - return client -} - -func TestDoContext(t *testing.T) { - receivedCh := make(chan struct{}) - block := make(chan struct{}) - testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { - close(receivedCh) - <-block - w.WriteHeader(http.StatusOK) - })) - defer testServer.Close() - defer close(block) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - go func() { - <-receivedCh - cancel() - }() - - c := testRESTClient(t, testServer) - _, err := c.Verb("GET"). - Context(ctx). - Prefix("foo"). - DoRaw() - if err == nil { - t.Fatal("Expected context cancellation error") - } -} diff --git a/pkg/client/restclient/transport.go b/pkg/client/restclient/transport.go deleted file mode 100644 index 0b4f5b6cbbd..00000000000 --- a/pkg/client/restclient/transport.go +++ /dev/null @@ -1,98 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "crypto/tls" - "net/http" - - "k8s.io/client-go/transport" -) - -// TLSConfigFor returns a tls.Config that will provide the transport level security defined -// by the provided Config. Will return nil if no transport level security is requested. -func TLSConfigFor(config *Config) (*tls.Config, error) { - cfg, err := config.TransportConfig() - if err != nil { - return nil, err - } - return transport.TLSConfigFor(cfg) -} - -// TransportFor returns an http.RoundTripper that will provide the authentication -// or transport level security defined by the provided Config. Will return the -// default http.DefaultTransport if no special case behavior is needed. -func TransportFor(config *Config) (http.RoundTripper, error) { - cfg, err := config.TransportConfig() - if err != nil { - return nil, err - } - return transport.New(cfg) -} - -// HTTPWrappersForConfig wraps a round tripper with any relevant layered behavior from the -// config. Exposed to allow more clients that need HTTP-like behavior but then must hijack -// the underlying connection (like WebSocket or HTTP2 clients). Pure HTTP clients should use -// the higher level TransportFor or RESTClientFor methods. -func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTripper, error) { - cfg, err := config.TransportConfig() - if err != nil { - return nil, err - } - return transport.HTTPWrappersForConfig(cfg, rt) -} - -// TransportConfig converts a client config to an appropriate transport config. -func (c *Config) TransportConfig() (*transport.Config, error) { - wt := c.WrapTransport - if c.AuthProvider != nil { - provider, err := GetAuthProvider(c.Host, c.AuthProvider, c.AuthConfigPersister) - if err != nil { - return nil, err - } - if wt != nil { - previousWT := wt - wt = func(rt http.RoundTripper) http.RoundTripper { - return provider.WrapTransport(previousWT(rt)) - } - } else { - wt = provider.WrapTransport - } - } - return &transport.Config{ - UserAgent: c.UserAgent, - Transport: c.Transport, - WrapTransport: wt, - TLS: transport.TLSConfig{ - CAFile: c.CAFile, - CAData: c.CAData, - CertFile: c.CertFile, - CertData: c.CertData, - KeyFile: c.KeyFile, - KeyData: c.KeyData, - Insecure: c.Insecure, - }, - Username: c.Username, - Password: c.Password, - BearerToken: c.BearerToken, - Impersonate: transport.ImpersonationConfig{ - UserName: c.Impersonate.UserName, - Groups: c.Impersonate.Groups, - Extra: c.Impersonate.Extra, - }, - }, nil -} diff --git a/pkg/client/restclient/url_utils.go b/pkg/client/restclient/url_utils.go deleted file mode 100644 index dba06136339..00000000000 --- a/pkg/client/restclient/url_utils.go +++ /dev/null @@ -1,90 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "fmt" - "net/url" - "path" - - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// DefaultServerURL converts a host, host:port, or URL string to the default base server API path -// to use with a Client at a given API version following the standard conventions for a -// Kubernetes API. -func DefaultServerURL(host, apiPath string, groupVersion schema.GroupVersion, defaultTLS bool) (*url.URL, string, error) { - if host == "" { - return nil, "", fmt.Errorf("host must be a URL or a host:port pair") - } - base := host - hostURL, err := url.Parse(base) - if err != nil || hostURL.Scheme == "" || hostURL.Host == "" { - scheme := "http://" - if defaultTLS { - scheme = "https://" - } - hostURL, err = url.Parse(scheme + base) - if err != nil { - return nil, "", err - } - if hostURL.Path != "" && hostURL.Path != "/" { - return nil, "", fmt.Errorf("host must be a URL or a host:port pair: %q", base) - } - } - - // hostURL.Path is optional; a non-empty Path is treated as a prefix that is to be applied to - // all URIs used to access the host. this is useful when there's a proxy in front of the - // apiserver that has relocated the apiserver endpoints, forwarding all requests from, for - // example, /a/b/c to the apiserver. in this case the Path should be /a/b/c. - // - // if running without a frontend proxy (that changes the location of the apiserver), then - // hostURL.Path should be blank. - // - // versionedAPIPath, a path relative to baseURL.Path, points to a versioned API base - versionedAPIPath := path.Join("/", apiPath) - - // Add the version to the end of the path - if len(groupVersion.Group) > 0 { - versionedAPIPath = path.Join(versionedAPIPath, groupVersion.Group, groupVersion.Version) - - } else { - versionedAPIPath = path.Join(versionedAPIPath, groupVersion.Version) - - } - - return hostURL, versionedAPIPath, nil -} - -// defaultServerUrlFor is shared between IsConfigTransportTLS and RESTClientFor. It -// requires Host and Version to be set prior to being called. -func defaultServerUrlFor(config *Config) (*url.URL, string, error) { - // TODO: move the default to secure when the apiserver supports TLS by default - // config.Insecure is taken to mean "I want HTTPS but don't bother checking the certs against a CA." - hasCA := len(config.CAFile) != 0 || len(config.CAData) != 0 - hasCert := len(config.CertFile) != 0 || len(config.CertData) != 0 - defaultTLS := hasCA || hasCert || config.Insecure - host := config.Host - if host == "" { - host = "localhost" - } - - if config.GroupVersion != nil { - return DefaultServerURL(host, config.APIPath, *config.GroupVersion, defaultTLS) - } - return DefaultServerURL(host, config.APIPath, schema.GroupVersion{}, defaultTLS) -} diff --git a/pkg/client/restclient/url_utils_test.go b/pkg/client/restclient/url_utils_test.go deleted file mode 100644 index fa99f72e5e5..00000000000 --- a/pkg/client/restclient/url_utils_test.go +++ /dev/null @@ -1,61 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "path" - "testing" - - "k8s.io/kubernetes/pkg/api" -) - -func TestValidatesHostParameter(t *testing.T) { - testCases := []struct { - Host string - APIPath string - - URL string - Err bool - }{ - {"127.0.0.1", "", "http://127.0.0.1/" + api.Registry.GroupOrDie(api.GroupName).GroupVersion.Version, false}, - {"127.0.0.1:8080", "", "http://127.0.0.1:8080/" + api.Registry.GroupOrDie(api.GroupName).GroupVersion.Version, false}, - {"foo.bar.com", "", "http://foo.bar.com/" + api.Registry.GroupOrDie(api.GroupName).GroupVersion.Version, false}, - {"http://host/prefix", "", "http://host/prefix/" + api.Registry.GroupOrDie(api.GroupName).GroupVersion.Version, false}, - {"http://host", "", "http://host/" + api.Registry.GroupOrDie(api.GroupName).GroupVersion.Version, false}, - {"http://host", "/", "http://host/" + api.Registry.GroupOrDie(api.GroupName).GroupVersion.Version, false}, - {"http://host", "/other", "http://host/other/" + api.Registry.GroupOrDie(api.GroupName).GroupVersion.Version, false}, - {"host/server", "", "", true}, - } - for i, testCase := range testCases { - u, versionedAPIPath, err := DefaultServerURL(testCase.Host, testCase.APIPath, api.Registry.GroupOrDie(api.GroupName).GroupVersion, false) - switch { - case err == nil && testCase.Err: - t.Errorf("expected error but was nil") - continue - case err != nil && !testCase.Err: - t.Errorf("unexpected error %v", err) - continue - case err != nil: - continue - } - u.Path = path.Join(u.Path, versionedAPIPath) - if e, a := testCase.URL, u.String(); e != a { - t.Errorf("%d: expected host %s, got %s", i, e, a) - continue - } - } -} diff --git a/pkg/client/restclient/urlbackoff.go b/pkg/client/restclient/urlbackoff.go deleted file mode 100644 index 246c70acc9d..00000000000 --- a/pkg/client/restclient/urlbackoff.go +++ /dev/null @@ -1,107 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "net/url" - "time" - - "github.com/golang/glog" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/client-go/pkg/util/flowcontrol" -) - -// Set of resp. Codes that we backoff for. -// In general these should be errors that indicate a server is overloaded. -// These shouldn't be configured by any user, we set them based on conventions -// described in -var serverIsOverloadedSet = sets.NewInt(429) -var maxResponseCode = 499 - -type BackoffManager interface { - UpdateBackoff(actualUrl *url.URL, err error, responseCode int) - CalculateBackoff(actualUrl *url.URL) time.Duration - Sleep(d time.Duration) -} - -// URLBackoff struct implements the semantics on top of Backoff which -// we need for URL specific exponential backoff. -type URLBackoff struct { - // Uses backoff as underlying implementation. - Backoff *flowcontrol.Backoff -} - -// NoBackoff is a stub implementation, can be used for mocking or else as a default. -type NoBackoff struct { -} - -func (n *NoBackoff) UpdateBackoff(actualUrl *url.URL, err error, responseCode int) { - // do nothing. -} - -func (n *NoBackoff) CalculateBackoff(actualUrl *url.URL) time.Duration { - return 0 * time.Second -} - -func (n *NoBackoff) Sleep(d time.Duration) { - time.Sleep(d) -} - -// Disable makes the backoff trivial, i.e., sets it to zero. This might be used -// by tests which want to run 1000s of mock requests without slowing down. -func (b *URLBackoff) Disable() { - glog.V(4).Infof("Disabling backoff strategy") - b.Backoff = flowcontrol.NewBackOff(0*time.Second, 0*time.Second) -} - -// baseUrlKey returns the key which urls will be mapped to. -// For example, 127.0.0.1:8080/api/v2/abcde -> 127.0.0.1:8080. -func (b *URLBackoff) baseUrlKey(rawurl *url.URL) string { - // Simple implementation for now, just the host. - // We may backoff specific paths (i.e. "pods") differentially - // in the future. - host, err := url.Parse(rawurl.String()) - if err != nil { - glog.V(4).Infof("Error extracting url: %v", rawurl) - panic("bad url!") - } - return host.Host -} - -// UpdateBackoff updates backoff metadata -func (b *URLBackoff) UpdateBackoff(actualUrl *url.URL, err error, responseCode int) { - // range for retry counts that we store is [0,13] - if responseCode > maxResponseCode || serverIsOverloadedSet.Has(responseCode) { - b.Backoff.Next(b.baseUrlKey(actualUrl), b.Backoff.Clock.Now()) - return - } else if responseCode >= 300 || err != nil { - glog.V(4).Infof("Client is returning errors: code %v, error %v", responseCode, err) - } - - //If we got this far, there is no backoff required for this URL anymore. - b.Backoff.Reset(b.baseUrlKey(actualUrl)) -} - -// CalculateBackoff takes a url and back's off exponentially, -// based on its knowledge of existing failures. -func (b *URLBackoff) CalculateBackoff(actualUrl *url.URL) time.Duration { - return b.Backoff.Get(b.baseUrlKey(actualUrl)) -} - -func (b *URLBackoff) Sleep(d time.Duration) { - b.Backoff.Clock.Sleep(d) -} diff --git a/pkg/client/restclient/urlbackoff_test.go b/pkg/client/restclient/urlbackoff_test.go deleted file mode 100644 index 0c4d9638166..00000000000 --- a/pkg/client/restclient/urlbackoff_test.go +++ /dev/null @@ -1,79 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "net/url" - "testing" - "time" - - "k8s.io/client-go/pkg/util/flowcontrol" -) - -func parse(raw string) *url.URL { - theUrl, _ := url.Parse(raw) - return theUrl -} - -func TestURLBackoffFunctionalityCollisions(t *testing.T) { - myBackoff := &URLBackoff{ - Backoff: flowcontrol.NewBackOff(1*time.Second, 60*time.Second), - } - - // Add some noise and make sure backoff for a clean URL is zero. - myBackoff.UpdateBackoff(parse("http://100.200.300.400:8080"), nil, 500) - - myBackoff.UpdateBackoff(parse("http://1.2.3.4:8080"), nil, 500) - - if myBackoff.CalculateBackoff(parse("http://1.2.3.4:100")) > 0 { - t.Errorf("URLs are colliding in the backoff map!") - } -} - -// TestURLBackoffFunctionality generally tests the URLBackoff wrapper. We avoid duplicating tests from backoff and request. -func TestURLBackoffFunctionality(t *testing.T) { - myBackoff := &URLBackoff{ - Backoff: flowcontrol.NewBackOff(1*time.Second, 60*time.Second), - } - - // Now test that backoff increases, then recovers. - // 200 and 300 should both result in clearing the backoff. - // all others like 429 should result in increased backoff. - seconds := []int{0, - 1, 2, 4, 8, 0, - 1, 2} - returnCodes := []int{ - 429, 500, 501, 502, 300, - 500, 501, 502, - } - - if len(seconds) != len(returnCodes) { - t.Fatalf("responseCode to backoff arrays should be the same length... sanity check failed.") - } - - for i, sec := range seconds { - backoffSec := myBackoff.CalculateBackoff(parse("http://1.2.3.4:100")) - if backoffSec < time.Duration(sec)*time.Second || backoffSec > time.Duration(sec+5)*time.Second { - t.Errorf("Backoff out of range %v: %v %v", i, sec, backoffSec) - } - myBackoff.UpdateBackoff(parse("http://1.2.3.4:100/responseCodeForFuncTest"), nil, returnCodes[i]) - } - - if myBackoff.CalculateBackoff(parse("http://1.2.3.4:100")) == 0 { - t.Errorf("The final return code %v should have resulted in a backoff ! ", returnCodes[7]) - } -} diff --git a/pkg/client/restclient/versions.go b/pkg/client/restclient/versions.go deleted file mode 100644 index 55b2ca08d93..00000000000 --- a/pkg/client/restclient/versions.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package restclient - -import ( - "encoding/json" - "fmt" - "net/http" - "path" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - legacyAPIPath = "/api" - defaultAPIPath = "/apis" -) - -// TODO: Is this obsoleted by the discovery client? - -// ServerAPIVersions returns the GroupVersions supported by the API server. -// It creates a RESTClient based on the passed in config, but it doesn't rely -// on the Version and Codec of the config, because it uses AbsPath and -// takes the raw response. -func ServerAPIVersions(c *Config) (groupVersions []string, err error) { - transport, err := TransportFor(c) - if err != nil { - return nil, err - } - client := http.Client{Transport: transport} - - configCopy := *c - configCopy.GroupVersion = nil - configCopy.APIPath = "" - baseURL, _, err := defaultServerUrlFor(&configCopy) - if err != nil { - return nil, err - } - // Get the groupVersions exposed at /api - originalPath := baseURL.Path - baseURL.Path = path.Join(originalPath, legacyAPIPath) - resp, err := client.Get(baseURL.String()) - if err != nil { - return nil, err - } - var v metav1.APIVersions - defer resp.Body.Close() - err = json.NewDecoder(resp.Body).Decode(&v) - if err != nil { - return nil, fmt.Errorf("unexpected error: %v", err) - } - - groupVersions = append(groupVersions, v.Versions...) - // Get the groupVersions exposed at /apis - baseURL.Path = path.Join(originalPath, defaultAPIPath) - resp2, err := client.Get(baseURL.String()) - if err != nil { - return nil, err - } - var apiGroupList metav1.APIGroupList - defer resp2.Body.Close() - err = json.NewDecoder(resp2.Body).Decode(&apiGroupList) - if err != nil { - return nil, fmt.Errorf("unexpected error: %v", err) - } - - for _, g := range apiGroupList.Groups { - for _, gv := range g.Versions { - groupVersions = append(groupVersions, gv.GroupVersion) - } - } - - return groupVersions, nil -} diff --git a/pkg/util/cert/BUILD b/pkg/util/cert/BUILD deleted file mode 100644 index 30a8d2ca7f7..00000000000 --- a/pkg/util/cert/BUILD +++ /dev/null @@ -1,46 +0,0 @@ -package(default_visibility = ["//visibility:public"]) - -licenses(["notice"]) - -load( - "@io_bazel_rules_go//go:def.bzl", - "go_library", - "go_test", -) - -go_library( - name = "go_default_library", - srcs = [ - "cert.go", - "csr.go", - "io.go", - "pem.go", - ], - tags = ["automanaged"], -) - -go_test( - name = "go_default_test", - srcs = ["csr_test.go"], - data = [ - "testdata/dontUseThisKey.pem", - ], - library = ":go_default_library", - tags = ["automanaged"], -) - -filegroup( - name = "package-srcs", - srcs = glob(["**"]), - tags = ["automanaged"], - visibility = ["//visibility:private"], -) - -filegroup( - name = "all-srcs", - srcs = [ - ":package-srcs", - "//pkg/util/cert/triple:all-srcs", - ], - tags = ["automanaged"], -) diff --git a/pkg/util/cert/cert.go b/pkg/util/cert/cert.go deleted file mode 100644 index 05664c927be..00000000000 --- a/pkg/util/cert/cert.go +++ /dev/null @@ -1,207 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cert - -import ( - "bytes" - "crypto/ecdsa" - "crypto/elliptic" - cryptorand "crypto/rand" - "crypto/rsa" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "fmt" - "math" - "math/big" - "net" - "time" -) - -const ( - rsaKeySize = 2048 - duration365d = time.Hour * 24 * 365 -) - -// Config containes the basic fields required for creating a certificate -type Config struct { - CommonName string - Organization []string - AltNames AltNames -} - -// AltNames contains the domain names and IP addresses that will be added -// to the API Server's x509 certificate SubAltNames field. The values will -// be passed directly to the x509.Certificate object. -type AltNames struct { - DNSNames []string - IPs []net.IP -} - -// NewPrivateKey creates an RSA private key -func NewPrivateKey() (*rsa.PrivateKey, error) { - return rsa.GenerateKey(cryptorand.Reader, rsaKeySize) -} - -// NewSelfSignedCACert creates a CA certificate -func NewSelfSignedCACert(cfg Config, key *rsa.PrivateKey) (*x509.Certificate, error) { - now := time.Now() - tmpl := x509.Certificate{ - SerialNumber: new(big.Int).SetInt64(0), - Subject: pkix.Name{ - CommonName: cfg.CommonName, - Organization: cfg.Organization, - }, - NotBefore: now.UTC(), - NotAfter: now.Add(duration365d * 10).UTC(), - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, - BasicConstraintsValid: true, - IsCA: true, - } - - certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &tmpl, &tmpl, key.Public(), key) - if err != nil { - return nil, err - } - return x509.ParseCertificate(certDERBytes) -} - -// NewSignedCert creates a signed certificate using the given CA certificate and key -func NewSignedCert(cfg Config, key *rsa.PrivateKey, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, error) { - serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64)) - if err != nil { - return nil, err - } - - certTmpl := x509.Certificate{ - Subject: pkix.Name{ - CommonName: cfg.CommonName, - Organization: cfg.Organization, - }, - DNSNames: cfg.AltNames.DNSNames, - IPAddresses: cfg.AltNames.IPs, - SerialNumber: serial, - NotBefore: caCert.NotBefore, - NotAfter: time.Now().Add(duration365d).UTC(), - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, - } - certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &certTmpl, caCert, key.Public(), caKey) - if err != nil { - return nil, err - } - return x509.ParseCertificate(certDERBytes) -} - -// MakeEllipticPrivateKeyPEM creates an ECDSA private key -func MakeEllipticPrivateKeyPEM() ([]byte, error) { - privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader) - if err != nil { - return nil, err - } - - derBytes, err := x509.MarshalECPrivateKey(privateKey) - if err != nil { - return nil, err - } - - privateKeyPemBlock := &pem.Block{ - Type: "EC PRIVATE KEY", - Bytes: derBytes, - } - return pem.EncodeToMemory(privateKeyPemBlock), nil -} - -// GenerateSelfSignedCertKey creates a self-signed certificate and key for the given host. -// Host may be an IP or a DNS name -// You may also specify additional subject alt names (either ip or dns names) for the certificate -func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error) { - priv, err := rsa.GenerateKey(cryptorand.Reader, 2048) - if err != nil { - return nil, nil, err - } - - template := x509.Certificate{ - SerialNumber: big.NewInt(1), - Subject: pkix.Name{ - CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()), - }, - NotBefore: time.Now(), - NotAfter: time.Now().Add(time.Hour * 24 * 365), - - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - BasicConstraintsValid: true, - IsCA: true, - } - - if ip := net.ParseIP(host); ip != nil { - template.IPAddresses = append(template.IPAddresses, ip) - } else { - template.DNSNames = append(template.DNSNames, host) - } - - template.IPAddresses = append(template.IPAddresses, alternateIPs...) - template.DNSNames = append(template.DNSNames, alternateDNS...) - - derBytes, err := x509.CreateCertificate(cryptorand.Reader, &template, &template, &priv.PublicKey, priv) - if err != nil { - return nil, nil, err - } - - // Generate cert - certBuffer := bytes.Buffer{} - if err := pem.Encode(&certBuffer, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil { - return nil, nil, err - } - - // Generate key - keyBuffer := bytes.Buffer{} - if err := pem.Encode(&keyBuffer, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}); err != nil { - return nil, nil, err - } - - return certBuffer.Bytes(), keyBuffer.Bytes(), nil -} - -// FormatBytesCert receives byte array certificate and formats in human-readable format -func FormatBytesCert(cert []byte) (string, error) { - block, _ := pem.Decode(cert) - c, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return "", fmt.Errorf("failed to parse certificate [%v]", err) - } - return FormatCert(c), nil -} - -// FormatCert receives certificate and formats in human-readable format -func FormatCert(c *x509.Certificate) string { - var ips []string - for _, ip := range c.IPAddresses { - ips = append(ips, ip.String()) - } - altNames := append(ips, c.DNSNames...) - res := fmt.Sprintf( - "Issuer: CN=%s | Subject: CN=%s | CA: %t\n", - c.Issuer.CommonName, c.Subject.CommonName, c.IsCA, - ) - res += fmt.Sprintf("Not before: %s Not After: %s", c.NotBefore, c.NotAfter) - if len(altNames) > 0 { - res += fmt.Sprintf("\nAlternate Names: %v", altNames) - } - return res -} diff --git a/pkg/util/cert/csr.go b/pkg/util/cert/csr.go deleted file mode 100644 index b20bb849bd0..00000000000 --- a/pkg/util/cert/csr.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cert - -import ( - cryptorand "crypto/rand" - "crypto/rsa" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "net" -) - -// MakeCSR generates a PEM-encoded CSR using the supplied private key, subject, and SANs. -// All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.) -func MakeCSR(privateKey interface{}, subject *pkix.Name, dnsSANs []string, ipSANs []net.IP) (csr []byte, err error) { - // Customize the signature for RSA keys, depending on the key size - var sigType x509.SignatureAlgorithm - if privateKey, ok := privateKey.(*rsa.PrivateKey); ok { - keySize := privateKey.N.BitLen() - switch { - case keySize >= 4096: - sigType = x509.SHA512WithRSA - case keySize >= 3072: - sigType = x509.SHA384WithRSA - default: - sigType = x509.SHA256WithRSA - } - } - - template := &x509.CertificateRequest{ - Subject: *subject, - SignatureAlgorithm: sigType, - DNSNames: dnsSANs, - IPAddresses: ipSANs, - } - - csr, err = x509.CreateCertificateRequest(cryptorand.Reader, template, privateKey) - if err != nil { - return nil, err - } - - csrPemBlock := &pem.Block{ - Type: "CERTIFICATE REQUEST", - Bytes: csr, - } - - return pem.EncodeToMemory(csrPemBlock), nil -} diff --git a/pkg/util/cert/io.go b/pkg/util/cert/io.go deleted file mode 100644 index c2bde8efdd0..00000000000 --- a/pkg/util/cert/io.go +++ /dev/null @@ -1,129 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cert - -import ( - "crypto/x509" - "fmt" - "io/ioutil" - "os" - "path/filepath" -) - -// CanReadCertAndKey returns true if the certificate and key files already exists, -// otherwise returns false. If lost one of cert and key, returns error. -func CanReadCertAndKey(certPath, keyPath string) (bool, error) { - certReadable := canReadFile(certPath) - keyReadable := canReadFile(keyPath) - - if certReadable == false && keyReadable == false { - return false, nil - } - - if certReadable == false { - return false, fmt.Errorf("error reading %s, certificate and key must be supplied as a pair", certPath) - } - - if keyReadable == false { - return false, fmt.Errorf("error reading %s, certificate and key must be supplied as a pair", keyPath) - } - - return true, nil -} - -// If the file represented by path exists and -// readable, returns true otherwise returns false. -func canReadFile(path string) bool { - f, err := os.Open(path) - if err != nil { - return false - } - - defer f.Close() - - return true -} - -// WriteCert writes the pem-encoded certificate data to certPath. -// The certificate file will be created with file mode 0644. -// If the certificate file already exists, it will be overwritten. -// The parent directory of the certPath will be created as needed with file mode 0755. -func WriteCert(certPath string, data []byte) error { - if err := os.MkdirAll(filepath.Dir(certPath), os.FileMode(0755)); err != nil { - return err - } - if err := ioutil.WriteFile(certPath, data, os.FileMode(0644)); err != nil { - return err - } - return nil -} - -// WriteKey writes the pem-encoded key data to keyPath. -// The key file will be created with file mode 0600. -// If the key file already exists, it will be overwritten. -// The parent directory of the keyPath will be created as needed with file mode 0755. -func WriteKey(keyPath string, data []byte) error { - if err := os.MkdirAll(filepath.Dir(keyPath), os.FileMode(0755)); err != nil { - return err - } - if err := ioutil.WriteFile(keyPath, data, os.FileMode(0600)); err != nil { - return err - } - return nil -} - -// NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file. -// Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates -func NewPool(filename string) (*x509.CertPool, error) { - certs, err := CertsFromFile(filename) - if err != nil { - return nil, err - } - pool := x509.NewCertPool() - for _, cert := range certs { - pool.AddCert(cert) - } - return pool, nil -} - -// CertsFromFile returns the x509.Certificates contained in the given PEM-encoded file. -// Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates -func CertsFromFile(file string) ([]*x509.Certificate, error) { - pemBlock, err := ioutil.ReadFile(file) - if err != nil { - return nil, err - } - certs, err := ParseCertsPEM(pemBlock) - if err != nil { - return nil, fmt.Errorf("error reading %s: %s", file, err) - } - return certs, nil -} - -// PrivateKeyFromFile returns the private key in rsa.PrivateKey or ecdsa.PrivateKey format from a given PEM-encoded file. -// Returns an error if the file could not be read or if the private key could not be parsed. -func PrivateKeyFromFile(file string) (interface{}, error) { - pemBlock, err := ioutil.ReadFile(file) - if err != nil { - return nil, err - } - key, err := ParsePrivateKeyPEM(pemBlock) - if err != nil { - return nil, fmt.Errorf("error reading %s: %v", file, err) - } - return key, nil -} diff --git a/pkg/util/cert/pem.go b/pkg/util/cert/pem.go deleted file mode 100644 index 59e602d2f1c..00000000000 --- a/pkg/util/cert/pem.go +++ /dev/null @@ -1,107 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cert - -import ( - "crypto/rsa" - "crypto/x509" - "encoding/pem" - "errors" - "fmt" -) - -// EncodePublicKeyPEM returns PEM-endcode public data -func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error) { - der, err := x509.MarshalPKIXPublicKey(key) - if err != nil { - return []byte{}, err - } - block := pem.Block{ - Type: "PUBLIC KEY", - Bytes: der, - } - return pem.EncodeToMemory(&block), nil -} - -// EncodePrivateKeyPEM returns PEM-encoded private key data -func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte { - block := pem.Block{ - Type: "RSA PRIVATE KEY", - Bytes: x509.MarshalPKCS1PrivateKey(key), - } - return pem.EncodeToMemory(&block) -} - -// EncodeCertPEM returns PEM-endcoded certificate data -func EncodeCertPEM(cert *x509.Certificate) []byte { - block := pem.Block{ - Type: "CERTIFICATE", - Bytes: cert.Raw, - } - return pem.EncodeToMemory(&block) -} - -// ParsePrivateKeyPEM returns a private key parsed from a PEM block in the supplied data. -// Recognizes PEM blocks for "EC PRIVATE KEY" and "RSA PRIVATE KEY" -func ParsePrivateKeyPEM(keyData []byte) (interface{}, error) { - for { - var privateKeyPemBlock *pem.Block - privateKeyPemBlock, keyData = pem.Decode(keyData) - if privateKeyPemBlock == nil { - // we read all the PEM blocks and didn't recognize one - return nil, fmt.Errorf("no private key PEM block found") - } - - switch privateKeyPemBlock.Type { - case "EC PRIVATE KEY": - return x509.ParseECPrivateKey(privateKeyPemBlock.Bytes) - case "RSA PRIVATE KEY": - return x509.ParsePKCS1PrivateKey(privateKeyPemBlock.Bytes) - } - } -} - -// ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array -// Returns an error if a certificate could not be parsed, or if the data does not contain any certificates -func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error) { - ok := false - certs := []*x509.Certificate{} - for len(pemCerts) > 0 { - var block *pem.Block - block, pemCerts = pem.Decode(pemCerts) - if block == nil { - break - } - // Only use PEM "CERTIFICATE" blocks without extra headers - if block.Type != "CERTIFICATE" || len(block.Headers) != 0 { - continue - } - - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return certs, err - } - - certs = append(certs, cert) - ok = true - } - - if !ok { - return certs, errors.New("could not read any certificates") - } - return certs, nil -} diff --git a/pkg/util/testing/BUILD b/pkg/util/testing/BUILD deleted file mode 100644 index ea8679ada66..00000000000 --- a/pkg/util/testing/BUILD +++ /dev/null @@ -1,38 +0,0 @@ -package(default_visibility = ["//visibility:public"]) - -licenses(["notice"]) - -load( - "@io_bazel_rules_go//go:def.bzl", - "go_library", - "go_test", -) - -go_library( - name = "go_default_library", - srcs = [ - "fake_handler.go", - "tmpdir.go", - ], - tags = ["automanaged"], -) - -go_test( - name = "go_default_test", - srcs = ["fake_handler_test.go"], - library = ":go_default_library", - tags = ["automanaged"], -) - -filegroup( - name = "package-srcs", - srcs = glob(["**"]), - tags = ["automanaged"], - visibility = ["//visibility:private"], -) - -filegroup( - name = "all-srcs", - srcs = [":package-srcs"], - tags = ["automanaged"], -) diff --git a/pkg/util/testing/fake_handler.go b/pkg/util/testing/fake_handler.go deleted file mode 100644 index 6790cfd8ce0..00000000000 --- a/pkg/util/testing/fake_handler.go +++ /dev/null @@ -1,139 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package testing - -import ( - "io/ioutil" - "net/http" - "net/url" - "reflect" - "sync" -) - -// TestInterface is a simple interface providing Errorf, to make injection for -// testing easier (insert 'yo dawg' meme here). -type TestInterface interface { - Errorf(format string, args ...interface{}) - Logf(format string, args ...interface{}) -} - -// LogInterface is a simple interface to allow injection of Logf to report serving errors. -type LogInterface interface { - Logf(format string, args ...interface{}) -} - -// FakeHandler is to assist in testing HTTP requests. Notice that FakeHandler is -// not thread safe and you must not direct traffic to except for the request -// you want to test. You can do this by hiding it in an http.ServeMux. -type FakeHandler struct { - RequestReceived *http.Request - RequestBody string - StatusCode int - ResponseBody string - // For logging - you can use a *testing.T - // This will keep log messages associated with the test. - T LogInterface - - // Enforce "only one use" constraint. - lock sync.Mutex - requestCount int - hasBeenChecked bool - - SkipRequestFn func(verb string, url url.URL) bool -} - -func (f *FakeHandler) SetResponseBody(responseBody string) { - f.lock.Lock() - defer f.lock.Unlock() - f.ResponseBody = responseBody -} - -func (f *FakeHandler) ServeHTTP(response http.ResponseWriter, request *http.Request) { - f.lock.Lock() - defer f.lock.Unlock() - - if f.SkipRequestFn != nil && f.SkipRequestFn(request.Method, *request.URL) { - response.Header().Set("Content-Type", "application/json") - response.WriteHeader(f.StatusCode) - response.Write([]byte(f.ResponseBody)) - return - } - - f.requestCount++ - if f.hasBeenChecked { - panic("got request after having been validated") - } - - f.RequestReceived = request - response.Header().Set("Content-Type", "application/json") - response.WriteHeader(f.StatusCode) - response.Write([]byte(f.ResponseBody)) - - bodyReceived, err := ioutil.ReadAll(request.Body) - if err != nil && f.T != nil { - f.T.Logf("Received read error: %v", err) - } - f.RequestBody = string(bodyReceived) - if f.T != nil { - f.T.Logf("request body: %s", f.RequestBody) - } -} - -func (f *FakeHandler) ValidateRequestCount(t TestInterface, count int) bool { - ok := true - f.lock.Lock() - defer f.lock.Unlock() - if f.requestCount != count { - ok = false - t.Errorf("Expected %d call, but got %d. Only the last call is recorded and checked.", count, f.requestCount) - } - f.hasBeenChecked = true - return ok -} - -// ValidateRequest verifies that FakeHandler received a request with expected path, method, and body. -func (f *FakeHandler) ValidateRequest(t TestInterface, expectedPath, expectedMethod string, body *string) { - f.lock.Lock() - defer f.lock.Unlock() - if f.requestCount != 1 { - t.Logf("Expected 1 call, but got %v. Only the last call is recorded and checked.", f.requestCount) - } - f.hasBeenChecked = true - - expectURL, err := url.Parse(expectedPath) - if err != nil { - t.Errorf("Couldn't parse %v as a URL.", expectedPath) - } - if f.RequestReceived == nil { - t.Errorf("Unexpected nil request received for %s", expectedPath) - return - } - if f.RequestReceived.URL.Path != expectURL.Path { - t.Errorf("Unexpected request path for request %#v, received: %q, expected: %q", f.RequestReceived, f.RequestReceived.URL.Path, expectURL.Path) - } - if e, a := expectURL.Query(), f.RequestReceived.URL.Query(); !reflect.DeepEqual(e, a) { - t.Errorf("Unexpected query for request %#v, received: %q, expected: %q", f.RequestReceived, a, e) - } - if f.RequestReceived.Method != expectedMethod { - t.Errorf("Unexpected method: %q, expected: %q", f.RequestReceived.Method, expectedMethod) - } - if body != nil { - if *body != f.RequestBody { - t.Errorf("Received body:\n%s\n Doesn't match expected body:\n%s", f.RequestBody, *body) - } - } -} diff --git a/pkg/util/testing/tmpdir.go b/pkg/util/testing/tmpdir.go deleted file mode 100644 index 3b2d885fce3..00000000000 --- a/pkg/util/testing/tmpdir.go +++ /dev/null @@ -1,44 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package testing - -import ( - "io/ioutil" - "os" -) - -// MkTmpdir creates a temporary directory based upon the prefix passed in. -// If successful, it returns the temporary directory path. The directory can be -// deleted with a call to "os.RemoveAll(...)". -// In case of error, it'll return an empty string and the error. -func MkTmpdir(prefix string) (string, error) { - tmpDir, err := ioutil.TempDir(os.TempDir(), prefix) - if err != nil { - return "", err - } - return tmpDir, nil -} - -// MkTmpdir does the same work as "MkTmpdir", except in case of -// errors, it'll trigger a panic. -func MkTmpdirOrDie(prefix string) string { - tmpDir, err := MkTmpdir(prefix) - if err != nil { - panic(err) - } - return tmpDir -} diff --git a/staging/copy.sh b/staging/copy.sh index a06a91d5afa..73c6913404a 100755 --- a/staging/copy.sh +++ b/staging/copy.sh @@ -70,11 +70,16 @@ function save() { # save everything for which the staging directory is the source of truth save "transport" +save "tools/metrics" save "tools/clientcmd/api" -save "rest/watch" +save "rest" +# remove the rest/fake until we're authoritative for it (need to update for registry) +rm -rf ${CLIENT_REPO_TEMP}/rest/fake +save "pkg/util/cert" save "pkg/util/clock" -save "pkg/util/integer" save "pkg/util/flowcontrol" +save "pkg/util/integer" +save "pkg/util/testing" @@ -90,7 +95,7 @@ mkcp "/pkg/client/record" "/pkg/client" mkcp "/pkg/client/cache" "/pkg/client" # TODO: make this test file not depending on pkg/client/unversioned rm "${CLIENT_REPO_TEMP}"/pkg/client/cache/listwatch_test.go -mkcp "/pkg/client/restclient" "/pkg/client" +mkcp "/pkg/client/restclient/fake" "/pkg/client/restclient" mkcp "/pkg/client/testing" "/pkg/client" # remove this test because it imports the internal clientset rm "${CLIENT_REPO_TEMP}"/pkg/client/testing/core/fake_test.go @@ -147,8 +152,6 @@ find "${CLIENT_REPO_TEMP}"/pkg/client/record -type f -name "*.go" -print0 | xarg # gofmt the changed files echo "rewrite conflicting Prometheus registration" -sed -i "s/request_latency_microseconds/request_latency_microseconds_copy/g" "${CLIENT_REPO_TEMP}"/pkg/client/metrics/metrics.go -sed -i "s/request_status_codes/request_status_codes_copy/g" "${CLIENT_REPO_TEMP}"/pkg/client/metrics/metrics.go sed -i "s/kubernetes_build_info/kubernetes_build_info_copy/g" "${CLIENT_REPO_TEMP}"/pkg/version/version.go echo "rewrite proto names in proto.RegisterType" @@ -191,12 +194,11 @@ mvfolder "pkg/client/clientset_generated/${CLIENTSET}" kubernetes mvfolder pkg/client/typed/discovery discovery mvfolder pkg/client/typed/dynamic dynamic mvfolder pkg/client/record tools/record -mvfolder pkg/client/restclient rest +mvfolder pkg/client/restclient/fake rest/fake mvfolder pkg/client/cache tools/cache mvfolder pkg/client/unversioned/auth tools/auth mvfolder pkg/client/unversioned/clientcmd tools/clientcmd mvfolder pkg/client/unversioned/portforward tools/portforward -mvfolder pkg/client/metrics tools/metrics mvfolder pkg/client/testing/core testing mvfolder pkg/client/testing/cache tools/cache/testing mvfolder cmd/kubeadm/app/apis/kubeadm pkg/apis/kubeadm diff --git a/pkg/util/cert/csr_test.go b/staging/src/k8s.io/client-go/pkg/util/cert/csr_test.go similarity index 100% rename from pkg/util/cert/csr_test.go rename to staging/src/k8s.io/client-go/pkg/util/cert/csr_test.go diff --git a/pkg/util/cert/testdata/dontUseThisKey.pem b/staging/src/k8s.io/client-go/pkg/util/cert/testdata/dontUseThisKey.pem similarity index 100% rename from pkg/util/cert/testdata/dontUseThisKey.pem rename to staging/src/k8s.io/client-go/pkg/util/cert/testdata/dontUseThisKey.pem diff --git a/pkg/util/cert/triple/BUILD b/staging/src/k8s.io/client-go/pkg/util/cert/triple/BUILD similarity index 100% rename from pkg/util/cert/triple/BUILD rename to staging/src/k8s.io/client-go/pkg/util/cert/triple/BUILD diff --git a/pkg/util/cert/triple/triple.go b/staging/src/k8s.io/client-go/pkg/util/cert/triple/triple.go similarity index 100% rename from pkg/util/cert/triple/triple.go rename to staging/src/k8s.io/client-go/pkg/util/cert/triple/triple.go diff --git a/staging/src/k8s.io/client-go/pkg/util/clock/clock_test.go b/staging/src/k8s.io/client-go/pkg/util/clock/clock_test.go new file mode 100644 index 00000000000..27d34605f50 --- /dev/null +++ b/staging/src/k8s.io/client-go/pkg/util/clock/clock_test.go @@ -0,0 +1,184 @@ +/* +Copyright 2015 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package clock + +import ( + "testing" + "time" +) + +func TestFakeClock(t *testing.T) { + startTime := time.Now() + tc := NewFakeClock(startTime) + tc.Step(time.Second) + now := tc.Now() + if now.Sub(startTime) != time.Second { + t.Errorf("input: %s now=%s gap=%s expected=%s", startTime, now, now.Sub(startTime), time.Second) + } + + tt := tc.Now() + tc.SetTime(tt.Add(time.Hour)) + if tc.Now().Sub(tt) != time.Hour { + t.Errorf("input: %s now=%s gap=%s expected=%s", tt, tc.Now(), tc.Now().Sub(tt), time.Hour) + } +} + +func TestFakeClockSleep(t *testing.T) { + startTime := time.Now() + tc := NewFakeClock(startTime) + tc.Sleep(time.Duration(1) * time.Hour) + now := tc.Now() + if now.Sub(startTime) != time.Hour { + t.Errorf("Fake sleep failed, expected time to advance by one hour, instead, its %v", now.Sub(startTime)) + } +} + +func TestFakeAfter(t *testing.T) { + tc := NewFakeClock(time.Now()) + if tc.HasWaiters() { + t.Errorf("unexpected waiter?") + } + oneSec := tc.After(time.Second) + if !tc.HasWaiters() { + t.Errorf("unexpected lack of waiter?") + } + + oneOhOneSec := tc.After(time.Second + time.Millisecond) + twoSec := tc.After(2 * time.Second) + select { + case <-oneSec: + t.Errorf("unexpected channel read") + case <-oneOhOneSec: + t.Errorf("unexpected channel read") + case <-twoSec: + t.Errorf("unexpected channel read") + default: + } + + tc.Step(999 * time.Millisecond) + select { + case <-oneSec: + t.Errorf("unexpected channel read") + case <-oneOhOneSec: + t.Errorf("unexpected channel read") + case <-twoSec: + t.Errorf("unexpected channel read") + default: + } + + tc.Step(time.Millisecond) + select { + case <-oneSec: + // Expected! + case <-oneOhOneSec: + t.Errorf("unexpected channel read") + case <-twoSec: + t.Errorf("unexpected channel read") + default: + t.Errorf("unexpected non-channel read") + } + tc.Step(time.Millisecond) + select { + case <-oneSec: + // should not double-trigger! + t.Errorf("unexpected channel read") + case <-oneOhOneSec: + // Expected! + case <-twoSec: + t.Errorf("unexpected channel read") + default: + t.Errorf("unexpected non-channel read") + } +} + +func TestFakeTick(t *testing.T) { + tc := NewFakeClock(time.Now()) + if tc.HasWaiters() { + t.Errorf("unexpected waiter?") + } + oneSec := tc.Tick(time.Second) + if !tc.HasWaiters() { + t.Errorf("unexpected lack of waiter?") + } + + oneOhOneSec := tc.Tick(time.Second + time.Millisecond) + twoSec := tc.Tick(2 * time.Second) + select { + case <-oneSec: + t.Errorf("unexpected channel read") + case <-oneOhOneSec: + t.Errorf("unexpected channel read") + case <-twoSec: + t.Errorf("unexpected channel read") + default: + } + + tc.Step(999 * time.Millisecond) // t=.999 + select { + case <-oneSec: + t.Errorf("unexpected channel read") + case <-oneOhOneSec: + t.Errorf("unexpected channel read") + case <-twoSec: + t.Errorf("unexpected channel read") + default: + } + + tc.Step(time.Millisecond) // t=1.000 + select { + case <-oneSec: + // Expected! + case <-oneOhOneSec: + t.Errorf("unexpected channel read") + case <-twoSec: + t.Errorf("unexpected channel read") + default: + t.Errorf("unexpected non-channel read") + } + tc.Step(time.Millisecond) // t=1.001 + select { + case <-oneSec: + // should not double-trigger! + t.Errorf("unexpected channel read") + case <-oneOhOneSec: + // Expected! + case <-twoSec: + t.Errorf("unexpected channel read") + default: + t.Errorf("unexpected non-channel read") + } + + tc.Step(time.Second) // t=2.001 + tc.Step(time.Second) // t=3.001 + tc.Step(time.Second) // t=4.001 + tc.Step(time.Second) // t=5.001 + + // The one second ticker should not accumulate ticks + accumulatedTicks := 0 + drained := false + for !drained { + select { + case <-oneSec: + accumulatedTicks++ + default: + drained = true + } + } + if accumulatedTicks != 1 { + t.Errorf("unexpected number of accumulated ticks: %d", accumulatedTicks) + } +} diff --git a/staging/src/k8s.io/client-go/pkg/util/flowcontrol/backoff_test.go b/staging/src/k8s.io/client-go/pkg/util/flowcontrol/backoff_test.go new file mode 100644 index 00000000000..df663221d82 --- /dev/null +++ b/staging/src/k8s.io/client-go/pkg/util/flowcontrol/backoff_test.go @@ -0,0 +1,195 @@ +/* +Copyright 2015 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package flowcontrol + +import ( + "testing" + "time" + + "k8s.io/kubernetes/pkg/util/clock" +) + +func TestSlowBackoff(t *testing.T) { + id := "_idSlow" + tc := clock.NewFakeClock(time.Now()) + step := time.Second + maxDuration := 50 * step + + b := NewFakeBackOff(step, maxDuration, tc) + cases := []time.Duration{0, 1, 2, 4, 8, 16, 32, 50, 50, 50} + for ix, c := range cases { + tc.Step(step) + w := b.Get(id) + if w != c*step { + t.Errorf("input: '%d': expected %s, got %s", ix, c*step, w) + } + b.Next(id, tc.Now()) + } + + //Now confirm that the Reset cancels backoff. + b.Next(id, tc.Now()) + b.Reset(id) + if b.Get(id) != 0 { + t.Errorf("Reset didn't clear the backoff.") + } + +} + +func TestBackoffReset(t *testing.T) { + id := "_idReset" + tc := clock.NewFakeClock(time.Now()) + step := time.Second + maxDuration := step * 5 + b := NewFakeBackOff(step, maxDuration, tc) + startTime := tc.Now() + + // get to backoff = maxDuration + for i := 0; i <= int(maxDuration/step); i++ { + tc.Step(step) + b.Next(id, tc.Now()) + } + + // backoff should be capped at maxDuration + if !b.IsInBackOffSince(id, tc.Now()) { + t.Errorf("expected to be in Backoff got %s", b.Get(id)) + } + + lastUpdate := tc.Now() + tc.Step(2*maxDuration + step) // time += 11s, 11 > 2*maxDuration + if b.IsInBackOffSince(id, lastUpdate) { + t.Errorf("expected to not be in Backoff after reset (start=%s, now=%s, lastUpdate=%s), got %s", startTime, tc.Now(), lastUpdate, b.Get(id)) + } +} + +func TestBackoffHightWaterMark(t *testing.T) { + id := "_idHiWaterMark" + tc := clock.NewFakeClock(time.Now()) + step := time.Second + maxDuration := 5 * step + b := NewFakeBackOff(step, maxDuration, tc) + + // get to backoff = maxDuration + for i := 0; i <= int(maxDuration/step); i++ { + tc.Step(step) + b.Next(id, tc.Now()) + } + + // backoff high watermark expires after 2*maxDuration + tc.Step(maxDuration + step) + b.Next(id, tc.Now()) + + if b.Get(id) != maxDuration { + t.Errorf("expected Backoff to stay at high watermark %s got %s", maxDuration, b.Get(id)) + } +} + +func TestBackoffGC(t *testing.T) { + id := "_idGC" + tc := clock.NewFakeClock(time.Now()) + step := time.Second + maxDuration := 5 * step + + b := NewFakeBackOff(step, maxDuration, tc) + + for i := 0; i <= int(maxDuration/step); i++ { + tc.Step(step) + b.Next(id, tc.Now()) + } + lastUpdate := tc.Now() + tc.Step(maxDuration + step) + b.GC() + _, found := b.perItemBackoff[id] + if !found { + t.Errorf("expected GC to skip entry, elapsed time=%s maxDuration=%s", tc.Now().Sub(lastUpdate), maxDuration) + } + + tc.Step(maxDuration + step) + b.GC() + r, found := b.perItemBackoff[id] + if found { + t.Errorf("expected GC of entry after %s got entry %v", tc.Now().Sub(lastUpdate), r) + } +} + +func TestIsInBackOffSinceUpdate(t *testing.T) { + id := "_idIsInBackOffSinceUpdate" + tc := clock.NewFakeClock(time.Now()) + step := time.Second + maxDuration := 10 * step + b := NewFakeBackOff(step, maxDuration, tc) + startTime := tc.Now() + + cases := []struct { + tick time.Duration + inBackOff bool + value int + }{ + {tick: 0, inBackOff: false, value: 0}, + {tick: 1, inBackOff: false, value: 1}, + {tick: 2, inBackOff: true, value: 2}, + {tick: 3, inBackOff: false, value: 2}, + {tick: 4, inBackOff: true, value: 4}, + {tick: 5, inBackOff: true, value: 4}, + {tick: 6, inBackOff: true, value: 4}, + {tick: 7, inBackOff: false, value: 4}, + {tick: 8, inBackOff: true, value: 8}, + {tick: 9, inBackOff: true, value: 8}, + {tick: 10, inBackOff: true, value: 8}, + {tick: 11, inBackOff: true, value: 8}, + {tick: 12, inBackOff: true, value: 8}, + {tick: 13, inBackOff: true, value: 8}, + {tick: 14, inBackOff: true, value: 8}, + {tick: 15, inBackOff: false, value: 8}, + {tick: 16, inBackOff: true, value: 10}, + {tick: 17, inBackOff: true, value: 10}, + {tick: 18, inBackOff: true, value: 10}, + {tick: 19, inBackOff: true, value: 10}, + {tick: 20, inBackOff: true, value: 10}, + {tick: 21, inBackOff: true, value: 10}, + {tick: 22, inBackOff: true, value: 10}, + {tick: 23, inBackOff: true, value: 10}, + {tick: 24, inBackOff: true, value: 10}, + {tick: 25, inBackOff: false, value: 10}, + {tick: 26, inBackOff: true, value: 10}, + {tick: 27, inBackOff: true, value: 10}, + {tick: 28, inBackOff: true, value: 10}, + {tick: 29, inBackOff: true, value: 10}, + {tick: 30, inBackOff: true, value: 10}, + {tick: 31, inBackOff: true, value: 10}, + {tick: 32, inBackOff: true, value: 10}, + {tick: 33, inBackOff: true, value: 10}, + {tick: 34, inBackOff: true, value: 10}, + {tick: 35, inBackOff: false, value: 10}, + {tick: 56, inBackOff: false, value: 0}, + {tick: 57, inBackOff: false, value: 1}, + } + + for _, c := range cases { + tc.SetTime(startTime.Add(c.tick * step)) + if c.inBackOff != b.IsInBackOffSinceUpdate(id, tc.Now()) { + t.Errorf("expected IsInBackOffSinceUpdate %v got %v at tick %s", c.inBackOff, b.IsInBackOffSinceUpdate(id, tc.Now()), c.tick*step) + } + + if c.inBackOff && (time.Duration(c.value)*step != b.Get(id)) { + t.Errorf("expected backoff value=%s got %s at tick %s", time.Duration(c.value)*step, b.Get(id), c.tick*step) + } + + if !c.inBackOff { + b.Next(id, tc.Now()) + } + } +} diff --git a/staging/src/k8s.io/client-go/pkg/util/flowcontrol/throttle_test.go b/staging/src/k8s.io/client-go/pkg/util/flowcontrol/throttle_test.go new file mode 100644 index 00000000000..642020fe4b1 --- /dev/null +++ b/staging/src/k8s.io/client-go/pkg/util/flowcontrol/throttle_test.go @@ -0,0 +1,177 @@ +/* +Copyright 2014 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package flowcontrol + +import ( + "math" + "sync" + "testing" + "time" +) + +func TestMultithreadedThrottling(t *testing.T) { + // Bucket with 100QPS and no burst + r := NewTokenBucketRateLimiter(100, 1) + + // channel to collect 100 tokens + taken := make(chan bool, 100) + + // Set up goroutines to hammer the throttler + startCh := make(chan bool) + endCh := make(chan bool) + for i := 0; i < 10; i++ { + go func() { + // wait for the starting signal + <-startCh + for { + // get a token + r.Accept() + select { + // try to add it to the taken channel + case taken <- true: + continue + // if taken is full, notify and return + default: + endCh <- true + return + } + } + }() + } + + // record wall time + startTime := time.Now() + // take the initial capacity so all tokens are the result of refill + r.Accept() + // start the thundering herd + close(startCh) + // wait for the first signal that we collected 100 tokens + <-endCh + // record wall time + endTime := time.Now() + + // tolerate a 1% clock change because these things happen + if duration := endTime.Sub(startTime); duration < (time.Second * 99 / 100) { + // We shouldn't be able to get 100 tokens out of the bucket in less than 1 second of wall clock time, no matter what + t.Errorf("Expected it to take at least 1 second to get 100 tokens, took %v", duration) + } else { + t.Logf("Took %v to get 100 tokens", duration) + } +} + +func TestBasicThrottle(t *testing.T) { + r := NewTokenBucketRateLimiter(1, 3) + for i := 0; i < 3; i++ { + if !r.TryAccept() { + t.Error("unexpected false accept") + } + } + if r.TryAccept() { + t.Error("unexpected true accept") + } +} + +func TestIncrementThrottle(t *testing.T) { + r := NewTokenBucketRateLimiter(1, 1) + if !r.TryAccept() { + t.Error("unexpected false accept") + } + if r.TryAccept() { + t.Error("unexpected true accept") + } + + // Allow to refill + time.Sleep(2 * time.Second) + + if !r.TryAccept() { + t.Error("unexpected false accept") + } +} + +func TestThrottle(t *testing.T) { + r := NewTokenBucketRateLimiter(10, 5) + + // Should consume 5 tokens immediately, then + // the remaining 11 should take at least 1 second (0.1s each) + expectedFinish := time.Now().Add(time.Second * 1) + for i := 0; i < 16; i++ { + r.Accept() + } + if time.Now().Before(expectedFinish) { + t.Error("rate limit was not respected, finished too early") + } +} + +func TestRateLimiterSaturation(t *testing.T) { + const e = 0.000001 + tests := []struct { + capacity int + take int + + expectedSaturation float64 + }{ + {1, 1, 1}, + {10, 3, 0.3}, + } + for i, tt := range tests { + rl := NewTokenBucketRateLimiter(1, tt.capacity) + for i := 0; i < tt.take; i++ { + rl.Accept() + } + if math.Abs(rl.Saturation()-tt.expectedSaturation) > e { + t.Fatalf("#%d: Saturation rate difference isn't within tolerable range\n want=%f, get=%f", + i, tt.expectedSaturation, rl.Saturation()) + } + } +} + +func TestAlwaysFake(t *testing.T) { + rl := NewFakeAlwaysRateLimiter() + if !rl.TryAccept() { + t.Error("TryAccept in AlwaysFake should return true.") + } + // If this will block the test will timeout + rl.Accept() +} + +func TestNeverFake(t *testing.T) { + rl := NewFakeNeverRateLimiter() + if rl.TryAccept() { + t.Error("TryAccept in NeverFake should return false.") + } + + finished := false + wg := sync.WaitGroup{} + wg.Add(1) + go func() { + rl.Accept() + finished = true + wg.Done() + }() + + // Wait some time to make sure it never finished. + time.Sleep(time.Second) + if finished { + t.Error("Accept should block forever in NeverFake.") + } + + rl.Stop() + wg.Wait() + if !finished { + t.Error("Stop should make Accept unblock in NeverFake.") + } +} diff --git a/staging/src/k8s.io/client-go/pkg/util/integer/integer_test.go b/staging/src/k8s.io/client-go/pkg/util/integer/integer_test.go new file mode 100644 index 00000000000..e9f586888c1 --- /dev/null +++ b/staging/src/k8s.io/client-go/pkg/util/integer/integer_test.go @@ -0,0 +1,244 @@ +/* +Copyright 2016 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package integer + +import "testing" + +func TestIntMax(t *testing.T) { + tests := []struct { + nums []int + expectedMax int + }{ + { + nums: []int{-1, 0}, + expectedMax: 0, + }, + { + nums: []int{-1, -2}, + expectedMax: -1, + }, + { + nums: []int{0, 1}, + expectedMax: 1, + }, + { + nums: []int{1, 2}, + expectedMax: 2, + }, + } + + for i, test := range tests { + t.Logf("executing scenario %d", i) + if max := IntMax(test.nums[0], test.nums[1]); max != test.expectedMax { + t.Errorf("expected %v, got %v", test.expectedMax, max) + } + } +} + +func TestIntMin(t *testing.T) { + tests := []struct { + nums []int + expectedMin int + }{ + { + nums: []int{-1, 0}, + expectedMin: -1, + }, + { + nums: []int{-1, -2}, + expectedMin: -2, + }, + { + nums: []int{0, 1}, + expectedMin: 0, + }, + { + nums: []int{1, 2}, + expectedMin: 1, + }, + } + + for i, test := range tests { + t.Logf("executing scenario %d", i) + if min := IntMin(test.nums[0], test.nums[1]); min != test.expectedMin { + t.Errorf("expected %v, got %v", test.expectedMin, min) + } + } +} + +func TestInt32Max(t *testing.T) { + tests := []struct { + nums []int32 + expectedMax int32 + }{ + { + nums: []int32{-1, 0}, + expectedMax: 0, + }, + { + nums: []int32{-1, -2}, + expectedMax: -1, + }, + { + nums: []int32{0, 1}, + expectedMax: 1, + }, + { + nums: []int32{1, 2}, + expectedMax: 2, + }, + } + + for i, test := range tests { + t.Logf("executing scenario %d", i) + if max := Int32Max(test.nums[0], test.nums[1]); max != test.expectedMax { + t.Errorf("expected %v, got %v", test.expectedMax, max) + } + } +} + +func TestInt32Min(t *testing.T) { + tests := []struct { + nums []int32 + expectedMin int32 + }{ + { + nums: []int32{-1, 0}, + expectedMin: -1, + }, + { + nums: []int32{-1, -2}, + expectedMin: -2, + }, + { + nums: []int32{0, 1}, + expectedMin: 0, + }, + { + nums: []int32{1, 2}, + expectedMin: 1, + }, + } + + for i, test := range tests { + t.Logf("executing scenario %d", i) + if min := Int32Min(test.nums[0], test.nums[1]); min != test.expectedMin { + t.Errorf("expected %v, got %v", test.expectedMin, min) + } + } +} + +func TestInt64Max(t *testing.T) { + tests := []struct { + nums []int64 + expectedMax int64 + }{ + { + nums: []int64{-1, 0}, + expectedMax: 0, + }, + { + nums: []int64{-1, -2}, + expectedMax: -1, + }, + { + nums: []int64{0, 1}, + expectedMax: 1, + }, + { + nums: []int64{1, 2}, + expectedMax: 2, + }, + } + + for i, test := range tests { + t.Logf("executing scenario %d", i) + if max := Int64Max(test.nums[0], test.nums[1]); max != test.expectedMax { + t.Errorf("expected %v, got %v", test.expectedMax, max) + } + } +} + +func TestInt64Min(t *testing.T) { + tests := []struct { + nums []int64 + expectedMin int64 + }{ + { + nums: []int64{-1, 0}, + expectedMin: -1, + }, + { + nums: []int64{-1, -2}, + expectedMin: -2, + }, + { + nums: []int64{0, 1}, + expectedMin: 0, + }, + { + nums: []int64{1, 2}, + expectedMin: 1, + }, + } + + for i, test := range tests { + t.Logf("executing scenario %d", i) + if min := Int64Min(test.nums[0], test.nums[1]); min != test.expectedMin { + t.Errorf("expected %v, got %v", test.expectedMin, min) + } + } +} + +func TestRoundToInt32(t *testing.T) { + tests := []struct { + num float64 + exp int32 + }{ + { + num: 5.5, + exp: 6, + }, + { + num: -3.7, + exp: -4, + }, + { + num: 3.49, + exp: 3, + }, + { + num: -7.9, + exp: -8, + }, + { + num: -4.499999, + exp: -4, + }, + { + num: 0, + exp: 0, + }, + } + + for i, test := range tests { + t.Logf("executing scenario %d", i) + if got := RoundToInt32(test.num); got != test.exp { + t.Errorf("expected %d, got %d", test.exp, got) + } + } +} diff --git a/pkg/util/testing/fake_handler_test.go b/staging/src/k8s.io/client-go/pkg/util/testing/fake_handler_test.go similarity index 100% rename from pkg/util/testing/fake_handler_test.go rename to staging/src/k8s.io/client-go/pkg/util/testing/fake_handler_test.go diff --git a/staging/src/k8s.io/client-go/rest/request.go b/staging/src/k8s.io/client-go/rest/request.go index 166366618a3..875dd6c7f3f 100644 --- a/staging/src/k8s.io/client-go/rest/request.go +++ b/staging/src/k8s.io/client-go/rest/request.go @@ -44,7 +44,6 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/pkg/api/v1" - pathvalidation "k8s.io/client-go/pkg/api/validation/path" "k8s.io/client-go/pkg/util/flowcontrol" restclientwatch "k8s.io/client-go/rest/watch" "k8s.io/client-go/tools/metrics" @@ -179,7 +178,7 @@ func (r *Request) Resource(resource string) *Request { r.err = fmt.Errorf("resource already set to %q, cannot change to %q", r.resource, resource) return r } - if msgs := pathvalidation.IsValidPathSegmentName(resource); len(msgs) != 0 { + if msgs := IsValidPathSegmentName(resource); len(msgs) != 0 { r.err = fmt.Errorf("invalid resource %q: %v", resource, msgs) return r } @@ -199,7 +198,7 @@ func (r *Request) SubResource(subresources ...string) *Request { return r } for _, s := range subresources { - if msgs := pathvalidation.IsValidPathSegmentName(s); len(msgs) != 0 { + if msgs := IsValidPathSegmentName(s); len(msgs) != 0 { r.err = fmt.Errorf("invalid subresource %q: %v", s, msgs) return r } @@ -221,7 +220,7 @@ func (r *Request) Name(resourceName string) *Request { r.err = fmt.Errorf("resource name already set to %q, cannot change to %q", r.resourceName, resourceName) return r } - if msgs := pathvalidation.IsValidPathSegmentName(resourceName); len(msgs) != 0 { + if msgs := IsValidPathSegmentName(resourceName); len(msgs) != 0 { r.err = fmt.Errorf("invalid resource name %q: %v", resourceName, msgs) return r } @@ -238,7 +237,7 @@ func (r *Request) Namespace(namespace string) *Request { r.err = fmt.Errorf("namespace already set to %q, cannot change to %q", r.namespace, namespace) return r } - if msgs := pathvalidation.IsValidPathSegmentName(namespace); len(msgs) != 0 { + if msgs := IsValidPathSegmentName(namespace); len(msgs) != 0 { r.err = fmt.Errorf("invalid namespace %q: %v", namespace, msgs) return r } @@ -760,10 +759,11 @@ func (r *Request) Stream() (io.ReadCloser, error) { defer resp.Body.Close() result := r.transformResponse(resp, req) - if result.err != nil { - return nil, result.err + err := result.Error() + if err == nil { + err = fmt.Errorf("%d while accessing %v: %s", result.statusCode, url, string(result.body)) } - return nil, fmt.Errorf("%d while accessing %v: %s", result.statusCode, url, string(result.body)) + return nil, err } } @@ -1197,3 +1197,49 @@ func (r Result) Error() error { } return r.err } + +// NameMayNotBe specifies strings that cannot be used as names specified as path segments (like the REST API or etcd store) +var NameMayNotBe = []string{".", ".."} + +// NameMayNotContain specifies substrings that cannot be used in names specified as path segments (like the REST API or etcd store) +var NameMayNotContain = []string{"/", "%"} + +// IsValidPathSegmentName validates the name can be safely encoded as a path segment +func IsValidPathSegmentName(name string) []string { + for _, illegalName := range NameMayNotBe { + if name == illegalName { + return []string{fmt.Sprintf(`may not be '%s'`, illegalName)} + } + } + + var errors []string + for _, illegalContent := range NameMayNotContain { + if strings.Contains(name, illegalContent) { + errors = append(errors, fmt.Sprintf(`may not contain '%s'`, illegalContent)) + } + } + + return errors +} + +// IsValidPathSegmentPrefix validates the name can be used as a prefix for a name which will be encoded as a path segment +// It does not check for exact matches with disallowed names, since an arbitrary suffix might make the name valid +func IsValidPathSegmentPrefix(name string) []string { + var errors []string + for _, illegalContent := range NameMayNotContain { + if strings.Contains(name, illegalContent) { + errors = append(errors, fmt.Sprintf(`may not contain '%s'`, illegalContent)) + } + } + + return errors +} + +// ValidatePathSegmentName validates the name can be safely encoded as a path segment +func ValidatePathSegmentName(name string, prefix bool) []string { + if prefix { + return IsValidPathSegmentPrefix(name) + } else { + return IsValidPathSegmentName(name) + } +} diff --git a/staging/src/k8s.io/client-go/rest/request_test.go b/staging/src/k8s.io/client-go/rest/request_test.go index 05e9276b4a9..223dc783472 100755 --- a/staging/src/k8s.io/client-go/rest/request_test.go +++ b/staging/src/k8s.io/client-go/rest/request_test.go @@ -868,6 +868,7 @@ func TestRequestStream(t *testing.T) { testCases := []struct { Request *Request Err bool + ErrFn func(error) bool }{ { Request: &Request{err: errors.New("bail")}, @@ -903,6 +904,26 @@ func TestRequestStream(t *testing.T) { }, Err: true, }, + { + Request: &Request{ + client: clientFunc(func(req *http.Request) (*http.Response, error) { + return &http.Response{ + StatusCode: http.StatusBadRequest, + Body: ioutil.NopCloser(bytes.NewReader([]byte(`{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"a container name must be specified for pod kube-dns-v20-mz5cv, choose one of: [kubedns dnsmasq healthz]","reason":"BadRequest","code":400}`))), + }, nil + }), + content: defaultContentConfig(), + serializers: defaultSerializers(), + baseURL: &url.URL{}, + }, + Err: true, + ErrFn: func(err error) bool { + if err.Error() == "a container name must be specified for pod kube-dns-v20-mz5cv, choose one of: [kubedns dnsmasq healthz]" { + return true + } + return false + }, + }, } for i, testCase := range testCases { testCase.Request.backoffMgr = &NoBackoff{} @@ -914,6 +935,12 @@ func TestRequestStream(t *testing.T) { if hasErr && body != nil { t.Errorf("%d: body should be nil when error is returned", i) } + + if hasErr { + if testCase.ErrFn != nil && !testCase.ErrFn(err) { + t.Errorf("unexpected error: %v", err) + } + } } }