mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
migrate authenticator and authorizer to Create
This commit is contained in:
Mike Danese
parent
119f220832
commit
5954f34ade
@ -36,6 +36,7 @@ go_library(
|
|||||||
deps = [
|
deps = [
|
||||||
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
|
"//staging/src/k8s.io/api/authentication/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/api/authentication/v1beta1:go_default_library",
|
"//staging/src/k8s.io/api/authentication/v1beta1:go_default_library",
|
||||||
|
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
||||||
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
|
"//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
|
||||||
|
|||||||
@ -25,6 +25,7 @@ import (
|
|||||||
|
|
||||||
authenticationv1 "k8s.io/api/authentication/v1"
|
authenticationv1 "k8s.io/api/authentication/v1"
|
||||||
authenticationv1beta1 "k8s.io/api/authentication/v1beta1"
|
authenticationv1beta1 "k8s.io/api/authentication/v1beta1"
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||||
"k8s.io/apiserver/pkg/authentication/authenticator"
|
"k8s.io/apiserver/pkg/authentication/authenticator"
|
||||||
@ -41,7 +42,7 @@ const retryBackoff = 500 * time.Millisecond
|
|||||||
var _ authenticator.Token = (*WebhookTokenAuthenticator)(nil)
|
var _ authenticator.Token = (*WebhookTokenAuthenticator)(nil)
|
||||||
|
|
||||||
type tokenReviewer interface {
|
type tokenReviewer interface {
|
||||||
CreateContext(ctx context.Context, review *authenticationv1.TokenReview) (*authenticationv1.TokenReview, error)
|
Create(ctx context.Context, review *authenticationv1.TokenReview, _ metav1.CreateOptions) (*authenticationv1.TokenReview, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
type WebhookTokenAuthenticator struct {
|
type WebhookTokenAuthenticator struct {
|
||||||
@ -101,7 +102,7 @@ func (w *WebhookTokenAuthenticator) AuthenticateToken(ctx context.Context, token
|
|||||||
auds authenticator.Audiences
|
auds authenticator.Audiences
|
||||||
)
|
)
|
||||||
webhook.WithExponentialBackoff(ctx, w.initialBackoff, func() error {
|
webhook.WithExponentialBackoff(ctx, w.initialBackoff, func() error {
|
||||||
result, err = w.tokenReview.CreateContext(ctx, r)
|
result, err = w.tokenReview.Create(ctx, r, metav1.CreateOptions{})
|
||||||
return err
|
return err
|
||||||
}, webhook.DefaultShouldRetry)
|
}, webhook.DefaultShouldRetry)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -196,7 +197,7 @@ type tokenReviewV1Client struct {
|
|||||||
w *webhook.GenericWebhook
|
w *webhook.GenericWebhook
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *tokenReviewV1Client) CreateContext(ctx context.Context, review *authenticationv1.TokenReview) (*authenticationv1.TokenReview, error) {
|
func (t *tokenReviewV1Client) Create(ctx context.Context, review *authenticationv1.TokenReview, _ metav1.CreateOptions) (*authenticationv1.TokenReview, error) {
|
||||||
result := &authenticationv1.TokenReview{}
|
result := &authenticationv1.TokenReview{}
|
||||||
err := t.w.RestClient.Post().Body(review).Do(ctx).Into(result)
|
err := t.w.RestClient.Post().Body(review).Do(ctx).Into(result)
|
||||||
return result, err
|
return result, err
|
||||||
@ -206,7 +207,7 @@ type tokenReviewV1beta1Client struct {
|
|||||||
w *webhook.GenericWebhook
|
w *webhook.GenericWebhook
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *tokenReviewV1beta1Client) CreateContext(ctx context.Context, review *authenticationv1.TokenReview) (*authenticationv1.TokenReview, error) {
|
func (t *tokenReviewV1beta1Client) Create(ctx context.Context, review *authenticationv1.TokenReview, _ metav1.CreateOptions) (*authenticationv1.TokenReview, error) {
|
||||||
v1beta1Review := &authenticationv1beta1.TokenReview{Spec: v1SpecToV1beta1Spec(&review.Spec)}
|
v1beta1Review := &authenticationv1beta1.TokenReview{Spec: v1SpecToV1beta1Spec(&review.Spec)}
|
||||||
v1beta1Result := &authenticationv1beta1.TokenReview{}
|
v1beta1Result := &authenticationv1beta1.TokenReview{}
|
||||||
err := t.w.RestClient.Post().Body(v1beta1Review).Do(ctx).Into(v1beta1Result)
|
err := t.w.RestClient.Post().Body(v1beta1Review).Do(ctx).Into(v1beta1Result)
|
||||||
|
|||||||
@ -35,6 +35,7 @@ go_library(
|
|||||||
deps = [
|
deps = [
|
||||||
"//staging/src/k8s.io/api/authorization/v1:go_default_library",
|
"//staging/src/k8s.io/api/authorization/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/api/authorization/v1beta1:go_default_library",
|
"//staging/src/k8s.io/api/authorization/v1beta1:go_default_library",
|
||||||
|
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
||||||
"//staging/src/k8s.io/apimachinery/pkg/util/cache:go_default_library",
|
"//staging/src/k8s.io/apimachinery/pkg/util/cache:go_default_library",
|
||||||
|
|||||||
@ -27,6 +27,7 @@ import (
|
|||||||
|
|
||||||
authorizationv1 "k8s.io/api/authorization/v1"
|
authorizationv1 "k8s.io/api/authorization/v1"
|
||||||
authorizationv1beta1 "k8s.io/api/authorization/v1beta1"
|
authorizationv1beta1 "k8s.io/api/authorization/v1beta1"
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||||
"k8s.io/apimachinery/pkg/util/cache"
|
"k8s.io/apimachinery/pkg/util/cache"
|
||||||
@ -47,7 +48,7 @@ const (
|
|||||||
var _ authorizer.Authorizer = (*WebhookAuthorizer)(nil)
|
var _ authorizer.Authorizer = (*WebhookAuthorizer)(nil)
|
||||||
|
|
||||||
type subjectAccessReviewer interface {
|
type subjectAccessReviewer interface {
|
||||||
CreateContext(context.Context, *authorizationv1.SubjectAccessReview) (*authorizationv1.SubjectAccessReview, error)
|
Create(context.Context, *authorizationv1.SubjectAccessReview, metav1.CreateOptions) (*authorizationv1.SubjectAccessReview, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
type WebhookAuthorizer struct {
|
type WebhookAuthorizer struct {
|
||||||
@ -189,7 +190,7 @@ func (w *WebhookAuthorizer) Authorize(ctx context.Context, attr authorizer.Attri
|
|||||||
err error
|
err error
|
||||||
)
|
)
|
||||||
webhook.WithExponentialBackoff(ctx, w.initialBackoff, func() error {
|
webhook.WithExponentialBackoff(ctx, w.initialBackoff, func() error {
|
||||||
result, err = w.subjectAccessReview.CreateContext(ctx, r)
|
result, err = w.subjectAccessReview.Create(ctx, r, metav1.CreateOptions{})
|
||||||
return err
|
return err
|
||||||
}, webhook.DefaultShouldRetry)
|
}, webhook.DefaultShouldRetry)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -287,7 +288,7 @@ type subjectAccessReviewV1Client struct {
|
|||||||
w *webhook.GenericWebhook
|
w *webhook.GenericWebhook
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *subjectAccessReviewV1Client) CreateContext(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview) (*authorizationv1.SubjectAccessReview, error) {
|
func (t *subjectAccessReviewV1Client) Create(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview, _ metav1.CreateOptions) (*authorizationv1.SubjectAccessReview, error) {
|
||||||
result := &authorizationv1.SubjectAccessReview{}
|
result := &authorizationv1.SubjectAccessReview{}
|
||||||
err := t.w.RestClient.Post().Body(subjectAccessReview).Do(ctx).Into(result)
|
err := t.w.RestClient.Post().Body(subjectAccessReview).Do(ctx).Into(result)
|
||||||
return result, err
|
return result, err
|
||||||
@ -297,7 +298,7 @@ type subjectAccessReviewV1beta1Client struct {
|
|||||||
w *webhook.GenericWebhook
|
w *webhook.GenericWebhook
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *subjectAccessReviewV1beta1Client) CreateContext(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview) (*authorizationv1.SubjectAccessReview, error) {
|
func (t *subjectAccessReviewV1beta1Client) Create(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview, _ metav1.CreateOptions) (*authorizationv1.SubjectAccessReview, error) {
|
||||||
v1beta1Review := &authorizationv1beta1.SubjectAccessReview{Spec: v1SpecToV1beta1Spec(&subjectAccessReview.Spec)}
|
v1beta1Review := &authorizationv1beta1.SubjectAccessReview{Spec: v1SpecToV1beta1Spec(&subjectAccessReview.Spec)}
|
||||||
v1beta1Result := &authorizationv1beta1.SubjectAccessReview{}
|
v1beta1Result := &authorizationv1beta1.SubjectAccessReview{}
|
||||||
err := t.w.RestClient.Post().Body(v1beta1Review).Do(ctx).Into(v1beta1Result)
|
err := t.w.RestClient.Post().Body(v1beta1Review).Do(ctx).Into(v1beta1Result)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user