Merge pull request #103413 from mgutierrez98/refactor-whitelist-blacklist

Refactored files containing whitelist/blacklist to allowlist/denylist…

test/e2e/common/node/sysctl.go

@@ -18,7 +18,8 @@ package node
 
 import (
 	"context"
-	"k8s.io/api/core/v1"
+
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	"k8s.io/kubernetes/test/e2e/framework"
@@ -209,7 +210,7 @@ var _ = SIGDescribe("Sysctls [LinuxOnly] [NodeFeature:Sysctls]", func() {
 			},
 		}
 
-		ginkgo.By("Creating a pod with a greylisted, but not whitelisted sysctl on the node")
+		ginkgo.By("Creating a pod with an ignorelisted, but not allowlisted sysctl on the node")
 		pod = podClient.Create(pod)
 
 		ginkgo.By("Watching for error events or started pod")

test/e2e/framework/pods.go

@@ -181,7 +181,7 @@ func (c *PodClient) mungeSpec(pod *v1.Pod) {
 		c := &pod.Spec.Containers[i]
 		if c.ImagePullPolicy == v1.PullAlways {
 			// If the image pull policy is PullAlways, the image doesn't need to be in
-			// the white list or pre-pulled, because the image is expected to be pulled
+			// the allow list or pre-pulled, because the image is expected to be pulled
 			// in the test anyway.
 			continue
 		}

test/e2e/network/firewall.go

@@ -45,7 +45,7 @@ import (
 
 const (
 	firewallTestTCPTimeout = time.Duration(1 * time.Second)
-	// Set ports outside of 30000-32767, 80 and 8080 to avoid being whitelisted by the e2e cluster
+	// Set ports outside of 30000-32767, 80 and 8080 to avoid being allowlisted by the e2e cluster
 	firewallTestHTTPPort = int32(29999)
 	firewallTestUDPPort  = int32(29998)
 )
@@ -168,7 +168,7 @@ var _ = common.SIGDescribe("Firewall rule", func() {
 			}()
 		}
 
-		// Send requests from outside of the cluster because internal traffic is whitelisted
+		// Send requests from outside of the cluster because internal traffic is allowlisted
 		ginkgo.By("Accessing the external service ip from outside, all non-master nodes should be reached")
 		err = testHitNodesFromOutside(svcExternalIP, firewallTestHTTPPort, e2eservice.GetServiceLoadBalancerPropagationTimeout(cs), nodesSet)
 		framework.ExpectNoError(err)

test/e2e_node/gcp/gke_environment_test.go

@@ -120,7 +120,7 @@ func checkDockerConfig() error {
 			"/usr/share/docker.io/contrib/check-config.sh",
 			"/usr/share/docker/contrib/check-config.sh",
 		}
-		whitelist = map[string]bool{
+		allowlist = map[string]bool{
 			"CONFIG_MEMCG_SWAP_ENABLED": true,
 			"CONFIG_RT_GROUP_SCHED":     true,
 			"CONFIG_EXT3_FS":            true,
@@ -134,7 +134,7 @@ func checkDockerConfig() error {
 		missing = map[string]bool{}
 	)
 
-	// Whitelists CONFIG_DEVPTS_MULTIPLE_INSTANCES (meaning allowing it to be
+	// Allowlists CONFIG_DEVPTS_MULTIPLE_INSTANCES (meaning allowing it to be
 	// absent) if the kernel version is >= 4.8, because this option has been
 	// removed from the 4.8 kernel.
 	kernelVersion, err := getKernelVersion()
@@ -142,7 +142,7 @@ func checkDockerConfig() error {
 		return err
 	}
 	if kernelVersion.GTE(semver.MustParse("4.8.0")) {
-		whitelist["CONFIG_DEVPTS_MULTIPLE_INSTANCES"] = true
+		allowlist["CONFIG_DEVPTS_MULTIPLE_INSTANCES"] = true
 	}
 
 	for _, bin := range bins {
@@ -150,7 +150,7 @@ func checkDockerConfig() error {
 			continue
 		}
 		// We don't check the return code because it's OK if the script returns
-		// a non-zero exit code just because the configs in the whitelist are
+		// a non-zero exit code just because the configs in the allowlist are
 		// missing.
 		output, _ := runCommand(bin)
 		for _, line := range strings.Split(output, "\n") {
@@ -165,7 +165,7 @@ func checkDockerConfig() error {
 			key := strings.TrimFunc(fields[0], func(c rune) bool {
 				return c == ' ' || c == '-'
 			})
-			if _, found := whitelist[key]; !found {
+			if _, found := allowlist[key]; !found {
 				missing[key] = true
 			}
 		}
@@ -279,19 +279,19 @@ func checkDockerSeccomp() error {
 		return err
 	}
 	// Starts a container with the default seccomp profile and ensures that
-	// unshare (a blacklisted system call in the default profile) fails.
+	// unshare (a denylisted system call in the default profile) fails.
 	cmd := []string{"docker", "run", "--rm", "-i", image, "unshare", "-r", "whoami"}
 	_, err = runCommand(cmd...)
 	if err == nil {
 		return fmt.Errorf("%q did not fail as expected", strings.Join(cmd, " "))
 	}
-	// Starts a container with a custom seccomp profile that blacklists mkdir
+	// Starts a container with a custom seccomp profile that denylists mkdir
 	// and ensures that unshare succeeds.
 	_, err = runCommand("docker", "run", "--rm", "-i", "--security-opt", fmt.Sprintf("seccomp=%s", seccompProfileFileName), image, "unshare", "-r", "whoami")
 	if err != nil {
 		return err
 	}
-	// Starts a container with a custom seccomp profile that blacklists mkdir
+	// Starts a container with a custom seccomp profile that denylists mkdir
 	// and ensures that mkdir fails.
 	cmd = []string{"docker", "run", "--rm", "-i", "--security-opt", fmt.Sprintf("seccomp=%s", seccompProfileFileName), image, "mkdir", "-p", "/tmp/foo"}
 	_, err = runCommand(cmd...)

test/integration/apiserver/print_test.go

@@ -46,7 +46,7 @@ import (
 	"k8s.io/kubernetes/test/integration/framework"
 )
 
-var kindWhiteList = sets.NewString(
+var kindAllowList = sets.NewString(
 	// k8s.io/api/core
 	"APIGroup",
 	"APIVersions",
@@ -187,7 +187,7 @@ func TestServerSidePrint(t *testing.T) {
 		if gvk.Version == runtime.APIVersionInternal || strings.HasSuffix(apiType.Name(), "List") {
 			continue
 		}
-		if kindWhiteList.Has(gvk.Kind) || missingHanlders.Has(gvk.Kind) {
+		if kindAllowList.Has(gvk.Kind) || missingHanlders.Has(gvk.Kind) {
 			continue
 		}
 

test/integration/dryrun/dryrun_test.go

@@ -41,7 +41,7 @@ import (
 
 // Only add kinds to this list when this a virtual resource with get and create verbs that doesn't actually
 // store into it's kind.  We've used this downstream for mappings before.
-var kindWhiteList = sets.NewString()
+var kindAllowList = sets.NewString()
 
 // namespace used for all tests, do not change this
 const testNamespace = "dryrunnamespace"
@@ -264,8 +264,8 @@ func TestDryRun(t *testing.T) {
 			gvResource := resourceToTest.Mapping.Resource
 			kind := gvk.Kind
 
-			if kindWhiteList.Has(kind) {
+			if kindAllowList.Has(kind) {
-				t.Skip("whitelisted")
+				t.Skip("allowlisted")
 			}
 
 			testData, hasTest := dryrunData[gvResource]

test/integration/etcd/etcd_storage_path_test.go

@@ -41,7 +41,7 @@ import (
 
 // Only add kinds to this list when this a virtual resource with get and create verbs that doesn't actually
 // store into it's kind.  We've used this downstream for mappings before.
-var kindWhiteList = sets.NewString()
+var kindAllowList = sets.NewString()
 
 // namespace used for all tests, do not change this
 const testNamespace = "etcdstoragepathtestnamespace"
@@ -95,9 +95,9 @@ func TestEtcdStoragePath(t *testing.T) {
 			gvResource := resourceToPersist.Mapping.Resource
 			kind := gvk.Kind
 
-			if kindWhiteList.Has(kind) {
+			if kindAllowList.Has(kind) {
 				kindSeen.Insert(kind)
-				t.Skip("whitelisted")
+				t.Skip("allowlisted")
 			}
 
 			etcdSeen[gvResource] = empty{}
@@ -210,8 +210,8 @@ func TestEtcdStoragePath(t *testing.T) {
 	if inEtcdData, inEtcdSeen := diffMaps(etcdStorageData, etcdSeen); len(inEtcdData) != 0 || len(inEtcdSeen) != 0 {
 		t.Errorf("etcd data does not match the types we saw:\nin etcd data but not seen:\n%s\nseen but not in etcd data:\n%s", inEtcdData, inEtcdSeen)
 	}
-	if inKindData, inKindSeen := diffMaps(kindWhiteList, kindSeen); len(inKindData) != 0 || len(inKindSeen) != 0 {
+	if inKindData, inKindSeen := diffMaps(kindAllowList, kindSeen); len(inKindData) != 0 || len(inKindSeen) != 0 {
-		t.Errorf("kind whitelist data does not match the types we saw:\nin kind whitelist but not seen:\n%s\nseen but not in kind whitelist:\n%s", inKindData, inKindSeen)
+		t.Errorf("kind allowlist data does not match the types we saw:\nin kind allowlist but not seen:\n%s\nseen but not in kind allowlist:\n%s", inKindData, inKindSeen)
 	}
 
 	for bucket, gvks := range cohabitatingResources {