From 6d335372b2d8816bf14d2b1319e83654c24643c6 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Mon, 10 Feb 2020 13:23:50 -0500 Subject: [PATCH] Add configmap->node destination edges to the node authorizer index --- plugin/pkg/auth/authorizer/node/graph.go | 4 +++- plugin/pkg/auth/authorizer/node/graph_test.go | 13 +++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/plugin/pkg/auth/authorizer/node/graph.go b/plugin/pkg/auth/authorizer/node/graph.go index 186afda1cd4..82800504d22 100644 --- a/plugin/pkg/auth/authorizer/node/graph.go +++ b/plugin/pkg/auth/authorizer/node/graph.go @@ -451,7 +451,9 @@ func (g *Graph) SetNodeConfigMap(nodeName, configMapName, configMapNamespace str if len(configMapName) > 0 && len(configMapNamespace) > 0 { configmapVertex := g.getOrCreateVertex_locked(configMapVertexType, configMapNamespace, configMapName) nodeVertex := g.getOrCreateVertex_locked(nodeVertexType, "", nodeName) - g.graph.SetEdge(newDestinationEdge(configmapVertex, nodeVertex, nodeVertex)) + e := newDestinationEdge(configmapVertex, nodeVertex, nodeVertex) + g.graph.SetEdge(e) + g.addEdgeToDestinationIndex_locked(e) } } diff --git a/plugin/pkg/auth/authorizer/node/graph_test.go b/plugin/pkg/auth/authorizer/node/graph_test.go index a87d6c0a7b8..77609e28d5d 100644 --- a/plugin/pkg/auth/authorizer/node/graph_test.go +++ b/plugin/pkg/auth/authorizer/node/graph_test.go @@ -348,20 +348,22 @@ func TestIndex(t *testing.T) { g.SetNodeConfigMap("node1", "cm1", "ns") g.SetNodeConfigMap("node2", "cm1", "ns") g.SetNodeConfigMap("node3", "cm1", "ns") + g.SetNodeConfigMap("node4", "cm1", "ns") expectGraph(map[string][]string{ "node:node1": {}, "node:node2": {}, "node:node3": {}, + "node:node4": {}, "pod:ns/pod2": {"node:node2"}, "pod:ns/pod3": {"node:node3"}, "pod:ns/pod4": {"node:node1"}, - "configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, + "configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "node:node4", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "configmap:ns/cm2": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "configmap:ns/cm3": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "serviceAccount:ns/sa1": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, }) expectIndex(map[string][]string{ - "configmap:ns/cm1": {"node:node1", "node:node2", "node:node3"}, + "configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "node:node4"}, "configmap:ns/cm2": {"node:node1", "node:node2", "node:node3"}, "configmap:ns/cm3": {"node:node1", "node:node2", "node:node3"}, "serviceAccount:ns/sa1": {"node:node1", "node:node2", "node:node3"}, @@ -373,16 +375,17 @@ func TestIndex(t *testing.T) { "node:node1": {}, "node:node2": {}, "node:node3": {}, + "node:node4": {}, "pod:ns/pod2": {"node:node2"}, "pod:ns/pod3": {"node:node3"}, "pod:ns/pod4": {"node:node1"}, - "configmap:ns/cm1": {"node:node2", "node:node3", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, + "configmap:ns/cm1": {"node:node2", "node:node3", "node:node4", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "configmap:ns/cm2": {"node:node1", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "configmap:ns/cm3": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "serviceAccount:ns/sa1": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, }) expectIndex(map[string][]string{ - "configmap:ns/cm1": {"node:node1", "node:node2", "node:node3"}, + "configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "node:node4"}, "configmap:ns/cm2": {"node:node1", "node:node2", "node:node3"}, "configmap:ns/cm3": {"node:node1", "node:node2", "node:node3"}, "serviceAccount:ns/sa1": {"node:node1", "node:node2", "node:node3"}, @@ -390,10 +393,12 @@ func TestIndex(t *testing.T) { // Remove node->configmap reference g.SetNodeConfigMap("node1", "", "") + g.SetNodeConfigMap("node4", "", "") expectGraph(map[string][]string{ "node:node1": {}, "node:node2": {}, "node:node3": {}, + "node:node4": {}, "pod:ns/pod2": {"node:node2"}, "pod:ns/pod3": {"node:node3"}, "pod:ns/pod4": {"node:node1"},