github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Add configmap->node destination edges to the node authorizer index

Browse Source
This commit is contained in:
Jordan Liggitt 2020-02-10 13:23:50 -05:00
parent acd97b42f3
commit 6d335372b2
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugin/pkg/auth/authorizer/node/graph.go
View File

@ -451,7 +451,9 @@ func (g *Graph) SetNodeConfigMap(nodeName, configMapName, configMapNamespace str
if len(configMapName) > 0 && len(configMapNamespace) > 0 { if len(configMapName) > 0 && len(configMapNamespace) > 0 {
configmapVertex := g.getOrCreateVertex_locked(configMapVertexType, configMapNamespace, configMapName) configmapVertex := g.getOrCreateVertex_locked(configMapVertexType, configMapNamespace, configMapName)
nodeVertex := g.getOrCreateVertex_locked(nodeVertexType, "", nodeName) nodeVertex := g.getOrCreateVertex_locked(nodeVertexType, "", nodeName)
g.graph.SetEdge(newDestinationEdge(configmapVertex, nodeVertex, nodeVertex)) e := newDestinationEdge(configmapVertex, nodeVertex, nodeVertex)
g.graph.SetEdge(e)
g.addEdgeToDestinationIndex_locked(e)
} }
} }

13
plugin/pkg/auth/authorizer/node/graph_test.go
View File

@ -348,20 +348,22 @@ func TestIndex(t *testing.T) {
g.SetNodeConfigMap("node1", "cm1", "ns") g.SetNodeConfigMap("node1", "cm1", "ns")
g.SetNodeConfigMap("node2", "cm1", "ns") g.SetNodeConfigMap("node2", "cm1", "ns")
g.SetNodeConfigMap("node3", "cm1", "ns") g.SetNodeConfigMap("node3", "cm1", "ns")
g.SetNodeConfigMap("node4", "cm1", "ns")
expectGraph(map[string][]string{ expectGraph(map[string][]string{
"node:node1": {}, "node:node1": {},
"node:node2": {}, "node:node2": {},
"node:node3": {}, "node:node3": {},
"node:node4": {},
"pod:ns/pod2": {"node:node2"}, "pod:ns/pod2": {"node:node2"},
"pod:ns/pod3": {"node:node3"}, "pod:ns/pod3": {"node:node3"},
"pod:ns/pod4": {"node:node1"}, "pod:ns/pod4": {"node:node1"},
"configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "node:node4", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
"configmap:ns/cm2": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "configmap:ns/cm2": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
"configmap:ns/cm3": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "configmap:ns/cm3": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
"serviceAccount:ns/sa1": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "serviceAccount:ns/sa1": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
}) })
expectIndex(map[string][]string{ expectIndex(map[string][]string{
"configmap:ns/cm1": {"node:node1", "node:node2", "node:node3"}, "configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "node:node4"},
"configmap:ns/cm2": {"node:node1", "node:node2", "node:node3"}, "configmap:ns/cm2": {"node:node1", "node:node2", "node:node3"},
"configmap:ns/cm3": {"node:node1", "node:node2", "node:node3"}, "configmap:ns/cm3": {"node:node1", "node:node2", "node:node3"},
"serviceAccount:ns/sa1": {"node:node1", "node:node2", "node:node3"}, "serviceAccount:ns/sa1": {"node:node1", "node:node2", "node:node3"},
@ -373,16 +375,17 @@ func TestIndex(t *testing.T) {
"node:node1": {}, "node:node1": {},
"node:node2": {}, "node:node2": {},
"node:node3": {}, "node:node3": {},
"node:node4": {},
"pod:ns/pod2": {"node:node2"}, "pod:ns/pod2": {"node:node2"},
"pod:ns/pod3": {"node:node3"}, "pod:ns/pod3": {"node:node3"},
"pod:ns/pod4": {"node:node1"}, "pod:ns/pod4": {"node:node1"},
"configmap:ns/cm1": {"node:node2", "node:node3", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "configmap:ns/cm1": {"node:node2", "node:node3", "node:node4", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
"configmap:ns/cm2": {"node:node1", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "configmap:ns/cm2": {"node:node1", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
"configmap:ns/cm3": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "configmap:ns/cm3": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
"serviceAccount:ns/sa1": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"}, "serviceAccount:ns/sa1": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
}) })
expectIndex(map[string][]string{ expectIndex(map[string][]string{
"configmap:ns/cm1": {"node:node1", "node:node2", "node:node3"}, "configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "node:node4"},
"configmap:ns/cm2": {"node:node1", "node:node2", "node:node3"}, "configmap:ns/cm2": {"node:node1", "node:node2", "node:node3"},
"configmap:ns/cm3": {"node:node1", "node:node2", "node:node3"}, "configmap:ns/cm3": {"node:node1", "node:node2", "node:node3"},
"serviceAccount:ns/sa1": {"node:node1", "node:node2", "node:node3"}, "serviceAccount:ns/sa1": {"node:node1", "node:node2", "node:node3"},
@ -390,10 +393,12 @@ func TestIndex(t *testing.T) {
// Remove node->configmap reference // Remove node->configmap reference
g.SetNodeConfigMap("node1", "", "") g.SetNodeConfigMap("node1", "", "")
g.SetNodeConfigMap("node4", "", "")
expectGraph(map[string][]string{ expectGraph(map[string][]string{
"node:node1": {}, "node:node1": {},
"node:node2": {}, "node:node2": {},
"node:node3": {}, "node:node3": {},
"node:node4": {},
"pod:ns/pod2": {"node:node2"}, "pod:ns/pod2": {"node:node2"},
"pod:ns/pod3": {"node:node3"}, "pod:ns/pod3": {"node:node3"},
"pod:ns/pod4": {"node:node1"}, "pod:ns/pod4": {"node:node1"},