mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-20 02:11:09 +00:00
Move helpers from pkg/registry/rbac/reconciliation and pkg/registry/rbac/validation under k8s.io/component-helpers
This commit is contained in:
Jan Chaloupka
parent
cb0389c827
commit
a5920f7edb
@ -150,7 +150,6 @@ pkg/registry/policy/rest
|
||||
pkg/registry/rbac/clusterrole/policybased
|
||||
pkg/registry/rbac/clusterrolebinding
|
||||
pkg/registry/rbac/clusterrolebinding/policybased
|
||||
pkg/registry/rbac/reconciliation
|
||||
pkg/registry/rbac/rest
|
||||
pkg/registry/rbac/role/policybased
|
||||
pkg/registry/rbac/rolebinding
|
||||
@ -408,6 +407,8 @@ staging/src/k8s.io/component-base/cli/flag
|
||||
staging/src/k8s.io/component-base/config/v1alpha1
|
||||
staging/src/k8s.io/component-base/featuregate
|
||||
staging/src/k8s.io/component-base/version/verflag
|
||||
staging/src/k8s.io/component-helpers/auth/rbac/reconciliation
|
||||
staging/src/k8s.io/component-helpers/auth/rbac/validation
|
||||
staging/src/k8s.io/controller-manager/config/v1alpha1
|
||||
staging/src/k8s.io/controller-manager/pkg/features
|
||||
staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1
|
||||
|
||||
@ -63,6 +63,4 @@ rules:
|
||||
- k8s.io/kubernetes/pkg/apis/storage/v1beta1
|
||||
- k8s.io/kubernetes/pkg/features
|
||||
- k8s.io/kubernetes/pkg/kubectl
|
||||
- k8s.io/kubernetes/pkg/registry/rbac/reconciliation
|
||||
- k8s.io/kubernetes/pkg/registry/rbac/validation
|
||||
- k8s.io/kubernetes/pkg/util/parsers
|
||||
|
||||
@ -16,7 +16,6 @@ go_library(
|
||||
"//build/visible_to:pkg_kubectl_cmd_auth_CONSUMERS",
|
||||
],
|
||||
deps = [
|
||||
"//pkg/registry/rbac/reconciliation:go_default_library",
|
||||
"//staging/src/k8s.io/api/authorization/v1:go_default_library",
|
||||
"//staging/src/k8s.io/api/rbac/v1:go_default_library",
|
||||
"//staging/src/k8s.io/api/rbac/v1alpha1:go_default_library",
|
||||
@ -34,6 +33,7 @@ go_library(
|
||||
"//staging/src/k8s.io/client-go/kubernetes/typed/authorization/v1:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/kubernetes/typed/rbac/v1:go_default_library",
|
||||
"//staging/src/k8s.io/component-helpers/auth/rbac/reconciliation:go_default_library",
|
||||
"//staging/src/k8s.io/kubectl/pkg/cmd/util:go_default_library",
|
||||
"//staging/src/k8s.io/kubectl/pkg/describe:go_default_library",
|
||||
"//staging/src/k8s.io/kubectl/pkg/scheme:go_default_library",
|
||||
|
||||
@ -32,10 +32,10 @@ import (
|
||||
"k8s.io/cli-runtime/pkg/resource"
|
||||
corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1"
|
||||
"k8s.io/component-helpers/auth/rbac/reconciliation"
|
||||
cmdutil "k8s.io/kubectl/pkg/cmd/util"
|
||||
"k8s.io/kubectl/pkg/scheme"
|
||||
"k8s.io/kubectl/pkg/util/templates"
|
||||
"k8s.io/kubernetes/pkg/registry/rbac/reconciliation"
|
||||
)
|
||||
|
||||
// ReconcileOptions is the start of the data required to perform the operation. As new fields are added, add them here instead of
|
||||
|
||||
@ -39,7 +39,6 @@ filegroup(
|
||||
":package-srcs",
|
||||
"//pkg/registry/rbac/clusterrole:all-srcs",
|
||||
"//pkg/registry/rbac/clusterrolebinding:all-srcs",
|
||||
"//pkg/registry/rbac/reconciliation:all-srcs",
|
||||
"//pkg/registry/rbac/rest:all-srcs",
|
||||
"//pkg/registry/rbac/role:all-srcs",
|
||||
"//pkg/registry/rbac/rolebinding:all-srcs",
|
||||
|
||||
@ -18,7 +18,6 @@ go_library(
|
||||
"//pkg/registry/rbac/clusterrolebinding:go_default_library",
|
||||
"//pkg/registry/rbac/clusterrolebinding/policybased:go_default_library",
|
||||
"//pkg/registry/rbac/clusterrolebinding/storage:go_default_library",
|
||||
"//pkg/registry/rbac/reconciliation:go_default_library",
|
||||
"//pkg/registry/rbac/role:go_default_library",
|
||||
"//pkg/registry/rbac/role/policybased:go_default_library",
|
||||
"//pkg/registry/rbac/role/storage:go_default_library",
|
||||
@ -43,6 +42,7 @@ go_library(
|
||||
"//staging/src/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/kubernetes/typed/rbac/v1:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/util/retry:go_default_library",
|
||||
"//staging/src/k8s.io/component-helpers/auth/rbac/reconciliation:go_default_library",
|
||||
"//vendor/k8s.io/klog/v2:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
@ -39,6 +39,7 @@ import (
|
||||
corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1"
|
||||
"k8s.io/client-go/util/retry"
|
||||
"k8s.io/component-helpers/auth/rbac/reconciliation"
|
||||
"k8s.io/kubernetes/pkg/api/legacyscheme"
|
||||
"k8s.io/kubernetes/pkg/apis/rbac"
|
||||
"k8s.io/kubernetes/pkg/registry/rbac/clusterrole"
|
||||
@ -47,7 +48,6 @@ import (
|
||||
"k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding"
|
||||
clusterrolebindingpolicybased "k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/policybased"
|
||||
clusterrolebindingstore "k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/storage"
|
||||
"k8s.io/kubernetes/pkg/registry/rbac/reconciliation"
|
||||
"k8s.io/kubernetes/pkg/registry/rbac/role"
|
||||
rolepolicybased "k8s.io/kubernetes/pkg/registry/rbac/role/policybased"
|
||||
rolestore "k8s.io/kubernetes/pkg/registry/rbac/role/storage"
|
||||
|
||||
@ -10,7 +10,6 @@ go_test(
|
||||
name = "go_default_test",
|
||||
srcs = [
|
||||
"policy_compact_test.go",
|
||||
"policy_comparator_test.go",
|
||||
"rule_test.go",
|
||||
],
|
||||
embed = [":go_default_library"],
|
||||
@ -20,6 +19,7 @@ go_test(
|
||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
|
||||
"//staging/src/k8s.io/component-helpers/auth/rbac/validation:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
@ -28,7 +28,6 @@ go_library(
|
||||
srcs = [
|
||||
"internal_version_adapter.go",
|
||||
"policy_compact.go",
|
||||
"policy_comparator.go",
|
||||
"rule.go",
|
||||
],
|
||||
importpath = "k8s.io/kubernetes/pkg/registry/rbac/validation",
|
||||
@ -41,6 +40,7 @@ go_library(
|
||||
"//staging/src/k8s.io/apiserver/pkg/authentication/serviceaccount:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
|
||||
"//staging/src/k8s.io/component-helpers/auth/rbac/validation:go_default_library",
|
||||
"//vendor/k8s.io/klog/v2:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
@ -22,6 +22,7 @@ import (
|
||||
"testing"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
"k8s.io/component-helpers/auth/rbac/validation"
|
||||
rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1"
|
||||
)
|
||||
|
||||
@ -126,11 +127,11 @@ func TestCompactRules(t *testing.T) {
|
||||
t.Errorf("%s: CompactRules mutated rules. Expected\n%#v\ngot\n%#v", k, originalRules, rules)
|
||||
continue
|
||||
}
|
||||
if covers, missing := Covers(compacted, rules); !covers {
|
||||
if covers, missing := validation.Covers(compacted, rules); !covers {
|
||||
t.Errorf("%s: compacted rules did not cover original rules. missing: %#v", k, missing)
|
||||
continue
|
||||
}
|
||||
if covers, missing := Covers(rules, compacted); !covers {
|
||||
if covers, missing := validation.Covers(rules, compacted); !covers {
|
||||
t.Errorf("%s: original rules did not cover compacted rules. missing: %#v", k, missing)
|
||||
continue
|
||||
}
|
||||
|
||||
@ -30,6 +30,7 @@ import (
|
||||
"k8s.io/apiserver/pkg/authentication/serviceaccount"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/component-helpers/auth/rbac/validation"
|
||||
rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1"
|
||||
)
|
||||
|
||||
@ -65,7 +66,7 @@ func ConfirmNoEscalation(ctx context.Context, ruleResolver AuthorizationRuleReso
|
||||
ruleResolutionErrors = append(ruleResolutionErrors, err)
|
||||
}
|
||||
|
||||
ownerRightsCover, missingRights := Covers(ownerRules, rules)
|
||||
ownerRightsCover, missingRights := validation.Covers(ownerRules, rules)
|
||||
if !ownerRightsCover {
|
||||
compactMissingRights := missingRights
|
||||
if compact, err := CompactRules(missingRights); err == nil {
|
||||
@ -268,6 +269,15 @@ func appliesTo(user user.Info, bindingSubjects []rbacv1.Subject, namespace strin
|
||||
return 0, false
|
||||
}
|
||||
|
||||
func has(set []string, ele string) bool {
|
||||
for _, s := range set {
|
||||
if s == ele {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func appliesToUser(user user.Info, subject rbacv1.Subject, namespace string) bool {
|
||||
switch subject.Kind {
|
||||
case rbacv1.UserKind:
|
||||
|
||||
@ -43,13 +43,13 @@ go_test(
|
||||
"//pkg/apis/core/install:go_default_library",
|
||||
"//pkg/apis/rbac/install:go_default_library",
|
||||
"//pkg/apis/rbac/v1:go_default_library",
|
||||
"//pkg/registry/rbac/validation:go_default_library",
|
||||
"//staging/src/k8s.io/api/core/v1:go_default_library",
|
||||
"//staging/src/k8s.io/api/rbac/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/api/meta:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
|
||||
"//staging/src/k8s.io/component-helpers/auth/rbac/validation:go_default_library",
|
||||
"//vendor/sigs.k8s.io/yaml:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
@ -25,18 +25,18 @@ import (
|
||||
|
||||
"sigs.k8s.io/yaml"
|
||||
|
||||
"k8s.io/api/core/v1"
|
||||
v1 "k8s.io/api/core/v1"
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
"k8s.io/apimachinery/pkg/api/meta"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/diff"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/component-helpers/auth/rbac/validation"
|
||||
"k8s.io/kubernetes/pkg/api/legacyscheme"
|
||||
api "k8s.io/kubernetes/pkg/apis/core"
|
||||
_ "k8s.io/kubernetes/pkg/apis/core/install"
|
||||
_ "k8s.io/kubernetes/pkg/apis/rbac/install"
|
||||
rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1"
|
||||
rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation"
|
||||
"k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy"
|
||||
)
|
||||
|
||||
@ -100,7 +100,7 @@ func TestEditViewRelationship(t *testing.T) {
|
||||
|
||||
// confirm that the view role doesn't already have extra powers
|
||||
for _, rule := range viewEscalatingNamespaceResources {
|
||||
if covers, _ := rbacregistryvalidation.Covers(semanticRoles.view.Rules, []rbacv1.PolicyRule{rule}); covers {
|
||||
if covers, _ := validation.Covers(semanticRoles.view.Rules, []rbacv1.PolicyRule{rule}); covers {
|
||||
t.Errorf("view has extra powers: %#v", rule)
|
||||
}
|
||||
}
|
||||
@ -108,7 +108,7 @@ func TestEditViewRelationship(t *testing.T) {
|
||||
|
||||
// confirm that the view role doesn't have ungettable resources
|
||||
for _, rule := range ungettableResources {
|
||||
if covers, _ := rbacregistryvalidation.Covers(semanticRoles.view.Rules, []rbacv1.PolicyRule{rule}); covers {
|
||||
if covers, _ := validation.Covers(semanticRoles.view.Rules, []rbacv1.PolicyRule{rule}); covers {
|
||||
t.Errorf("view has ungettable resource: %#v", rule)
|
||||
}
|
||||
}
|
||||
|
||||
@ -256,5 +256,6 @@
|
||||
- k8s.io/api
|
||||
- k8s.io/apimachinery
|
||||
- k8s.io/client-go
|
||||
- k8s.io/component-helpers
|
||||
- k8s.io/klog
|
||||
- k8s.io/utils
|
||||
|
||||
@ -9,6 +9,8 @@ filegroup(
|
||||
name = "all-srcs",
|
||||
srcs = [
|
||||
":package-srcs",
|
||||
"//staging/src/k8s.io/component-helpers/auth/rbac/reconciliation:all-srcs",
|
||||
"//staging/src/k8s.io/component-helpers/auth/rbac/validation:all-srcs",
|
||||
"//staging/src/k8s.io/component-helpers/lease:all-srcs",
|
||||
"//staging/src/k8s.io/component-helpers/scheduling/corev1:all-srcs",
|
||||
],
|
||||
|
||||
8
staging/src/k8s.io/component-helpers/auth/OWNERS
Normal file
8
staging/src/k8s.io/component-helpers/auth/OWNERS
Normal file
@ -0,0 +1,8 @@
|
||||
# See the OWNERS docs at https://go.k8s.io/owners
|
||||
|
||||
approvers:
|
||||
- sig-auth-api-approvers
|
||||
reviewers:
|
||||
- sig-auth-api-reviewers
|
||||
labels:
|
||||
- sig/auth
|
||||
@ -14,8 +14,8 @@ go_test(
|
||||
],
|
||||
embed = [":go_default_library"],
|
||||
deps = [
|
||||
"//pkg/apis/core/helper:go_default_library",
|
||||
"//staging/src/k8s.io/api/rbac/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/api/equality:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library",
|
||||
],
|
||||
@ -33,9 +33,9 @@ go_library(
|
||||
"rolebinding_interfaces.go",
|
||||
"zz_generated.deepcopy.go",
|
||||
],
|
||||
importpath = "k8s.io/kubernetes/pkg/registry/rbac/reconciliation",
|
||||
importmap = "k8s.io/kubernetes/vendor/k8s.io/component-helpers/auth/rbac/reconciliation",
|
||||
importpath = "k8s.io/component-helpers/auth/rbac/reconciliation",
|
||||
deps = [
|
||||
"//pkg/registry/rbac/validation:go_default_library",
|
||||
"//staging/src/k8s.io/api/core/v1:go_default_library",
|
||||
"//staging/src/k8s.io/api/rbac/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/api/equality:go_default_library",
|
||||
@ -46,6 +46,7 @@ go_library(
|
||||
"//staging/src/k8s.io/apimachinery/pkg/util/errors:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/kubernetes/typed/rbac/v1:go_default_library",
|
||||
"//staging/src/k8s.io/component-helpers/auth/rbac/validation:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
@ -18,6 +18,7 @@ package reconciliation
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
@ -25,7 +26,7 @@ import (
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RuleOwner
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RuleOwner
|
||||
// +k8s:deepcopy-gen:nonpointer-interfaces=true
|
||||
type ClusterRoleRuleOwner struct {
|
||||
ClusterRole *rbacv1.ClusterRole
|
||||
@ -18,6 +18,7 @@ package reconciliation
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
@ -26,7 +27,7 @@ import (
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RoleBinding
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RoleBinding
|
||||
// +k8s:deepcopy-gen:nonpointer-interfaces=true
|
||||
type ClusterRoleBindingAdapter struct {
|
||||
ClusterRoleBinding *rbacv1.ClusterRoleBinding
|
||||
@ -25,7 +25,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/kubernetes/pkg/registry/rbac/validation"
|
||||
"k8s.io/component-helpers/auth/rbac/validation"
|
||||
)
|
||||
|
||||
type ReconcileOperation string
|
||||
@ -20,9 +20,9 @@ import (
|
||||
"testing"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
apiequality "k8s.io/apimachinery/pkg/api/equality"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/util/diff"
|
||||
"k8s.io/kubernetes/pkg/apis/core/helper"
|
||||
)
|
||||
|
||||
func role(rules []rbacv1.PolicyRule, labels map[string]string, annotations map[string]string) *rbacv1.ClusterRole {
|
||||
@ -272,7 +272,7 @@ func TestComputeReconciledRoleRules(t *testing.T) {
|
||||
t.Errorf("%s: Expected\n\t%v\ngot\n\t%v", k, tc.expectedReconciliationNeeded, reconciliationNeeded)
|
||||
continue
|
||||
}
|
||||
if reconciliationNeeded && !helper.Semantic.DeepEqual(result.Role.(ClusterRoleRuleOwner).ClusterRole, tc.expectedReconciledRole) {
|
||||
if reconciliationNeeded && !apiequality.Semantic.DeepEqual(result.Role.(ClusterRoleRuleOwner).ClusterRole, tc.expectedReconciledRole) {
|
||||
t.Errorf("%s: Expected\n\t%#v\ngot\n\t%#v", k, tc.expectedReconciledRole, result.Role)
|
||||
}
|
||||
}
|
||||
@ -391,7 +391,7 @@ func TestComputeReconciledRoleAggregationRules(t *testing.T) {
|
||||
t.Errorf("%s: Expected\n\t%v\ngot\n\t%v", k, tc.expectedReconciliationNeeded, reconciliationNeeded)
|
||||
continue
|
||||
}
|
||||
if reconciliationNeeded && !helper.Semantic.DeepEqual(result.Role.(ClusterRoleRuleOwner).ClusterRole, tc.expectedReconciledRole) {
|
||||
if reconciliationNeeded && !apiequality.Semantic.DeepEqual(result.Role.(ClusterRoleRuleOwner).ClusterRole, tc.expectedReconciledRole) {
|
||||
t.Errorf("%s: %v", k, diff.ObjectDiff(tc.expectedReconciledRole, result.Role.(ClusterRoleRuleOwner).ClusterRole))
|
||||
}
|
||||
}
|
||||
@ -20,7 +20,7 @@ import (
|
||||
"testing"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
"k8s.io/kubernetes/pkg/apis/core/helper"
|
||||
apiequality "k8s.io/apimachinery/pkg/api/equality"
|
||||
)
|
||||
|
||||
func binding(roleRef rbacv1.RoleRef, subjects []rbacv1.Subject) *rbacv1.ClusterRoleBinding {
|
||||
@ -81,10 +81,10 @@ func TestDiffObjectReferenceLists(t *testing.T) {
|
||||
|
||||
for k, tc := range tests {
|
||||
onlyA, onlyB := diffSubjectLists(tc.A, tc.B)
|
||||
if !helper.Semantic.DeepEqual(onlyA, tc.ExpectedOnlyA) {
|
||||
if !apiequality.Semantic.DeepEqual(onlyA, tc.ExpectedOnlyA) {
|
||||
t.Errorf("%s: Expected %#v, got %#v", k, tc.ExpectedOnlyA, onlyA)
|
||||
}
|
||||
if !helper.Semantic.DeepEqual(onlyB, tc.ExpectedOnlyB) {
|
||||
if !apiequality.Semantic.DeepEqual(onlyB, tc.ExpectedOnlyB) {
|
||||
t.Errorf("%s: Expected %#v, got %#v", k, tc.ExpectedOnlyB, onlyB)
|
||||
}
|
||||
}
|
||||
@ -174,7 +174,7 @@ func TestComputeUpdate(t *testing.T) {
|
||||
t.Errorf("%s: Expected\n\t%v\ngot\n\t%v (%v)", k, tc.ExpectedUpdateNeeded, updateNeeded, result.Operation)
|
||||
continue
|
||||
}
|
||||
if updateNeeded && !helper.Semantic.DeepEqual(updatedBinding, tc.ExpectedUpdatedBinding) {
|
||||
if updateNeeded && !apiequality.Semantic.DeepEqual(updatedBinding, tc.ExpectedUpdatedBinding) {
|
||||
t.Errorf("%s: Expected\n\t%v %v\ngot\n\t%v %v", k, tc.ExpectedUpdatedBinding.RoleRef, tc.ExpectedUpdatedBinding.Subjects, updatedBinding.RoleRef, updatedBinding.Subjects)
|
||||
}
|
||||
}
|
||||
@ -18,6 +18,7 @@ package reconciliation
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
@ -26,7 +27,7 @@ import (
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RuleOwner
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RuleOwner
|
||||
// +k8s:deepcopy-gen:nonpointer-interfaces=true
|
||||
type RoleRuleOwner struct {
|
||||
Role *rbacv1.Role
|
||||
@ -18,6 +18,7 @@ package reconciliation
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
rbacv1 "k8s.io/api/rbac/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
@ -27,7 +28,7 @@ import (
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen=true
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RoleBinding
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RoleBinding
|
||||
// +k8s:deepcopy-gen:nonpointer-interfaces=true
|
||||
type RoleBindingAdapter struct {
|
||||
RoleBinding *rbacv1.RoleBinding
|
||||
@ -0,0 +1,31 @@
|
||||
load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = ["policy_comparator.go"],
|
||||
importmap = "k8s.io/kubernetes/vendor/k8s.io/component-helpers/auth/rbac/validation",
|
||||
importpath = "k8s.io/component-helpers/auth/rbac/validation",
|
||||
visibility = ["//visibility:public"],
|
||||
deps = ["//staging/src/k8s.io/api/rbac/v1:go_default_library"],
|
||||
)
|
||||
|
||||
go_test(
|
||||
name = "go_default_test",
|
||||
srcs = ["policy_comparator_test.go"],
|
||||
embed = [":go_default_library"],
|
||||
deps = ["//staging/src/k8s.io/api/rbac/v1:go_default_library"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "package-srcs",
|
||||
srcs = glob(["**"]),
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:private"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "all-srcs",
|
||||
srcs = [":package-srcs"],
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@ -2194,6 +2194,8 @@ k8s.io/component-base/version/verflag
|
||||
# k8s.io/component-helpers v0.0.0 => ./staging/src/k8s.io/component-helpers
|
||||
## explicit
|
||||
# k8s.io/component-helpers => ./staging/src/k8s.io/component-helpers
|
||||
k8s.io/component-helpers/auth/rbac/reconciliation
|
||||
k8s.io/component-helpers/auth/rbac/validation
|
||||
k8s.io/component-helpers/lease
|
||||
k8s.io/component-helpers/scheduling/corev1
|
||||
# k8s.io/controller-manager v0.0.0 => ./staging/src/k8s.io/controller-manager
|
||||
|
||||
Loading…
Reference in New Issue
Block a user