From a5920f7edb48654edaf649e28680d324ea1cdcb9 Mon Sep 17 00:00:00 2001 From: Jan Chaloupka Date: Wed, 21 Oct 2020 13:38:19 +0200 Subject: [PATCH] Move helpers from pkg/registry/rbac/reconciliation and pkg/registry/rbac/validation under k8s.io/component-helpers --- hack/.golint_failures | 3 +- pkg/kubectl/.import-restrictions | 2 -- pkg/kubectl/cmd/auth/BUILD | 2 +- pkg/kubectl/cmd/auth/reconcile.go | 2 +- pkg/registry/rbac/BUILD | 1 - pkg/registry/rbac/rest/BUILD | 2 +- pkg/registry/rbac/rest/storage_rbac.go | 2 +- pkg/registry/rbac/validation/BUILD | 4 +-- .../rbac/validation/policy_compact_test.go | 5 +-- pkg/registry/rbac/validation/rule.go | 12 ++++++- .../authorizer/rbac/bootstrappolicy/BUILD | 2 +- .../rbac/bootstrappolicy/policy_test.go | 8 ++--- staging/publishing/import-restrictions.yaml | 1 + staging/src/k8s.io/component-helpers/BUILD | 2 ++ .../src/k8s.io/component-helpers/auth/OWNERS | 8 +++++ .../auth}/rbac/reconciliation/BUILD | 7 +++-- .../reconciliation/clusterrole_interfaces.go | 3 +- .../clusterrolebinding_interfaces.go | 3 +- .../auth}/rbac/reconciliation/namespace.go | 0 .../rbac/reconciliation/reconcile_role.go | 2 +- .../reconciliation/reconcile_role_test.go | 6 ++-- .../reconciliation/reconcile_rolebindings.go | 0 .../reconcile_rolebindings_test.go | 8 ++--- .../rbac/reconciliation/role_interfaces.go | 3 +- .../reconciliation/rolebinding_interfaces.go | 3 +- .../reconciliation/zz_generated.deepcopy.go | 0 .../auth/rbac/validation/BUILD | 31 +++++++++++++++++++ .../rbac/validation/policy_comparator.go | 0 .../rbac/validation/policy_comparator_test.go | 0 vendor/modules.txt | 2 ++ 30 files changed, 91 insertions(+), 33 deletions(-) create mode 100644 staging/src/k8s.io/component-helpers/auth/OWNERS rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/reconciliation/BUILD (85%) rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/reconciliation/clusterrole_interfaces.go (96%) rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/reconciliation/clusterrolebinding_interfaces.go (97%) rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/reconciliation/namespace.go (100%) rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/reconciliation/reconcile_role.go (99%) rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/reconciliation/reconcile_role_test.go (97%) rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/reconciliation/reconcile_rolebindings.go (100%) rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/reconciliation/reconcile_rolebindings_test.go (95%) rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/reconciliation/role_interfaces.go (96%) rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/reconciliation/rolebinding_interfaces.go (97%) rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/reconciliation/zz_generated.deepcopy.go (100%) create mode 100644 staging/src/k8s.io/component-helpers/auth/rbac/validation/BUILD rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/validation/policy_comparator.go (100%) rename {pkg/registry => staging/src/k8s.io/component-helpers/auth}/rbac/validation/policy_comparator_test.go (100%) diff --git a/hack/.golint_failures b/hack/.golint_failures index c9be7894a8a..5411a0ce0ab 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -150,7 +150,6 @@ pkg/registry/policy/rest pkg/registry/rbac/clusterrole/policybased pkg/registry/rbac/clusterrolebinding pkg/registry/rbac/clusterrolebinding/policybased -pkg/registry/rbac/reconciliation pkg/registry/rbac/rest pkg/registry/rbac/role/policybased pkg/registry/rbac/rolebinding @@ -408,6 +407,8 @@ staging/src/k8s.io/component-base/cli/flag staging/src/k8s.io/component-base/config/v1alpha1 staging/src/k8s.io/component-base/featuregate staging/src/k8s.io/component-base/version/verflag +staging/src/k8s.io/component-helpers/auth/rbac/reconciliation +staging/src/k8s.io/component-helpers/auth/rbac/validation staging/src/k8s.io/controller-manager/config/v1alpha1 staging/src/k8s.io/controller-manager/pkg/features staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 diff --git a/pkg/kubectl/.import-restrictions b/pkg/kubectl/.import-restrictions index 5326a9dae8d..d6a86cf7ac2 100644 --- a/pkg/kubectl/.import-restrictions +++ b/pkg/kubectl/.import-restrictions @@ -63,6 +63,4 @@ rules: - k8s.io/kubernetes/pkg/apis/storage/v1beta1 - k8s.io/kubernetes/pkg/features - k8s.io/kubernetes/pkg/kubectl - - k8s.io/kubernetes/pkg/registry/rbac/reconciliation - - k8s.io/kubernetes/pkg/registry/rbac/validation - k8s.io/kubernetes/pkg/util/parsers diff --git a/pkg/kubectl/cmd/auth/BUILD b/pkg/kubectl/cmd/auth/BUILD index 97bac484632..40fdd498b58 100644 --- a/pkg/kubectl/cmd/auth/BUILD +++ b/pkg/kubectl/cmd/auth/BUILD @@ -16,7 +16,6 @@ go_library( "//build/visible_to:pkg_kubectl_cmd_auth_CONSUMERS", ], deps = [ - "//pkg/registry/rbac/reconciliation:go_default_library", "//staging/src/k8s.io/api/authorization/v1:go_default_library", "//staging/src/k8s.io/api/rbac/v1:go_default_library", "//staging/src/k8s.io/api/rbac/v1alpha1:go_default_library", @@ -34,6 +33,7 @@ go_library( "//staging/src/k8s.io/client-go/kubernetes/typed/authorization/v1:go_default_library", "//staging/src/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library", "//staging/src/k8s.io/client-go/kubernetes/typed/rbac/v1:go_default_library", + "//staging/src/k8s.io/component-helpers/auth/rbac/reconciliation:go_default_library", "//staging/src/k8s.io/kubectl/pkg/cmd/util:go_default_library", "//staging/src/k8s.io/kubectl/pkg/describe:go_default_library", "//staging/src/k8s.io/kubectl/pkg/scheme:go_default_library", diff --git a/pkg/kubectl/cmd/auth/reconcile.go b/pkg/kubectl/cmd/auth/reconcile.go index 6514f080355..1e31d77338c 100644 --- a/pkg/kubectl/cmd/auth/reconcile.go +++ b/pkg/kubectl/cmd/auth/reconcile.go @@ -32,10 +32,10 @@ import ( "k8s.io/cli-runtime/pkg/resource" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1" + "k8s.io/component-helpers/auth/rbac/reconciliation" cmdutil "k8s.io/kubectl/pkg/cmd/util" "k8s.io/kubectl/pkg/scheme" "k8s.io/kubectl/pkg/util/templates" - "k8s.io/kubernetes/pkg/registry/rbac/reconciliation" ) // ReconcileOptions is the start of the data required to perform the operation. As new fields are added, add them here instead of diff --git a/pkg/registry/rbac/BUILD b/pkg/registry/rbac/BUILD index c111ebfff67..9bc51a42e42 100644 --- a/pkg/registry/rbac/BUILD +++ b/pkg/registry/rbac/BUILD @@ -39,7 +39,6 @@ filegroup( ":package-srcs", "//pkg/registry/rbac/clusterrole:all-srcs", "//pkg/registry/rbac/clusterrolebinding:all-srcs", - "//pkg/registry/rbac/reconciliation:all-srcs", "//pkg/registry/rbac/rest:all-srcs", "//pkg/registry/rbac/role:all-srcs", "//pkg/registry/rbac/rolebinding:all-srcs", diff --git a/pkg/registry/rbac/rest/BUILD b/pkg/registry/rbac/rest/BUILD index 994af7539d8..3c727d46ff7 100644 --- a/pkg/registry/rbac/rest/BUILD +++ b/pkg/registry/rbac/rest/BUILD @@ -18,7 +18,6 @@ go_library( "//pkg/registry/rbac/clusterrolebinding:go_default_library", "//pkg/registry/rbac/clusterrolebinding/policybased:go_default_library", "//pkg/registry/rbac/clusterrolebinding/storage:go_default_library", - "//pkg/registry/rbac/reconciliation:go_default_library", "//pkg/registry/rbac/role:go_default_library", "//pkg/registry/rbac/role/policybased:go_default_library", "//pkg/registry/rbac/role/storage:go_default_library", @@ -43,6 +42,7 @@ go_library( "//staging/src/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library", "//staging/src/k8s.io/client-go/kubernetes/typed/rbac/v1:go_default_library", "//staging/src/k8s.io/client-go/util/retry:go_default_library", + "//staging/src/k8s.io/component-helpers/auth/rbac/reconciliation:go_default_library", "//vendor/k8s.io/klog/v2:go_default_library", ], ) diff --git a/pkg/registry/rbac/rest/storage_rbac.go b/pkg/registry/rbac/rest/storage_rbac.go index 7d1d290c83b..8776ddbfe96 100644 --- a/pkg/registry/rbac/rest/storage_rbac.go +++ b/pkg/registry/rbac/rest/storage_rbac.go @@ -39,6 +39,7 @@ import ( corev1client "k8s.io/client-go/kubernetes/typed/core/v1" rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1" "k8s.io/client-go/util/retry" + "k8s.io/component-helpers/auth/rbac/reconciliation" "k8s.io/kubernetes/pkg/api/legacyscheme" "k8s.io/kubernetes/pkg/apis/rbac" "k8s.io/kubernetes/pkg/registry/rbac/clusterrole" @@ -47,7 +48,6 @@ import ( "k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding" clusterrolebindingpolicybased "k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/policybased" clusterrolebindingstore "k8s.io/kubernetes/pkg/registry/rbac/clusterrolebinding/storage" - "k8s.io/kubernetes/pkg/registry/rbac/reconciliation" "k8s.io/kubernetes/pkg/registry/rbac/role" rolepolicybased "k8s.io/kubernetes/pkg/registry/rbac/role/policybased" rolestore "k8s.io/kubernetes/pkg/registry/rbac/role/storage" diff --git a/pkg/registry/rbac/validation/BUILD b/pkg/registry/rbac/validation/BUILD index fecae732c05..0786e3d04a6 100644 --- a/pkg/registry/rbac/validation/BUILD +++ b/pkg/registry/rbac/validation/BUILD @@ -10,7 +10,6 @@ go_test( name = "go_default_test", srcs = [ "policy_compact_test.go", - "policy_comparator_test.go", "rule_test.go", ], embed = [":go_default_library"], @@ -20,6 +19,7 @@ go_test( "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library", "//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library", + "//staging/src/k8s.io/component-helpers/auth/rbac/validation:go_default_library", ], ) @@ -28,7 +28,6 @@ go_library( srcs = [ "internal_version_adapter.go", "policy_compact.go", - "policy_comparator.go", "rule.go", ], importpath = "k8s.io/kubernetes/pkg/registry/rbac/validation", @@ -41,6 +40,7 @@ go_library( "//staging/src/k8s.io/apiserver/pkg/authentication/serviceaccount:go_default_library", "//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library", "//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library", + "//staging/src/k8s.io/component-helpers/auth/rbac/validation:go_default_library", "//vendor/k8s.io/klog/v2:go_default_library", ], ) diff --git a/pkg/registry/rbac/validation/policy_compact_test.go b/pkg/registry/rbac/validation/policy_compact_test.go index 4444657be7a..a630e8411f1 100644 --- a/pkg/registry/rbac/validation/policy_compact_test.go +++ b/pkg/registry/rbac/validation/policy_compact_test.go @@ -22,6 +22,7 @@ import ( "testing" rbacv1 "k8s.io/api/rbac/v1" + "k8s.io/component-helpers/auth/rbac/validation" rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" ) @@ -126,11 +127,11 @@ func TestCompactRules(t *testing.T) { t.Errorf("%s: CompactRules mutated rules. Expected\n%#v\ngot\n%#v", k, originalRules, rules) continue } - if covers, missing := Covers(compacted, rules); !covers { + if covers, missing := validation.Covers(compacted, rules); !covers { t.Errorf("%s: compacted rules did not cover original rules. missing: %#v", k, missing) continue } - if covers, missing := Covers(rules, compacted); !covers { + if covers, missing := validation.Covers(rules, compacted); !covers { t.Errorf("%s: original rules did not cover compacted rules. missing: %#v", k, missing) continue } diff --git a/pkg/registry/rbac/validation/rule.go b/pkg/registry/rbac/validation/rule.go index 3369566487a..603f56afbc1 100644 --- a/pkg/registry/rbac/validation/rule.go +++ b/pkg/registry/rbac/validation/rule.go @@ -30,6 +30,7 @@ import ( "k8s.io/apiserver/pkg/authentication/serviceaccount" "k8s.io/apiserver/pkg/authentication/user" genericapirequest "k8s.io/apiserver/pkg/endpoints/request" + "k8s.io/component-helpers/auth/rbac/validation" rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" ) @@ -65,7 +66,7 @@ func ConfirmNoEscalation(ctx context.Context, ruleResolver AuthorizationRuleReso ruleResolutionErrors = append(ruleResolutionErrors, err) } - ownerRightsCover, missingRights := Covers(ownerRules, rules) + ownerRightsCover, missingRights := validation.Covers(ownerRules, rules) if !ownerRightsCover { compactMissingRights := missingRights if compact, err := CompactRules(missingRights); err == nil { @@ -268,6 +269,15 @@ func appliesTo(user user.Info, bindingSubjects []rbacv1.Subject, namespace strin return 0, false } +func has(set []string, ele string) bool { + for _, s := range set { + if s == ele { + return true + } + } + return false +} + func appliesToUser(user user.Info, subject rbacv1.Subject, namespace string) bool { switch subject.Kind { case rbacv1.UserKind: diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/BUILD b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/BUILD index ca943f5e9c4..e8a672a2c51 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/BUILD +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/BUILD @@ -43,13 +43,13 @@ go_test( "//pkg/apis/core/install:go_default_library", "//pkg/apis/rbac/install:go_default_library", "//pkg/apis/rbac/v1:go_default_library", - "//pkg/registry/rbac/validation:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/rbac/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/meta:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", + "//staging/src/k8s.io/component-helpers/auth/rbac/validation:go_default_library", "//vendor/sigs.k8s.io/yaml:go_default_library", ], ) diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy_test.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy_test.go index 4f1a48b945d..431902da57d 100644 --- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy_test.go +++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy_test.go @@ -25,18 +25,18 @@ import ( "sigs.k8s.io/yaml" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/component-helpers/auth/rbac/validation" "k8s.io/kubernetes/pkg/api/legacyscheme" api "k8s.io/kubernetes/pkg/apis/core" _ "k8s.io/kubernetes/pkg/apis/core/install" _ "k8s.io/kubernetes/pkg/apis/rbac/install" rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1" - rbacregistryvalidation "k8s.io/kubernetes/pkg/registry/rbac/validation" "k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy" ) @@ -100,7 +100,7 @@ func TestEditViewRelationship(t *testing.T) { // confirm that the view role doesn't already have extra powers for _, rule := range viewEscalatingNamespaceResources { - if covers, _ := rbacregistryvalidation.Covers(semanticRoles.view.Rules, []rbacv1.PolicyRule{rule}); covers { + if covers, _ := validation.Covers(semanticRoles.view.Rules, []rbacv1.PolicyRule{rule}); covers { t.Errorf("view has extra powers: %#v", rule) } } @@ -108,7 +108,7 @@ func TestEditViewRelationship(t *testing.T) { // confirm that the view role doesn't have ungettable resources for _, rule := range ungettableResources { - if covers, _ := rbacregistryvalidation.Covers(semanticRoles.view.Rules, []rbacv1.PolicyRule{rule}); covers { + if covers, _ := validation.Covers(semanticRoles.view.Rules, []rbacv1.PolicyRule{rule}); covers { t.Errorf("view has ungettable resource: %#v", rule) } } diff --git a/staging/publishing/import-restrictions.yaml b/staging/publishing/import-restrictions.yaml index e7f4596f001..09cf424524a 100644 --- a/staging/publishing/import-restrictions.yaml +++ b/staging/publishing/import-restrictions.yaml @@ -256,5 +256,6 @@ - k8s.io/api - k8s.io/apimachinery - k8s.io/client-go + - k8s.io/component-helpers - k8s.io/klog - k8s.io/utils diff --git a/staging/src/k8s.io/component-helpers/BUILD b/staging/src/k8s.io/component-helpers/BUILD index cfcf0383381..586c110699f 100644 --- a/staging/src/k8s.io/component-helpers/BUILD +++ b/staging/src/k8s.io/component-helpers/BUILD @@ -9,6 +9,8 @@ filegroup( name = "all-srcs", srcs = [ ":package-srcs", + "//staging/src/k8s.io/component-helpers/auth/rbac/reconciliation:all-srcs", + "//staging/src/k8s.io/component-helpers/auth/rbac/validation:all-srcs", "//staging/src/k8s.io/component-helpers/lease:all-srcs", "//staging/src/k8s.io/component-helpers/scheduling/corev1:all-srcs", ], diff --git a/staging/src/k8s.io/component-helpers/auth/OWNERS b/staging/src/k8s.io/component-helpers/auth/OWNERS new file mode 100644 index 00000000000..4fca8eedc9c --- /dev/null +++ b/staging/src/k8s.io/component-helpers/auth/OWNERS @@ -0,0 +1,8 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +approvers: +- sig-auth-api-approvers +reviewers: +- sig-auth-api-reviewers +labels: +- sig/auth diff --git a/pkg/registry/rbac/reconciliation/BUILD b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/BUILD similarity index 85% rename from pkg/registry/rbac/reconciliation/BUILD rename to staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/BUILD index 33b5a585115..3590efaa8ed 100644 --- a/pkg/registry/rbac/reconciliation/BUILD +++ b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/BUILD @@ -14,8 +14,8 @@ go_test( ], embed = [":go_default_library"], deps = [ - "//pkg/apis/core/helper:go_default_library", "//staging/src/k8s.io/api/rbac/v1:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/api/equality:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library", ], @@ -33,9 +33,9 @@ go_library( "rolebinding_interfaces.go", "zz_generated.deepcopy.go", ], - importpath = "k8s.io/kubernetes/pkg/registry/rbac/reconciliation", + importmap = "k8s.io/kubernetes/vendor/k8s.io/component-helpers/auth/rbac/reconciliation", + importpath = "k8s.io/component-helpers/auth/rbac/reconciliation", deps = [ - "//pkg/registry/rbac/validation:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/rbac/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/api/equality:go_default_library", @@ -46,6 +46,7 @@ go_library( "//staging/src/k8s.io/apimachinery/pkg/util/errors:go_default_library", "//staging/src/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library", "//staging/src/k8s.io/client-go/kubernetes/typed/rbac/v1:go_default_library", + "//staging/src/k8s.io/component-helpers/auth/rbac/validation:go_default_library", ], ) diff --git a/pkg/registry/rbac/reconciliation/clusterrole_interfaces.go b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrole_interfaces.go similarity index 96% rename from pkg/registry/rbac/reconciliation/clusterrole_interfaces.go rename to staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrole_interfaces.go index 4a4527581d3..c10745c6884 100644 --- a/pkg/registry/rbac/reconciliation/clusterrole_interfaces.go +++ b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrole_interfaces.go @@ -18,6 +18,7 @@ package reconciliation import ( "context" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -25,7 +26,7 @@ import ( ) // +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RuleOwner +// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RuleOwner // +k8s:deepcopy-gen:nonpointer-interfaces=true type ClusterRoleRuleOwner struct { ClusterRole *rbacv1.ClusterRole diff --git a/pkg/registry/rbac/reconciliation/clusterrolebinding_interfaces.go b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrolebinding_interfaces.go similarity index 97% rename from pkg/registry/rbac/reconciliation/clusterrolebinding_interfaces.go rename to staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrolebinding_interfaces.go index 737dab62c8b..f55a1bf3fde 100644 --- a/pkg/registry/rbac/reconciliation/clusterrolebinding_interfaces.go +++ b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/clusterrolebinding_interfaces.go @@ -18,6 +18,7 @@ package reconciliation import ( "context" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -26,7 +27,7 @@ import ( ) // +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RoleBinding +// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RoleBinding // +k8s:deepcopy-gen:nonpointer-interfaces=true type ClusterRoleBindingAdapter struct { ClusterRoleBinding *rbacv1.ClusterRoleBinding diff --git a/pkg/registry/rbac/reconciliation/namespace.go b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/namespace.go similarity index 100% rename from pkg/registry/rbac/reconciliation/namespace.go rename to staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/namespace.go diff --git a/pkg/registry/rbac/reconciliation/reconcile_role.go b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_role.go similarity index 99% rename from pkg/registry/rbac/reconciliation/reconcile_role.go rename to staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_role.go index e46848dd529..f191ea3374b 100644 --- a/pkg/registry/rbac/reconciliation/reconcile_role.go +++ b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_role.go @@ -25,7 +25,7 @@ import ( "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/kubernetes/pkg/registry/rbac/validation" + "k8s.io/component-helpers/auth/rbac/validation" ) type ReconcileOperation string diff --git a/pkg/registry/rbac/reconciliation/reconcile_role_test.go b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_role_test.go similarity index 97% rename from pkg/registry/rbac/reconciliation/reconcile_role_test.go rename to staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_role_test.go index be371279889..fe50ecccfb2 100644 --- a/pkg/registry/rbac/reconciliation/reconcile_role_test.go +++ b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_role_test.go @@ -20,9 +20,9 @@ import ( "testing" rbacv1 "k8s.io/api/rbac/v1" + apiequality "k8s.io/apimachinery/pkg/api/equality" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/diff" - "k8s.io/kubernetes/pkg/apis/core/helper" ) func role(rules []rbacv1.PolicyRule, labels map[string]string, annotations map[string]string) *rbacv1.ClusterRole { @@ -272,7 +272,7 @@ func TestComputeReconciledRoleRules(t *testing.T) { t.Errorf("%s: Expected\n\t%v\ngot\n\t%v", k, tc.expectedReconciliationNeeded, reconciliationNeeded) continue } - if reconciliationNeeded && !helper.Semantic.DeepEqual(result.Role.(ClusterRoleRuleOwner).ClusterRole, tc.expectedReconciledRole) { + if reconciliationNeeded && !apiequality.Semantic.DeepEqual(result.Role.(ClusterRoleRuleOwner).ClusterRole, tc.expectedReconciledRole) { t.Errorf("%s: Expected\n\t%#v\ngot\n\t%#v", k, tc.expectedReconciledRole, result.Role) } } @@ -391,7 +391,7 @@ func TestComputeReconciledRoleAggregationRules(t *testing.T) { t.Errorf("%s: Expected\n\t%v\ngot\n\t%v", k, tc.expectedReconciliationNeeded, reconciliationNeeded) continue } - if reconciliationNeeded && !helper.Semantic.DeepEqual(result.Role.(ClusterRoleRuleOwner).ClusterRole, tc.expectedReconciledRole) { + if reconciliationNeeded && !apiequality.Semantic.DeepEqual(result.Role.(ClusterRoleRuleOwner).ClusterRole, tc.expectedReconciledRole) { t.Errorf("%s: %v", k, diff.ObjectDiff(tc.expectedReconciledRole, result.Role.(ClusterRoleRuleOwner).ClusterRole)) } } diff --git a/pkg/registry/rbac/reconciliation/reconcile_rolebindings.go b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_rolebindings.go similarity index 100% rename from pkg/registry/rbac/reconciliation/reconcile_rolebindings.go rename to staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_rolebindings.go diff --git a/pkg/registry/rbac/reconciliation/reconcile_rolebindings_test.go b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_rolebindings_test.go similarity index 95% rename from pkg/registry/rbac/reconciliation/reconcile_rolebindings_test.go rename to staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_rolebindings_test.go index 6abb09081b0..c1c84bef396 100644 --- a/pkg/registry/rbac/reconciliation/reconcile_rolebindings_test.go +++ b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/reconcile_rolebindings_test.go @@ -20,7 +20,7 @@ import ( "testing" rbacv1 "k8s.io/api/rbac/v1" - "k8s.io/kubernetes/pkg/apis/core/helper" + apiequality "k8s.io/apimachinery/pkg/api/equality" ) func binding(roleRef rbacv1.RoleRef, subjects []rbacv1.Subject) *rbacv1.ClusterRoleBinding { @@ -81,10 +81,10 @@ func TestDiffObjectReferenceLists(t *testing.T) { for k, tc := range tests { onlyA, onlyB := diffSubjectLists(tc.A, tc.B) - if !helper.Semantic.DeepEqual(onlyA, tc.ExpectedOnlyA) { + if !apiequality.Semantic.DeepEqual(onlyA, tc.ExpectedOnlyA) { t.Errorf("%s: Expected %#v, got %#v", k, tc.ExpectedOnlyA, onlyA) } - if !helper.Semantic.DeepEqual(onlyB, tc.ExpectedOnlyB) { + if !apiequality.Semantic.DeepEqual(onlyB, tc.ExpectedOnlyB) { t.Errorf("%s: Expected %#v, got %#v", k, tc.ExpectedOnlyB, onlyB) } } @@ -174,7 +174,7 @@ func TestComputeUpdate(t *testing.T) { t.Errorf("%s: Expected\n\t%v\ngot\n\t%v (%v)", k, tc.ExpectedUpdateNeeded, updateNeeded, result.Operation) continue } - if updateNeeded && !helper.Semantic.DeepEqual(updatedBinding, tc.ExpectedUpdatedBinding) { + if updateNeeded && !apiequality.Semantic.DeepEqual(updatedBinding, tc.ExpectedUpdatedBinding) { t.Errorf("%s: Expected\n\t%v %v\ngot\n\t%v %v", k, tc.ExpectedUpdatedBinding.RoleRef, tc.ExpectedUpdatedBinding.Subjects, updatedBinding.RoleRef, updatedBinding.Subjects) } } diff --git a/pkg/registry/rbac/reconciliation/role_interfaces.go b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/role_interfaces.go similarity index 96% rename from pkg/registry/rbac/reconciliation/role_interfaces.go rename to staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/role_interfaces.go index 31bb6566de1..ae7e7867adb 100644 --- a/pkg/registry/rbac/reconciliation/role_interfaces.go +++ b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/role_interfaces.go @@ -18,6 +18,7 @@ package reconciliation import ( "context" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -26,7 +27,7 @@ import ( ) // +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RuleOwner +// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RuleOwner // +k8s:deepcopy-gen:nonpointer-interfaces=true type RoleRuleOwner struct { Role *rbacv1.Role diff --git a/pkg/registry/rbac/reconciliation/rolebinding_interfaces.go b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/rolebinding_interfaces.go similarity index 97% rename from pkg/registry/rbac/reconciliation/rolebinding_interfaces.go rename to staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/rolebinding_interfaces.go index 8cf2052c294..990bb1035dd 100644 --- a/pkg/registry/rbac/reconciliation/rolebinding_interfaces.go +++ b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/rolebinding_interfaces.go @@ -18,6 +18,7 @@ package reconciliation import ( "context" + rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -27,7 +28,7 @@ import ( ) // +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/kubernetes/pkg/registry/rbac/reconciliation.RoleBinding +// +k8s:deepcopy-gen:interfaces=k8s.io/component-helpers/auth/rbac/reconciliation.RoleBinding // +k8s:deepcopy-gen:nonpointer-interfaces=true type RoleBindingAdapter struct { RoleBinding *rbacv1.RoleBinding diff --git a/pkg/registry/rbac/reconciliation/zz_generated.deepcopy.go b/staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/zz_generated.deepcopy.go similarity index 100% rename from pkg/registry/rbac/reconciliation/zz_generated.deepcopy.go rename to staging/src/k8s.io/component-helpers/auth/rbac/reconciliation/zz_generated.deepcopy.go diff --git a/staging/src/k8s.io/component-helpers/auth/rbac/validation/BUILD b/staging/src/k8s.io/component-helpers/auth/rbac/validation/BUILD new file mode 100644 index 00000000000..dd1ec07dbe5 --- /dev/null +++ b/staging/src/k8s.io/component-helpers/auth/rbac/validation/BUILD @@ -0,0 +1,31 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "go_default_library", + srcs = ["policy_comparator.go"], + importmap = "k8s.io/kubernetes/vendor/k8s.io/component-helpers/auth/rbac/validation", + importpath = "k8s.io/component-helpers/auth/rbac/validation", + visibility = ["//visibility:public"], + deps = ["//staging/src/k8s.io/api/rbac/v1:go_default_library"], +) + +go_test( + name = "go_default_test", + srcs = ["policy_comparator_test.go"], + embed = [":go_default_library"], + deps = ["//staging/src/k8s.io/api/rbac/v1:go_default_library"], +) + +filegroup( + name = "package-srcs", + srcs = glob(["**"]), + tags = ["automanaged"], + visibility = ["//visibility:private"], +) + +filegroup( + name = "all-srcs", + srcs = [":package-srcs"], + tags = ["automanaged"], + visibility = ["//visibility:public"], +) diff --git a/pkg/registry/rbac/validation/policy_comparator.go b/staging/src/k8s.io/component-helpers/auth/rbac/validation/policy_comparator.go similarity index 100% rename from pkg/registry/rbac/validation/policy_comparator.go rename to staging/src/k8s.io/component-helpers/auth/rbac/validation/policy_comparator.go diff --git a/pkg/registry/rbac/validation/policy_comparator_test.go b/staging/src/k8s.io/component-helpers/auth/rbac/validation/policy_comparator_test.go similarity index 100% rename from pkg/registry/rbac/validation/policy_comparator_test.go rename to staging/src/k8s.io/component-helpers/auth/rbac/validation/policy_comparator_test.go diff --git a/vendor/modules.txt b/vendor/modules.txt index ba380b7b132..58e5f2fbeca 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2194,6 +2194,8 @@ k8s.io/component-base/version/verflag # k8s.io/component-helpers v0.0.0 => ./staging/src/k8s.io/component-helpers ## explicit # k8s.io/component-helpers => ./staging/src/k8s.io/component-helpers +k8s.io/component-helpers/auth/rbac/reconciliation +k8s.io/component-helpers/auth/rbac/validation k8s.io/component-helpers/lease k8s.io/component-helpers/scheduling/corev1 # k8s.io/controller-manager v0.0.0 => ./staging/src/k8s.io/controller-manager