Merge pull request #121010 from Jefftree/decouple-openapi-v2v3-config

Decouple openapi v2v3 config
2025-10-21 14:38:46 +00:00 · 2023-10-16 23:41:11 +02:00
parent bb16282831 e3098225ea
commit ac66f3d466
67 changed files with 242 additions and 665 deletions
--- a/vendor/k8s.io/kube-openapi/pkg/builder3/openapi.go
+++ b/vendor/k8s.io/kube-openapi/pkg/builder3/openapi.go
@@ -174,9 +174,9 @@ func (o *openAPI) buildRequestBody(parameters []common.Parameter, consumes []str
 	return nil, nil
 }

-func newOpenAPI(config *common.Config) openAPI {
+func newOpenAPI(config *common.OpenAPIV3Config) openAPI {
 	o := openAPI{
-		config: common.ConvertConfigToV3(config),
+		config: config,
 		spec: &spec3.OpenAPI{
 			Version: "3.0.0",
 			Info:    config.Info,
@@ -315,12 +315,12 @@ func (o *openAPI) buildOpenAPISpec(webServices []common.RouteContainer) error {
 // BuildOpenAPISpec builds OpenAPI v3 spec given a list of route containers and common.Config to customize it.
 //
 // Deprecated: BuildOpenAPISpecFromRoutes should be used instead.
-func BuildOpenAPISpec(webServices []*restful.WebService, config *common.Config) (*spec3.OpenAPI, error) {
+func BuildOpenAPISpec(webServices []*restful.WebService, config *common.OpenAPIV3Config) (*spec3.OpenAPI, error) {
 	return BuildOpenAPISpecFromRoutes(restfuladapter.AdaptWebServices(webServices), config)
 }

 // BuildOpenAPISpecFromRoutes builds OpenAPI v3 spec given a list of route containers and common.Config to customize it.
-func BuildOpenAPISpecFromRoutes(webServices []common.RouteContainer, config *common.Config) (*spec3.OpenAPI, error) {
+func BuildOpenAPISpecFromRoutes(webServices []common.RouteContainer, config *common.OpenAPIV3Config) (*spec3.OpenAPI, error) {
 	a := newOpenAPI(config)
 	err := a.buildOpenAPISpec(webServices)
 	if err != nil {
@@ -332,7 +332,7 @@ func BuildOpenAPISpecFromRoutes(webServices []common.RouteContainer, config *com
 // BuildOpenAPIDefinitionsForResource builds a partial OpenAPI spec given a sample object and common.Config to customize it.
 // BuildOpenAPIDefinitionsForResources returns the OpenAPI spec which includes the definitions for the
 // passed type names.
-func BuildOpenAPIDefinitionsForResources(config *common.Config, names ...string) (map[string]*spec.Schema, error) {
+func BuildOpenAPIDefinitionsForResources(config *common.OpenAPIV3Config, names ...string) (map[string]*spec.Schema, error) {
 	o := newOpenAPI(config)
 	// We can discard the return value of toSchema because all we care about is the side effect of calling it.
 	// All the models created for this resource get added to o.swagger.Definitions
--- a/vendor/k8s.io/kube-openapi/pkg/common/common.go
+++ b/vendor/k8s.io/kube-openapi/pkg/common/common.go
@@ -22,7 +22,6 @@ import (

 	"github.com/emicklei/go-restful/v3"

-	"k8s.io/kube-openapi/pkg/openapiconv"
 	"k8s.io/kube-openapi/pkg/spec3"
 	"k8s.io/kube-openapi/pkg/validation/spec"
 )
@@ -172,43 +171,6 @@ type OpenAPIV3Config struct {
 	DefaultSecurity []map[string][]string
 }

-// ConvertConfigToV3 converts a Config object to an OpenAPIV3Config object
-func ConvertConfigToV3(config *Config) *OpenAPIV3Config {
-	if config == nil {
-		return nil
-	}
-
-	v3Config := &OpenAPIV3Config{
-		Info:                           config.Info,
-		IgnorePrefixes:                 config.IgnorePrefixes,
-		GetDefinitions:                 config.GetDefinitions,
-		GetOperationIDAndTags:          config.GetOperationIDAndTags,
-		GetOperationIDAndTagsFromRoute: config.GetOperationIDAndTagsFromRoute,
-		GetDefinitionName:              config.GetDefinitionName,
-		Definitions:                    config.Definitions,
-		SecuritySchemes:                make(spec3.SecuritySchemes),
-		DefaultSecurity:                config.DefaultSecurity,
-		DefaultResponse:                openapiconv.ConvertResponse(config.DefaultResponse, []string{"application/json"}),
-
-		CommonResponses:     make(map[int]*spec3.Response),
-		ResponseDefinitions: make(map[string]*spec3.Response),
-	}
-
-	if config.SecurityDefinitions != nil {
-		for s, securityScheme := range *config.SecurityDefinitions {
-			v3Config.SecuritySchemes[s] = openapiconv.ConvertSecurityScheme(securityScheme)
-		}
-	}
-	for k, commonResponse := range config.CommonResponses {
-		v3Config.CommonResponses[k] = openapiconv.ConvertResponse(&commonResponse, []string{"application/json"})
-	}
-
-	for k, responseDefinition := range config.ResponseDefinitions {
-		v3Config.ResponseDefinitions[k] = openapiconv.ConvertResponse(&responseDefinition, []string{"application/json"})
-	}
-	return v3Config
-}
-
 type typeInfo struct {
 	name   string
 	format string
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/fuzz.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/fuzz.go
@@ -35,6 +35,18 @@ var OpenAPIV3FuzzFuncs []interface{} = []interface{}{
 	func(o *OpenAPI, c fuzz.Continue) {
 		c.FuzzNoCustom(o)
 		o.Version = "3.0.0"
+		for i, val := range o.SecurityRequirement {
+			if val == nil {
+				o.SecurityRequirement[i] = make(map[string][]string)
+			}
+
+			for k, v := range val {
+				if v == nil {
+					val[k] = make([]string, 0)
+				}
+			}
+		}
+
 	},
 	func(r *interface{}, c fuzz.Continue) {
 		switch c.Intn(3) {
--- a/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go
+++ b/vendor/k8s.io/kube-openapi/pkg/spec3/spec.go
@@ -36,6 +36,8 @@ type OpenAPI struct {
 	Servers []*Server `json:"servers,omitempty"`
 	// Components hold various schemas for the specification
 	Components *Components `json:"components,omitempty"`
+	// SecurityRequirement holds a declaration of which security mechanisms can be used across the API
+	SecurityRequirement []map[string][]string `json:"security,omitempty"`
 	// ExternalDocs holds additional external documentation
 	ExternalDocs *ExternalDocumentation `json:"externalDocs,omitempty"`
 }
@@ -60,12 +62,13 @@ func (o *OpenAPI) MarshalJSON() ([]byte, error) {

 func (o *OpenAPI) MarshalNextJSON(opts jsonv2.MarshalOptions, enc *jsonv2.Encoder) error {
 	type OpenAPIOmitZero struct {
-		Version      string                 `json:"openapi"`
-		Info         *spec.Info             `json:"info"`
-		Paths        *Paths                 `json:"paths,omitzero"`
-		Servers      []*Server              `json:"servers,omitempty"`
-		Components   *Components            `json:"components,omitzero"`
-		ExternalDocs *ExternalDocumentation `json:"externalDocs,omitzero"`
+		Version             string                 `json:"openapi"`
+		Info                *spec.Info             `json:"info"`
+		Paths               *Paths                 `json:"paths,omitzero"`
+		Servers             []*Server              `json:"servers,omitempty"`
+		Components          *Components            `json:"components,omitzero"`
+		SecurityRequirement []map[string][]string  `json:"security,omitempty"`
+		ExternalDocs        *ExternalDocumentation `json:"externalDocs,omitzero"`
 	}
 	x := (*OpenAPIOmitZero)(o)
 	return opts.MarshalNext(enc, x)
--- a/vendor/k8s.io/kube-openapi/pkg/validation/spec/fuzz.go
+++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/fuzz.go
@@ -1,502 +0,0 @@
-/*
-Copyright 2022 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-	http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package spec
-
-import (
-	"github.com/go-openapi/jsonreference"
-	"github.com/google/go-cmp/cmp"
-	fuzz "github.com/google/gofuzz"
-)
-
-var SwaggerFuzzFuncs []interface{} = []interface{}{
-	func(v *Responses, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-		if v.Default != nil {
-			// Check if we hit maxDepth and left an incomplete value
-			if v.Default.Description == "" {
-				v.Default = nil
-				v.StatusCodeResponses = nil
-			}
-		}
-
-		// conversion has no way to discern empty statusCodeResponses from
-		// nil, since "default" is always included in the map.
-		// So avoid empty responses list
-		if len(v.StatusCodeResponses) == 0 {
-			v.StatusCodeResponses = nil
-		}
-	},
-	func(v *Operation, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-
-		if v != nil {
-			// force non-nil
-			v.Responses = &Responses{}
-			c.Fuzz(v.Responses)
-
-			v.Schemes = nil
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "http")
-			}
-
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "https")
-			}
-
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "ws")
-			}
-
-			if c.RandBool() {
-				v.Schemes = append(v.Schemes, "wss")
-			}
-
-			// Gnostic unconditionally makes security values non-null
-			// So do not fuzz null values into the array.
-			for i, val := range v.Security {
-				if val == nil {
-					v.Security[i] = make(map[string][]string)
-				}
-
-				for k, v := range val {
-					if v == nil {
-						val[k] = make([]string, 0)
-					}
-				}
-			}
-		}
-	},
-	func(v map[int]Response, c fuzz.Continue) {
-		n := 0
-		c.Fuzz(&n)
-		if n == 0 {
-			// Test that fuzzer is not at maxDepth so we do not
-			// end up with empty elements
-			return
-		}
-
-		// Prevent negative numbers
-		num := c.Intn(4)
-		for i := 0; i < num+2; i++ {
-			val := Response{}
-			c.Fuzz(&val)
-
-			val.Description = c.RandString() + "x"
-			v[100*(i+1)+c.Intn(100)] = val
-		}
-	},
-	func(v map[string]PathItem, c fuzz.Continue) {
-		n := 0
-		c.Fuzz(&n)
-		if n == 0 {
-			// Test that fuzzer is not at maxDepth so we do not
-			// end up with empty elements
-			return
-		}
-
-		num := c.Intn(5)
-		for i := 0; i < num+2; i++ {
-			val := PathItem{}
-			c.Fuzz(&val)
-
-			// Ref params are only allowed in certain locations, so
-			// possibly add a few to PathItems
-			numRefsToAdd := c.Intn(5)
-			for i := 0; i < numRefsToAdd; i++ {
-				theRef := Parameter{}
-				c.Fuzz(&theRef.Refable)
-
-				val.Parameters = append(val.Parameters, theRef)
-			}
-
-			v["/"+c.RandString()] = val
-		}
-	},
-	func(v *SchemaOrArray, c fuzz.Continue) {
-		*v = SchemaOrArray{}
-		// gnostic parser just doesn't support more
-		// than one Schema here
-		v.Schema = &Schema{}
-		c.Fuzz(&v.Schema)
-
-	},
-	func(v *SchemaOrBool, c fuzz.Continue) {
-		*v = SchemaOrBool{}
-
-		if c.RandBool() {
-			v.Allows = c.RandBool()
-		} else {
-			v.Schema = &Schema{}
-			v.Allows = true
-			c.Fuzz(&v.Schema)
-		}
-	},
-	func(v map[string]Response, c fuzz.Continue) {
-		n := 0
-		c.Fuzz(&n)
-		if n == 0 {
-			// Test that fuzzer is not at maxDepth so we do not
-			// end up with empty elements
-			return
-		}
-
-		// Response definitions are not allowed to
-		// be refs
-		for i := 0; i < c.Intn(5)+1; i++ {
-			resp := &Response{}
-
-			c.Fuzz(resp)
-			resp.Ref = Ref{}
-			resp.Description = c.RandString() + "x"
-
-			// Response refs are not vendor extensible by gnostic
-			resp.VendorExtensible.Extensions = nil
-			v[c.RandString()+"x"] = *resp
-		}
-	},
-	func(v *Header, c fuzz.Continue) {
-		if v != nil {
-			c.FuzzNoCustom(v)
-
-			// descendant Items of Header may not be refs
-			cur := v.Items
-			for cur != nil {
-				cur.Ref = Ref{}
-				cur = cur.Items
-			}
-		}
-	},
-	func(v *Ref, c fuzz.Continue) {
-		*v = Ref{}
-		v.Ref, _ = jsonreference.New("http://asd.com/" + c.RandString())
-	},
-	func(v *Response, c fuzz.Continue) {
-		*v = Response{}
-		if c.RandBool() {
-			v.Ref = Ref{}
-			v.Ref.Ref, _ = jsonreference.New("http://asd.com/" + c.RandString())
-		} else {
-			c.Fuzz(&v.VendorExtensible)
-			c.Fuzz(&v.Schema)
-			c.Fuzz(&v.ResponseProps)
-
-			v.Headers = nil
-			v.Ref = Ref{}
-
-			n := 0
-			c.Fuzz(&n)
-			if n != 0 {
-				// Test that fuzzer is not at maxDepth so we do not
-				// end up with empty elements
-				num := c.Intn(4)
-				for i := 0; i < num; i++ {
-					if v.Headers == nil {
-						v.Headers = make(map[string]Header)
-					}
-					hdr := Header{}
-					c.Fuzz(&hdr)
-					if hdr.Type == "" {
-						// hit maxDepth, just abort trying to make haders
-						v.Headers = nil
-						break
-					}
-					v.Headers[c.RandString()+"x"] = hdr
-				}
-			} else {
-				v.Headers = nil
-			}
-		}
-
-		v.Description = c.RandString() + "x"
-
-		// Gnostic parses empty as nil, so to keep avoid putting empty
-		if len(v.Headers) == 0 {
-			v.Headers = nil
-		}
-	},
-	func(v **Info, c fuzz.Continue) {
-		// Info is never nil
-		*v = &Info{}
-		c.FuzzNoCustom(*v)
-
-		(*v).Title = c.RandString() + "x"
-	},
-	func(v *Extensions, c fuzz.Continue) {
-		// gnostic parser only picks up x- vendor extensions
-		numChildren := c.Intn(5)
-		for i := 0; i < numChildren; i++ {
-			if *v == nil {
-				*v = Extensions{}
-			}
-			(*v)["x-"+c.RandString()] = c.RandString()
-		}
-	},
-	func(v *Swagger, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-
-		if v.Paths == nil {
-			// Force paths non-nil since it does not have omitempty in json tag.
-			// This means a perfect roundtrip (via json) is impossible,
-			// since we can't tell the difference between empty/unspecified paths
-			v.Paths = &Paths{}
-			c.Fuzz(v.Paths)
-		}
-
-		v.Swagger = "2.0"
-
-		// Gnostic support serializing ID at all
-		// unavoidable data loss
-		v.ID = ""
-
-		v.Schemes = nil
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "http")
-		}
-
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "https")
-		}
-
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "ws")
-		}
-
-		if c.RandUint64()%2 == 1 {
-			v.Schemes = append(v.Schemes, "wss")
-		}
-
-		// Gnostic unconditionally makes security values non-null
-		// So do not fuzz null values into the array.
-		for i, val := range v.Security {
-			if val == nil {
-				v.Security[i] = make(map[string][]string)
-			}
-
-			for k, v := range val {
-				if v == nil {
-					val[k] = make([]string, 0)
-				}
-			}
-		}
-	},
-	func(v *SecurityScheme, c fuzz.Continue) {
-		v.Description = c.RandString() + "x"
-		c.Fuzz(&v.VendorExtensible)
-
-		switch c.Intn(3) {
-		case 0:
-			v.Type = "basic"
-		case 1:
-			v.Type = "apiKey"
-			switch c.Intn(2) {
-			case 0:
-				v.In = "header"
-			case 1:
-				v.In = "query"
-			default:
-				panic("unreachable")
-			}
-			v.Name = "x" + c.RandString()
-		case 2:
-			v.Type = "oauth2"
-
-			switch c.Intn(4) {
-			case 0:
-				v.Flow = "accessCode"
-				v.TokenURL = "https://" + c.RandString()
-				v.AuthorizationURL = "https://" + c.RandString()
-			case 1:
-				v.Flow = "application"
-				v.TokenURL = "https://" + c.RandString()
-			case 2:
-				v.Flow = "implicit"
-				v.AuthorizationURL = "https://" + c.RandString()
-			case 3:
-				v.Flow = "password"
-				v.TokenURL = "https://" + c.RandString()
-			default:
-				panic("unreachable")
-			}
-			c.Fuzz(&v.Scopes)
-		default:
-			panic("unreachable")
-		}
-	},
-	func(v *interface{}, c fuzz.Continue) {
-		*v = c.RandString() + "x"
-	},
-	func(v *string, c fuzz.Continue) {
-		*v = c.RandString() + "x"
-	},
-	func(v *ExternalDocumentation, c fuzz.Continue) {
-		v.Description = c.RandString() + "x"
-		v.URL = c.RandString() + "x"
-	},
-	func(v *SimpleSchema, c fuzz.Continue) {
-		c.FuzzNoCustom(v)
-
-		switch c.Intn(5) {
-		case 0:
-			v.Type = "string"
-		case 1:
-			v.Type = "number"
-		case 2:
-			v.Type = "boolean"
-		case 3:
-			v.Type = "integer"
-		case 4:
-			v.Type = "array"
-		default:
-			panic("unreachable")
-		}
-
-		switch c.Intn(5) {
-		case 0:
-			v.CollectionFormat = "csv"
-		case 1:
-			v.CollectionFormat = "ssv"
-		case 2:
-			v.CollectionFormat = "tsv"
-		case 3:
-			v.CollectionFormat = "pipes"
-		case 4:
-			v.CollectionFormat = ""
-		default:
-			panic("unreachable")
-		}
-
-		// None of the types which include SimpleSchema in our definitions
-		// actually support "example" in the official spec
-		v.Example = nil
-
-		// unsupported by openapi
-		v.Nullable = false
-	},
-	func(v *int64, c fuzz.Continue) {
-		c.Fuzz(v)
-
-		// Gnostic does not differentiate between 0 and non-specified
-		// so avoid using 0 for fuzzer
-		if *v == 0 {
-			*v = 1
-		}
-	},
-	func(v *float64, c fuzz.Continue) {
-		c.Fuzz(v)
-
-		// Gnostic does not differentiate between 0 and non-specified
-		// so avoid using 0 for fuzzer
-		if *v == 0.0 {
-			*v = 1.0
-		}
-	},
-	func(v *Parameter, c fuzz.Continue) {
-		if v == nil {
-			return
-		}
-		c.Fuzz(&v.VendorExtensible)
-		if c.RandBool() {
-			// body param
-			v.Description = c.RandString() + "x"
-			v.Name = c.RandString() + "x"
-			v.In = "body"
-			c.Fuzz(&v.Description)
-			c.Fuzz(&v.Required)
-
-			v.Schema = &Schema{}
-			c.Fuzz(&v.Schema)
-
-		} else {
-			c.Fuzz(&v.SimpleSchema)
-			c.Fuzz(&v.CommonValidations)
-			v.AllowEmptyValue = false
-			v.Description = c.RandString() + "x"
-			v.Name = c.RandString() + "x"
-
-			switch c.Intn(4) {
-			case 0:
-				// Header param
-				v.In = "header"
-			case 1:
-				// Form data param
-				v.In = "formData"
-				v.AllowEmptyValue = c.RandBool()
-			case 2:
-				// Query param
-				v.In = "query"
-				v.AllowEmptyValue = c.RandBool()
-			case 3:
-				// Path param
-				v.In = "path"
-				v.Required = true
-			default:
-				panic("unreachable")
-			}
-
-			// descendant Items of Parameter may not be refs
-			cur := v.Items
-			for cur != nil {
-				cur.Ref = Ref{}
-				cur = cur.Items
-			}
-		}
-	},
-	func(v *Schema, c fuzz.Continue) {
-		if c.RandBool() {
-			// file schema
-			c.Fuzz(&v.Default)
-			c.Fuzz(&v.Description)
-			c.Fuzz(&v.Example)
-			c.Fuzz(&v.ExternalDocs)
-
-			c.Fuzz(&v.Format)
-			c.Fuzz(&v.ReadOnly)
-			c.Fuzz(&v.Required)
-			c.Fuzz(&v.Title)
-			v.Type = StringOrArray{"file"}
-
-		} else {
-			// normal schema
-			c.Fuzz(&v.SchemaProps)
-			c.Fuzz(&v.SwaggerSchemaProps)
-			c.Fuzz(&v.VendorExtensible)
-			// c.Fuzz(&v.ExtraProps)
-			// ExtraProps will not roundtrip - gnostic throws out
-			// unrecognized keys
-		}
-
-		// Not supported by official openapi v2 spec
-		// and stripped by k8s apiserver
-		v.ID = ""
-		v.AnyOf = nil
-		v.OneOf = nil
-		v.Not = nil
-		v.Nullable = false
-		v.AdditionalItems = nil
-		v.Schema = ""
-		v.PatternProperties = nil
-		v.Definitions = nil
-		v.Dependencies = nil
-	},
-}
-
-var SwaggerDiffOptions = []cmp.Option{
-	// cmp.Diff panics on Ref since jsonreference.Ref uses unexported fields
-	cmp.Comparer(func(a Ref, b Ref) bool {
-		return a.String() == b.String()
-	}),
-}
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -2139,7 +2139,7 @@ k8s.io/kube-aggregator/pkg/registry/apiservice/rest
 # k8s.io/kube-controller-manager v0.0.0 => ./staging/src/k8s.io/kube-controller-manager
 ## explicit; go 1.20
 k8s.io/kube-controller-manager/config/v1alpha1
-# k8s.io/kube-openapi v0.0.0-20230918164632-68afd615200d
+# k8s.io/kube-openapi v0.0.0-20231009201959-f62364c3c354
 ## explicit; go 1.19
 k8s.io/kube-openapi/cmd/openapi-gen
 k8s.io/kube-openapi/cmd/openapi-gen/args