apiserver/validation: fix some sets.NewString deprecations

Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
2025-09-15 14:14:39 +00:00 · 2024-09-25 11:39:53 +02:00
parent 4024390d8c
commit c44fc28087
3 changed files with 74 additions and 74 deletions
--- a/pkg/kubeapiserver/authorizer/config.go
+++ b/pkg/kubeapiserver/authorizer/config.go
@@ -177,8 +177,8 @@ func LoadAndValidateData(data []byte, compiler authorizationcel.Compiler, requir
 	// validate the file and return any error
 	if errors := validation.ValidateAuthorizationConfiguration(compiler, nil, authorizationConfiguration,
-		sets.NewString(modes.AuthorizationModeChoices...),
+		sets.New(modes.AuthorizationModeChoices...),
-		sets.NewString(repeatableAuthorizerTypes...),
+		sets.New(repeatableAuthorizerTypes...),
 	); len(errors) != 0 {
 		return nil, errors.ToAggregate()
 	}
--- a/staging/src/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go
+++ b/staging/src/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go
@@ -613,7 +613,7 @@ func compileUserCELExpression(compiler authenticationcel.Compiler, expression au
 }
 // ValidateAuthorizationConfiguration validates a given AuthorizationConfiguration.
-func ValidateAuthorizationConfiguration(compiler authorizationcel.Compiler, fldPath *field.Path, c *api.AuthorizationConfiguration, knownTypes sets.String, repeatableTypes sets.String) field.ErrorList {
+func ValidateAuthorizationConfiguration(compiler authorizationcel.Compiler, fldPath *field.Path, c *api.AuthorizationConfiguration, knownTypes sets.Set[string], repeatableTypes sets.Set[string]) field.ErrorList {
 	allErrs := field.ErrorList{}
 	if len(c.Authorizers) == 0 {
@@ -630,7 +630,7 @@ func ValidateAuthorizationConfiguration(compiler authorizationcel.Compiler, fldP
 			continue
 		}
 		if !knownTypes.Has(aType) {
-			allErrs = append(allErrs, field.NotSupported(fldPath.Child("type"), aType, knownTypes.List()))
+			allErrs = append(allErrs, field.NotSupported(fldPath.Child("type"), aType, sets.List(knownTypes)))
 			continue
 		}
 		if seenAuthorizerTypes.Has(aType) && !repeatableTypes.Has(aType) {
--- a/staging/src/k8s.io/apiserver/pkg/apis/apiserver/validation/validation_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/apis/apiserver/validation/validation_test.go
@@ -1680,8 +1680,8 @@ type (
 		name            string
 		configuration   api.AuthorizationConfiguration
 		expectedErrList field.ErrorList
-		knownTypes      sets.String
+		knownTypes      sets.Set[string]
-		repeatableTypes sets.String
+		repeatableTypes sets.Set[string]
 	}
 )
@@ -1704,8 +1704,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				Authorizers: []api.AuthorizerConfiguration{},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("authorizers"), "at least one authorization mode must be defined")},
-			knownTypes:      sets.NewString(),
+			knownTypes:      sets.New[string](),
-			repeatableTypes: sets.NewString(),
+			repeatableTypes: sets.New[string](),
 		},
 		{
 			name: "type and name are required if an authorizer is defined",
@@ -1715,8 +1715,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("type"), "")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "authorizer names should be of non-zero length",
@@ -1729,8 +1729,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("name"), "")},
-			knownTypes:      sets.NewString(string("Foo")),
+			knownTypes:      sets.New("Foo"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "authorizer names should be unique",
@@ -1747,8 +1747,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Duplicate(field.NewPath("name"), "foo")},
-			knownTypes:      sets.NewString(string("Foo"), string("Bar")),
+			knownTypes:      sets.New("Foo", "Bar"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "authorizer names should be DNS1123 labels",
@@ -1761,8 +1761,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{},
-			knownTypes:      sets.NewString(string("Foo")),
+			knownTypes:      sets.New("Foo"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "authorizer names should be DNS1123 subdomains",
@@ -1775,8 +1775,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{},
-			knownTypes:      sets.NewString(string("Foo")),
+			knownTypes:      sets.New("Foo"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "authorizer names should not be invalid DNS1123 labels or subdomains",
@@ -1789,8 +1789,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Invalid(field.NewPath("name"), "FOO.example.domain", "")},
-			knownTypes:      sets.NewString(string("Foo")),
+			knownTypes:      sets.New("Foo"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "bare minimum configuration with Webhook",
@@ -1814,8 +1814,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "bare minimum configuration with Webhook and MatchConditions",
@@ -1847,8 +1847,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "bare minimum configuration with multiple webhooks",
@@ -1887,8 +1887,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "configuration with unknown types",
@@ -1900,8 +1900,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.NotSupported(field.NewPath("type"), "Foo", []string{"..."})},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "configuration with not repeatable types",
@@ -1918,8 +1918,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Duplicate(field.NewPath("type"), "Foo")},
-			knownTypes:      sets.NewString(string("Foo")),
+			knownTypes:      sets.New("Foo"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "when type=Webhook, webhook needs to be defined",
@@ -1932,8 +1932,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("webhook"), "required when type=Webhook")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "when type!=Webhook, webhooks needs to be nil",
@@ -1947,8 +1947,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Invalid(field.NewPath("webhook"), "non-null", "may only be specified when type=Webhook")},
-			knownTypes:      sets.NewString(string("Foo")),
+			knownTypes:      sets.New("Foo"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "timeout should be specified",
@@ -1971,8 +1971,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("timeout"), "")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		//
 		{
@@ -1997,8 +1997,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("timeout"), "")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "timeout shouldn't be negative",
@@ -2022,8 +2022,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Invalid(field.NewPath("timeout"), time.Duration(-30*time.Second).String(), "must be > 0s and <= 30s")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "timeout shouldn't be greater than 30seconds",
@@ -2047,8 +2047,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Invalid(field.NewPath("timeout"), time.Duration(60*time.Second).String(), "must be > 0s and <= 30s")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "authorizedTTL should be defined ",
@@ -2071,8 +2071,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("authorizedTTL"), "")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "authorizedTTL shouldn't be negative",
@@ -2096,8 +2096,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Invalid(field.NewPath("authorizedTTL"), time.Duration(-30*time.Second).String(), "must be > 0s")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "unauthorizedTTL should be defined ",
@@ -2120,8 +2120,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("unauthorizedTTL"), "")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "unauthorizedTTL shouldn't be negative",
@@ -2145,8 +2145,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Invalid(field.NewPath("unauthorizedTTL"), time.Duration(-30*time.Second).String(), "must be > 0s")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "SAR should be defined",
@@ -2169,8 +2169,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("subjectAccessReviewVersion"), "")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "SAR should be one of v1 and v1beta1",
@@ -2194,8 +2194,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.NotSupported(field.NewPath("subjectAccessReviewVersion"), "v2beta1", []string{"v1", "v1beta1"})},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "MatchConditionSAR should be defined",
@@ -2219,8 +2219,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("matchConditionSubjectAccessReviewVersion"), "")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "MatchConditionSAR must not be anything other than v1",
@@ -2244,8 +2244,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.NotSupported(field.NewPath("matchConditionSubjectAccessReviewVersion"), "v1beta1", []string{"v1"})},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "failurePolicy should be defined",
@@ -2268,8 +2268,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("failurePolicy"), "")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "failurePolicy should be one of \"NoOpinion\" or \"Deny\"",
@@ -2293,8 +2293,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.NotSupported(field.NewPath("failurePolicy"), "AlwaysAllow", []string{"NoOpinion", "Deny"})},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "connectionInfo should be defined",
@@ -2315,8 +2315,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("connectionInfo"), "")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "connectionInfo should be one of InClusterConfig or KubeConfigFile",
@@ -2342,8 +2342,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 			expectedErrList: field.ErrorList{
 				field.NotSupported(field.NewPath("connectionInfo"), api.WebhookConnectionInfo{Type: "ExternalClusterConfig"}, []string{"InClusterConfig", "KubeConfigFile"}),
 			},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "if connectionInfo=InClusterConfig, then kubeConfigFile should be nil",
@@ -2370,8 +2370,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 			expectedErrList: field.ErrorList{
 				field.Invalid(field.NewPath("connectionInfo", "kubeConfigFile"), "", "can only be set when type=KubeConfigFile"),
 			},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "if connectionInfo=KubeConfigFile, then KubeConfigFile should be defined",
@@ -2395,8 +2395,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Required(field.NewPath("kubeConfigFile"), "")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "if connectionInfo=KubeConfigFile, then KubeConfigFile should be defined, must be an absolute path, should exist, shouldn't be a symlink",
@@ -2421,8 +2421,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{field.Invalid(field.NewPath("kubeConfigFile"), badKubeConfigFile, "must be an absolute path")},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 		{
 			name: "if connectionInfo=KubeConfigFile, an existent file needs to be passed",
@@ -2447,8 +2447,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
 				},
 			},
 			expectedErrList: field.ErrorList{},
-			knownTypes:      sets.NewString(string("Webhook")),
+			knownTypes:      sets.New("Webhook"),
-			repeatableTypes: sets.NewString(string("Webhook")),
+			repeatableTypes: sets.New("Webhook"),
 		},
 	}