mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-09-14 21:53:52 +00:00
apiserver/validation: fix some sets.NewString deprecations
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
This commit is contained in:
Dr. Stefan Schimanski
@@ -177,8 +177,8 @@ func LoadAndValidateData(data []byte, compiler authorizationcel.Compiler, requir
|
||||
|
||||
// validate the file and return any error
|
||||
if errors := validation.ValidateAuthorizationConfiguration(compiler, nil, authorizationConfiguration,
|
||||
sets.NewString(modes.AuthorizationModeChoices...),
|
||||
sets.NewString(repeatableAuthorizerTypes...),
|
||||
sets.New(modes.AuthorizationModeChoices...),
|
||||
sets.New(repeatableAuthorizerTypes...),
|
||||
); len(errors) != 0 {
|
||||
return nil, errors.ToAggregate()
|
||||
}
|
||||
|
||||
@@ -613,7 +613,7 @@ func compileUserCELExpression(compiler authenticationcel.Compiler, expression au
|
||||
}
|
||||
|
||||
// ValidateAuthorizationConfiguration validates a given AuthorizationConfiguration.
|
||||
func ValidateAuthorizationConfiguration(compiler authorizationcel.Compiler, fldPath *field.Path, c *api.AuthorizationConfiguration, knownTypes sets.String, repeatableTypes sets.String) field.ErrorList {
|
||||
func ValidateAuthorizationConfiguration(compiler authorizationcel.Compiler, fldPath *field.Path, c *api.AuthorizationConfiguration, knownTypes sets.Set[string], repeatableTypes sets.Set[string]) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
|
||||
if len(c.Authorizers) == 0 {
|
||||
@@ -630,7 +630,7 @@ func ValidateAuthorizationConfiguration(compiler authorizationcel.Compiler, fldP
|
||||
continue
|
||||
}
|
||||
if !knownTypes.Has(aType) {
|
||||
allErrs = append(allErrs, field.NotSupported(fldPath.Child("type"), aType, knownTypes.List()))
|
||||
allErrs = append(allErrs, field.NotSupported(fldPath.Child("type"), aType, sets.List(knownTypes)))
|
||||
continue
|
||||
}
|
||||
if seenAuthorizerTypes.Has(aType) && !repeatableTypes.Has(aType) {
|
||||
|
||||
@@ -1680,8 +1680,8 @@ type (
|
||||
name string
|
||||
configuration api.AuthorizationConfiguration
|
||||
expectedErrList field.ErrorList
|
||||
knownTypes sets.String
|
||||
repeatableTypes sets.String
|
||||
knownTypes sets.Set[string]
|
||||
repeatableTypes sets.Set[string]
|
||||
}
|
||||
)
|
||||
|
||||
@@ -1704,8 +1704,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
Authorizers: []api.AuthorizerConfiguration{},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("authorizers"), "at least one authorization mode must be defined")},
|
||||
knownTypes: sets.NewString(),
|
||||
repeatableTypes: sets.NewString(),
|
||||
knownTypes: sets.New[string](),
|
||||
repeatableTypes: sets.New[string](),
|
||||
},
|
||||
{
|
||||
name: "type and name are required if an authorizer is defined",
|
||||
@@ -1715,8 +1715,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("type"), "")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "authorizer names should be of non-zero length",
|
||||
@@ -1729,8 +1729,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("name"), "")},
|
||||
knownTypes: sets.NewString(string("Foo")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Foo"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "authorizer names should be unique",
|
||||
@@ -1747,8 +1747,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Duplicate(field.NewPath("name"), "foo")},
|
||||
knownTypes: sets.NewString(string("Foo"), string("Bar")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Foo", "Bar"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "authorizer names should be DNS1123 labels",
|
||||
@@ -1761,8 +1761,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{},
|
||||
knownTypes: sets.NewString(string("Foo")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Foo"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "authorizer names should be DNS1123 subdomains",
|
||||
@@ -1775,8 +1775,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{},
|
||||
knownTypes: sets.NewString(string("Foo")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Foo"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "authorizer names should not be invalid DNS1123 labels or subdomains",
|
||||
@@ -1789,8 +1789,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Invalid(field.NewPath("name"), "FOO.example.domain", "")},
|
||||
knownTypes: sets.NewString(string("Foo")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Foo"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "bare minimum configuration with Webhook",
|
||||
@@ -1814,8 +1814,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "bare minimum configuration with Webhook and MatchConditions",
|
||||
@@ -1847,8 +1847,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "bare minimum configuration with multiple webhooks",
|
||||
@@ -1887,8 +1887,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "configuration with unknown types",
|
||||
@@ -1900,8 +1900,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.NotSupported(field.NewPath("type"), "Foo", []string{"..."})},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "configuration with not repeatable types",
|
||||
@@ -1918,8 +1918,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Duplicate(field.NewPath("type"), "Foo")},
|
||||
knownTypes: sets.NewString(string("Foo")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Foo"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "when type=Webhook, webhook needs to be defined",
|
||||
@@ -1932,8 +1932,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("webhook"), "required when type=Webhook")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "when type!=Webhook, webhooks needs to be nil",
|
||||
@@ -1947,8 +1947,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Invalid(field.NewPath("webhook"), "non-null", "may only be specified when type=Webhook")},
|
||||
knownTypes: sets.NewString(string("Foo")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Foo"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "timeout should be specified",
|
||||
@@ -1971,8 +1971,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("timeout"), "")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
//
|
||||
{
|
||||
@@ -1997,8 +1997,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("timeout"), "")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "timeout shouldn't be negative",
|
||||
@@ -2022,8 +2022,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Invalid(field.NewPath("timeout"), time.Duration(-30*time.Second).String(), "must be > 0s and <= 30s")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "timeout shouldn't be greater than 30seconds",
|
||||
@@ -2047,8 +2047,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Invalid(field.NewPath("timeout"), time.Duration(60*time.Second).String(), "must be > 0s and <= 30s")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "authorizedTTL should be defined ",
|
||||
@@ -2071,8 +2071,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("authorizedTTL"), "")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "authorizedTTL shouldn't be negative",
|
||||
@@ -2096,8 +2096,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Invalid(field.NewPath("authorizedTTL"), time.Duration(-30*time.Second).String(), "must be > 0s")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "unauthorizedTTL should be defined ",
|
||||
@@ -2120,8 +2120,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("unauthorizedTTL"), "")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "unauthorizedTTL shouldn't be negative",
|
||||
@@ -2145,8 +2145,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Invalid(field.NewPath("unauthorizedTTL"), time.Duration(-30*time.Second).String(), "must be > 0s")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "SAR should be defined",
|
||||
@@ -2169,8 +2169,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("subjectAccessReviewVersion"), "")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "SAR should be one of v1 and v1beta1",
|
||||
@@ -2194,8 +2194,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.NotSupported(field.NewPath("subjectAccessReviewVersion"), "v2beta1", []string{"v1", "v1beta1"})},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "MatchConditionSAR should be defined",
|
||||
@@ -2219,8 +2219,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("matchConditionSubjectAccessReviewVersion"), "")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "MatchConditionSAR must not be anything other than v1",
|
||||
@@ -2244,8 +2244,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.NotSupported(field.NewPath("matchConditionSubjectAccessReviewVersion"), "v1beta1", []string{"v1"})},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "failurePolicy should be defined",
|
||||
@@ -2268,8 +2268,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("failurePolicy"), "")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "failurePolicy should be one of \"NoOpinion\" or \"Deny\"",
|
||||
@@ -2293,8 +2293,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.NotSupported(field.NewPath("failurePolicy"), "AlwaysAllow", []string{"NoOpinion", "Deny"})},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "connectionInfo should be defined",
|
||||
@@ -2315,8 +2315,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("connectionInfo"), "")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "connectionInfo should be one of InClusterConfig or KubeConfigFile",
|
||||
@@ -2342,8 +2342,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
expectedErrList: field.ErrorList{
|
||||
field.NotSupported(field.NewPath("connectionInfo"), api.WebhookConnectionInfo{Type: "ExternalClusterConfig"}, []string{"InClusterConfig", "KubeConfigFile"}),
|
||||
},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "if connectionInfo=InClusterConfig, then kubeConfigFile should be nil",
|
||||
@@ -2370,8 +2370,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
expectedErrList: field.ErrorList{
|
||||
field.Invalid(field.NewPath("connectionInfo", "kubeConfigFile"), "", "can only be set when type=KubeConfigFile"),
|
||||
},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "if connectionInfo=KubeConfigFile, then KubeConfigFile should be defined",
|
||||
@@ -2395,8 +2395,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Required(field.NewPath("kubeConfigFile"), "")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "if connectionInfo=KubeConfigFile, then KubeConfigFile should be defined, must be an absolute path, should exist, shouldn't be a symlink",
|
||||
@@ -2421,8 +2421,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{field.Invalid(field.NewPath("kubeConfigFile"), badKubeConfigFile, "must be an absolute path")},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
{
|
||||
name: "if connectionInfo=KubeConfigFile, an existent file needs to be passed",
|
||||
@@ -2447,8 +2447,8 @@ func TestValidateAuthorizationConfiguration(t *testing.T) {
|
||||
},
|
||||
},
|
||||
expectedErrList: field.ErrorList{},
|
||||
knownTypes: sets.NewString(string("Webhook")),
|
||||
repeatableTypes: sets.NewString(string("Webhook")),
|
||||
knownTypes: sets.New("Webhook"),
|
||||
repeatableTypes: sets.New("Webhook"),
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user