github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Remove all api.Scheme references by using explicit package aliases

Browse Source
This commit is contained in:
Dr. Stefan Schimanski 2017-10-16 16:28:42 +02:00
parent 2b201ead11
commit ce6ecbbc54
8 changed files with 47 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
pkg/apis/abac/v0/conversion_test.go
View File

@ -21,64 +21,64 @@ import (
"testing" "testing"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
api "k8s.io/kubernetes/pkg/apis/abac" "k8s.io/kubernetes/pkg/apis/abac"
"k8s.io/kubernetes/pkg/apis/abac/v0" "k8s.io/kubernetes/pkg/apis/abac/v0"
) )
func TestV0Conversion(t *testing.T) { func TestV0Conversion(t *testing.T) {
testcases := map[string]struct { testcases := map[string]struct {
old *v0.Policy old *v0.Policy
expected *api.Policy expected *abac.Policy
}{ }{
// a completely empty policy rule allows everything to all users // a completely empty policy rule allows everything to all users
"empty": { "empty": {
old: &v0.Policy{}, old: &v0.Policy{},
expected: &api.Policy{Spec: api.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}}, expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
}, },
// specifying a user is preserved // specifying a user is preserved
"user": { "user": {
old: &v0.Policy{User: "bob"}, old: &v0.Policy{User: "bob"},
expected: &api.Policy{Spec: api.PolicySpec{User: "bob", Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}}, expected: &abac.Policy{Spec: abac.PolicySpec{User: "bob", Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
}, },
// specifying a group is preserved (and no longer matches all users) // specifying a group is preserved (and no longer matches all users)
"group": { "group": {
old: &v0.Policy{Group: "mygroup"}, old: &v0.Policy{Group: "mygroup"},
expected: &api.Policy{Spec: api.PolicySpec{Group: "mygroup", Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}}, expected: &abac.Policy{Spec: abac.PolicySpec{Group: "mygroup", Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
}, },
// specifying * for user or group maps to all authenticated subjects // specifying * for user or group maps to all authenticated subjects
"* user": { "* user": {
old: &v0.Policy{User: "*"}, old: &v0.Policy{User: "*"},
expected: &api.Policy{Spec: api.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}}, expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
}, },
"* group": { "* group": {
old: &v0.Policy{Group: "*"}, old: &v0.Policy{Group: "*"},
expected: &api.Policy{Spec: api.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}}, expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
}, },
// specifying a namespace removes the * match on non-resource path // specifying a namespace removes the * match on non-resource path
"namespace": { "namespace": {
old: &v0.Policy{Namespace: "myns"}, old: &v0.Policy{Namespace: "myns"},
expected: &api.Policy{Spec: api.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "", Namespace: "myns", Resource: "*", APIGroup: "*"}}, expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "", Namespace: "myns", Resource: "*", APIGroup: "*"}},
}, },
// specifying a resource removes the * match on non-resource path // specifying a resource removes the * match on non-resource path
"resource": { "resource": {
old: &v0.Policy{Resource: "myresource"}, old: &v0.Policy{Resource: "myresource"},
expected: &api.Policy{Spec: api.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "", Namespace: "*", Resource: "myresource", APIGroup: "*"}}, expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "", Namespace: "*", Resource: "myresource", APIGroup: "*"}},
}, },
// specifying a namespace+resource removes the * match on non-resource path // specifying a namespace+resource removes the * match on non-resource path
"namespace+resource": { "namespace+resource": {
old: &v0.Policy{Namespace: "myns", Resource: "myresource"}, old: &v0.Policy{Namespace: "myns", Resource: "myresource"},
expected: &api.Policy{Spec: api.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "", Namespace: "myns", Resource: "myresource", APIGroup: "*"}}, expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated, Readonly: false, NonResourcePath: "", Namespace: "myns", Resource: "myresource", APIGroup: "*"}},
}, },
} }
for k, tc := range testcases { for k, tc := range testcases {
internal := &api.Policy{} internal := &abac.Policy{}
if err := api.Scheme.Convert(tc.old, internal, nil); err != nil { if err := abac.Scheme.Convert(tc.old, internal, nil); err != nil {
t.Errorf("%s: unexpected error: %v", k, err) t.Errorf("%s: unexpected error: %v", k, err)
} }
if !reflect.DeepEqual(internal, tc.expected) { if !reflect.DeepEqual(internal, tc.expected) {

6
pkg/apis/abac/v0/register.go
View File

@ -19,7 +19,7 @@ package v0
import ( import (
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
api "k8s.io/kubernetes/pkg/apis/abac" "k8s.io/kubernetes/pkg/apis/abac"
) )
const GroupName = "abac.authorization.kubernetes.io" const GroupName = "abac.authorization.kubernetes.io"
@ -29,11 +29,11 @@ var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v0"}
func init() { func init() {
// TODO: Delete this init function, abac should not have its own scheme. // TODO: Delete this init function, abac should not have its own scheme.
if err := addKnownTypes(api.Scheme); err != nil { if err := addKnownTypes(abac.Scheme); err != nil {
// Programmer error. // Programmer error.
panic(err) panic(err)
} }
if err := addConversionFuncs(api.Scheme); err != nil { if err := addConversionFuncs(abac.Scheme); err != nil {
// Programmer error. // Programmer error.
panic(err) panic(err)
} }

16
pkg/apis/abac/v1beta1/conversion_test.go
View File

@ -21,40 +21,40 @@ import (
"testing" "testing"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
api "k8s.io/kubernetes/pkg/apis/abac" "k8s.io/kubernetes/pkg/apis/abac"
"k8s.io/kubernetes/pkg/apis/abac/v1beta1" "k8s.io/kubernetes/pkg/apis/abac/v1beta1"
) )
func TestV1Beta1Conversion(t *testing.T) { func TestV1Beta1Conversion(t *testing.T) {
testcases := map[string]struct { testcases := map[string]struct {
old *v1beta1.Policy old *v1beta1.Policy
expected *api.Policy expected *abac.Policy
}{ }{
// specifying a user is preserved // specifying a user is preserved
"user": { "user": {
old: &v1beta1.Policy{Spec: v1beta1.PolicySpec{User: "bob"}}, old: &v1beta1.Policy{Spec: v1beta1.PolicySpec{User: "bob"}},
expected: &api.Policy{Spec: api.PolicySpec{User: "bob"}}, expected: &abac.Policy{Spec: abac.PolicySpec{User: "bob"}},
}, },
// specifying a group is preserved // specifying a group is preserved
"group": { "group": {
old: &v1beta1.Policy{Spec: v1beta1.PolicySpec{Group: "mygroup"}}, old: &v1beta1.Policy{Spec: v1beta1.PolicySpec{Group: "mygroup"}},
expected: &api.Policy{Spec: api.PolicySpec{Group: "mygroup"}}, expected: &abac.Policy{Spec: abac.PolicySpec{Group: "mygroup"}},
}, },
// specifying * for user or group maps to all authenticated subjects // specifying * for user or group maps to all authenticated subjects
"* user": { "* user": {
old: &v1beta1.Policy{Spec: v1beta1.PolicySpec{User: "*"}}, old: &v1beta1.Policy{Spec: v1beta1.PolicySpec{User: "*"}},
expected: &api.Policy{Spec: api.PolicySpec{Group: user.AllAuthenticated}}, expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated}},
}, },
"* group": { "* group": {
old: &v1beta1.Policy{Spec: v1beta1.PolicySpec{Group: "*"}}, old: &v1beta1.Policy{Spec: v1beta1.PolicySpec{Group: "*"}},
expected: &api.Policy{Spec: api.PolicySpec{Group: user.AllAuthenticated}}, expected: &abac.Policy{Spec: abac.PolicySpec{Group: user.AllAuthenticated}},
}, },
} }
for k, tc := range testcases { for k, tc := range testcases {
internal := &api.Policy{} internal := &abac.Policy{}
if err := api.Scheme.Convert(tc.old, internal, nil); err != nil { if err := abac.Scheme.Convert(tc.old, internal, nil); err != nil {
t.Errorf("%s: unexpected error: %v", k, err) t.Errorf("%s: unexpected error: %v", k, err)
} }
if !reflect.DeepEqual(internal, tc.expected) { if !reflect.DeepEqual(internal, tc.expected) {

6
pkg/apis/abac/v1beta1/register.go
View File

@ -19,7 +19,7 @@ package v1beta1
import ( import (
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
api "k8s.io/kubernetes/pkg/apis/abac" "k8s.io/kubernetes/pkg/apis/abac"
) )
const GroupName = "abac.authorization.kubernetes.io" const GroupName = "abac.authorization.kubernetes.io"
@ -29,11 +29,11 @@ var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1
func init() { func init() {
// TODO: delete this, abac should not have its own scheme. // TODO: delete this, abac should not have its own scheme.
if err := addKnownTypes(api.Scheme); err != nil { if err := addKnownTypes(abac.Scheme); err != nil {
// Programmer error. // Programmer error.
panic(err) panic(err)
} }
if err := addConversionFuncs(api.Scheme); err != nil { if err := addConversionFuncs(abac.Scheme); err != nil {
// Programmer error. // Programmer error.
panic(err) panic(err)
} }

22
pkg/auth/authorizer/abac/abac.go
View File

@ -30,7 +30,7 @@ import (
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/apiserver/pkg/authorization/authorizer"
api "k8s.io/kubernetes/pkg/apis/abac" "k8s.io/kubernetes/pkg/apis/abac"
_ "k8s.io/kubernetes/pkg/apis/abac/latest" _ "k8s.io/kubernetes/pkg/apis/abac/latest"
"k8s.io/kubernetes/pkg/apis/abac/v0" "k8s.io/kubernetes/pkg/apis/abac/v0"
) )
@ -49,7 +49,7 @@ func (p policyLoadError) Error() string {
return fmt.Sprintf("error reading policy file %s: %v", p.path, p.err) return fmt.Sprintf("error reading policy file %s: %v", p.path, p.err)
} }
type policyList []*api.Policy type policyList []*abac.Policy
// TODO: Have policies be created via an API call and stored in REST storage. // TODO: Have policies be created via an API call and stored in REST storage.
func NewFromFile(path string) (policyList, error) { func NewFromFile(path string) (policyList, error) {
@ -64,13 +64,13 @@ func NewFromFile(path string) (policyList, error) {
scanner := bufio.NewScanner(file) scanner := bufio.NewScanner(file)
pl := make(policyList, 0) pl := make(policyList, 0)
decoder := api.Codecs.UniversalDecoder() decoder := abac.Codecs.UniversalDecoder()
i := 0 i := 0
unversionedLines := 0 unversionedLines := 0
for scanner.Scan() { for scanner.Scan() {
i++ i++
p := &api.Policy{} p := &abac.Policy{}
b := scanner.Bytes() b := scanner.Bytes()
// skip comment lines and blank lines // skip comment lines and blank lines
@ -90,14 +90,14 @@ func NewFromFile(path string) (policyList, error) {
if err := runtime.DecodeInto(decoder, b, oldPolicy); err != nil { if err := runtime.DecodeInto(decoder, b, oldPolicy); err != nil {
return nil, policyLoadError{path, i, b, err} return nil, policyLoadError{path, i, b, err}
} }
if err := api.Scheme.Convert(oldPolicy, p, nil); err != nil { if err := abac.Scheme.Convert(oldPolicy, p, nil); err != nil {
return nil, policyLoadError{path, i, b, err} return nil, policyLoadError{path, i, b, err}
} }
pl = append(pl, p) pl = append(pl, p)
continue continue
} }
decodedPolicy, ok := decodedObj.(*api.Policy) decodedPolicy, ok := decodedObj.(*abac.Policy)
if !ok { if !ok {
return nil, policyLoadError{path, i, b, fmt.Errorf("unrecognized object: %#v", decodedObj)} return nil, policyLoadError{path, i, b, fmt.Errorf("unrecognized object: %#v", decodedObj)}
} }
@ -114,7 +114,7 @@ func NewFromFile(path string) (policyList, error) {
return pl, nil return pl, nil
} }
func matches(p api.Policy, a authorizer.Attributes) bool { func matches(p abac.Policy, a authorizer.Attributes) bool {
if subjectMatches(p, a.GetUser()) { if subjectMatches(p, a.GetUser()) {
if verbMatches(p, a) { if verbMatches(p, a) {
// Resource and non-resource requests are mutually exclusive, at most one will match a policy // Resource and non-resource requests are mutually exclusive, at most one will match a policy
@ -130,7 +130,7 @@ func matches(p api.Policy, a authorizer.Attributes) bool {
} }
// subjectMatches returns true if specified user and group properties in the policy match the attributes // subjectMatches returns true if specified user and group properties in the policy match the attributes
func subjectMatches(p api.Policy, user user.Info) bool { func subjectMatches(p abac.Policy, user user.Info) bool {
matched := false matched := false
if user == nil { if user == nil {
@ -171,7 +171,7 @@ func subjectMatches(p api.Policy, user user.Info) bool {
return matched return matched
} }
func verbMatches(p api.Policy, a authorizer.Attributes) bool { func verbMatches(p abac.Policy, a authorizer.Attributes) bool {
// TODO: match on verb // TODO: match on verb
// All policies allow read only requests // All policies allow read only requests
@ -187,7 +187,7 @@ func verbMatches(p api.Policy, a authorizer.Attributes) bool {
return false return false
} }
func nonResourceMatches(p api.Policy, a authorizer.Attributes) bool { func nonResourceMatches(p abac.Policy, a authorizer.Attributes) bool {
// A non-resource policy cannot match a resource request // A non-resource policy cannot match a resource request
if !a.IsResourceRequest() { if !a.IsResourceRequest() {
// Allow wildcard match // Allow wildcard match
@ -206,7 +206,7 @@ func nonResourceMatches(p api.Policy, a authorizer.Attributes) bool {
return false return false
} }
func resourceMatches(p api.Policy, a authorizer.Attributes) bool { func resourceMatches(p abac.Policy, a authorizer.Attributes) bool {
// A resource policy cannot match a non-resource request // A resource policy cannot match a non-resource request
if a.IsResourceRequest() { if a.IsResourceRequest() {
if p.Spec.Namespace == "*" || p.Spec.Namespace == a.GetNamespace() { if p.Spec.Namespace == "*" || p.Spec.Namespace == a.GetNamespace() {

10
pkg/auth/authorizer/abac/abac_test.go
View File

@ -25,7 +25,7 @@ import (
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/apiserver/pkg/authorization/authorizer"
api "k8s.io/kubernetes/pkg/apis/abac" "k8s.io/kubernetes/pkg/apis/abac"
"k8s.io/kubernetes/pkg/apis/abac/v0" "k8s.io/kubernetes/pkg/apis/abac/v0"
"k8s.io/kubernetes/pkg/apis/abac/v1beta1" "k8s.io/kubernetes/pkg/apis/abac/v1beta1"
) )
@ -799,8 +799,8 @@ func TestSubjectMatches(t *testing.T) {
} }
for k, tc := range testCases { for k, tc := range testCases {
policy := &api.Policy{} policy := &abac.Policy{}
if err := api.Scheme.Convert(tc.Policy, policy, nil); err != nil { if err := abac.Scheme.Convert(tc.Policy, policy, nil); err != nil {
t.Errorf("%s: error converting: %v", k, err) t.Errorf("%s: error converting: %v", k, err)
continue continue
} }
@ -1254,8 +1254,8 @@ func TestPolicy(t *testing.T) {
}, },
} }
for _, test := range tests { for _, test := range tests {
policy := &api.Policy{} policy := &abac.Policy{}
if err := api.Scheme.Convert(test.policy, policy, nil); err != nil { if err := abac.Scheme.Convert(test.policy, policy, nil); err != nil {
t.Errorf("%s: error converting: %v", test.name, err) t.Errorf("%s: error converting: %v", test.name, err)
continue continue
} }

6
plugin/pkg/scheduler/api/latest/latest.go
View File

@ -21,7 +21,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/runtime/serializer/json" "k8s.io/apimachinery/pkg/runtime/serializer/json"
"k8s.io/apimachinery/pkg/runtime/serializer/versioning" "k8s.io/apimachinery/pkg/runtime/serializer/versioning"
"k8s.io/kubernetes/plugin/pkg/scheduler/api" schedulerapi "k8s.io/kubernetes/plugin/pkg/scheduler/api"
_ "k8s.io/kubernetes/plugin/pkg/scheduler/api/v1" _ "k8s.io/kubernetes/plugin/pkg/scheduler/api/v1"
) )
@ -42,9 +42,9 @@ var Versions = []string{"v1"}
var Codec runtime.Codec var Codec runtime.Codec
func init() { func init() {
jsonSerializer := json.NewSerializer(json.DefaultMetaFactory, api.Scheme, api.Scheme, true) jsonSerializer := json.NewSerializer(json.DefaultMetaFactory, schedulerapi.Scheme, schedulerapi.Scheme, true)
Codec = versioning.NewDefaultingCodecForScheme( Codec = versioning.NewDefaultingCodecForScheme(
api.Scheme, schedulerapi.Scheme,
jsonSerializer, jsonSerializer,
jsonSerializer, jsonSerializer,
schema.GroupVersion{Version: Version}, schema.GroupVersion{Version: Version},

4
plugin/pkg/scheduler/api/v1/register.go
View File

@ -19,7 +19,7 @@ package v1
import ( import (
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/kubernetes/plugin/pkg/scheduler/api" schedulerapi "k8s.io/kubernetes/plugin/pkg/scheduler/api"
) )
// SchemeGroupVersion is group version used to register these objects // SchemeGroupVersion is group version used to register these objects
@ -27,7 +27,7 @@ import (
var SchemeGroupVersion = schema.GroupVersion{Group: "", Version: "v1"} var SchemeGroupVersion = schema.GroupVersion{Group: "", Version: "v1"}
func init() { func init() {
if err := addKnownTypes(api.Scheme); err != nil { if err := addKnownTypes(schedulerapi.Scheme); err != nil {
// Programmer error. // Programmer error.
panic(err) panic(err)
} }