github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 17:30:00 +00:00
Code Issues Projects Releases Wiki Activity

Restrict supported media types for new apiservers.

Browse Source 
This is to prevent the enablement of new data formats (CBOR) in the early stages of phased
implementation.
This commit is contained in:
Ben Luddy 2023-10-17 14:06:46 -04:00
parent 1babd6f0e3
commit ced56a6ada
No known key found for this signature in database
GPG Key ID: 5C64C82C33DE6E72
2 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
staging/src/k8s.io/apiserver/pkg/server/config.go
View File

@ -724,6 +724,12 @@ func (c *RecommendedConfig) Complete() CompletedConfig {
return c.Config.Complete(c.SharedInformerFactory)
}
var allowedMediaTypes = []string{
runtime.ContentTypeJSON,
runtime.ContentTypeYAML,
runtime.ContentTypeProtobuf,
}
// New creates a new server which logically combines the handling chain with the passed server.
// name is used to differentiate for logging. The handler chain in particular can be difficult as it starts delegating.
// delegationTarget may not be nil.
@ -731,6 +737,18 @@ func (c completedConfig) New(name string, delegationTarget DelegationTarget) (*G
if c.Serializer == nil {
return nil, fmt.Errorf("Genericapiserver.New() called with config.Serializer == nil")
}
for _, info := range c.Serializer.SupportedMediaTypes() {
var ok bool
for _, mt := range allowedMediaTypes {
if info.MediaType == mt {
ok = true
break
}
}
if !ok {
return nil, fmt.Errorf("refusing to create new apiserver %q with support for media type %q (allowed media types are: %s)", name, info.MediaType, strings.Join(allowedMediaTypes, ", "))
}
}
if c.LoopbackClientConfig == nil {
return nil, fmt.Errorf("Genericapiserver.New() called with config.LoopbackClientConfig == nil")
}

19
staging/src/k8s.io/apiserver/pkg/server/config_test.go
View File

@ -26,6 +26,7 @@ import (
"testing"
"time"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/json"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/wait"
@ -362,3 +363,21 @@ func (b *testBackend) ProcessEvents(events ...*auditinternal.Event) bool {
b.events = append(b.events, events...)
return true
}
func TestNewErrorForbiddenSerializer(t *testing.T) {
config := CompletedConfig{
&completedConfig{
Config: &Config{
Serializer: runtime.NewSimpleNegotiatedSerializer(runtime.SerializerInfo{
MediaType: "application/cbor",
}),
},
},
}
_, err := config.New("test", NewEmptyDelegate())
if err == nil {
t.Error("successfully created a new server configured with cbor support")
} else if err.Error() != `refusing to create new apiserver "test" with support for media type "application/cbor" (allowed media types are: application/json, application/yaml, application/vnd.kubernetes.protobuf)` {
t.Errorf("unexpected error: %v", err)
}
}