github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 22:46:12 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #128168 from liggitt/4601-beta

Browse Source 
KEP-4601: AuthorizeNodeWithSelectors / AuthorizeWithSelectors to beta
This commit is contained in:
Kubernetes Prow Robot 2024-10-18 17:39:03 +01:00 committed by GitHub
commit d7bd728403
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/features/versioned_kube_features.go
View File

@ -63,6 +63,7 @@ var defaultVersionedKubernetesFeatureGates = map[featuregate.Feature]featuregate
AuthorizeNodeWithSelectors: { AuthorizeNodeWithSelectors: {
{Version: version.MustParse("1.31"), Default: false, PreRelease: featuregate.Alpha}, {Version: version.MustParse("1.31"), Default: false, PreRelease: featuregate.Alpha},
{Version: version.MustParse("1.32"), Default: true, PreRelease: featuregate.Beta},
}, },
kcmfeatures.CloudControllerManagerWebhook: { kcmfeatures.CloudControllerManagerWebhook: {
@ -226,6 +227,7 @@ var defaultVersionedKubernetesFeatureGates = map[featuregate.Feature]featuregate
genericfeatures.AuthorizeWithSelectors: { genericfeatures.AuthorizeWithSelectors: {
{Version: version.MustParse("1.31"), Default: false, PreRelease: featuregate.Alpha}, {Version: version.MustParse("1.31"), Default: false, PreRelease: featuregate.Alpha},
{Version: version.MustParse("1.32"), Default: true, PreRelease: featuregate.Beta},
}, },
genericfeatures.ConcurrentWatchObjectDecode: { genericfeatures.ConcurrentWatchObjectDecode: {

4
pkg/registry/authorization/util/helpers_test.go
View File

@ -636,9 +636,7 @@ func TestAuthorizationAttributesFrom(t *testing.T) {
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
if tt.enableAuthorizationSelector { featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, genericfeatures.AuthorizeWithSelectors, tt.enableAuthorizationSelector)
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, genericfeatures.AuthorizeWithSelectors, true)
}
if got := AuthorizationAttributesFrom(tt.args.spec); !reflect.DeepEqual(got, tt.want) { if got := AuthorizationAttributesFrom(tt.args.spec); !reflect.DeepEqual(got, tt.want) {
if got.LabelSelectorParsingErr != nil { if got.LabelSelectorParsingErr != nil {

4
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/filter_test.go
View File

@ -873,9 +873,7 @@ func TestFilter(t *testing.T) {
for _, tc := range cases { for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
environment.DisableBaseEnvSetCachingForTests() environment.DisableBaseEnvSetCachingForTests()
if tc.enableSelectors { featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, genericfeatures.AuthorizeWithSelectors, tc.enableSelectors)
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, genericfeatures.AuthorizeWithSelectors, true)
}
if tc.testPerCallLimit == 0 { if tc.testPerCallLimit == 0 {
tc.testPerCallLimit = celconfig.PerCallLimit tc.testPerCallLimit = celconfig.PerCallLimit

1
staging/src/k8s.io/apiserver/pkg/features/kube_features.go
View File

@ -291,6 +291,7 @@ var defaultVersionedKubernetesFeatureGates = map[featuregate.Feature]featuregate
AuthorizeWithSelectors: { AuthorizeWithSelectors: {
{Version: version.MustParse("1.31"), Default: false, PreRelease: featuregate.Alpha}, {Version: version.MustParse("1.31"), Default: false, PreRelease: featuregate.Alpha},
{Version: version.MustParse("1.32"), Default: true, PreRelease: featuregate.Beta},
}, },
ConcurrentWatchObjectDecode: { ConcurrentWatchObjectDecode: {

4
staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook_test.go
View File

@ -322,9 +322,7 @@ func Test_resourceAttributesFrom(t *testing.T) {
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
if tt.enableAuthorizationSelector { featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, genericfeatures.AuthorizeWithSelectors, tt.enableAuthorizationSelector)
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, genericfeatures.AuthorizeWithSelectors, true)
}
if got := resourceAttributesFrom(tt.args.attr); !reflect.DeepEqual(got, tt.want) { if got := resourceAttributesFrom(tt.args.attr); !reflect.DeepEqual(got, tt.want) {
t.Errorf("resourceAttributesFrom() = %v, want %v", got, tt.want) t.Errorf("resourceAttributesFrom() = %v, want %v", got, tt.want)

8
test/featuregates_linter/test_data/versioned_feature_list.yaml
View File

@ -140,12 +140,20 @@
lockToDefault: false lockToDefault: false
preRelease: Alpha preRelease: Alpha
version: "1.31" version: "1.31"
- default: true
lockToDefault: false
preRelease: Beta
version: "1.32"
- name: AuthorizeWithSelectors - name: AuthorizeWithSelectors
versionedSpecs: versionedSpecs:
- default: false - default: false
lockToDefault: false lockToDefault: false
preRelease: Alpha preRelease: Alpha
version: "1.31" version: "1.31"
- default: true
lockToDefault: false
preRelease: Beta
version: "1.32"
- name: CloudControllerManagerWebhook - name: CloudControllerManagerWebhook
versionedSpecs: versionedSpecs:
- default: false - default: false

2
test/integration/apiserver/cel/authorizerselector/helper.go
View File

@ -48,7 +48,7 @@ func RunAuthzSelectorsLibraryTests(t *testing.T, featureEnabled bool) {
// Start the server with the desired feature enablement // Start the server with the desired feature enablement
server, err := apiservertesting.StartTestServer(t, nil, []string{ server, err := apiservertesting.StartTestServer(t, nil, []string{
fmt.Sprintf("--feature-gates=AuthorizeWithSelectors=%v", featureEnabled), fmt.Sprintf("--feature-gates=AuthorizeNodeWithSelectors=%v,AuthorizeWithSelectors=%v", featureEnabled, featureEnabled),
"--runtime-config=resource.k8s.io/v1alpha3=true", "--runtime-config=resource.k8s.io/v1alpha3=true",
}, framework.SharedEtcd()) }, framework.SharedEtcd())
if err != nil { if err != nil {