registry/storage: remove psp support

pkg/registry/policy/podsecuritypolicy/doc.go

@@ -1,19 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package podsecuritypolicy provides Registry interface and its REST
-// implementation for storing PodSecurityPolicy api objects.
-package podsecuritypolicy // import "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy"

pkg/registry/policy/podsecuritypolicy/storage/storage.go

@@ -1,60 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package storage
-
-import (
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apiserver/pkg/registry/generic"
-	genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
-	"k8s.io/kubernetes/pkg/apis/policy"
-	"k8s.io/kubernetes/pkg/printers"
-	printersinternal "k8s.io/kubernetes/pkg/printers/internalversion"
-	printerstorage "k8s.io/kubernetes/pkg/printers/storage"
-	"k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy"
-)
-
-// REST implements a RESTStorage for PodSecurityPolicies.
-type REST struct {
-	*genericregistry.Store
-}
-
-// NewREST returns a RESTStorage object that will work against PodSecurityPolicy objects.
-func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, error) {
-	store := &genericregistry.Store{
-		NewFunc:                   func() runtime.Object { return &policy.PodSecurityPolicy{} },
-		NewListFunc:               func() runtime.Object { return &policy.PodSecurityPolicyList{} },
-		DefaultQualifiedResource:  policy.Resource("podsecuritypolicies"),
-		SingularQualifiedResource: policy.Resource("podsecuritypolicy"),
-
-		CreateStrategy:      podsecuritypolicy.Strategy,
-		UpdateStrategy:      podsecuritypolicy.Strategy,
-		DeleteStrategy:      podsecuritypolicy.Strategy,
-		ReturnDeletedObject: true,
-
-		TableConvertor: printerstorage.TableConvertor{TableGenerator: printers.NewTableGenerator().With(printersinternal.AddHandlers)},
-	}
-	options := &generic.StoreOptions{RESTOptions: optsGetter}
-	if err := store.CompleteWithOptions(options); err != nil {
-		return nil, err
-	}
-	return &REST{store}, nil
-}
-
-// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource.
-func (r *REST) ShortNames() []string {
-	return []string{"psp"}
-}

pkg/registry/policy/podsecuritypolicy/storage/storage_test.go

@@ -1,156 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package storage
-
-import (
-	"testing"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/kubernetes/pkg/apis/policy"
-	// Ensure that policy/v1beta1 package is initialized.
-	_ "k8s.io/api/policy/v1beta1"
-	"k8s.io/apimachinery/pkg/fields"
-	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apiserver/pkg/registry/generic"
-	genericregistrytest "k8s.io/apiserver/pkg/registry/generic/testing"
-	etcd3testing "k8s.io/apiserver/pkg/storage/etcd3/testing"
-	"k8s.io/kubernetes/pkg/registry/registrytest"
-)
-
-func newStorage(t *testing.T) (*REST, *etcd3testing.EtcdTestServer) {
-	etcdStorage, server := registrytest.NewEtcdStorage(t, "policy")
-	restOptions := generic.RESTOptions{
-		StorageConfig:           etcdStorage,
-		Decorator:               generic.UndecoratedStorage,
-		DeleteCollectionWorkers: 1,
-		ResourcePrefix:          "podsecuritypolicies",
-	}
-	rest, err := NewREST(restOptions)
-	if err != nil {
-		t.Fatalf("unexpected error from REST storage: %v", err)
-	}
-	return rest, server
-}
-
-func validNewPodSecurityPolicy() *policy.PodSecurityPolicy {
-	return &policy.PodSecurityPolicy{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "foo",
-		},
-		Spec: policy.PodSecurityPolicySpec{
-			SELinux: policy.SELinuxStrategyOptions{
-				Rule: policy.SELinuxStrategyRunAsAny,
-			},
-			RunAsUser: policy.RunAsUserStrategyOptions{
-				Rule: policy.RunAsUserStrategyRunAsAny,
-			},
-			RunAsGroup: &policy.RunAsGroupStrategyOptions{
-				Rule: policy.RunAsGroupStrategyRunAsAny,
-			},
-			FSGroup: policy.FSGroupStrategyOptions{
-				Rule: policy.FSGroupStrategyRunAsAny,
-			},
-			SupplementalGroups: policy.SupplementalGroupsStrategyOptions{
-				Rule: policy.SupplementalGroupsStrategyRunAsAny,
-			},
-		},
-	}
-}
-
-func TestCreate(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope()
-	psp := validNewPodSecurityPolicy()
-	psp.ObjectMeta = metav1.ObjectMeta{GenerateName: "foo-"}
-	test.TestCreate(
-		// valid
-		psp,
-		// invalid
-		&policy.PodSecurityPolicy{
-			ObjectMeta: metav1.ObjectMeta{Name: "name with spaces"},
-		},
-	)
-}
-
-func TestUpdate(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope()
-	test.TestUpdate(
-		// valid
-		validNewPodSecurityPolicy(),
-		// updateFunc
-		func(obj runtime.Object) runtime.Object {
-			object := obj.(*policy.PodSecurityPolicy)
-			object.Labels = map[string]string{"a": "b"}
-			return object
-		},
-	)
-}
-
-func TestDelete(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope().ReturnDeletedObject()
-	test.TestDelete(validNewPodSecurityPolicy())
-}
-
-func TestGet(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope()
-	test.TestGet(validNewPodSecurityPolicy())
-}
-
-func TestList(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope()
-	test.TestList(validNewPodSecurityPolicy())
-}
-
-func TestWatch(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope()
-	test.TestWatch(
-		validNewPodSecurityPolicy(),
-		// matching labels
-		[]labels.Set{},
-		// not matching labels
-		[]labels.Set{
-			{"foo": "bar"},
-		},
-		// matching fields
-		[]fields.Set{
-			{"metadata.name": "foo"},
-		},
-		// not matching fields
-		[]fields.Set{
-			{"metadata.name": "bar"},
-			{"name": "foo"},
-		},
-	)
-}

pkg/registry/policy/podsecuritypolicy/strategy.go

@@ -1,88 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package podsecuritypolicy
-
-import (
-	"context"
-
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/util/validation/field"
-	"k8s.io/apiserver/pkg/registry/rest"
-	"k8s.io/apiserver/pkg/storage/names"
-	"k8s.io/kubernetes/pkg/api/legacyscheme"
-	psputil "k8s.io/kubernetes/pkg/api/podsecuritypolicy"
-	"k8s.io/kubernetes/pkg/apis/policy"
-	"k8s.io/kubernetes/pkg/apis/policy/validation"
-)
-
-// strategy implements behavior for PodSecurityPolicy objects
-type strategy struct {
-	runtime.ObjectTyper
-	names.NameGenerator
-}
-
-// Strategy is the default logic that applies when creating and updating PodSecurityPolicy
-// objects via the REST API.
-var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator}
-
-var _ = rest.RESTCreateStrategy(Strategy)
-
-var _ = rest.RESTUpdateStrategy(Strategy)
-
-func (strategy) NamespaceScoped() bool {
-	return false
-}
-
-func (strategy) AllowCreateOnUpdate() bool {
-	return false
-}
-
-func (strategy) AllowUnconditionalUpdate() bool {
-	return true
-}
-
-func (strategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
-	psp := obj.(*policy.PodSecurityPolicy)
-
-	psputil.DropDisabledFields(&psp.Spec, nil)
-}
-
-func (strategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
-	newPsp := obj.(*policy.PodSecurityPolicy)
-	oldPsp := old.(*policy.PodSecurityPolicy)
-
-	psputil.DropDisabledFields(&newPsp.Spec, &oldPsp.Spec)
-}
-
-func (strategy) Canonicalize(obj runtime.Object) {
-}
-
-func (strategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
-	return validation.ValidatePodSecurityPolicy(obj.(*policy.PodSecurityPolicy))
-}
-
-// WarningsOnCreate returns warnings for the creation of the given object.
-func (strategy) WarningsOnCreate(ctx context.Context, obj runtime.Object) []string { return nil }
-
-func (strategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
-	return validation.ValidatePodSecurityPolicyUpdate(old.(*policy.PodSecurityPolicy), obj.(*policy.PodSecurityPolicy))
-}
-
-// WarningsOnUpdate returns warnings for the given update.
-func (strategy) WarningsOnUpdate(ctx context.Context, obj, old runtime.Object) []string {
-	return nil
-}

pkg/registry/policy/podsecuritypolicy/strategy_test.go

@@ -1,104 +0,0 @@
-/*
-Copyright 2021 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package podsecuritypolicy
-
-import (
-	"context"
-	"fmt"
-	"testing"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/validation/field"
-	"k8s.io/kubernetes/pkg/apis/policy"
-)
-
-func TestAllowEphemeralVolumeType(t *testing.T) {
-	pspWithoutGenericVolume := func() *policy.PodSecurityPolicy {
-		return &policy.PodSecurityPolicy{
-			ObjectMeta: metav1.ObjectMeta{
-				Name:            "psp",
-				ResourceVersion: "1",
-			},
-			Spec: policy.PodSecurityPolicySpec{
-				RunAsUser: policy.RunAsUserStrategyOptions{
-					Rule: policy.RunAsUserStrategyMustRunAs,
-				},
-				SupplementalGroups: policy.SupplementalGroupsStrategyOptions{
-					Rule: policy.SupplementalGroupsStrategyMustRunAs,
-				},
-				SELinux: policy.SELinuxStrategyOptions{
-					Rule: policy.SELinuxStrategyMustRunAs,
-				},
-				FSGroup: policy.FSGroupStrategyOptions{
-					Rule: policy.FSGroupStrategyMustRunAs,
-				},
-			},
-		}
-	}
-	pspWithGenericVolume := func() *policy.PodSecurityPolicy {
-		psp := pspWithoutGenericVolume()
-		psp.Spec.Volumes = append(psp.Spec.Volumes, policy.Ephemeral)
-		return psp
-	}
-	pspNil := func() *policy.PodSecurityPolicy {
-		return nil
-	}
-
-	pspInfo := []struct {
-		description      string
-		hasGenericVolume bool
-		psp              func() *policy.PodSecurityPolicy
-	}{
-		{
-			description:      "PodSecurityPolicySpec Without GenericVolume",
-			hasGenericVolume: false,
-			psp:              pspWithoutGenericVolume,
-		},
-		{
-			description:      "PodSecurityPolicySpec With GenericVolume",
-			hasGenericVolume: true,
-			psp:              pspWithGenericVolume,
-		},
-		{
-			description:      "is nil",
-			hasGenericVolume: false,
-			psp:              pspNil,
-		},
-	}
-
-	for _, oldPSPInfo := range pspInfo {
-		for _, newPSPInfo := range pspInfo {
-			oldPSP := oldPSPInfo.psp()
-			newPSP := newPSPInfo.psp()
-			if newPSP == nil {
-				continue
-			}
-
-			t.Run(fmt.Sprintf("old PodSecurityPolicySpec %v, new PodSecurityPolicySpec %v", oldPSPInfo.description, newPSPInfo.description), func(t *testing.T) {
-				var errs field.ErrorList
-				if oldPSP == nil {
-					errs = Strategy.Validate(context.Background(), newPSP)
-				} else {
-					errs = Strategy.ValidateUpdate(context.Background(), newPSP, oldPSP)
-				}
-				if len(errs) > 0 {
-					t.Errorf("expected no errors, got: %v", errs)
-				}
-			})
-		}
-	}
-}

pkg/registry/policy/rest/storage_policy.go

@@ -26,7 +26,6 @@ import (
 	"k8s.io/kubernetes/pkg/api/legacyscheme"
 	"k8s.io/kubernetes/pkg/apis/policy"
 	poddisruptionbudgetstore "k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage"
-	pspstore "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage"
 )
 
 type RESTStorageProvider struct{}
@@ -64,14 +63,6 @@ func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorag
 		storage[resource+"/status"] = poddisruptionbudgetStatusStorage
 	}
 
-	if resource := "podsecuritypolicies"; apiResourceConfigSource.ResourceEnabled(policyapiv1beta1.SchemeGroupVersion.WithResource(resource)) {
-		rest, err := pspstore.NewREST(restOptionsGetter)
-		if err != nil {
-			return storage, err
-		}
-		storage[resource] = rest
-	}
-
 	return storage, nil
 }