Merge pull request #81084 from bart0sh/PR0078-kubeadm-remove-pkg-kubeapiserver-authorizer-modes-dependency

kubeadm: remove dependency on pkg/kubeapiserver/authorizer/modes
2025-07-22 11:21:47 +00:00 · 2019-08-08 12:35:20 -07:00 · 2019-08-08 12:35:20 -07:00 · ee04128b05
commit ee04128b05
parent 072528e5f6 b4300ec24e
3 changed files with 15 additions and 13 deletions
--- a/cmd/kubeadm/app/constants/constants.go
+++ b/cmd/kubeadm/app/constants/constants.go
@ -371,6 +371,10 @@ const (
 	// to avoid kubeadm dependency on the internal module
 	// TODO: share Mode* constants in component config

+	// ModeAlwaysAllow is the mode to set all requests as authorized
+	ModeAlwaysAllow string = "AlwaysAllow"
+	// ModeAlwaysDeny is the mode to set no requests as authorized
+	ModeAlwaysDeny string = "AlwaysDeny"
 	// ModeABAC is the mode to use Attribute Based Access Control to authorize
 	ModeABAC string = "ABAC"
 	// ModeWebhook is the mode to make an external webhook call to authorize
--- a/cmd/kubeadm/app/phases/controlplane/BUILD
+++ b/cmd/kubeadm/app/phases/controlplane/BUILD
@ -18,7 +18,6 @@ go_test(
        "//cmd/kubeadm/app/constants:go_default_library",
        "//cmd/kubeadm/app/phases/certs:go_default_library",
        "//cmd/kubeadm/test:go_default_library",
-        "//pkg/kubeapiserver/authorizer/modes:go_default_library",
        "//staging/src/k8s.io/api/core/v1:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
    ],
--- a/cmd/kubeadm/app/phases/controlplane/manifests_test.go
+++ b/cmd/kubeadm/app/phases/controlplane/manifests_test.go
@ -29,7 +29,6 @@ import (
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
-	authzmodes "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes"

 	testutil "k8s.io/kubernetes/cmd/kubeadm/test"
 )
@ -360,7 +359,7 @@ func TestGetAPIServerCommand(t *testing.T) {
 				APIServer: kubeadmapi.APIServer{
 					ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{
 						ExtraArgs: map[string]string{
-							"authorization-mode": authzmodes.ModeABAC,
+							"authorization-mode": kubeadmconstants.ModeABAC,
 						},
 					},
 				},
@ -448,7 +447,7 @@ func TestGetAPIServerCommand(t *testing.T) {
 				APIServer: kubeadmapi.APIServer{
 					ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{
 						ExtraArgs: map[string]string{
-							"authorization-mode": authzmodes.ModeWebhook,
+							"authorization-mode": kubeadmconstants.ModeWebhook,
 						},
 					},
 				},
@ -899,37 +898,37 @@ func TestGetAuthzModes(t *testing.T) {
 		},
 		{
 			name:     "add missing Node",
-			authMode: []string{authzmodes.ModeRBAC},
+			authMode: []string{kubeadmconstants.ModeRBAC},
 			expected: "Node,RBAC",
 		},
 		{
 			name:     "add missing RBAC",
-			authMode: []string{authzmodes.ModeNode},
+			authMode: []string{kubeadmconstants.ModeNode},
 			expected: "Node,RBAC",
 		},
 		{
 			name:     "add defaults to ABAC",
-			authMode: []string{authzmodes.ModeABAC},
+			authMode: []string{kubeadmconstants.ModeABAC},
 			expected: "Node,RBAC,ABAC",
 		},
 		{
 			name:     "add defaults to RBAC+Webhook",
-			authMode: []string{authzmodes.ModeRBAC, authzmodes.ModeWebhook},
+			authMode: []string{kubeadmconstants.ModeRBAC, kubeadmconstants.ModeWebhook},
 			expected: "Node,RBAC,Webhook",
 		},
 		{
 			name:     "add default to Webhook",
-			authMode: []string{authzmodes.ModeWebhook},
+			authMode: []string{kubeadmconstants.ModeWebhook},
 			expected: "Node,RBAC,Webhook",
 		},
 		{
 			name:     "AlwaysAllow ignored",
-			authMode: []string{authzmodes.ModeAlwaysAllow},
+			authMode: []string{kubeadmconstants.ModeAlwaysAllow},
 			expected: "Node,RBAC",
 		},
 		{
 			name:     "AlwaysDeny ignored",
-			authMode: []string{authzmodes.ModeAlwaysDeny},
+			authMode: []string{kubeadmconstants.ModeAlwaysDeny},
 			expected: "Node,RBAC",
 		},
 		{
@ -939,12 +938,12 @@ func TestGetAuthzModes(t *testing.T) {
 		},
 		{
 			name:     "Multiple ignored",
-			authMode: []string{authzmodes.ModeAlwaysAllow, authzmodes.ModeAlwaysDeny, "foo"},
+			authMode: []string{kubeadmconstants.ModeAlwaysAllow, kubeadmconstants.ModeAlwaysDeny, "foo"},
 			expected: "Node,RBAC",
 		},
 		{
 			name:     "all",
-			authMode: []string{authzmodes.ModeNode, authzmodes.ModeRBAC, authzmodes.ModeWebhook, authzmodes.ModeABAC},
+			authMode: []string{kubeadmconstants.ModeNode, kubeadmconstants.ModeRBAC, kubeadmconstants.ModeWebhook, kubeadmconstants.ModeABAC},
 			expected: "Node,RBAC,ABAC,Webhook",
 		},
 	}