diff --git a/cmd/kubeadm/app/constants/constants.go b/cmd/kubeadm/app/constants/constants.go index dcccaadd1ec..e31aab9e3be 100644 --- a/cmd/kubeadm/app/constants/constants.go +++ b/cmd/kubeadm/app/constants/constants.go @@ -371,6 +371,10 @@ const ( // to avoid kubeadm dependency on the internal module // TODO: share Mode* constants in component config + // ModeAlwaysAllow is the mode to set all requests as authorized + ModeAlwaysAllow string = "AlwaysAllow" + // ModeAlwaysDeny is the mode to set no requests as authorized + ModeAlwaysDeny string = "AlwaysDeny" // ModeABAC is the mode to use Attribute Based Access Control to authorize ModeABAC string = "ABAC" // ModeWebhook is the mode to make an external webhook call to authorize diff --git a/cmd/kubeadm/app/phases/controlplane/BUILD b/cmd/kubeadm/app/phases/controlplane/BUILD index e77fd83c184..9763d90f066 100644 --- a/cmd/kubeadm/app/phases/controlplane/BUILD +++ b/cmd/kubeadm/app/phases/controlplane/BUILD @@ -18,7 +18,6 @@ go_test( "//cmd/kubeadm/app/constants:go_default_library", "//cmd/kubeadm/app/phases/certs:go_default_library", "//cmd/kubeadm/test:go_default_library", - "//pkg/kubeapiserver/authorizer/modes:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", ], diff --git a/cmd/kubeadm/app/phases/controlplane/manifests_test.go b/cmd/kubeadm/app/phases/controlplane/manifests_test.go index c11d2d993e4..da689d9fa9d 100644 --- a/cmd/kubeadm/app/phases/controlplane/manifests_test.go +++ b/cmd/kubeadm/app/phases/controlplane/manifests_test.go @@ -29,7 +29,6 @@ import ( kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs" - authzmodes "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes" testutil "k8s.io/kubernetes/cmd/kubeadm/test" ) @@ -360,7 +359,7 @@ func TestGetAPIServerCommand(t *testing.T) { APIServer: kubeadmapi.APIServer{ ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{ ExtraArgs: map[string]string{ - "authorization-mode": authzmodes.ModeABAC, + "authorization-mode": kubeadmconstants.ModeABAC, }, }, }, @@ -448,7 +447,7 @@ func TestGetAPIServerCommand(t *testing.T) { APIServer: kubeadmapi.APIServer{ ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{ ExtraArgs: map[string]string{ - "authorization-mode": authzmodes.ModeWebhook, + "authorization-mode": kubeadmconstants.ModeWebhook, }, }, }, @@ -899,37 +898,37 @@ func TestGetAuthzModes(t *testing.T) { }, { name: "add missing Node", - authMode: []string{authzmodes.ModeRBAC}, + authMode: []string{kubeadmconstants.ModeRBAC}, expected: "Node,RBAC", }, { name: "add missing RBAC", - authMode: []string{authzmodes.ModeNode}, + authMode: []string{kubeadmconstants.ModeNode}, expected: "Node,RBAC", }, { name: "add defaults to ABAC", - authMode: []string{authzmodes.ModeABAC}, + authMode: []string{kubeadmconstants.ModeABAC}, expected: "Node,RBAC,ABAC", }, { name: "add defaults to RBAC+Webhook", - authMode: []string{authzmodes.ModeRBAC, authzmodes.ModeWebhook}, + authMode: []string{kubeadmconstants.ModeRBAC, kubeadmconstants.ModeWebhook}, expected: "Node,RBAC,Webhook", }, { name: "add default to Webhook", - authMode: []string{authzmodes.ModeWebhook}, + authMode: []string{kubeadmconstants.ModeWebhook}, expected: "Node,RBAC,Webhook", }, { name: "AlwaysAllow ignored", - authMode: []string{authzmodes.ModeAlwaysAllow}, + authMode: []string{kubeadmconstants.ModeAlwaysAllow}, expected: "Node,RBAC", }, { name: "AlwaysDeny ignored", - authMode: []string{authzmodes.ModeAlwaysDeny}, + authMode: []string{kubeadmconstants.ModeAlwaysDeny}, expected: "Node,RBAC", }, { @@ -939,12 +938,12 @@ func TestGetAuthzModes(t *testing.T) { }, { name: "Multiple ignored", - authMode: []string{authzmodes.ModeAlwaysAllow, authzmodes.ModeAlwaysDeny, "foo"}, + authMode: []string{kubeadmconstants.ModeAlwaysAllow, kubeadmconstants.ModeAlwaysDeny, "foo"}, expected: "Node,RBAC", }, { name: "all", - authMode: []string{authzmodes.ModeNode, authzmodes.ModeRBAC, authzmodes.ModeWebhook, authzmodes.ModeABAC}, + authMode: []string{kubeadmconstants.ModeNode, kubeadmconstants.ModeRBAC, kubeadmconstants.ModeWebhook, kubeadmconstants.ModeABAC}, expected: "Node,RBAC,ABAC,Webhook", }, }