github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #81084 from bart0sh/PR0078-kubeadm-remove-pkg-kubeapiserver-authorizer-modes-dependency

Browse Source 
kubeadm: remove dependency on pkg/kubeapiserver/authorizer/modes
This commit is contained in:
Kubernetes Prow Robot 2019-08-08 12:35:20 -07:00 committed by GitHub
commit ee04128b05
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kubeadm/app/constants/constants.go
View File

@ -371,6 +371,10 @@ const (
// to avoid kubeadm dependency on the internal module // to avoid kubeadm dependency on the internal module
// TODO: share Mode* constants in component config // TODO: share Mode* constants in component config
// ModeAlwaysAllow is the mode to set all requests as authorized
ModeAlwaysAllow string = "AlwaysAllow"
// ModeAlwaysDeny is the mode to set no requests as authorized
ModeAlwaysDeny string = "AlwaysDeny"
// ModeABAC is the mode to use Attribute Based Access Control to authorize // ModeABAC is the mode to use Attribute Based Access Control to authorize
ModeABAC string = "ABAC" ModeABAC string = "ABAC"
// ModeWebhook is the mode to make an external webhook call to authorize // ModeWebhook is the mode to make an external webhook call to authorize

1
cmd/kubeadm/app/phases/controlplane/BUILD
View File

@ -18,7 +18,6 @@ go_test(
"//cmd/kubeadm/app/constants:go_default_library", "//cmd/kubeadm/app/constants:go_default_library",
"//cmd/kubeadm/app/phases/certs:go_default_library", "//cmd/kubeadm/app/phases/certs:go_default_library",
"//cmd/kubeadm/test:go_default_library", "//cmd/kubeadm/test:go_default_library",
"//pkg/kubeapiserver/authorizer/modes:go_default_library",
"//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
], ],

23
cmd/kubeadm/app/phases/controlplane/manifests_test.go
View File

@ -29,7 +29,6 @@ import (
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs" "k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
authzmodes "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes"
testutil "k8s.io/kubernetes/cmd/kubeadm/test" testutil "k8s.io/kubernetes/cmd/kubeadm/test"
) )
@ -360,7 +359,7 @@ func TestGetAPIServerCommand(t *testing.T) {
APIServer: kubeadmapi.APIServer{ APIServer: kubeadmapi.APIServer{
ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{ ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{
ExtraArgs: map[string]string{ ExtraArgs: map[string]string{
"authorization-mode": authzmodes.ModeABAC, "authorization-mode": kubeadmconstants.ModeABAC,
}, },
}, },
}, },
@ -448,7 +447,7 @@ func TestGetAPIServerCommand(t *testing.T) {
APIServer: kubeadmapi.APIServer{ APIServer: kubeadmapi.APIServer{
ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{ ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{
ExtraArgs: map[string]string{ ExtraArgs: map[string]string{
"authorization-mode": authzmodes.ModeWebhook, "authorization-mode": kubeadmconstants.ModeWebhook,
}, },
}, },
}, },
@ -899,37 +898,37 @@ func TestGetAuthzModes(t *testing.T) {
}, },
{ {
name: "add missing Node", name: "add missing Node",
authMode: []string{authzmodes.ModeRBAC}, authMode: []string{kubeadmconstants.ModeRBAC},
expected: "Node,RBAC", expected: "Node,RBAC",
}, },
{ {
name: "add missing RBAC", name: "add missing RBAC",
authMode: []string{authzmodes.ModeNode}, authMode: []string{kubeadmconstants.ModeNode},
expected: "Node,RBAC", expected: "Node,RBAC",
}, },
{ {
name: "add defaults to ABAC", name: "add defaults to ABAC",
authMode: []string{authzmodes.ModeABAC}, authMode: []string{kubeadmconstants.ModeABAC},
expected: "Node,RBAC,ABAC", expected: "Node,RBAC,ABAC",
}, },
{ {
name: "add defaults to RBAC+Webhook", name: "add defaults to RBAC+Webhook",
authMode: []string{authzmodes.ModeRBAC, authzmodes.ModeWebhook}, authMode: []string{kubeadmconstants.ModeRBAC, kubeadmconstants.ModeWebhook},
expected: "Node,RBAC,Webhook", expected: "Node,RBAC,Webhook",
}, },
{ {
name: "add default to Webhook", name: "add default to Webhook",
authMode: []string{authzmodes.ModeWebhook}, authMode: []string{kubeadmconstants.ModeWebhook},
expected: "Node,RBAC,Webhook", expected: "Node,RBAC,Webhook",
}, },
{ {
name: "AlwaysAllow ignored", name: "AlwaysAllow ignored",
authMode: []string{authzmodes.ModeAlwaysAllow}, authMode: []string{kubeadmconstants.ModeAlwaysAllow},
expected: "Node,RBAC", expected: "Node,RBAC",
}, },
{ {
name: "AlwaysDeny ignored", name: "AlwaysDeny ignored",
authMode: []string{authzmodes.ModeAlwaysDeny}, authMode: []string{kubeadmconstants.ModeAlwaysDeny},
expected: "Node,RBAC", expected: "Node,RBAC",
}, },
{ {
@ -939,12 +938,12 @@ func TestGetAuthzModes(t *testing.T) {
}, },
{ {
name: "Multiple ignored", name: "Multiple ignored",
authMode: []string{authzmodes.ModeAlwaysAllow, authzmodes.ModeAlwaysDeny, "foo"}, authMode: []string{kubeadmconstants.ModeAlwaysAllow, kubeadmconstants.ModeAlwaysDeny, "foo"},
expected: "Node,RBAC", expected: "Node,RBAC",
}, },
{ {
name: "all", name: "all",
authMode: []string{authzmodes.ModeNode, authzmodes.ModeRBAC, authzmodes.ModeWebhook, authzmodes.ModeABAC}, authMode: []string{kubeadmconstants.ModeNode, kubeadmconstants.ModeRBAC, kubeadmconstants.ModeWebhook, kubeadmconstants.ModeABAC},
expected: "Node,RBAC,ABAC,Webhook", expected: "Node,RBAC,ABAC,Webhook",
}, },
} }