github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #88794 from MikeSpreitzer/full-nru-match

Browse Source 
Generalized NonResourcePolicyRule.NonResourceURLs impl
This commit is contained in:
Kubernetes Prow Robot 2020-03-05 20:04:47 -08:00 committed by GitHub
commit fa78f6b1a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
staging/src/k8s.io/apiserver/pkg/util/flowcontrol/gen_test.go
View File

@ -588,10 +588,14 @@ func genNRRIs(rng *rand.Rand, m int, verbs, urls []string) []*request.RequestInf
coords := chooseInts(rng, nv*nu, m)
ans := make([]*request.RequestInfo, 0, m)
for _, coord := range coords {
ans = append(ans, &request.RequestInfo{
ri := &request.RequestInfo{
IsResourceRequest: false,
Verb: verbs[coord%nv],
Path: urls[coord/nv]})
Path: urls[coord/nv]}
if rng.Intn(2) == 1 {
ri.Path = ri.Path + "/more"
}
ans = append(ans, ri)
}
return ans
}
@ -614,14 +618,14 @@ func chooseInts(rng *rand.Rand, n, m int) []int {
func genNonResourceRule(rng *rand.Rand, pfx string, matchAllNonResources, someMatchesAllNonResources bool) (fcv1a1.NonResourcePolicyRule, []*request.RequestInfo, []*request.RequestInfo) {
nrr := fcv1a1.NonResourcePolicyRule{
Verbs: []string{pfx + "-v1", pfx + "-v2", pfx + "-v3"},
NonResourceURLs: []string{"/" + pfx + "/p1", "/" + pfx + "/p2", "/" + pfx + "/p3"},
NonResourceURLs: []string{"/" + pfx + "/g/p1", "/" + pfx + "/g/p2", "/" + pfx + "/g/p3"},
}
matchingRIs := genNRRIs(rng, 3, nrr.Verbs, nrr.NonResourceURLs)
var skippingRIs []*request.RequestInfo
if !someMatchesAllNonResources {
skippingRIs = genNRRIs(rng, 3,
[]string{pfx + "-v4", pfx + "-v5", pfx + "-v6"},
[]string{"/" + pfx + "/p4", "/" + pfx + "/p5", "/" + pfx + "/p6"})
[]string{"/" + pfx + "/b/p1", "/" + pfx + "/b/p2", "/" + pfx + "/b/p3"})
}
// choose a proper subset of fields to consider wildcarding; only matters if not matching all
starMask := rng.Intn(3)
@ -630,6 +634,9 @@ func genNonResourceRule(rng *rand.Rand, pfx string, matchAllNonResources, someMa
}
if matchAllNonResources || starMask&2 == 2 && rng.Float32() < 0.1 {
nrr.NonResourceURLs = []string{"*"}
} else {
nrr.NonResourceURLs[rng.Intn(3)] = "/" + pfx + "/g/*"
nrr.NonResourceURLs[rng.Intn(3)] = "/" + pfx + "/g"
}
return nrr, matchingRIs, skippingRIs
}

14
staging/src/k8s.io/apiserver/pkg/util/flowcontrol/rule.go
View File

@ -153,7 +153,19 @@ func matchPolicyRuleVerb(policyRuleVerbs []string, requestVerb string) bool {
}
func matchPolicyRuleNonResourceURL(policyRuleRequestURLs []string, requestPath string) bool {
return containsString(requestPath, policyRuleRequestURLs, fctypesv1a1.NonResourceAll)
for _, rulePath := range policyRuleRequestURLs {
if rulePath == fctypesv1a1.NonResourceAll || rulePath == requestPath {
return true
}
rulePrefix := strings.TrimSuffix(rulePath, "*")
if !strings.HasSuffix(rulePrefix, "/") {
rulePrefix = rulePrefix + "/"
}
if strings.HasPrefix(requestPath, rulePrefix) {
return true
}
}
return false
}
func matchPolicyRuleAPIGroup(policyRuleAPIGroups []string, requestAPIGroup string) bool {