From 2e97d3c8732147c3ba2f11d668f50b44e6374348 Mon Sep 17 00:00:00 2001 From: Mike Spreitzer Date: Wed, 4 Mar 2020 00:00:39 -0500 Subject: [PATCH] Generalized NonResourcePolicyRule.NonResourceURLs impl ... to match the comment on that field. Also generalized the test case generator to exercise the new generality. --- .../apiserver/pkg/util/flowcontrol/gen_test.go | 15 +++++++++++---- .../k8s.io/apiserver/pkg/util/flowcontrol/rule.go | 14 +++++++++++++- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/staging/src/k8s.io/apiserver/pkg/util/flowcontrol/gen_test.go b/staging/src/k8s.io/apiserver/pkg/util/flowcontrol/gen_test.go index 89a0dc683a5..64551ee2eb1 100644 --- a/staging/src/k8s.io/apiserver/pkg/util/flowcontrol/gen_test.go +++ b/staging/src/k8s.io/apiserver/pkg/util/flowcontrol/gen_test.go @@ -588,10 +588,14 @@ func genNRRIs(rng *rand.Rand, m int, verbs, urls []string) []*request.RequestInf coords := chooseInts(rng, nv*nu, m) ans := make([]*request.RequestInfo, 0, m) for _, coord := range coords { - ans = append(ans, &request.RequestInfo{ + ri := &request.RequestInfo{ IsResourceRequest: false, Verb: verbs[coord%nv], - Path: urls[coord/nv]}) + Path: urls[coord/nv]} + if rng.Intn(2) == 1 { + ri.Path = ri.Path + "/more" + } + ans = append(ans, ri) } return ans } @@ -614,14 +618,14 @@ func chooseInts(rng *rand.Rand, n, m int) []int { func genNonResourceRule(rng *rand.Rand, pfx string, matchAllNonResources, someMatchesAllNonResources bool) (fcv1a1.NonResourcePolicyRule, []*request.RequestInfo, []*request.RequestInfo) { nrr := fcv1a1.NonResourcePolicyRule{ Verbs: []string{pfx + "-v1", pfx + "-v2", pfx + "-v3"}, - NonResourceURLs: []string{"/" + pfx + "/p1", "/" + pfx + "/p2", "/" + pfx + "/p3"}, + NonResourceURLs: []string{"/" + pfx + "/g/p1", "/" + pfx + "/g/p2", "/" + pfx + "/g/p3"}, } matchingRIs := genNRRIs(rng, 3, nrr.Verbs, nrr.NonResourceURLs) var skippingRIs []*request.RequestInfo if !someMatchesAllNonResources { skippingRIs = genNRRIs(rng, 3, []string{pfx + "-v4", pfx + "-v5", pfx + "-v6"}, - []string{"/" + pfx + "/p4", "/" + pfx + "/p5", "/" + pfx + "/p6"}) + []string{"/" + pfx + "/b/p1", "/" + pfx + "/b/p2", "/" + pfx + "/b/p3"}) } // choose a proper subset of fields to consider wildcarding; only matters if not matching all starMask := rng.Intn(3) @@ -630,6 +634,9 @@ func genNonResourceRule(rng *rand.Rand, pfx string, matchAllNonResources, someMa } if matchAllNonResources || starMask&2 == 2 && rng.Float32() < 0.1 { nrr.NonResourceURLs = []string{"*"} + } else { + nrr.NonResourceURLs[rng.Intn(3)] = "/" + pfx + "/g/*" + nrr.NonResourceURLs[rng.Intn(3)] = "/" + pfx + "/g" } return nrr, matchingRIs, skippingRIs } diff --git a/staging/src/k8s.io/apiserver/pkg/util/flowcontrol/rule.go b/staging/src/k8s.io/apiserver/pkg/util/flowcontrol/rule.go index b41a1c97c2e..c6a0463335c 100644 --- a/staging/src/k8s.io/apiserver/pkg/util/flowcontrol/rule.go +++ b/staging/src/k8s.io/apiserver/pkg/util/flowcontrol/rule.go @@ -153,7 +153,19 @@ func matchPolicyRuleVerb(policyRuleVerbs []string, requestVerb string) bool { } func matchPolicyRuleNonResourceURL(policyRuleRequestURLs []string, requestPath string) bool { - return containsString(requestPath, policyRuleRequestURLs, fctypesv1a1.NonResourceAll) + for _, rulePath := range policyRuleRequestURLs { + if rulePath == fctypesv1a1.NonResourceAll || rulePath == requestPath { + return true + } + rulePrefix := strings.TrimSuffix(rulePath, "*") + if !strings.HasSuffix(rulePrefix, "/") { + rulePrefix = rulePrefix + "/" + } + if strings.HasPrefix(requestPath, rulePrefix) { + return true + } + } + return false } func matchPolicyRuleAPIGroup(policyRuleAPIGroups []string, requestAPIGroup string) bool {