From 2f946b7aee436479d46dbd3a85474dcf24aa4df0 Mon Sep 17 00:00:00 2001 From: nikhiljindal Date: Tue, 14 Jul 2015 12:43:42 -0700 Subject: [PATCH] Stop allowing unnamespaced POST for namespaced objects --- api/swagger-spec/v1.json | 450 -------------------------------- pkg/apiserver/api_installer.go | 1 - pkg/apiserver/apiserver_test.go | 6 +- 3 files changed, 3 insertions(+), 454 deletions(-) diff --git a/api/swagger-spec/v1.json b/api/swagger-spec/v1.json index 40fbea0dfab..5c5561df769 100644 --- a/api/swagger-spec/v1.json +++ b/api/swagger-spec/v1.json @@ -55,49 +55,6 @@ } ] }, - { - "path": "/api/v1/bindings", - "description": "API at /api/v1 version v1", - "operations": [ - { - "type": "v1.Binding", - "method": "POST", - "summary": "create a Binding", - "nickname": "createBinding", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.Binding", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.Binding" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] - } - ] - }, { "path": "/api/v1/namespaces/{namespace}/componentstatuses", "description": "API at /api/v1 version v1", @@ -845,43 +802,6 @@ "consumes": [ "*/*" ] - }, - { - "type": "v1.Endpoints", - "method": "POST", - "summary": "create a Endpoints", - "nickname": "createEndpoints", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.Endpoints", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.Endpoints" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] } ] }, @@ -1498,43 +1418,6 @@ "consumes": [ "*/*" ] - }, - { - "type": "v1.Event", - "method": "POST", - "summary": "create a Event", - "nickname": "createEvent", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.Event", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.Event" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] } ] }, @@ -2151,43 +2034,6 @@ "consumes": [ "*/*" ] - }, - { - "type": "v1.LimitRange", - "method": "POST", - "summary": "create a LimitRange", - "nickname": "createLimitRange", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.LimitRange", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.LimitRange" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] } ] }, @@ -4141,43 +3987,6 @@ "consumes": [ "*/*" ] - }, - { - "type": "v1.PersistentVolumeClaim", - "method": "POST", - "summary": "create a PersistentVolumeClaim", - "nickname": "createPersistentVolumeClaim", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.PersistentVolumeClaim", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.PersistentVolumeClaim" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] } ] }, @@ -5758,43 +5567,6 @@ "consumes": [ "*/*" ] - }, - { - "type": "v1.Pod", - "method": "POST", - "summary": "create a Pod", - "nickname": "createPod", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.Pod", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.Pod" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] } ] }, @@ -7140,43 +6912,6 @@ "consumes": [ "*/*" ] - }, - { - "type": "v1.PodTemplate", - "method": "POST", - "summary": "create a PodTemplate", - "nickname": "createPodTemplate", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.PodTemplate", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.PodTemplate" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] } ] }, @@ -7801,43 +7536,6 @@ "consumes": [ "*/*" ] - }, - { - "type": "v1.ReplicationController", - "method": "POST", - "summary": "create a ReplicationController", - "nickname": "createReplicationController", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.ReplicationController", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.ReplicationController" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] } ] }, @@ -8462,43 +8160,6 @@ "consumes": [ "*/*" ] - }, - { - "type": "v1.ResourceQuota", - "method": "POST", - "summary": "create a ResourceQuota", - "nickname": "createResourceQuota", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.ResourceQuota", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.ResourceQuota" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] } ] }, @@ -9182,43 +8843,6 @@ "consumes": [ "*/*" ] - }, - { - "type": "v1.Secret", - "method": "POST", - "summary": "create a Secret", - "nickname": "createSecret", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.Secret", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.Secret" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] } ] }, @@ -9843,43 +9467,6 @@ "consumes": [ "*/*" ] - }, - { - "type": "v1.ServiceAccount", - "method": "POST", - "summary": "create a ServiceAccount", - "nickname": "createServiceAccount", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.ServiceAccount", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.ServiceAccount" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] } ] }, @@ -10916,43 +10503,6 @@ "consumes": [ "*/*" ] - }, - { - "type": "v1.Service", - "method": "POST", - "summary": "create a Service", - "nickname": "createService", - "parameters": [ - { - "type": "string", - "paramType": "query", - "name": "pretty", - "description": "If 'true', then the output is pretty printed.", - "required": false, - "allowMultiple": false - }, - { - "type": "v1.Service", - "paramType": "body", - "name": "body", - "description": "", - "required": true, - "allowMultiple": false - } - ], - "responseMessages": [ - { - "code": 200, - "message": "OK", - "responseModel": "v1.Service" - } - ], - "produces": [ - "application/json" - ], - "consumes": [ - "*/*" - ] } ] }, diff --git a/pkg/apiserver/api_installer.go b/pkg/apiserver/api_installer.go index 878f0063233..3a53e3a671a 100644 --- a/pkg/apiserver/api_installer.go +++ b/pkg/apiserver/api_installer.go @@ -327,7 +327,6 @@ func (a *APIInstaller) registerResourceHandlers(path string, storage rest.Storag if !hasSubresource { namer = scopeNaming{scope, a.group.Linker, gpath.Join(a.prefix, itemPath), true} actions = appendIf(actions, action{"LIST", resource, params, namer}, isLister) - actions = appendIf(actions, action{"POST", resource, params, namer}, isCreater) actions = appendIf(actions, action{"WATCHLIST", "watch/" + resource, params, namer}, allowWatchList) } break diff --git a/pkg/apiserver/apiserver_test.go b/pkg/apiserver/apiserver_test.go index 68b4a30ac98..2b23cb036a5 100644 --- a/pkg/apiserver/apiserver_test.go +++ b/pkg/apiserver/apiserver_test.go @@ -2196,7 +2196,7 @@ func TestCreateInvokesAdmissionControl(t *testing.T) { t: t, name: "bar", namespace: "other", - expectedSet: "/api/version/foo/bar?namespace=other", + expectedSet: "/api/version/namespaces/other/foo/bar", } handler := handleInternal(true, map[string]rest.Storage{"foo": &storage}, deny.NewAlwaysDeny(), selfLinker) server := httptest.NewServer(handler) @@ -2207,7 +2207,7 @@ func TestCreateInvokesAdmissionControl(t *testing.T) { Other: "bar", } data, _ := codec.Encode(simple) - request, err := http.NewRequest("POST", server.URL+"/api/version/foo?namespace=other", bytes.NewBuffer(data)) + request, err := http.NewRequest("POST", server.URL+"/api/version/namespaces/other/foo", bytes.NewBuffer(data)) if err != nil { t.Errorf("unexpected error: %v", err) } @@ -2330,7 +2330,7 @@ func TestCreateTimeout(t *testing.T) { simple := &Simple{Other: "foo"} data, _ := codec.Encode(simple) - itemOut := expectApiStatus(t, "POST", server.URL+"/api/version/foo?timeout=4ms", data, apierrs.StatusServerTimeout) + itemOut := expectApiStatus(t, "POST", server.URL+"/api/version/namespaces/default/foo?timeout=4ms", data, apierrs.StatusServerTimeout) if itemOut.Status != api.StatusFailure || itemOut.Reason != api.StatusReasonTimeout { t.Errorf("Unexpected status %#v", itemOut) }