Move podsecuritypolicy registry to policy package.

2025-09-26 20:54:08 +00:00 · 2018-04-13 16:06:52 +02:00
parent 8535ef60ed
commit ff636f25c0
15 changed files with 18 additions and 21 deletions
--- a/pkg/registry/extensions/podsecuritypolicy/BUILD
+++ b/pkg/registry/extensions/podsecuritypolicy/BUILD
@@ -1,41 +0,0 @@
-package(default_visibility = ["//visibility:public"])
-
-load(
-    "@io_bazel_rules_go//go:def.bzl",
-    "go_library",
-)
-
-go_library(
-    name = "go_default_library",
-    srcs = [
-        "doc.go",
-        "strategy.go",
-    ],
-    importpath = "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy",
-    deps = [
-        "//pkg/api/legacyscheme:go_default_library",
-        "//pkg/apis/policy:go_default_library",
-        "//pkg/apis/policy/validation:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/storage/names:go_default_library",
-    ],
-)
-
-filegroup(
-    name = "package-srcs",
-    srcs = glob(["**"]),
-    tags = ["automanaged"],
-    visibility = ["//visibility:private"],
-)
-
-filegroup(
-    name = "all-srcs",
-    srcs = [
-        ":package-srcs",
-        "//pkg/registry/extensions/podsecuritypolicy/storage:all-srcs",
-    ],
-    tags = ["automanaged"],
-)
--- a/pkg/registry/extensions/podsecuritypolicy/doc.go
+++ b/pkg/registry/extensions/podsecuritypolicy/doc.go
@@ -1,19 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package podsecuritypolicy provides Registry interface and its REST
-// implementation for storing PodSecurityPolicy api objects.
-package podsecuritypolicy // import "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy"
--- a/pkg/registry/extensions/podsecuritypolicy/storage/BUILD
+++ b/pkg/registry/extensions/podsecuritypolicy/storage/BUILD
@@ -1,55 +0,0 @@
-package(default_visibility = ["//visibility:public"])
-
-load(
-    "@io_bazel_rules_go//go:def.bzl",
-    "go_library",
-    "go_test",
-)
-
-go_test(
-    name = "go_default_test",
-    srcs = ["storage_test.go"],
-    embed = [":go_default_library"],
-    deps = [
-        "//pkg/apis/policy:go_default_library",
-        "//pkg/registry/registrytest:go_default_library",
-        "//vendor/k8s.io/api/policy/v1beta1:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/fields:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/labels:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/registry/generic/testing:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/storage/etcd/testing:go_default_library",
-    ],
-)
-
-go_library(
-    name = "go_default_library",
-    srcs = ["storage.go"],
-    importpath = "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage",
-    deps = [
-        "//pkg/apis/policy:go_default_library",
-        "//pkg/printers:go_default_library",
-        "//pkg/printers/internalversion:go_default_library",
-        "//pkg/printers/storage:go_default_library",
-        "//pkg/registry/extensions/podsecuritypolicy:go_default_library",
-        "//vendor/k8s.io/api/extensions/v1beta1:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/registry/generic/registry:go_default_library",
-    ],
-)
-
-filegroup(
-    name = "package-srcs",
-    srcs = glob(["**"]),
-    tags = ["automanaged"],
-    visibility = ["//visibility:private"],
-)
-
-filegroup(
-    name = "all-srcs",
-    srcs = [":package-srcs"],
-    tags = ["automanaged"],
-)
--- a/pkg/registry/extensions/podsecuritypolicy/storage/storage.go
+++ b/pkg/registry/extensions/podsecuritypolicy/storage/storage.go
@@ -1,60 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package storage
-
-import (
-	extensions "k8s.io/api/extensions/v1beta1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apiserver/pkg/registry/generic"
-	genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
-	"k8s.io/kubernetes/pkg/apis/policy"
-	"k8s.io/kubernetes/pkg/printers"
-	printersinternal "k8s.io/kubernetes/pkg/printers/internalversion"
-	printerstorage "k8s.io/kubernetes/pkg/printers/storage"
-	"k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy"
-)
-
-// REST implements a RESTStorage for PodSecurityPolicies.
-type REST struct {
-	*genericregistry.Store
-}
-
-// NewREST returns a RESTStorage object that will work against PodSecurityPolicy objects.
-func NewREST(optsGetter generic.RESTOptionsGetter) *REST {
-	store := &genericregistry.Store{
-		NewFunc:                  func() runtime.Object { return &policy.PodSecurityPolicy{} },
-		NewListFunc:              func() runtime.Object { return &policy.PodSecurityPolicyList{} },
-		DefaultQualifiedResource: extensions.Resource("podsecuritypolicies"),
-
-		CreateStrategy:      podsecuritypolicy.Strategy,
-		UpdateStrategy:      podsecuritypolicy.Strategy,
-		DeleteStrategy:      podsecuritypolicy.Strategy,
-		ReturnDeletedObject: true,
-
-		TableConvertor: printerstorage.TableConvertor{TablePrinter: printers.NewTablePrinter().With(printersinternal.AddHandlers)},
-	}
-	options := &generic.StoreOptions{RESTOptions: optsGetter}
-	if err := store.CompleteWithOptions(options); err != nil {
-		panic(err) // TODO: Propagate error up
-	}
-	return &REST{store}
-}
-
-// ShortNames implements the ShortNamesProvider interface. Returns a list of short names for a resource.
-func (r *REST) ShortNames() []string {
-	return []string{"psp"}
-}
--- a/pkg/registry/extensions/podsecuritypolicy/storage/storage_test.go
+++ b/pkg/registry/extensions/podsecuritypolicy/storage/storage_test.go
@@ -1,149 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package storage
-
-import (
-	"testing"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/kubernetes/pkg/apis/policy"
-	// Ensure that policy/v1beta1 package is initialized.
-	_ "k8s.io/api/policy/v1beta1"
-	"k8s.io/apimachinery/pkg/fields"
-	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apiserver/pkg/registry/generic"
-	genericregistrytest "k8s.io/apiserver/pkg/registry/generic/testing"
-	etcdtesting "k8s.io/apiserver/pkg/storage/etcd/testing"
-	"k8s.io/kubernetes/pkg/registry/registrytest"
-)
-
-func newStorage(t *testing.T) (*REST, *etcdtesting.EtcdTestServer) {
-	etcdStorage, server := registrytest.NewEtcdStorage(t, "policy")
-	restOptions := generic.RESTOptions{
-		StorageConfig:           etcdStorage,
-		Decorator:               generic.UndecoratedStorage,
-		DeleteCollectionWorkers: 1,
-		ResourcePrefix:          "podsecuritypolicies",
-	}
-	return NewREST(restOptions), server
-}
-
-func validNewPodSecurityPolicy() *policy.PodSecurityPolicy {
-	return &policy.PodSecurityPolicy{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "foo",
-		},
-		Spec: policy.PodSecurityPolicySpec{
-			SELinux: policy.SELinuxStrategyOptions{
-				Rule: policy.SELinuxStrategyRunAsAny,
-			},
-			RunAsUser: policy.RunAsUserStrategyOptions{
-				Rule: policy.RunAsUserStrategyRunAsAny,
-			},
-			FSGroup: policy.FSGroupStrategyOptions{
-				Rule: policy.FSGroupStrategyRunAsAny,
-			},
-			SupplementalGroups: policy.SupplementalGroupsStrategyOptions{
-				Rule: policy.SupplementalGroupsStrategyRunAsAny,
-			},
-		},
-	}
-}
-
-func TestCreate(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope()
-	psp := validNewPodSecurityPolicy()
-	psp.ObjectMeta = metav1.ObjectMeta{GenerateName: "foo-"}
-	test.TestCreate(
-		// valid
-		psp,
-		// invalid
-		&policy.PodSecurityPolicy{
-			ObjectMeta: metav1.ObjectMeta{Name: "name with spaces"},
-		},
-	)
-}
-
-func TestUpdate(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope()
-	test.TestUpdate(
-		// valid
-		validNewPodSecurityPolicy(),
-		// updateFunc
-		func(obj runtime.Object) runtime.Object {
-			object := obj.(*policy.PodSecurityPolicy)
-			object.Labels = map[string]string{"a": "b"}
-			return object
-		},
-	)
-}
-
-func TestDelete(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope().ReturnDeletedObject()
-	test.TestDelete(validNewPodSecurityPolicy())
-}
-
-func TestGet(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope()
-	test.TestGet(validNewPodSecurityPolicy())
-}
-
-func TestList(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope()
-	test.TestList(validNewPodSecurityPolicy())
-}
-
-func TestWatch(t *testing.T) {
-	storage, server := newStorage(t)
-	defer server.Terminate(t)
-	defer storage.Store.DestroyFunc()
-	test := genericregistrytest.New(t, storage.Store).ClusterScope()
-	test.TestWatch(
-		validNewPodSecurityPolicy(),
-		// matching labels
-		[]labels.Set{},
-		// not matching labels
-		[]labels.Set{
-			{"foo": "bar"},
-		},
-		// matching fields
-		[]fields.Set{
-			{"metadata.name": "foo"},
-		},
-		// not matching fields
-		[]fields.Set{
-			{"metadata.name": "bar"},
-			{"name": "foo"},
-		},
-	)
-}
--- a/pkg/registry/extensions/podsecuritypolicy/strategy.go
+++ b/pkg/registry/extensions/podsecuritypolicy/strategy.go
@@ -1,71 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package podsecuritypolicy
-
-import (
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/util/validation/field"
-	genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
-	"k8s.io/apiserver/pkg/registry/rest"
-	"k8s.io/apiserver/pkg/storage/names"
-	"k8s.io/kubernetes/pkg/api/legacyscheme"
-	"k8s.io/kubernetes/pkg/apis/policy"
-	"k8s.io/kubernetes/pkg/apis/policy/validation"
-)
-
-// strategy implements behavior for PodSecurityPolicy objects
-type strategy struct {
-	runtime.ObjectTyper
-	names.NameGenerator
-}
-
-// Strategy is the default logic that applies when creating and updating PodSecurityPolicy
-// objects via the REST API.
-var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator}
-
-var _ = rest.RESTCreateStrategy(Strategy)
-
-var _ = rest.RESTUpdateStrategy(Strategy)
-
-func (strategy) NamespaceScoped() bool {
-	return false
-}
-
-func (strategy) AllowCreateOnUpdate() bool {
-	return false
-}
-
-func (strategy) AllowUnconditionalUpdate() bool {
-	return true
-}
-
-func (strategy) PrepareForCreate(ctx genericapirequest.Context, obj runtime.Object) {
-}
-
-func (strategy) PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime.Object) {
-}
-
-func (strategy) Canonicalize(obj runtime.Object) {
-}
-
-func (strategy) Validate(ctx genericapirequest.Context, obj runtime.Object) field.ErrorList {
-	return validation.ValidatePodSecurityPolicy(obj.(*policy.PodSecurityPolicy))
-}
-
-func (strategy) ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList {
-	return validation.ValidatePodSecurityPolicyUpdate(old.(*policy.PodSecurityPolicy), obj.(*policy.PodSecurityPolicy))
-}
--- a/pkg/registry/extensions/rest/BUILD
+++ b/pkg/registry/extensions/rest/BUILD
@@ -17,8 +17,8 @@ go_library(
        "//pkg/registry/apps/replicaset/storage:go_default_library",
        "//pkg/registry/extensions/controller/storage:go_default_library",
        "//pkg/registry/extensions/ingress/storage:go_default_library",
-        "//pkg/registry/extensions/podsecuritypolicy/storage:go_default_library",
        "//pkg/registry/networking/networkpolicy/storage:go_default_library",
+        "//pkg/registry/policy/podsecuritypolicy/storage:go_default_library",
        "//vendor/k8s.io/api/extensions/v1beta1:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library",
--- a/pkg/registry/extensions/rest/storage_extensions.go
+++ b/pkg/registry/extensions/rest/storage_extensions.go
@@ -29,8 +29,8 @@ import (
 	replicasetstore "k8s.io/kubernetes/pkg/registry/apps/replicaset/storage"
 	expcontrollerstore "k8s.io/kubernetes/pkg/registry/extensions/controller/storage"
 	ingressstore "k8s.io/kubernetes/pkg/registry/extensions/ingress/storage"
-	pspstore "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage"
 	networkpolicystore "k8s.io/kubernetes/pkg/registry/networking/networkpolicy/storage"
+	pspstore "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage"
 )

 type RESTStorageProvider struct{}
@@ -74,8 +74,8 @@ func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorag
 	storage["ingresses/status"] = ingressStatusStorage

 	// podsecuritypolicy
-	podSecurityExtensionsStorage := pspstore.NewREST(restOptionsGetter)
-	storage["podSecurityPolicies"] = podSecurityExtensionsStorage
+	podSecurityPolicyStorage := pspstore.NewREST(restOptionsGetter)
+	storage["podSecurityPolicies"] = podSecurityPolicyStorage

 	// replicasets
 	replicaSetStorage := replicasetstore.NewStorage(restOptionsGetter)