github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-07 11:13:48 +00:00
Code Issues Projects Releases Wiki Activity

Added server-side print column about FlowSchema referential integrity

Browse Source
This commit is contained in:
Mike Spreitzer 2020-01-20 01:46:42 -05:00
parent ce12105edc
commit ff8256de3f
3 changed files with 22 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/printers/internalversion/BUILD
View File

@ -103,7 +103,6 @@ go_library(
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/duration:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/duration:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/authentication/user:go_default_library",
], ],
) )

57
pkg/printers/internalversion/printers.go
View File

@ -46,7 +46,6 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/duration" "k8s.io/apimachinery/pkg/util/duration"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apiserver/pkg/authentication/user"
"k8s.io/kubernetes/pkg/apis/admissionregistration" "k8s.io/kubernetes/pkg/apis/admissionregistration"
"k8s.io/kubernetes/pkg/apis/apps" "k8s.io/kubernetes/pkg/apis/apps"
"k8s.io/kubernetes/pkg/apis/autoscaling" "k8s.io/kubernetes/pkg/apis/autoscaling"
@ -527,8 +526,8 @@ func AddHandlers(h printers.PrintHandler) {
{Name: "PriorityLevel", Type: "string", Description: flowcontrolv1alpha1.PriorityLevelConfigurationReference{}.SwaggerDoc()["name"]}, {Name: "PriorityLevel", Type: "string", Description: flowcontrolv1alpha1.PriorityLevelConfigurationReference{}.SwaggerDoc()["name"]},
{Name: "MatchingPrecedence", Type: "string", Description: flowcontrolv1alpha1.FlowSchemaSpec{}.SwaggerDoc()["matchingPrecedence"]}, {Name: "MatchingPrecedence", Type: "string", Description: flowcontrolv1alpha1.FlowSchemaSpec{}.SwaggerDoc()["matchingPrecedence"]},
{Name: "DistinguisherMethod", Type: "string", Description: flowcontrolv1alpha1.FlowSchemaSpec{}.SwaggerDoc()["distinguisherMethod"]}, {Name: "DistinguisherMethod", Type: "string", Description: flowcontrolv1alpha1.FlowSchemaSpec{}.SwaggerDoc()["distinguisherMethod"]},
{Name: "MatchesAll", Type: "bolean", Description: "matches all requests"},
{Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]},
{Name: "MissingPL", Type: "string", Description: "references a broken or non-existent PriorityLevelConfiguration"},
} }
h.TableHandler(flowSchemaColumnDefinitions, printFlowSchema) h.TableHandler(flowSchemaColumnDefinitions, printFlowSchema)
h.TableHandler(flowSchemaColumnDefinitions, printFlowSchemaList) h.TableHandler(flowSchemaColumnDefinitions, printFlowSchemaList)
@ -2272,51 +2271,6 @@ func printVolumeAttachmentList(list *storage.VolumeAttachmentList, options print
return rows, nil return rows, nil
} }
func fsMatchesAll(obj *flowcontrol.FlowSchema) bool {
var allResources, allNonResources [2]bool
for _, prws := range obj.Spec.Rules {
allAuth, allUnauth := false, false
for _, subj := range prws.Subjects {
if subj.Group == nil {
continue
}
allAuth = allAuth || subj.Group.Name == user.AllAuthenticated
allUnauth = allUnauth || subj.Group.Name == user.AllUnauthenticated
}
anyAll := allAuth || allUnauth
if !anyAll {
continue
}
for _, nrr := range prws.NonResourceRules {
if hasWildcard(nrr.Verbs) && hasWildcard(nrr.NonResourceURLs) {
allNonResources[0] = allNonResources[0] || allAuth
allNonResources[1] = allNonResources[1] || allUnauth
break
}
}
for _, rr := range prws.ResourceRules {
if hasWildcard(rr.Verbs) && hasWildcard(rr.APIGroups) && hasWildcard(rr.Resources) && rr.ClusterScope && hasWildcard(rr.Namespaces) {
allResources[0] = allResources[0] || allAuth
allResources[1] = allResources[1] || allUnauth
break
}
}
if allResources[0] && allResources[1] && allNonResources[0] && allNonResources[1] {
return true
}
}
return false
}
func hasWildcard(arr []string) bool {
for _, elt := range arr {
if elt == "*" {
return true
}
}
return false
}
func printFlowSchema(obj *flowcontrol.FlowSchema, options printers.GenerateOptions) ([]metav1.TableRow, error) { func printFlowSchema(obj *flowcontrol.FlowSchema, options printers.GenerateOptions) ([]metav1.TableRow, error) {
row := metav1.TableRow{ row := metav1.TableRow{
Object: runtime.RawExtension{Object: obj}, Object: runtime.RawExtension{Object: obj},
@ -2328,7 +2282,14 @@ func printFlowSchema(obj *flowcontrol.FlowSchema, options printers.GenerateOptio
if obj.Spec.DistinguisherMethod != nil { if obj.Spec.DistinguisherMethod != nil {
distinguisherMethod = string(obj.Spec.DistinguisherMethod.Type) distinguisherMethod = string(obj.Spec.DistinguisherMethod.Type)
} }
row.Cells = append(row.Cells, name, plName, obj.Spec.MatchingPrecedence, distinguisherMethod, fsMatchesAll(obj), translateTimestampSince(obj.CreationTimestamp)) badPLRef := "?"
for _, cond := range obj.Status.Conditions {
if cond.Type == flowcontrol.FlowSchemaConditionDangling {
badPLRef = string(cond.Status)
break
}
}
row.Cells = append(row.Cells, name, plName, obj.Spec.MatchingPrecedence, distinguisherMethod, translateTimestampSince(obj.CreationTimestamp), badPLRef)
return []metav1.TableRow{row}, nil return []metav1.TableRow{row}, nil
} }

19
pkg/printers/internalversion/printers_test.go
View File

@ -4890,8 +4890,8 @@ func TestPrintFlowSchema(t *testing.T) {
}}, }},
}, },
}, },
// Columns: Name, PriorityLevelName, MatchingPrecedence, DistinguisherMethod, MatchesAll, Age // Columns: Name, PriorityLevelName, MatchingPrecedence, DistinguisherMethod, Age, MissingPL
expected: []metav1.TableRow{{Cells: []interface{}{"all-matcher", "allee", int32(math.MaxInt32), "ByUser", true, "0s"}}}, expected: []metav1.TableRow{{Cells: []interface{}{"all-matcher", "allee", int32(math.MaxInt32), "ByUser", "0s", "?"}}},
}, { }, {
fs: flowcontrol.FlowSchema{ fs: flowcontrol.FlowSchema{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
@ -4928,9 +4928,16 @@ func TestPrintFlowSchema(t *testing.T) {
}}, }},
}}, }},
}, },
Status: flowcontrol.FlowSchemaStatus{
Conditions: []flowcontrol.FlowSchemaCondition{{
Type: flowcontrol.FlowSchemaConditionDangling,
Status: "True",
LastTransitionTime: metav1.Time{Time: time.Now().Add(-time.Hour)},
}},
}, },
// Columns: Name, PriorityLevelName, MatchingPrecedence, DistinguisherMethod, MatchesAll, Age },
expected: []metav1.TableRow{{Cells: []interface{}{"some-matcher", "allee", int32(0), "ByNamespace", false, "5m"}}}, // Columns: Name, PriorityLevelName, MatchingPrecedence, DistinguisherMethod, Age, MissingPL
expected: []metav1.TableRow{{Cells: []interface{}{"some-matcher", "allee", int32(0), "ByNamespace", "5m", "True"}}},
}, { }, {
fs: flowcontrol.FlowSchema{ fs: flowcontrol.FlowSchema{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
@ -4956,8 +4963,8 @@ func TestPrintFlowSchema(t *testing.T) {
}}, }},
}, },
}, },
// Columns: Name, PriorityLevelName, MatchingPrecedence, DistinguisherMethod, MatchesAll, Age // Columns: Name, PriorityLevelName, MatchingPrecedence, DistinguisherMethod, Age, MissingPL
expected: []metav1.TableRow{{Cells: []interface{}{"exempt", "allee", int32(0), "<none>", false, "5m"}}}, expected: []metav1.TableRow{{Cells: []interface{}{"exempt", "allee", int32(0), "<none>", "5m", "?"}}},
}, },
} }