* Refactor ID based partitioning, add unit tests
This resolves an issue where the requested namespace filter was not
always honored.
* Correct naming issues to appease the linter
* changing secret and configmap formatters to return decoded helm data if includeHelmData query parameter is present
* adding tests for gzip magic header
* refactor(accesscontrol): make addAccess directly accept PolicyRules
* refactor(accesscontrol): add new types for encapsulating all needed data
* refactor(accesscontrol): make getRules return resource version
* refactor(accesscontrol): add new getRoleRefs to policyRuleIndex
* refactor(accesscontrol): make accessStore use the new types and method
* cleanup(accesscontrol): remove unused code
* cleanup(accesscontrol): adapt tests
* cleanup(accesscontrol): add some comments and remove unused function
* refactor(accesscontrol): rework indexer to make it more readable and testable
* Fix typo
* test: consistent use of t.Error
* test: refactor policyRulesMock to just use a map
* misc: rename toUserInfo function
* refactor: consistent sort by UID
* Add more fields to index when sql-caching is on.
Misc changes:
- Use the builtin Event class, not events.k8s.io (by looking at the dashboard client code)
- Specify full path to the management.cattle.io fields.
- Map `Event.type` to `Event._type` for indexing.
Use a compound transform-func to first check for a "signal",
and then to run all the relevant transformers until either
one fails or the list is exhausted.
- Includes moving the fakeSummaryCache type into a common area.
Use a simpler way of running transforms.
* Inline the function to get the gvk key.
* Create a '--sql-cache' flag to turn on caching for the steve CLI.
* Improve error-handling in object transformer.
* Drop the 'GetTransform' function.
* Inline the code that transforms a payload into a k8s-unstructured object.
Previously, the formatter for state/relationships was disabled when the
sql cache was enabled, since a transform function was adding those
values before they were added to the cache. However, the get/watch calls
currently don't use the cache, causing the state/relationships to be
missing.
This implements the Imperative API that is served at /ext with Steve. The imperative API is compatible with Kubernetes' API server and will be used as an extension API server.
* refactor(accesscontrol): use interface for AccessStore cache
* refactor(accesscontrol): early return when cache is disabled
* test(accesscontrol): add failing unit test
* test(accesscontrol): skip failing test
* added namespace check to proxy_store create
* added namespaced resources checks and create tests
* Update pkg/stores/proxy/proxy_store.go
* changed error message and added missing name only test
* updated sql/proxy_store
* changed return to use apierror.NewAPIError
---------
Co-authored-by: Felipe C. Gehrke <felipe@localhost.localdomain>
Co-authored-by: Tom Lebreux <tom.lebreux@suse.com>
Adds logic which adds virtual fields resources. This allows these fields
to be sorted/filtered on when the SQL cache is enabled. Id and
metadata.state.name were added as the first two fields.
Prior schema calculations started with openapiv2 models which included a
model for APIGroups. However, new schema calculations use
ServerGroupsAndResources first, which omitted these values. This
re-adds this type using a static schema.
This uses SQLite-backed informers provided by Lasso with https://github.com/rancher/lasso/pull/65 to implement Steve API (/v1/) functionality.
This new functionality is available behind a feature flag to be specified at Steve startup
See https://confluence.suse.com/pages/viewpage.action?pageId=1359086083
Co-authored-by: Ricardo Weir <ricardo.weir@suse.com>
Co-authored-by: Michael Bolot <michael.bolot@suse.com>
Co-authored-by: Silvio Moioli <silvio@moioli.net>
Signed-off-by: Silvio Moioli <silvio@moioli.net>
Fixes two bugs with the schema definitions:
- Adds resources that are a part of the baseSchema (but aren't k8s resources).
- Adds logic to handle resources which aren't in a prefered version, but
are still in some version.
Some tests which relied on timeouts were a bit flaky in CI. This PR
refactors a few of them to work on a more reliable method of receiving
from a channel and raises the timeout of another test.
In the original implementation of the definition handler, the resource
list was checked for preferred version, and this overrode the preferred
version of the overall group. However, this logic was inaccurate and
did not use the group as the source of truth on the preferred version
like it should have.
Updates the schema definitions refresh method to use a new debounce
method. Adds a handler which refreshes the definitions every 2
seconds after adding a CRD and every 10 minutes by default.
Changes steve to only return top level schema definitions rather
than a full defined schema for every field. Also adds basic docs
and fixes a bug with schema generation on versioned crds
ByNames could previously return a nil value and a nil error. This caused
issues when other parts of the application
(pkg/stores/partition/parallel.go) tried to use the result. Now this
will return an empty list on the error condition, instead of nil
Remove unnecessary items from the `access` slice in one of the unit
tests. Each item in `access` corresponds to one request in `apiOps`, so
they should have the same number of elements.
