adds watchListEndpointRestrictions for watchlist requests (#126996)
* endpoints/handlers/get: intro watchListEndpointRestrictions * consistencydetector/list_data_consistency_detector: expose IsDataConsistencyDetectionForListEnabled * e2e/watchlist: extract common function for adding unstructured secrets * e2e/watchlist: new e2e scenarios for convering watchListEndpointRestrict Kubernetes-commit: ae35048cb0b9b177891aab41346b6d6cc504582f
This commit is contained in:
Lukasz Szaszkiewicz
Kubernetes Publisher
parent
11af6bbc46
commit
8cb411e993
4
go.mod
4
go.mod
|
|
@ -50,8 +50,8 @@ require (
|
||||||
gopkg.in/natefinch/lumberjack.v2 v2.2.1
|
gopkg.in/natefinch/lumberjack.v2 v2.2.1
|
||||||
gopkg.in/square/go-jose.v2 v2.6.0
|
gopkg.in/square/go-jose.v2 v2.6.0
|
||||||
k8s.io/api v0.0.0-20240920202009-71385f038c10
|
k8s.io/api v0.0.0-20240920202009-71385f038c10
|
||||||
k8s.io/apimachinery v0.0.0-20240920201701-c98a9e22228d
|
k8s.io/apimachinery v0.0.0-20240925041717-7f7bf1108918
|
||||||
k8s.io/client-go v0.0.0-20240922202559-fcb1b6051673
|
k8s.io/client-go v0.0.0-20240925122622-5395fd1e2898
|
||||||
k8s.io/component-base v0.0.0-20240923042704-5e237c64b1be
|
k8s.io/component-base v0.0.0-20240923042704-5e237c64b1be
|
||||||
k8s.io/klog/v2 v2.130.1
|
k8s.io/klog/v2 v2.130.1
|
||||||
k8s.io/kms v0.0.0-20240912041232-273c893e4e51
|
k8s.io/kms v0.0.0-20240912041232-273c893e4e51
|
||||||
|
|
|
||||||
8
go.sum
8
go.sum
|
|
@ -373,10 +373,10 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh
|
||||||
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||||
k8s.io/api v0.0.0-20240920202009-71385f038c10 h1:shjQe98Co9zBlDzQkxb5IJEWtReSl7qunr56C4Jgc70=
|
k8s.io/api v0.0.0-20240920202009-71385f038c10 h1:shjQe98Co9zBlDzQkxb5IJEWtReSl7qunr56C4Jgc70=
|
||||||
k8s.io/api v0.0.0-20240920202009-71385f038c10/go.mod h1:KCEt6+W/Yn1Vc48pYXeLf0mGK52kJhvt+rcaUVsIaKQ=
|
k8s.io/api v0.0.0-20240920202009-71385f038c10/go.mod h1:KCEt6+W/Yn1Vc48pYXeLf0mGK52kJhvt+rcaUVsIaKQ=
|
||||||
k8s.io/apimachinery v0.0.0-20240920201701-c98a9e22228d h1:yDB+e3ReCJtthGtcZXMJAYPsekzI7oIS6U6hSDgFVRA=
|
k8s.io/apimachinery v0.0.0-20240925041717-7f7bf1108918 h1:ng/G1Cex08Vz3thCE0X7s2vn6eHduxFOG9khssm3dwM=
|
||||||
k8s.io/apimachinery v0.0.0-20240920201701-c98a9e22228d/go.mod h1:5rKPDwwN9qm//xASFCZ83nyYEanHxxhc7pZ8AC4lukY=
|
k8s.io/apimachinery v0.0.0-20240925041717-7f7bf1108918/go.mod h1:5rKPDwwN9qm//xASFCZ83nyYEanHxxhc7pZ8AC4lukY=
|
||||||
k8s.io/client-go v0.0.0-20240922202559-fcb1b6051673 h1:HbmVM5qrkQFSb+Isx8xOECazw5L6VDenjnUAgMPSmNQ=
|
k8s.io/client-go v0.0.0-20240925122622-5395fd1e2898 h1:Uk1+fyRbV/VADU7XqHXgCflzpCqfOUM5hPG6YH+o3VQ=
|
||||||
k8s.io/client-go v0.0.0-20240922202559-fcb1b6051673/go.mod h1:slPGP9kLjwKXgatD4iciMlNjnCmtXQ1ZHl7l/mS5Ux0=
|
k8s.io/client-go v0.0.0-20240925122622-5395fd1e2898/go.mod h1:qjnMyMNFlW8CcwF+7n30w5m+FEGnZ9XpcW9gNIifxP4=
|
||||||
k8s.io/component-base v0.0.0-20240923042704-5e237c64b1be h1:FVbhqwC7jzmEJj2WO1uDz8p53hPawsv6qgCmraQA71Y=
|
k8s.io/component-base v0.0.0-20240923042704-5e237c64b1be h1:FVbhqwC7jzmEJj2WO1uDz8p53hPawsv6qgCmraQA71Y=
|
||||||
k8s.io/component-base v0.0.0-20240923042704-5e237c64b1be/go.mod h1:fkEjPUVhTSqc5k3wBHfdJuwzY+Z1OwFQpumwqYwc9Vw=
|
k8s.io/component-base v0.0.0-20240923042704-5e237c64b1be/go.mod h1:fkEjPUVhTSqc5k3wBHfdJuwzY+Z1OwFQpumwqYwc9Vw=
|
||||||
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
|
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
|
||||||
|
|
|
||||||
|
|
@ -45,6 +45,7 @@ import (
|
||||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
||||||
"k8s.io/component-base/tracing"
|
"k8s.io/component-base/tracing"
|
||||||
"k8s.io/klog/v2"
|
"k8s.io/klog/v2"
|
||||||
|
"k8s.io/utils/ptr"
|
||||||
)
|
)
|
||||||
|
|
||||||
// getterFunc performs a get request with the given context and object name. The request
|
// getterFunc performs a get request with the given context and object name. The request
|
||||||
|
|
@ -185,15 +186,8 @@ func ListResource(r rest.Lister, rw rest.Watcher, scope *RequestScope, forceWatc
|
||||||
if err != nil {
|
if err != nil {
|
||||||
hasName = false
|
hasName = false
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx = request.WithNamespace(ctx, namespace)
|
ctx = request.WithNamespace(ctx, namespace)
|
||||||
|
|
||||||
outputMediaType, _, err := negotiation.NegotiateOutputMediaType(req, scope.Serializer, scope)
|
|
||||||
if err != nil {
|
|
||||||
scope.err(err, w, req)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
opts := metainternalversion.ListOptions{}
|
opts := metainternalversion.ListOptions{}
|
||||||
if err := metainternalversionscheme.ParameterCodec.DecodeParameters(req.URL.Query(), scope.MetaGroupVersion, &opts); err != nil {
|
if err := metainternalversionscheme.ParameterCodec.DecodeParameters(req.URL.Query(), scope.MetaGroupVersion, &opts); err != nil {
|
||||||
err = errors.NewBadRequest(err.Error())
|
err = errors.NewBadRequest(err.Error())
|
||||||
|
|
@ -208,6 +202,17 @@ func ListResource(r rest.Lister, rw rest.Watcher, scope *RequestScope, forceWatc
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var restrictions negotiation.EndpointRestrictions
|
||||||
|
restrictions = scope
|
||||||
|
if isListWatchRequest(opts) {
|
||||||
|
restrictions = &watchListEndpointRestrictions{scope}
|
||||||
|
}
|
||||||
|
outputMediaType, _, err := negotiation.NegotiateOutputMediaType(req, scope.Serializer, restrictions)
|
||||||
|
if err != nil {
|
||||||
|
scope.err(err, w, req)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// transform fields
|
// transform fields
|
||||||
// TODO: DecodeParametersInto should do this.
|
// TODO: DecodeParametersInto should do this.
|
||||||
if opts.FieldSelector != nil {
|
if opts.FieldSelector != nil {
|
||||||
|
|
@ -307,3 +312,18 @@ func ListResource(r rest.Lister, rw rest.Watcher, scope *RequestScope, forceWatc
|
||||||
transformResponseObject(ctx, scope, req, w, http.StatusOK, outputMediaType, result)
|
transformResponseObject(ctx, scope, req, w, http.StatusOK, outputMediaType, result)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type watchListEndpointRestrictions struct {
|
||||||
|
negotiation.EndpointRestrictions
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *watchListEndpointRestrictions) AllowsMediaTypeTransform(mimeType, mimeSubType string, target *schema.GroupVersionKind) bool {
|
||||||
|
if target != nil && target.Kind == "Table" {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
return e.EndpointRestrictions.AllowsMediaTypeTransform(mimeType, mimeSubType, target)
|
||||||
|
}
|
||||||
|
|
||||||
|
func isListWatchRequest(opts metainternalversion.ListOptions) bool {
|
||||||
|
return utilfeature.DefaultFeatureGate.Enabled(features.WatchList) && ptr.Deref(opts.SendInitialEvents, false) && opts.AllowWatchBookmarks
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue