Merge pull request #128010 from ahmedtd/pod-certificates-types

Pod Certificates: Preliminary implementation of KEP-4317 Kubernetes-commit: cc674e7470cc1e98145ce6f915469ff6f748f443
2025-07-21 19:26:30 -07:00 · 2025-07-21 19:26:30 -07:00 · a2aad46195
parent 8ec47814fa 9dbb4eabfc
commit a2aad46195
4 changed files with 28 additions and 10 deletions
--- a/go.mod
+++ b/go.mod
@ -48,9 +48,9 @@ require (
 	gopkg.in/evanphx/json-patch.v4 v4.12.0
 	gopkg.in/go-jose/go-jose.v2 v2.6.3
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
-	k8s.io/api v0.0.0-20250718010531-33ab3a26f4b3
-	k8s.io/apimachinery v0.0.0-20250717210244-b92abb2d8139
-	k8s.io/client-go v0.0.0-20250721170428-8ff0be58e30a
+	k8s.io/api v0.0.0-20250722050559-d0d89ae64553
+	k8s.io/apimachinery v0.0.0-20250722010832-c04562bf9e0a
+	k8s.io/client-go v0.0.0-20250722051000-ec5b832e6085
 	k8s.io/component-base v0.0.0-20250717172125-4e07767df717
 	k8s.io/klog/v2 v2.130.1
 	k8s.io/kms v0.0.0-20250716213631-bbefe5cb7a2e
--- a/go.sum
+++ b/go.sum
@ -296,12 +296,12 @@ gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYs
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.0.0-20250718010531-33ab3a26f4b3 h1:UnuyCQyBmdFlYypApF2w6Ld0R0kAt8b+0Lt9dYAr23I=
-k8s.io/api v0.0.0-20250718010531-33ab3a26f4b3/go.mod h1:K8dwhtttsRR0RHeSRF8XQ77gfMgyAj3q78/TkxEXhoc=
-k8s.io/apimachinery v0.0.0-20250717210244-b92abb2d8139 h1:jWBClrBPuk+GEA9pJzMa9IvxncSBbw7fmvey15nVm0w=
-k8s.io/apimachinery v0.0.0-20250717210244-b92abb2d8139/go.mod h1:v1p1Jsze3IHLy5gU17yVqR2qLO7jgYeX6mw3HZy2AEU=
-k8s.io/client-go v0.0.0-20250721170428-8ff0be58e30a h1:cQpi2XdOTQRr/4LADz1etPSG+K0Zhk2dBg1AFVPYGVA=
-k8s.io/client-go v0.0.0-20250721170428-8ff0be58e30a/go.mod h1:Ov6eehdhPfGpT+B+UBkFx8nPjq1N7uj2HLvOpK7PxEc=
+k8s.io/api v0.0.0-20250722050559-d0d89ae64553 h1:wESDI5DxMyUWVXAtRZbjPxWg2GBEjwM+VSh+dlMZemI=
+k8s.io/api v0.0.0-20250722050559-d0d89ae64553/go.mod h1:FvioxCEMxTNUCXlpYjmaOHhxfVFA8yAGncDC2nhYf7w=
+k8s.io/apimachinery v0.0.0-20250722010832-c04562bf9e0a h1:eD5rad0CO40MFvvZ6y4G6wAcEIcMu9ddsZWj20RM3Ok=
+k8s.io/apimachinery v0.0.0-20250722010832-c04562bf9e0a/go.mod h1:v1p1Jsze3IHLy5gU17yVqR2qLO7jgYeX6mw3HZy2AEU=
+k8s.io/client-go v0.0.0-20250722051000-ec5b832e6085 h1:vkbjg8bUV5LJejxrOgDFlP45DvwC7c5sQSyTZyxrToE=
+k8s.io/client-go v0.0.0-20250722051000-ec5b832e6085/go.mod h1:MAE8w1LXWG+e1SL+2OJgQxDYzHTT7zClTh0KtEj+ojI=
 k8s.io/component-base v0.0.0-20250717172125-4e07767df717 h1:07oqkM0FzuGUw/bJw2rJubzccG7ShpGcTJ7SBDGp5Fc=
 k8s.io/component-base v0.0.0-20250717172125-4e07767df717/go.mod h1:/ehREU84M2OxVgU8WfxuUIi4/c5XsT6rIsEGQfhgxEQ=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
--- a/pkg/registry/generic/testing/tester.go
+++ b/pkg/registry/generic/testing/tester.go
@ -27,6 +27,7 @@ import (
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apiserver/pkg/authentication/user"
 	genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
 	"k8s.io/apiserver/pkg/registry/rest"
 	"k8s.io/apiserver/pkg/registry/rest/resttest"
@ -55,6 +56,10 @@ func (t *Tester) ClusterScope() *Tester {
 	return t
 }

+func (t *Tester) SetUserInfo(userInfo user.Info) {
+	t.tester.SetUserInfo(userInfo)
+}
+
 func (t *Tester) Namer(namer func(int) string) *Tester {
 	t.tester = t.tester.Namer(namer)
 	return t
--- a/pkg/registry/rest/resttest/resttest.go
+++ b/pkg/registry/rest/resttest/resttest.go
@ -37,6 +37,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/apiserver/pkg/authentication/user"
 	genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
 	"k8s.io/apiserver/pkg/registry/rest"
 )
@ -52,6 +53,7 @@ type Tester struct {
 	generatesName       bool
 	returnDeletedObject bool
 	namer               func(int) string
+	userInfo            user.Info
 }

 func New(t *testing.T, storage rest.Storage) *Tester {
@ -102,10 +104,21 @@ func (t *Tester) TestNamespace() string {
 	return "test"
 }

+// SetUserInfo sets the UserInfo that should be present in the context when the
+// storage operation is called.
+func (t *Tester) SetUserInfo(userInfo user.Info) {
+	t.userInfo = userInfo
+}
+
 // TestContext returns a namespaced context that will be used when making storage calls.
 // Namespace is determined by TestNamespace()
 func (t *Tester) TestContext() context.Context {
-	return genericapirequest.WithNamespace(genericapirequest.NewContext(), t.TestNamespace())
+	ctx := genericapirequest.NewContext()
+	ctx = genericapirequest.WithNamespace(ctx, t.TestNamespace())
+	if t.userInfo != nil {
+		ctx = genericapirequest.WithUser(ctx, t.userInfo)
+	}
+	return ctx
 }

 func (t *Tester) getObjectMetaOrFail(obj runtime.Object) metav1.Object {