diff --git a/pkg/apis/flowcontrol/bootstrap/default.go b/pkg/apis/flowcontrol/bootstrap/default.go index 3cde94ff1..222645575 100644 --- a/pkg/apis/flowcontrol/bootstrap/default.go +++ b/pkg/apis/flowcontrol/bootstrap/default.go @@ -19,7 +19,7 @@ package bootstrap import ( coordinationv1 "k8s.io/api/coordination/v1" corev1 "k8s.io/api/core/v1" - flowcontrol "k8s.io/api/flowcontrol/v1alpha1" + flowcontrol "k8s.io/api/flowcontrol/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apiserver/pkg/authentication/serviceaccount" "k8s.io/apiserver/pkg/authentication/user" diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index 7dc745fa7..612be9845 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -181,7 +181,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS StorageVersionHash: {Default: true, PreRelease: featuregate.Beta}, StorageVersionAPI: {Default: false, PreRelease: featuregate.Alpha}, WatchBookmark: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, - APIPriorityAndFairness: {Default: false, PreRelease: featuregate.Alpha}, + APIPriorityAndFairness: {Default: true, PreRelease: featuregate.Beta}, RemoveSelfLink: {Default: true, PreRelease: featuregate.Beta}, SelectorIndex: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, WarningHeaders: {Default: true, PreRelease: featuregate.Beta}, diff --git a/pkg/server/config.go b/pkg/server/config.go index aed2b3436..9ac857924 100644 --- a/pkg/server/config.go +++ b/pkg/server/config.go @@ -785,7 +785,7 @@ func installAPI(s *GenericAPIServer, c *Config) { if c.EnableDiscovery { s.Handler.GoRestfulContainer.Add(s.DiscoveryGroupManager.WebService()) } - if feature.DefaultFeatureGate.Enabled(features.APIPriorityAndFairness) { + if c.FlowControl != nil && feature.DefaultFeatureGate.Enabled(features.APIPriorityAndFairness) { c.FlowControl.Install(s.Handler.NonGoRestfulMux) } } diff --git a/pkg/server/filters/priority-and-fairness.go b/pkg/server/filters/priority-and-fairness.go index fa5426b38..e1d7b7793 100644 --- a/pkg/server/filters/priority-and-fairness.go +++ b/pkg/server/filters/priority-and-fairness.go @@ -22,7 +22,7 @@ import ( "net/http" "sync/atomic" - fcv1a1 "k8s.io/api/flowcontrol/v1alpha1" + flowcontrol "k8s.io/api/flowcontrol/v1beta1" apitypes "k8s.io/apimachinery/pkg/types" epmetrics "k8s.io/apiserver/pkg/endpoints/metrics" apirequest "k8s.io/apiserver/pkg/endpoints/request" @@ -92,7 +92,7 @@ func WithPriorityAndFairness( } var classification *PriorityAndFairnessClassification - note := func(fs *fcv1a1.FlowSchema, pl *fcv1a1.PriorityLevelConfiguration) { + note := func(fs *flowcontrol.FlowSchema, pl *flowcontrol.PriorityLevelConfiguration) { classification = &PriorityAndFairnessClassification{ FlowSchemaName: fs.Name, FlowSchemaUID: fs.UID, @@ -122,8 +122,8 @@ func WithPriorityAndFairness( served = true innerCtx := context.WithValue(ctx, priorityAndFairnessKey, classification) innerReq := r.Clone(innerCtx) - w.Header().Set(fcv1a1.ResponseHeaderMatchedPriorityLevelConfigurationUID, string(classification.PriorityLevelUID)) - w.Header().Set(fcv1a1.ResponseHeaderMatchedFlowSchemaUID, string(classification.FlowSchemaUID)) + w.Header().Set(flowcontrol.ResponseHeaderMatchedPriorityLevelConfigurationUID, string(classification.PriorityLevelUID)) + w.Header().Set(flowcontrol.ResponseHeaderMatchedFlowSchemaUID, string(classification.FlowSchemaUID)) handler.ServeHTTP(w, innerReq) } digest := utilflowcontrol.RequestDigest{RequestInfo: requestInfo, User: user} diff --git a/pkg/server/filters/priority-and-fairness_test.go b/pkg/server/filters/priority-and-fairness_test.go index 631f4c804..f09a56ce1 100644 --- a/pkg/server/filters/priority-and-fairness_test.go +++ b/pkg/server/filters/priority-and-fairness_test.go @@ -25,7 +25,7 @@ import ( "testing" "time" - fctypesv1a1 "k8s.io/api/flowcontrol/v1alpha1" + flowcontrol "k8s.io/api/flowcontrol/v1beta1" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap" "k8s.io/apiserver/pkg/authentication/user" @@ -60,7 +60,7 @@ func (t fakeApfFilter) MaintainObservations(stopCh <-chan struct{}) { func (t fakeApfFilter) Handle(ctx context.Context, requestDigest utilflowcontrol.RequestDigest, - noteFn func(fs *fctypesv1a1.FlowSchema, pl *fctypesv1a1.PriorityLevelConfiguration), + noteFn func(fs *flowcontrol.FlowSchema, pl *flowcontrol.PriorityLevelConfiguration), queueNoteFn fq.QueueNoteFn, execFn func(), ) { diff --git a/pkg/server/options/recommended.go b/pkg/server/options/recommended.go index 8ce82aa0b..18824083e 100644 --- a/pkg/server/options/recommended.go +++ b/pkg/server/options/recommended.go @@ -126,7 +126,7 @@ func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig) error { if feature.DefaultFeatureGate.Enabled(features.APIPriorityAndFairness) { config.FlowControl = utilflowcontrol.New( config.SharedInformerFactory, - kubernetes.NewForConfigOrDie(config.ClientConfig).FlowcontrolV1alpha1(), + kubernetes.NewForConfigOrDie(config.ClientConfig).FlowcontrolV1beta1(), config.MaxRequestsInFlight+config.MaxMutatingRequestsInFlight, config.RequestTimeout/4, ) diff --git a/pkg/util/apihelpers/helpers.go b/pkg/util/apihelpers/helpers.go index be44b445c..905523c73 100644 --- a/pkg/util/apihelpers/helpers.go +++ b/pkg/util/apihelpers/helpers.go @@ -19,7 +19,7 @@ package apihelpers import ( "sort" - flowcontrol "k8s.io/api/flowcontrol/v1alpha1" + flowcontrol "k8s.io/api/flowcontrol/v1beta1" ) // SetFlowSchemaCondition sets conditions. diff --git a/pkg/util/flowcontrol/apf_controller.go b/pkg/util/flowcontrol/apf_controller.go index 50eb33272..2fa50d425 100644 --- a/pkg/util/flowcontrol/apf_controller.go +++ b/pkg/util/flowcontrol/apf_controller.go @@ -47,9 +47,9 @@ import ( "k8s.io/client-go/util/workqueue" "k8s.io/klog/v2" - fctypesv1a1 "k8s.io/api/flowcontrol/v1alpha1" - fcclientv1a1 "k8s.io/client-go/kubernetes/typed/flowcontrol/v1alpha1" - fclistersv1a1 "k8s.io/client-go/listers/flowcontrol/v1alpha1" + flowcontrol "k8s.io/api/flowcontrol/v1beta1" + flowcontrolclient "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1" + flowcontrollister "k8s.io/client-go/listers/flowcontrol/v1beta1" ) // This file contains a simple local (to the apiserver) controller @@ -91,13 +91,13 @@ type configController struct { // objects need to be reprocessed. configQueue workqueue.RateLimitingInterface - plLister fclistersv1a1.PriorityLevelConfigurationLister + plLister flowcontrollister.PriorityLevelConfigurationLister plInformerSynced cache.InformerSynced - fsLister fclistersv1a1.FlowSchemaLister + fsLister flowcontrollister.FlowSchemaLister fsInformerSynced cache.InformerSynced - flowcontrolClient fcclientv1a1.FlowcontrolV1alpha1Interface + flowcontrolClient flowcontrolclient.FlowcontrolV1beta1Interface // serverConcurrencyLimit is the limit on the server's total // number of non-exempt requests being served at once. This comes @@ -127,7 +127,7 @@ type configController struct { type priorityLevelState struct { // the API object or prototype prescribing this level. Nothing // reached through this pointer is mutable. - pl *fctypesv1a1.PriorityLevelConfiguration + pl *flowcontrol.PriorityLevelConfiguration // qsCompleter holds the QueueSetCompleter derived from `config` // and `queues` if config is not exempt, nil otherwise. @@ -153,7 +153,7 @@ type priorityLevelState struct { // NewTestableController is extra flexible to facilitate testing func newTestableController( informerFactory kubeinformers.SharedInformerFactory, - flowcontrolClient fcclientv1a1.FlowcontrolV1alpha1Interface, + flowcontrolClient flowcontrolclient.FlowcontrolV1beta1Interface, serverConcurrencyLimit int, requestWaitLimit time.Duration, obsPairGenerator metrics.TimedObserverPairGenerator, @@ -178,7 +178,7 @@ func newTestableController( // config API objects. func (cfgCtlr *configController) initializeConfigController(informerFactory kubeinformers.SharedInformerFactory) { cfgCtlr.configQueue = workqueue.NewNamedRateLimitingQueue(workqueue.NewItemExponentialFailureRateLimiter(200*time.Millisecond, 8*time.Hour), "priority_and_fairness_config_queue") - fci := informerFactory.Flowcontrol().V1alpha1() + fci := informerFactory.Flowcontrol().V1beta1() pli := fci.PriorityLevelConfigurations() fsi := fci.FlowSchemas() cfgCtlr.plLister = pli.Lister() @@ -187,13 +187,13 @@ func (cfgCtlr *configController) initializeConfigController(informerFactory kube cfgCtlr.fsInformerSynced = fsi.Informer().HasSynced pli.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { - pl := obj.(*fctypesv1a1.PriorityLevelConfiguration) + pl := obj.(*flowcontrol.PriorityLevelConfiguration) klog.V(7).Infof("Triggered API priority and fairness config reloading due to creation of PLC %s", pl.Name) cfgCtlr.configQueue.Add(0) }, UpdateFunc: func(oldObj, newObj interface{}) { - newPL := newObj.(*fctypesv1a1.PriorityLevelConfiguration) - oldPL := oldObj.(*fctypesv1a1.PriorityLevelConfiguration) + newPL := newObj.(*flowcontrol.PriorityLevelConfiguration) + oldPL := oldObj.(*flowcontrol.PriorityLevelConfiguration) if !apiequality.Semantic.DeepEqual(oldPL.Spec, newPL.Spec) { klog.V(7).Infof("Triggered API priority and fairness config reloading due to spec update of PLC %s", newPL.Name) cfgCtlr.configQueue.Add(0) @@ -207,13 +207,13 @@ func (cfgCtlr *configController) initializeConfigController(informerFactory kube }}) fsi.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: func(obj interface{}) { - fs := obj.(*fctypesv1a1.FlowSchema) + fs := obj.(*flowcontrol.FlowSchema) klog.V(7).Infof("Triggered API priority and fairness config reloading due to creation of FS %s", fs.Name) cfgCtlr.configQueue.Add(0) }, UpdateFunc: func(oldObj, newObj interface{}) { - newFS := newObj.(*fctypesv1a1.FlowSchema) - oldFS := oldObj.(*fctypesv1a1.FlowSchema) + newFS := newObj.(*flowcontrol.FlowSchema) + oldFS := oldObj.(*flowcontrol.FlowSchema) if !apiequality.Semantic.DeepEqual(oldFS.Spec, newFS.Spec) { klog.V(7).Infof("Triggered API priority and fairness config reloading due to spec update of FS %s", newFS.Name) cfgCtlr.configQueue.Add(0) @@ -332,14 +332,14 @@ type cfgMeal struct { // A buffered set of status updates for a FlowSchema type fsStatusUpdate struct { - flowSchema *fctypesv1a1.FlowSchema - condition fctypesv1a1.FlowSchemaCondition - oldValue fctypesv1a1.FlowSchemaCondition + flowSchema *flowcontrol.FlowSchema + condition flowcontrol.FlowSchemaCondition + oldValue flowcontrol.FlowSchemaCondition } // digestConfigObjects is given all the API objects that configure // cfgCtlr and writes its consequent new configState. -func (cfgCtlr *configController) digestConfigObjects(newPLs []*fctypesv1a1.PriorityLevelConfiguration, newFSs []*fctypesv1a1.FlowSchema) error { +func (cfgCtlr *configController) digestConfigObjects(newPLs []*flowcontrol.PriorityLevelConfiguration, newFSs []*flowcontrol.FlowSchema) error { fsStatusUpdates := cfgCtlr.lockAndDigestConfigObjects(newPLs, newFSs) var errs []error for _, fsu := range fsStatusUpdates { @@ -360,7 +360,7 @@ func (cfgCtlr *configController) digestConfigObjects(newPLs []*fctypesv1a1.Prior return apierrors.NewAggregate(errs) } -func (cfgCtlr *configController) lockAndDigestConfigObjects(newPLs []*fctypesv1a1.PriorityLevelConfiguration, newFSs []*fctypesv1a1.FlowSchema) []fsStatusUpdate { +func (cfgCtlr *configController) lockAndDigestConfigObjects(newPLs []*flowcontrol.PriorityLevelConfiguration, newFSs []*flowcontrol.FlowSchema) []fsStatusUpdate { cfgCtlr.lock.Lock() defer cfgCtlr.lock.Unlock() meal := cfgMeal{ @@ -390,7 +390,7 @@ func (cfgCtlr *configController) lockAndDigestConfigObjects(newPLs []*fctypesv1a // Digest the new set of PriorityLevelConfiguration objects. // Pretend broken ones do not exist. -func (meal *cfgMeal) digestNewPLsLocked(newPLs []*fctypesv1a1.PriorityLevelConfiguration) { +func (meal *cfgMeal) digestNewPLsLocked(newPLs []*flowcontrol.PriorityLevelConfiguration) { for _, pl := range newPLs { state := meal.cfgCtlr.priorityLevelStates[pl.Name] if state == nil { @@ -411,8 +411,8 @@ func (meal *cfgMeal) digestNewPLsLocked(newPLs []*fctypesv1a1.PriorityLevelConfi if state.pl.Spec.Limited != nil { meal.shareSum += float64(state.pl.Spec.Limited.AssuredConcurrencyShares) } - meal.haveExemptPL = meal.haveExemptPL || pl.Name == fctypesv1a1.PriorityLevelConfigurationNameExempt - meal.haveCatchAllPL = meal.haveCatchAllPL || pl.Name == fctypesv1a1.PriorityLevelConfigurationNameCatchAll + meal.haveExemptPL = meal.haveExemptPL || pl.Name == flowcontrol.PriorityLevelConfigurationNameExempt + meal.haveCatchAllPL = meal.haveCatchAllPL || pl.Name == flowcontrol.PriorityLevelConfigurationNameCatchAll } } @@ -423,9 +423,9 @@ func (meal *cfgMeal) digestNewPLsLocked(newPLs []*fctypesv1a1.PriorityLevelConfi // reflect this. This function also adds any missing mandatory // FlowSchema objects. The given objects must all have distinct // names. -func (meal *cfgMeal) digestFlowSchemasLocked(newFSs []*fctypesv1a1.FlowSchema) { +func (meal *cfgMeal) digestFlowSchemasLocked(newFSs []*flowcontrol.FlowSchema) { fsSeq := make(apihelpers.FlowSchemaSequence, 0, len(newFSs)) - fsMap := make(map[string]*fctypesv1a1.FlowSchema, len(newFSs)) + fsMap := make(map[string]*flowcontrol.FlowSchema, len(newFSs)) var haveExemptFS, haveCatchAllFS bool for i, fs := range newFSs { otherFS := fsMap[fs.Name] @@ -448,8 +448,8 @@ func (meal *cfgMeal) digestFlowSchemasLocked(newFSs []*fctypesv1a1.FlowSchema) { continue } fsSeq = append(fsSeq, newFSs[i]) - haveExemptFS = haveExemptFS || fs.Name == fctypesv1a1.FlowSchemaNameExempt - haveCatchAllFS = haveCatchAllFS || fs.Name == fctypesv1a1.FlowSchemaNameCatchAll + haveExemptFS = haveExemptFS || fs.Name == flowcontrol.FlowSchemaNameExempt + haveCatchAllFS = haveCatchAllFS || fs.Name == flowcontrol.FlowSchemaNameCatchAll } // sort into the order to be used for matching sort.Sort(fsSeq) @@ -481,7 +481,7 @@ func (meal *cfgMeal) processOldPLsLocked() { // Still desired and already updated continue } - if plName == fctypesv1a1.PriorityLevelConfigurationNameExempt && !meal.haveExemptPL || plName == fctypesv1a1.PriorityLevelConfigurationNameCatchAll && !meal.haveCatchAllPL { + if plName == flowcontrol.PriorityLevelConfigurationNameExempt && !meal.haveExemptPL || plName == flowcontrol.PriorityLevelConfigurationNameCatchAll && !meal.haveCatchAllPL { // BTW, we know the Spec has not changed because the // mandatory objects have immutable Specs klog.V(3).Infof("Retaining mandatory priority level %q despite lack of API object", plName) @@ -513,8 +513,8 @@ func (meal *cfgMeal) processOldPLsLocked() { // regular way. meal.shareSum += float64(plState.pl.Spec.Limited.AssuredConcurrencyShares) } - meal.haveExemptPL = meal.haveExemptPL || plName == fctypesv1a1.PriorityLevelConfigurationNameExempt - meal.haveCatchAllPL = meal.haveCatchAllPL || plName == fctypesv1a1.PriorityLevelConfigurationNameCatchAll + meal.haveExemptPL = meal.haveExemptPL || plName == flowcontrol.PriorityLevelConfigurationNameExempt + meal.haveCatchAllPL = meal.haveCatchAllPL || plName == flowcontrol.PriorityLevelConfigurationNameCatchAll meal.newPLStates[plName] = plState } } @@ -548,18 +548,18 @@ func (meal *cfgMeal) finishQueueSetReconfigsLocked() { // given priority level configuration. Returns nil if that config // does not call for limiting. Returns nil and an error if the given // object is malformed in a way that is a problem for this package. -func queueSetCompleterForPL(qsf fq.QueueSetFactory, queues fq.QueueSet, pl *fctypesv1a1.PriorityLevelConfiguration, requestWaitLimit time.Duration, intPair metrics.TimedObserverPair) (fq.QueueSetCompleter, error) { - if (pl.Spec.Type == fctypesv1a1.PriorityLevelEnablementExempt) != (pl.Spec.Limited == nil) { +func queueSetCompleterForPL(qsf fq.QueueSetFactory, queues fq.QueueSet, pl *flowcontrol.PriorityLevelConfiguration, requestWaitLimit time.Duration, intPair metrics.TimedObserverPair) (fq.QueueSetCompleter, error) { + if (pl.Spec.Type == flowcontrol.PriorityLevelEnablementExempt) != (pl.Spec.Limited == nil) { return nil, errors.New("broken union structure at the top") } - if (pl.Spec.Type == fctypesv1a1.PriorityLevelEnablementExempt) != (pl.Name == fctypesv1a1.PriorityLevelConfigurationNameExempt) { + if (pl.Spec.Type == flowcontrol.PriorityLevelEnablementExempt) != (pl.Name == flowcontrol.PriorityLevelConfigurationNameExempt) { // This package does not attempt to cope with a priority level dynamically switching between exempt and not. return nil, errors.New("non-alignment between name and type") } if pl.Spec.Limited == nil { return nil, nil } - if (pl.Spec.Limited.LimitResponse.Type == fctypesv1a1.LimitResponseTypeReject) != (pl.Spec.Limited.LimitResponse.Queuing == nil) { + if (pl.Spec.Limited.LimitResponse.Type == flowcontrol.LimitResponseTypeReject) != (pl.Spec.Limited.LimitResponse.Queuing == nil) { return nil, errors.New("broken union structure for limit response") } qcAPI := pl.Spec.Limited.LimitResponse.Queuing @@ -585,17 +585,17 @@ func queueSetCompleterForPL(qsf fq.QueueSetFactory, queues fq.QueueSet, pl *fcty return qsc, err } -func (meal *cfgMeal) presyncFlowSchemaStatus(fs *fctypesv1a1.FlowSchema, isDangling bool, plName string) { - danglingCondition := apihelpers.GetFlowSchemaConditionByType(fs, fctypesv1a1.FlowSchemaConditionDangling) +func (meal *cfgMeal) presyncFlowSchemaStatus(fs *flowcontrol.FlowSchema, isDangling bool, plName string) { + danglingCondition := apihelpers.GetFlowSchemaConditionByType(fs, flowcontrol.FlowSchemaConditionDangling) if danglingCondition == nil { - danglingCondition = &fctypesv1a1.FlowSchemaCondition{ - Type: fctypesv1a1.FlowSchemaConditionDangling, + danglingCondition = &flowcontrol.FlowSchemaCondition{ + Type: flowcontrol.FlowSchemaConditionDangling, } } - desiredStatus := fctypesv1a1.ConditionFalse + desiredStatus := flowcontrol.ConditionFalse var desiredReason, desiredMessage string if isDangling { - desiredStatus = fctypesv1a1.ConditionTrue + desiredStatus = flowcontrol.ConditionTrue desiredReason = "NotFound" desiredMessage = fmt.Sprintf("This FlowSchema references the PriorityLevelConfiguration object named %q but there is no such object", plName) } else { @@ -607,8 +607,8 @@ func (meal *cfgMeal) presyncFlowSchemaStatus(fs *fctypesv1a1.FlowSchema, isDangl } meal.fsStatusUpdates = append(meal.fsStatusUpdates, fsStatusUpdate{ flowSchema: fs, - condition: fctypesv1a1.FlowSchemaCondition{ - Type: fctypesv1a1.FlowSchemaConditionDangling, + condition: flowcontrol.FlowSchemaCondition{ + Type: flowcontrol.FlowSchemaConditionDangling, Status: desiredStatus, LastTransitionTime: metav1.Now(), Reason: desiredReason, @@ -619,7 +619,7 @@ func (meal *cfgMeal) presyncFlowSchemaStatus(fs *fctypesv1a1.FlowSchema, isDangl // imaginePL adds a priority level based on one of the mandatory ones // that does not actually exist (right now) as a real API object. -func (meal *cfgMeal) imaginePL(proto *fctypesv1a1.PriorityLevelConfiguration, requestWaitLimit time.Duration) { +func (meal *cfgMeal) imaginePL(proto *flowcontrol.PriorityLevelConfiguration, requestWaitLimit time.Duration) { klog.V(3).Infof("No %s PriorityLevelConfiguration found, imagining one", proto.Name) obsPair := meal.cfgCtlr.obsPairGenerator.Generate(1, 1, []string{proto.Name}) qsCompleter, err := queueSetCompleterForPL(meal.cfgCtlr.queueSetFactory, nil, proto, requestWaitLimit, obsPair) @@ -651,7 +651,7 @@ func (immediateRequest) Finish(execute func()) bool { // The returned bool indicates whether the request is exempt from // limitation. The startWaitingTime is when the request started // waiting in its queue, or `Time{}` if this did not happen. -func (cfgCtlr *configController) startRequest(ctx context.Context, rd RequestDigest, queueNoteFn fq.QueueNoteFn) (fs *fctypesv1a1.FlowSchema, pl *fctypesv1a1.PriorityLevelConfiguration, isExempt bool, req fq.Request, startWaitingTime time.Time) { +func (cfgCtlr *configController) startRequest(ctx context.Context, rd RequestDigest, queueNoteFn fq.QueueNoteFn) (fs *flowcontrol.FlowSchema, pl *flowcontrol.PriorityLevelConfiguration, isExempt bool, req fq.Request, startWaitingTime time.Time) { klog.V(7).Infof("startRequest(%#+v)", rd) cfgCtlr.lock.Lock() defer cfgCtlr.lock.Unlock() @@ -659,12 +659,12 @@ func (cfgCtlr *configController) startRequest(ctx context.Context, rd RequestDig if matchesFlowSchema(rd, fs) { plName := fs.Spec.PriorityLevelConfiguration.Name plState := cfgCtlr.priorityLevelStates[plName] - if plState.pl.Spec.Type == fctypesv1a1.PriorityLevelEnablementExempt { + if plState.pl.Spec.Type == flowcontrol.PriorityLevelEnablementExempt { klog.V(7).Infof("startRequest(%#+v) => fsName=%q, distMethod=%#+v, plName=%q, immediate", rd, fs.Name, fs.Spec.DistinguisherMethod, plName) return fs, plState.pl, true, immediateRequest{}, time.Time{} } var numQueues int32 - if plState.pl.Spec.Limited.LimitResponse.Type == fctypesv1a1.LimitResponseTypeQueue { + if plState.pl.Spec.Limited.LimitResponse.Type == flowcontrol.LimitResponseTypeQueue { numQueues = plState.pl.Spec.Limited.LimitResponse.Queuing.Queues } @@ -686,9 +686,9 @@ func (cfgCtlr *configController) startRequest(ctx context.Context, rd RequestDig // This can never happen because every configState has a // FlowSchema that matches everything. If somehow control reaches // here, panic with some relevant information. - var catchAll *fctypesv1a1.FlowSchema + var catchAll *flowcontrol.FlowSchema for _, fs := range cfgCtlr.flowSchemas { - if fs.Name == fctypesv1a1.FlowSchemaNameCatchAll { + if fs.Name == flowcontrol.FlowSchemaNameCatchAll { catchAll = fs } } @@ -726,14 +726,14 @@ func (cfgCtlr *configController) maybeReapLocked(plName string, plState *priorit } // computeFlowDistinguisher extracts the flow distinguisher according to the given method -func computeFlowDistinguisher(rd RequestDigest, method *fctypesv1a1.FlowDistinguisherMethod) string { +func computeFlowDistinguisher(rd RequestDigest, method *flowcontrol.FlowDistinguisherMethod) string { if method == nil { return "" } switch method.Type { - case fctypesv1a1.FlowDistinguisherMethodByUserType: + case flowcontrol.FlowDistinguisherMethodByUserType: return rd.User.GetName() - case fctypesv1a1.FlowDistinguisherMethodByNamespaceType: + case flowcontrol.FlowDistinguisherMethodByNamespaceType: return rd.RequestInfo.Namespace default: // this line shall never reach diff --git a/pkg/util/flowcontrol/apf_filter.go b/pkg/util/flowcontrol/apf_filter.go index 5b8c03916..327d50c14 100644 --- a/pkg/util/flowcontrol/apf_filter.go +++ b/pkg/util/flowcontrol/apf_filter.go @@ -30,8 +30,8 @@ import ( kubeinformers "k8s.io/client-go/informers" "k8s.io/klog/v2" - fctypesv1a1 "k8s.io/api/flowcontrol/v1alpha1" - fcclientv1a1 "k8s.io/client-go/kubernetes/typed/flowcontrol/v1alpha1" + flowcontrol "k8s.io/api/flowcontrol/v1beta1" + flowcontrolclient "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1" ) // Interface defines how the API Priority and Fairness filter interacts with the underlying system. @@ -47,7 +47,7 @@ type Interface interface { // not be invoked. Handle(ctx context.Context, requestDigest RequestDigest, - noteFn func(fs *fctypesv1a1.FlowSchema, pl *fctypesv1a1.PriorityLevelConfiguration), + noteFn func(fs *flowcontrol.FlowSchema, pl *flowcontrol.PriorityLevelConfiguration), queueNoteFn fq.QueueNoteFn, execFn func(), ) @@ -69,7 +69,7 @@ type Interface interface { // New creates a new instance to implement API priority and fairness func New( informerFactory kubeinformers.SharedInformerFactory, - flowcontrolClient fcclientv1a1.FlowcontrolV1alpha1Interface, + flowcontrolClient flowcontrolclient.FlowcontrolV1beta1Interface, serverConcurrencyLimit int, requestWaitLimit time.Duration, ) Interface { @@ -87,7 +87,7 @@ func New( // NewTestable is extra flexible to facilitate testing func NewTestable( informerFactory kubeinformers.SharedInformerFactory, - flowcontrolClient fcclientv1a1.FlowcontrolV1alpha1Interface, + flowcontrolClient flowcontrolclient.FlowcontrolV1beta1Interface, serverConcurrencyLimit int, requestWaitLimit time.Duration, obsPairGenerator metrics.TimedObserverPairGenerator, @@ -97,7 +97,7 @@ func NewTestable( } func (cfgCtlr *configController) Handle(ctx context.Context, requestDigest RequestDigest, - noteFn func(fs *fctypesv1a1.FlowSchema, pl *fctypesv1a1.PriorityLevelConfiguration), + noteFn func(fs *flowcontrol.FlowSchema, pl *flowcontrol.PriorityLevelConfiguration), queueNoteFn fq.QueueNoteFn, execFn func()) { fs, pl, isExempt, req, startWaitingTime := cfgCtlr.startRequest(ctx, requestDigest, queueNoteFn) diff --git a/pkg/util/flowcontrol/controller_test.go b/pkg/util/flowcontrol/controller_test.go index cb6ff527e..701bfd92e 100644 --- a/pkg/util/flowcontrol/controller_test.go +++ b/pkg/util/flowcontrol/controller_test.go @@ -25,7 +25,7 @@ import ( "testing" "time" - fcv1a1 "k8s.io/api/flowcontrol/v1alpha1" + flowcontrol "k8s.io/api/flowcontrol/v1beta1" "k8s.io/apimachinery/pkg/util/sets" fcboot "k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap" "k8s.io/apiserver/pkg/util/flowcontrol/debug" @@ -34,7 +34,7 @@ import ( "k8s.io/apiserver/pkg/util/flowcontrol/metrics" "k8s.io/client-go/informers" clientsetfake "k8s.io/client-go/kubernetes/fake" - fcclient "k8s.io/client-go/kubernetes/typed/flowcontrol/v1alpha1" + fcclient "k8s.io/client-go/kubernetes/typed/flowcontrol/v1beta1" "k8s.io/klog/v2" ) @@ -43,8 +43,8 @@ func TestMain(m *testing.M) { os.Exit(m.Run()) } -var mandPLs = func() map[string]*fcv1a1.PriorityLevelConfiguration { - ans := make(map[string]*fcv1a1.PriorityLevelConfiguration) +var mandPLs = func() map[string]*flowcontrol.PriorityLevelConfiguration { + ans := make(map[string]*flowcontrol.PriorityLevelConfiguration) for _, mand := range fcboot.MandatoryPriorityLevelConfigurations { ans[mand.Name] = mand } @@ -54,9 +54,9 @@ var mandPLs = func() map[string]*fcv1a1.PriorityLevelConfiguration { type ctlrTestState struct { t *testing.T cfgCtlr *configController - fcIfc fcclient.FlowcontrolV1alpha1Interface - existingPLs map[string]*fcv1a1.PriorityLevelConfiguration - existingFSs map[string]*fcv1a1.FlowSchema + fcIfc fcclient.FlowcontrolV1beta1Interface + existingPLs map[string]*flowcontrol.PriorityLevelConfiguration + existingFSs map[string]*flowcontrol.FlowSchema heldRequestsMap map[string][]heldRequest requestWG sync.WaitGroup lock sync.Mutex @@ -206,7 +206,7 @@ var mandQueueSetNames, exclQueueSetNames = func() (sets.String, sets.String) { mandQueueSetNames := sets.NewString() exclQueueSetNames := sets.NewString() for _, mpl := range fcboot.MandatoryPriorityLevelConfigurations { - if mpl.Spec.Type == fcv1a1.PriorityLevelEnablementExempt { + if mpl.Spec.Type == flowcontrol.PriorityLevelEnablementExempt { exclQueueSetNames.Insert(mpl.Name) } else { mandQueueSetNames.Insert(mpl.Name) @@ -222,11 +222,11 @@ func TestConfigConsumer(t *testing.T) { t.Run(fmt.Sprintf("trial%d:", i), func(t *testing.T) { clientset := clientsetfake.NewSimpleClientset() informerFactory := informers.NewSharedInformerFactory(clientset, 0) - flowcontrolClient := clientset.FlowcontrolV1alpha1() + flowcontrolClient := clientset.FlowcontrolV1beta1() cts := &ctlrTestState{t: t, fcIfc: flowcontrolClient, - existingFSs: map[string]*fcv1a1.FlowSchema{}, - existingPLs: map[string]*fcv1a1.PriorityLevelConfiguration{}, + existingFSs: map[string]*flowcontrol.FlowSchema{}, + existingPLs: map[string]*flowcontrol.PriorityLevelConfiguration{}, heldRequestsMap: map[string][]heldRequest{}, queues: map[string]*ctlrTestQueueSet{}, } @@ -284,8 +284,8 @@ func TestConfigConsumer(t *testing.T) { // Now create a new config and digest it trialStep = fmt.Sprintf("trial%d-%d", i, j) - var newPLs []*fcv1a1.PriorityLevelConfiguration - var newFSs []*fcv1a1.FlowSchema + var newPLs []*flowcontrol.PriorityLevelConfiguration + var newFSs []*flowcontrol.FlowSchema newPLs, _, desiredPLNames, newBadPLNames = genPLs(rng, trialStep, persistingPLNames, 1+rng.Intn(4)) newFSs, _, newFTRs, newCatchAlls = genFSs(t, rng, trialStep, desiredPLNames, newBadPLNames, 1+rng.Intn(6)) @@ -307,7 +307,7 @@ func TestConfigConsumer(t *testing.T) { } } -func checkNewFS(cts *ctlrTestState, rng *rand.Rand, trialName string, ftr *fsTestingRecord, catchAlls map[bool]*fcv1a1.FlowSchema) { +func checkNewFS(cts *ctlrTestState, rng *rand.Rand, trialName string, ftr *fsTestingRecord, catchAlls map[bool]*flowcontrol.FlowSchema) { t := cts.t ctlr := cts.cfgCtlr fs := ftr.fs @@ -325,8 +325,8 @@ func checkNewFS(cts *ctlrTestState, rng *rand.Rand, trialName string, ftr *fsTes startWG.Add(1) go func(matches, isResource bool, rdu RequestDigest) { expectedMatch := matches && ftr.wellFormed && (fsPrecedes(fs, catchAlls[isResource]) || fs.Name == catchAlls[isResource].Name) - ctlr.Handle(ctx, rdu, func(matchFS *fcv1a1.FlowSchema, matchPL *fcv1a1.PriorityLevelConfiguration) { - matchIsExempt := matchPL.Spec.Type == fcv1a1.PriorityLevelEnablementExempt + ctlr.Handle(ctx, rdu, func(matchFS *flowcontrol.FlowSchema, matchPL *flowcontrol.PriorityLevelConfiguration) { + matchIsExempt := matchPL.Spec.Type == flowcontrol.PriorityLevelEnablementExempt t.Logf("Considering FlowSchema %s, expectedMatch=%v, isResource=%v: Handle(%#+v) => note(fs=%s, pl=%s, isExempt=%v)", fs.Name, expectedMatch, isResource, rdu, matchFS.Name, matchPL.Name, matchIsExempt) if a := matchFS.Name == fs.Name; expectedMatch != a { t.Errorf("Fail at %s/%s: rd=%#+v, expectedMatch=%v, actualMatch=%v, matchFSName=%q, catchAlls=%#+v", trialName, fs.Name, rdu, expectedMatch, a, matchFS.Name, catchAlls) @@ -355,12 +355,12 @@ func checkNewFS(cts *ctlrTestState, rng *rand.Rand, trialName string, ftr *fsTes startWG.Wait() } -func genPLs(rng *rand.Rand, trial string, oldPLNames sets.String, n int) (pls []*fcv1a1.PriorityLevelConfiguration, plMap map[string]*fcv1a1.PriorityLevelConfiguration, goodNames, badNames sets.String) { - pls = make([]*fcv1a1.PriorityLevelConfiguration, 0, n) - plMap = make(map[string]*fcv1a1.PriorityLevelConfiguration, n) +func genPLs(rng *rand.Rand, trial string, oldPLNames sets.String, n int) (pls []*flowcontrol.PriorityLevelConfiguration, plMap map[string]*flowcontrol.PriorityLevelConfiguration, goodNames, badNames sets.String) { + pls = make([]*flowcontrol.PriorityLevelConfiguration, 0, n) + plMap = make(map[string]*flowcontrol.PriorityLevelConfiguration, n) goodNames = sets.NewString() badNames = sets.NewString(trial+"-nopl1", trial+"-nopl2") - addGood := func(pl *fcv1a1.PriorityLevelConfiguration) { + addGood := func(pl *flowcontrol.PriorityLevelConfiguration) { pls = append(pls, pl) plMap[pl.Name] = pl goodNames.Insert(pl.Name) @@ -386,12 +386,12 @@ func genPLs(rng *rand.Rand, trial string, oldPLNames sets.String, n int) (pls [] return } -func genFSs(t *testing.T, rng *rand.Rand, trial string, goodPLNames, badPLNames sets.String, n int) (newFSs []*fcv1a1.FlowSchema, newFSMap map[string]*fcv1a1.FlowSchema, newFTRs map[string]*fsTestingRecord, catchAlls map[bool]*fcv1a1.FlowSchema) { +func genFSs(t *testing.T, rng *rand.Rand, trial string, goodPLNames, badPLNames sets.String, n int) (newFSs []*flowcontrol.FlowSchema, newFSMap map[string]*flowcontrol.FlowSchema, newFTRs map[string]*fsTestingRecord, catchAlls map[bool]*flowcontrol.FlowSchema) { newFTRs = map[string]*fsTestingRecord{} - catchAlls = map[bool]*fcv1a1.FlowSchema{ + catchAlls = map[bool]*flowcontrol.FlowSchema{ false: fcboot.MandatoryFlowSchemaCatchAll, true: fcboot.MandatoryFlowSchemaCatchAll} - newFSMap = map[string]*fcv1a1.FlowSchema{} + newFSMap = map[string]*flowcontrol.FlowSchema{} add := func(ftr *fsTestingRecord) { newFSs = append(newFSs, ftr.fs) newFSMap[ftr.fs.Name] = ftr.fs @@ -419,7 +419,7 @@ func genFSs(t *testing.T, rng *rand.Rand, trial string, goodPLNames, badPLNames return } -func fsPrecedes(a, b *fcv1a1.FlowSchema) bool { +func fsPrecedes(a, b *flowcontrol.FlowSchema) bool { if a.Spec.MatchingPrecedence < b.Spec.MatchingPrecedence { return true } diff --git a/pkg/util/flowcontrol/debug/dump.go b/pkg/util/flowcontrol/debug/dump.go index d668d9fe7..5e4467649 100644 --- a/pkg/util/flowcontrol/debug/dump.go +++ b/pkg/util/flowcontrol/debug/dump.go @@ -17,8 +17,9 @@ limitations under the License. package debug import ( - "k8s.io/apiserver/pkg/endpoints/request" "time" + + "k8s.io/apiserver/pkg/endpoints/request" ) // QueueSetDump is an instant dump of queue-set. diff --git a/pkg/util/flowcontrol/format/formatting.go b/pkg/util/flowcontrol/format/formatting.go index 4d13ca2b1..61ae65df9 100644 --- a/pkg/util/flowcontrol/format/formatting.go +++ b/pkg/util/flowcontrol/format/formatting.go @@ -21,7 +21,7 @@ import ( "encoding/json" "fmt" - fcv1a1 "k8s.io/api/flowcontrol/v1alpha1" + flowcontrol "k8s.io/api/flowcontrol/v1beta1" "k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/endpoints/request" ) @@ -46,25 +46,25 @@ func (sr Stringer) String() string { return "nil" } switch typed := sr.val.(type) { - case *fcv1a1.FlowSchema, - fcv1a1.FlowSchema, - fcv1a1.FlowSchemaSpec, - fcv1a1.FlowDistinguisherMethod, - *fcv1a1.FlowDistinguisherMethod, - *fcv1a1.PolicyRulesWithSubjects, - fcv1a1.PolicyRulesWithSubjects, - fcv1a1.Subject, - fcv1a1.ResourcePolicyRule, - fcv1a1.NonResourcePolicyRule, - fcv1a1.FlowSchemaCondition, - *fcv1a1.PriorityLevelConfiguration, - fcv1a1.PriorityLevelConfiguration, - fcv1a1.PriorityLevelConfigurationSpec, - *fcv1a1.LimitedPriorityLevelConfiguration, - fcv1a1.LimitedPriorityLevelConfiguration, - fcv1a1.LimitResponse, - *fcv1a1.QueuingConfiguration, - fcv1a1.QueuingConfiguration: + case *flowcontrol.FlowSchema, + flowcontrol.FlowSchema, + flowcontrol.FlowSchemaSpec, + flowcontrol.FlowDistinguisherMethod, + *flowcontrol.FlowDistinguisherMethod, + *flowcontrol.PolicyRulesWithSubjects, + flowcontrol.PolicyRulesWithSubjects, + flowcontrol.Subject, + flowcontrol.ResourcePolicyRule, + flowcontrol.NonResourcePolicyRule, + flowcontrol.FlowSchemaCondition, + *flowcontrol.PriorityLevelConfiguration, + flowcontrol.PriorityLevelConfiguration, + flowcontrol.PriorityLevelConfigurationSpec, + *flowcontrol.LimitedPriorityLevelConfiguration, + flowcontrol.LimitedPriorityLevelConfiguration, + flowcontrol.LimitResponse, + *flowcontrol.QueuingConfiguration, + flowcontrol.QueuingConfiguration: return ToJSON(sr.val) case []user.Info: return FmtUsers(typed) @@ -88,12 +88,12 @@ func ToJSON(val interface{}) string { // FmtPriorityLevelConfiguration returns a golang source expression // equivalent to the given value -func FmtPriorityLevelConfiguration(pl *fcv1a1.PriorityLevelConfiguration) string { +func FmtPriorityLevelConfiguration(pl *flowcontrol.PriorityLevelConfiguration) string { if pl == nil { return "nil" } var buf bytes.Buffer - buf.WriteString(fmt.Sprintf("&v1alpha1.PriorityLevelConfiguration{ObjectMeta: %#+v, Spec: ", + buf.WriteString(fmt.Sprintf("&flowcontrolv1beta1.PriorityLevelConfiguration{ObjectMeta: %#+v, Spec: ", pl.ObjectMeta)) BufferPriorityLevelConfigurationSpec(&buf, &pl.Spec) buf.WriteString(fmt.Sprintf(", Status: %#+v}", pl.Status)) @@ -102,7 +102,7 @@ func FmtPriorityLevelConfiguration(pl *fcv1a1.PriorityLevelConfiguration) string // FmtPriorityLevelConfigurationSpec returns a golang source // expression equivalent to the given value -func FmtPriorityLevelConfigurationSpec(plSpec *fcv1a1.PriorityLevelConfigurationSpec) string { +func FmtPriorityLevelConfigurationSpec(plSpec *flowcontrol.PriorityLevelConfigurationSpec) string { var buf bytes.Buffer BufferPriorityLevelConfigurationSpec(&buf, plSpec) return buf.String() @@ -110,10 +110,10 @@ func FmtPriorityLevelConfigurationSpec(plSpec *fcv1a1.PriorityLevelConfiguration // BufferPriorityLevelConfigurationSpec writes a golang source // expression for the given value to the given buffer -func BufferPriorityLevelConfigurationSpec(buf *bytes.Buffer, plSpec *fcv1a1.PriorityLevelConfigurationSpec) { - buf.WriteString(fmt.Sprintf("v1alpha1.PriorityLevelConfigurationSpec{Type: %#v", plSpec.Type)) +func BufferPriorityLevelConfigurationSpec(buf *bytes.Buffer, plSpec *flowcontrol.PriorityLevelConfigurationSpec) { + buf.WriteString(fmt.Sprintf("flowcontrolv1beta1.PriorityLevelConfigurationSpec{Type: %#v", plSpec.Type)) if plSpec.Limited != nil { - buf.WriteString(fmt.Sprintf(", Limited: &v1alpha1.LimitedPriorityLevelConfiguration{AssuredConcurrencyShares:%d, LimitResponse:v1alpha1.LimitResponse{Type:%#v", plSpec.Limited.AssuredConcurrencyShares, plSpec.Limited.LimitResponse.Type)) + buf.WriteString(fmt.Sprintf(", Limited: &flowcontrol.LimitedPriorityLevelConfiguration{AssuredConcurrencyShares:%d, LimitResponse:flowcontrol.LimitResponse{Type:%#v", plSpec.Limited.AssuredConcurrencyShares, plSpec.Limited.LimitResponse.Type)) if plSpec.Limited.LimitResponse.Queuing != nil { buf.WriteString(fmt.Sprintf(", Queuing:&%#+v", *plSpec.Limited.LimitResponse.Queuing)) } @@ -123,12 +123,12 @@ func BufferPriorityLevelConfigurationSpec(buf *bytes.Buffer, plSpec *fcv1a1.Prio } // FmtFlowSchema produces a golang source expression of the value. -func FmtFlowSchema(fs *fcv1a1.FlowSchema) string { +func FmtFlowSchema(fs *flowcontrol.FlowSchema) string { if fs == nil { return "nil" } var buf bytes.Buffer - buf.WriteString(fmt.Sprintf("&v1alpha1.FlowSchema{ObjectMeta: %#+v, Spec: ", + buf.WriteString(fmt.Sprintf("&flowcontrolv1beta1.FlowSchema{ObjectMeta: %#+v, Spec: ", fs.ObjectMeta)) BufferFlowSchemaSpec(&buf, &fs.Spec) buf.WriteString(fmt.Sprintf(", Status: %#+v}", fs.Status)) @@ -137,7 +137,7 @@ func FmtFlowSchema(fs *fcv1a1.FlowSchema) string { // FmtFlowSchemaSpec produces a golang source expression equivalent to // the given spec -func FmtFlowSchemaSpec(fsSpec *fcv1a1.FlowSchemaSpec) string { +func FmtFlowSchemaSpec(fsSpec *flowcontrol.FlowSchemaSpec) string { var buf bytes.Buffer BufferFlowSchemaSpec(&buf, fsSpec) return buf.String() @@ -145,8 +145,8 @@ func FmtFlowSchemaSpec(fsSpec *fcv1a1.FlowSchemaSpec) string { // BufferFlowSchemaSpec writes a golang source expression for the // given value to the given buffer -func BufferFlowSchemaSpec(buf *bytes.Buffer, fsSpec *fcv1a1.FlowSchemaSpec) { - buf.WriteString(fmt.Sprintf("v1alpha1.FlowSchemaSpec{PriorityLevelConfiguration: %#+v, MatchingPrecedence: %d, DistinguisherMethod: ", +func BufferFlowSchemaSpec(buf *bytes.Buffer, fsSpec *flowcontrol.FlowSchemaSpec) { + buf.WriteString(fmt.Sprintf("flowcontrolv1beta1.FlowSchemaSpec{PriorityLevelConfiguration: %#+v, MatchingPrecedence: %d, DistinguisherMethod: ", fsSpec.PriorityLevelConfiguration, fsSpec.MatchingPrecedence)) if fsSpec.DistinguisherMethod == nil { @@ -154,7 +154,7 @@ func BufferFlowSchemaSpec(buf *bytes.Buffer, fsSpec *fcv1a1.FlowSchemaSpec) { } else { buf.WriteString(fmt.Sprintf("&%#+v", *fsSpec.DistinguisherMethod)) } - buf.WriteString(", Rules: []v1alpha1.PolicyRulesWithSubjects{") + buf.WriteString(", Rules: []flowcontrol.PolicyRulesWithSubjects{") for idx, rule := range fsSpec.Rules { if idx > 0 { buf.WriteString(", ") @@ -165,14 +165,14 @@ func BufferFlowSchemaSpec(buf *bytes.Buffer, fsSpec *fcv1a1.FlowSchemaSpec) { } // FmtPolicyRulesWithSubjects produces a golang source expression of the value. -func FmtPolicyRulesWithSubjects(rule fcv1a1.PolicyRulesWithSubjects) string { - return "v1alpha1.PolicyRulesWithSubjects" + FmtPolicyRulesWithSubjectsSlim(rule) +func FmtPolicyRulesWithSubjects(rule flowcontrol.PolicyRulesWithSubjects) string { + return "flowcontrolv1beta1.PolicyRulesWithSubjects" + FmtPolicyRulesWithSubjectsSlim(rule) } // FmtPolicyRulesWithSubjectsSlim produces a golang source expression // of the value but without the leading type name. See above for an // example context where this is useful. -func FmtPolicyRulesWithSubjectsSlim(rule fcv1a1.PolicyRulesWithSubjects) string { +func FmtPolicyRulesWithSubjectsSlim(rule flowcontrol.PolicyRulesWithSubjects) string { var buf bytes.Buffer BufferFmtPolicyRulesWithSubjectsSlim(&buf, rule) return buf.String() @@ -181,8 +181,8 @@ func FmtPolicyRulesWithSubjectsSlim(rule fcv1a1.PolicyRulesWithSubjects) string // BufferFmtPolicyRulesWithSubjectsSlim writes a golang source // expression for the given value to the given buffer but excludes the // leading type name -func BufferFmtPolicyRulesWithSubjectsSlim(buf *bytes.Buffer, rule fcv1a1.PolicyRulesWithSubjects) { - buf.WriteString("{Subjects: []v1alpha1.Subject{") +func BufferFmtPolicyRulesWithSubjectsSlim(buf *bytes.Buffer, rule flowcontrol.PolicyRulesWithSubjects) { + buf.WriteString("{Subjects: []flowcontrolv1beta1.Subject{") for jdx, subj := range rule.Subjects { if jdx > 0 { buf.WriteString(", ") diff --git a/pkg/util/flowcontrol/gen_test.go b/pkg/util/flowcontrol/gen_test.go index ed0f236b6..271cd5f42 100644 --- a/pkg/util/flowcontrol/gen_test.go +++ b/pkg/util/flowcontrol/gen_test.go @@ -23,7 +23,7 @@ import ( "testing" "time" - fcv1a1 "k8s.io/api/flowcontrol/v1alpha1" + flowcontrol "k8s.io/api/flowcontrol/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/sets" fcboot "k8s.io/apiserver/pkg/apis/flowcontrol/bootstrap" @@ -39,19 +39,19 @@ var noRestraintQSF = fqtesting.NewNoRestraintFactory() // genPL creates a valid PriorityLevelConfiguration with the given // name and randomly generated spec. The given name must not be one // of the mandatory ones. -func genPL(rng *rand.Rand, name string) *fcv1a1.PriorityLevelConfiguration { - plc := &fcv1a1.PriorityLevelConfiguration{ +func genPL(rng *rand.Rand, name string) *flowcontrol.PriorityLevelConfiguration { + plc := &flowcontrol.PriorityLevelConfiguration{ ObjectMeta: metav1.ObjectMeta{Name: name}, - Spec: fcv1a1.PriorityLevelConfigurationSpec{ - Type: fcv1a1.PriorityLevelEnablementLimited, - Limited: &fcv1a1.LimitedPriorityLevelConfiguration{ + Spec: flowcontrol.PriorityLevelConfigurationSpec{ + Type: flowcontrol.PriorityLevelEnablementLimited, + Limited: &flowcontrol.LimitedPriorityLevelConfiguration{ AssuredConcurrencyShares: rng.Int31n(100) + 1, - LimitResponse: fcv1a1.LimitResponse{ - Type: fcv1a1.LimitResponseTypeReject}}}} + LimitResponse: flowcontrol.LimitResponse{ + Type: flowcontrol.LimitResponseTypeReject}}}} if rng.Float32() < 0.95 { - plc.Spec.Limited.LimitResponse.Type = fcv1a1.LimitResponseTypeQueue + plc.Spec.Limited.LimitResponse.Type = flowcontrol.LimitResponseTypeQueue hs := rng.Int31n(5) + 1 - plc.Spec.Limited.LimitResponse.Queuing = &fcv1a1.QueuingConfiguration{ + plc.Spec.Limited.LimitResponse.Queuing = &flowcontrol.QueuingConfiguration{ Queues: hs + rng.Int31n(20), HandSize: hs, QueueLengthLimit: 5} @@ -65,7 +65,7 @@ func genPL(rng *rand.Rand, name string) *fcv1a1.PriorityLevelConfiguration { // A FlowSchema together with characteristics relevant to testing type fsTestingRecord struct { - fs *fcv1a1.FlowSchema + fs *flowcontrol.FlowSchema // Does this reference an existing priority level? wellFormed bool matchesAllResourceRequests bool @@ -85,8 +85,8 @@ func (ftr *fsTestingRecord) addDigests(digests []RequestDigest, matches bool) { } var flowDistinguisherMethodTypes = sets.NewString( - string(fcv1a1.FlowDistinguisherMethodByUserType), - string(fcv1a1.FlowDistinguisherMethodByNamespaceType), + string(flowcontrol.FlowDistinguisherMethodByUserType), + string(flowcontrol.FlowDistinguisherMethodByNamespaceType), ) var mandFTRExempt = &fsTestingRecord{ @@ -189,9 +189,9 @@ var mandFTRCatchAll = &fsTestingRecord{ // formed spec references a priority level drawn from badPLNames. // goodPLNames may be empty, but badPLNames may not. func genFS(t *testing.T, rng *rand.Rand, name string, mayMatchClusterScope bool, goodPLNames, badPLNames sets.String) *fsTestingRecord { - fs := &fcv1a1.FlowSchema{ + fs := &flowcontrol.FlowSchema{ ObjectMeta: metav1.ObjectMeta{Name: name}, - Spec: fcv1a1.FlowSchemaSpec{}} + Spec: flowcontrol.FlowSchemaSpec{}} // 5% chance of zero rules, otherwise draw from 1--6 biased low nRules := (1 + rng.Intn(3)) * (1 + rng.Intn(2)) * ((19 + rng.Intn(20)) / 20) ftr := &fsTestingRecord{fs: fs, @@ -202,23 +202,23 @@ func genFS(t *testing.T, rng *rand.Rand, name string, mayMatchClusterScope bool, false: {false: {}, true: {}}, true: {false: {}, true: {}}}, } - dangleStatus := fcv1a1.ConditionFalse + dangleStatus := flowcontrol.ConditionFalse if rng.Float32() < 0.9 && len(goodPLNames) > 0 { - fs.Spec.PriorityLevelConfiguration = fcv1a1.PriorityLevelConfigurationReference{pickSetString(rng, goodPLNames)} + fs.Spec.PriorityLevelConfiguration = flowcontrol.PriorityLevelConfigurationReference{pickSetString(rng, goodPLNames)} } else { - fs.Spec.PriorityLevelConfiguration = fcv1a1.PriorityLevelConfigurationReference{pickSetString(rng, badPLNames)} + fs.Spec.PriorityLevelConfiguration = flowcontrol.PriorityLevelConfigurationReference{pickSetString(rng, badPLNames)} ftr.wellFormed = false - dangleStatus = fcv1a1.ConditionTrue + dangleStatus = flowcontrol.ConditionTrue } - fs.Status.Conditions = []fcv1a1.FlowSchemaCondition{{ - Type: fcv1a1.FlowSchemaConditionDangling, + fs.Status.Conditions = []flowcontrol.FlowSchemaCondition{{ + Type: flowcontrol.FlowSchemaConditionDangling, Status: dangleStatus}} fs.Spec.MatchingPrecedence = rng.Int31n(9997) + 2 if rng.Float32() < 0.8 { - fdmt := fcv1a1.FlowDistinguisherMethodType(pickSetString(rng, flowDistinguisherMethodTypes)) - fs.Spec.DistinguisherMethod = &fcv1a1.FlowDistinguisherMethod{fdmt} + fdmt := flowcontrol.FlowDistinguisherMethodType(pickSetString(rng, flowDistinguisherMethodTypes)) + fs.Spec.DistinguisherMethod = &flowcontrol.FlowDistinguisherMethod{fdmt} } - fs.Spec.Rules = []fcv1a1.PolicyRulesWithSubjects{} + fs.Spec.Rules = []flowcontrol.PolicyRulesWithSubjects{} everyResourceMatcher := -1 if ftr.matchesAllResourceRequests { if mayMatchClusterScope { @@ -275,12 +275,12 @@ var noextra = make(map[string][]string) // cluster-scoped request. Thus, these are normally excluded. When // mayMatchClusterScope==true the generated rule may be cluster-scoped // and there is no promise of cross-rule exclusion. -func genPolicyRuleWithSubjects(t *testing.T, rng *rand.Rand, pfx string, mayMatchClusterScope, someMatchesAllResourceRequests, someMatchesAllNonResourceRequests, matchAllResourceRequests, matchAllNonResourceRequests bool) (fcv1a1.PolicyRulesWithSubjects, []RequestDigest, []RequestDigest, []RequestDigest, []RequestDigest) { - subjects := []fcv1a1.Subject{} +func genPolicyRuleWithSubjects(t *testing.T, rng *rand.Rand, pfx string, mayMatchClusterScope, someMatchesAllResourceRequests, someMatchesAllNonResourceRequests, matchAllResourceRequests, matchAllNonResourceRequests bool) (flowcontrol.PolicyRulesWithSubjects, []RequestDigest, []RequestDigest, []RequestDigest, []RequestDigest) { + subjects := []flowcontrol.Subject{} matchingUIs := []user.Info{} skippingUIs := []user.Info{} - resourceRules := []fcv1a1.ResourcePolicyRule{} - nonResourceRules := []fcv1a1.NonResourcePolicyRule{} + resourceRules := []flowcontrol.ResourcePolicyRule{} + nonResourceRules := []flowcontrol.NonResourcePolicyRule{} matchingRRIs := []*request.RequestInfo{} skippingRRIs := []*request.RequestInfo{} matchingNRIs := []*request.RequestInfo{} @@ -341,7 +341,7 @@ func genPolicyRuleWithSubjects(t *testing.T, rng *rand.Rand, pfx string, mayMatc if nRR == 0 { _, _, skippingNRIs = genNonResourceRule(rng, pfx+"-o", false, someMatchesAllNonResourceRequests) } - rule := fcv1a1.PolicyRulesWithSubjects{subjects, resourceRules, nonResourceRules} + rule := flowcontrol.PolicyRulesWithSubjects{subjects, resourceRules, nonResourceRules} t.Logf("For pfx=%s, mayMatchClusterScope=%v, someMatchesAllResourceRequests=%v, someMatchesAllNonResourceRequests=%v, marr=%v, manrr=%v: generated prws=%s, mu=%s, su=%s, mrr=%s, mnr=%s, srr=%s, snr=%s", pfx, mayMatchClusterScope, someMatchesAllResourceRequests, someMatchesAllNonResourceRequests, matchAllResourceRequests, matchAllNonResourceRequests, fcfmt.Fmt(rule), fcfmt.Fmt(matchingUIs), fcfmt.Fmt(skippingUIs), fcfmt.Fmt(matchingRRIs), fcfmt.Fmt(matchingNRIs), fcfmt.Fmt(skippingRRIs), fcfmt.Fmt(skippingNRIs)) matchingRDigests := cross(matchingUIs, matchingRRIs) skippingRDigests := append(append(cross(matchingUIs, skippingRRIs), @@ -368,7 +368,7 @@ func cross(uis []user.Info, ris []*request.RequestInfo) []RequestDigest { return ans } -func shuffleAndTakeDigests(t *testing.T, rng *rand.Rand, rule *fcv1a1.PolicyRulesWithSubjects, toMatch bool, digests []RequestDigest, n int) []RequestDigest { +func shuffleAndTakeDigests(t *testing.T, rng *rand.Rand, rule *flowcontrol.PolicyRulesWithSubjects, toMatch bool, digests []RequestDigest, n int) []RequestDigest { ans := make([]RequestDigest, 0, n) for len(ans) < n && len(digests) > 0 { i := rng.Intn(len(digests)) @@ -409,25 +409,25 @@ func uniqify(in RequestDigest) RequestDigest { // names that begin with the given prefix. The second returned list // contains members that mismatch the generated Subject and involve // names that begin with the given prefix. -func genSubject(rng *rand.Rand, pfx string) (fcv1a1.Subject, []user.Info, []user.Info) { - subject := fcv1a1.Subject{} +func genSubject(rng *rand.Rand, pfx string) (flowcontrol.Subject, []user.Info, []user.Info) { + subject := flowcontrol.Subject{} var matchingUIs, skippingUIs []user.Info x := rng.Float32() switch { case x < 0.33: - subject.Kind = fcv1a1.SubjectKindUser + subject.Kind = flowcontrol.SubjectKindUser subject.User, matchingUIs, skippingUIs = genUser(rng, pfx) case x < 0.67: - subject.Kind = fcv1a1.SubjectKindGroup + subject.Kind = flowcontrol.SubjectKindGroup subject.Group, matchingUIs, skippingUIs = genGroup(rng, pfx) default: - subject.Kind = fcv1a1.SubjectKindServiceAccount + subject.Kind = flowcontrol.SubjectKindServiceAccount subject.ServiceAccount, matchingUIs, skippingUIs = genServiceAccount(rng, pfx) } return subject, matchingUIs, skippingUIs } -func genUser(rng *rand.Rand, pfx string) (*fcv1a1.UserSubject, []user.Info, []user.Info) { +func genUser(rng *rand.Rand, pfx string) (*flowcontrol.UserSubject, []user.Info, []user.Info) { mui := &user.DefaultInfo{ Name: pfx + "-u", UID: "good-id", @@ -438,7 +438,7 @@ func genUser(rng *rand.Rand, pfx string) (*fcv1a1.UserSubject, []user.Info, []us UID: mui.UID, Groups: mui.Groups, Extra: mui.Extra}} - return &fcv1a1.UserSubject{mui.Name}, []user.Info{mui}, skips + return &flowcontrol.UserSubject{mui.Name}, []user.Info{mui}, skips } var groupCover = []string{"system:authenticated", "system:unauthenticated"} @@ -447,21 +447,21 @@ func mg(rng *rand.Rand) string { return groupCover[rng.Intn(len(groupCover))] } -func mkUserSubject(username string) fcv1a1.Subject { - return fcv1a1.Subject{ - Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{username}, +func mkUserSubject(username string) flowcontrol.Subject { + return flowcontrol.Subject{ + Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{username}, } } -func mkGroupSubject(group string) fcv1a1.Subject { - return fcv1a1.Subject{ - Kind: fcv1a1.SubjectKindGroup, - Group: &fcv1a1.GroupSubject{group}, +func mkGroupSubject(group string) flowcontrol.Subject { + return flowcontrol.Subject{ + Kind: flowcontrol.SubjectKindGroup, + Group: &flowcontrol.GroupSubject{group}, } } -func genGroup(rng *rand.Rand, pfx string) (*fcv1a1.GroupSubject, []user.Info, []user.Info) { +func genGroup(rng *rand.Rand, pfx string) (*flowcontrol.GroupSubject, []user.Info, []user.Info) { name := pfx + "-g" ui := &user.DefaultInfo{ Name: pfx + "-u", @@ -487,10 +487,10 @@ func genGroup(rng *rand.Rand, pfx string) (*fcv1a1.GroupSubject, []user.Info, [] if rng.Intn(2) == 0 { skipper.Groups = append(skipper.Groups, pfx+"-k") } - return &fcv1a1.GroupSubject{name}, []user.Info{ui}, []user.Info{skipper} + return &flowcontrol.GroupSubject{name}, []user.Info{ui}, []user.Info{skipper} } -func genServiceAccount(rng *rand.Rand, pfx string) (*fcv1a1.ServiceAccountSubject, []user.Info, []user.Info) { +func genServiceAccount(rng *rand.Rand, pfx string) (*flowcontrol.ServiceAccountSubject, []user.Info, []user.Info) { ns := pfx + "-ns" name := pfx + "-n" mname := name @@ -516,19 +516,19 @@ func genServiceAccount(rng *rand.Rand, pfx string) (*fcv1a1.ServiceAccountSubjec Groups: mui.Groups, Extra: mui.Extra}} } - return &fcv1a1.ServiceAccountSubject{Namespace: ns, Name: mname}, []user.Info{mui}, skips + return &flowcontrol.ServiceAccountSubject{Namespace: ns, Name: mname}, []user.Info{mui}, skips } // genResourceRule randomly generates a valid ResourcePolicyRule and lists // of matching and non-matching `*request.RequestInfo`. -func genResourceRule(rng *rand.Rand, pfx string, mayMatchClusterScope, matchAllResources, someMatchesAllResources bool) (fcv1a1.ResourcePolicyRule, []*request.RequestInfo, []*request.RequestInfo) { +func genResourceRule(rng *rand.Rand, pfx string, mayMatchClusterScope, matchAllResources, someMatchesAllResources bool) (flowcontrol.ResourcePolicyRule, []*request.RequestInfo, []*request.RequestInfo) { namespaces := []string{pfx + "-n1", pfx + "-n2", pfx + "-n3"} rnamespaces := namespaces if mayMatchClusterScope && rng.Float32() < 0.1 { namespaces[0] = "" rnamespaces = namespaces[1:] } - rr := fcv1a1.ResourcePolicyRule{ + rr := flowcontrol.ResourcePolicyRule{ Verbs: []string{pfx + "-v1", pfx + "-v2", pfx + "-v3"}, APIGroups: []string{pfx + ".g1", pfx + ".g2", pfx + ".g3"}, Resources: []string{pfx + "-r1s", pfx + "-r2s", pfx + "-r3s"}, @@ -550,17 +550,17 @@ func genResourceRule(rng *rand.Rand, pfx string, mayMatchClusterScope, matchAllR // choose a proper subset of fields to wildcard; only matters if not matching all starMask := rng.Intn(15) if matchAllResources || starMask&1 == 1 && rng.Float32() < 0.1 { - rr.Verbs = []string{fcv1a1.VerbAll} + rr.Verbs = []string{flowcontrol.VerbAll} } if matchAllResources || starMask&2 == 2 && rng.Float32() < 0.1 { - rr.APIGroups = []string{fcv1a1.APIGroupAll} + rr.APIGroups = []string{flowcontrol.APIGroupAll} } if matchAllResources || starMask&4 == 4 && rng.Float32() < 0.1 { - rr.Resources = []string{fcv1a1.ResourceAll} + rr.Resources = []string{flowcontrol.ResourceAll} } if matchAllResources || starMask&8 == 8 && rng.Float32() < 0.1 { rr.ClusterScope = true - rr.Namespaces = []string{fcv1a1.NamespaceEvery} + rr.Namespaces = []string{flowcontrol.NamespaceEvery} } return rr, matchingRIs, skippingRIs } @@ -616,8 +616,8 @@ func chooseInts(rng *rand.Rand, n, m int) []int { // genNonResourceRule returns a randomly generated valid // NonResourcePolicyRule and lists of matching and non-matching // `*request.RequestInfo`. -func genNonResourceRule(rng *rand.Rand, pfx string, matchAllNonResources, someMatchesAllNonResources bool) (fcv1a1.NonResourcePolicyRule, []*request.RequestInfo, []*request.RequestInfo) { - nrr := fcv1a1.NonResourcePolicyRule{ +func genNonResourceRule(rng *rand.Rand, pfx string, matchAllNonResources, someMatchesAllNonResources bool) (flowcontrol.NonResourcePolicyRule, []*request.RequestInfo, []*request.RequestInfo) { + nrr := flowcontrol.NonResourcePolicyRule{ Verbs: []string{pfx + "-v1", pfx + "-v2", pfx + "-v3"}, NonResourceURLs: []string{"/" + pfx + "/g/p1", "/" + pfx + "/g/p2", "/" + pfx + "/g/p3"}, } @@ -631,7 +631,7 @@ func genNonResourceRule(rng *rand.Rand, pfx string, matchAllNonResources, someMa // choose a proper subset of fields to consider wildcarding; only matters if not matching all starMask := rng.Intn(3) if matchAllNonResources || starMask&1 == 1 && rng.Float32() < 0.1 { - nrr.Verbs = []string{fcv1a1.VerbAll} + nrr.Verbs = []string{flowcontrol.VerbAll} } if matchAllNonResources || starMask&2 == 2 && rng.Float32() < 0.1 { nrr.NonResourceURLs = []string{"*"} diff --git a/pkg/util/flowcontrol/match_test.go b/pkg/util/flowcontrol/match_test.go index 787905fa2..5a0f64dee 100644 --- a/pkg/util/flowcontrol/match_test.go +++ b/pkg/util/flowcontrol/match_test.go @@ -21,7 +21,7 @@ import ( "math/rand" "testing" - fcv1a1 "k8s.io/api/flowcontrol/v1alpha1" + flowcontrol "k8s.io/api/flowcontrol/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apiserver/pkg/authentication/user" @@ -116,204 +116,204 @@ func TestLiterals(t *testing.T) { Path: "/openapi/v2", Verb: "goodverb"}, ui} - checkRules(t, true, reqRN, []fcv1a1.PolicyRulesWithSubjects{{ - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + checkRules(t, true, reqRN, []flowcontrol.PolicyRulesWithSubjects{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindGroup, - Group: &fcv1a1.GroupSubject{"goodg1"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindGroup, + Group: &flowcontrol.GroupSubject{"goodg1"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"*"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"*"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindGroup, - Group: &fcv1a1.GroupSubject{"*"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindGroup, + Group: &flowcontrol.GroupSubject{"*"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"*"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"*"}, Resources: []string{"goodrscs"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"*"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, Namespaces: []string{"*"}}}}, }) - checkRules(t, false, reqRN, []fcv1a1.PolicyRulesWithSubjects{{ - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"badu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + checkRules(t, false, reqRN, []flowcontrol.PolicyRulesWithSubjects{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"badu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindGroup, - Group: &fcv1a1.GroupSubject{"badg"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindGroup, + Group: &flowcontrol.GroupSubject{"badg"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"badverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"badapig"}, Resources: []string{"goodrscs"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"badrscs"}, Namespaces: []string{"goodns"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, Namespaces: []string{"badns"}}}}, }) - checkRules(t, true, reqRU, []fcv1a1.PolicyRulesWithSubjects{{ - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + checkRules(t, true, reqRU, []flowcontrol.PolicyRulesWithSubjects{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, ClusterScope: true}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"*"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, ClusterScope: true}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"*"}, Resources: []string{"goodrscs"}, ClusterScope: true}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"*"}, ClusterScope: true}}}}) - checkRules(t, false, reqRU, []fcv1a1.PolicyRulesWithSubjects{{ - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + checkRules(t, false, reqRU, []flowcontrol.PolicyRulesWithSubjects{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"badverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, ClusterScope: true}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"badapig"}, Resources: []string{"goodrscs"}, ClusterScope: true}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"badrscs"}, ClusterScope: true}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - ResourceRules: []fcv1a1.ResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + ResourceRules: []flowcontrol.ResourcePolicyRule{{ Verbs: []string{"goodverb"}, APIGroups: []string{"goodapig"}, Resources: []string{"goodrscs"}, ClusterScope: false}}}, }) - checkRules(t, true, reqN, []fcv1a1.PolicyRulesWithSubjects{{ - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - NonResourceRules: []fcv1a1.NonResourcePolicyRule{{ + checkRules(t, true, reqN, []flowcontrol.PolicyRulesWithSubjects{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + NonResourceRules: []flowcontrol.NonResourcePolicyRule{{ Verbs: []string{"goodverb"}, NonResourceURLs: []string{"/openapi/v2"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - NonResourceRules: []fcv1a1.NonResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + NonResourceRules: []flowcontrol.NonResourcePolicyRule{{ Verbs: []string{"*"}, NonResourceURLs: []string{"/openapi/v2"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - NonResourceRules: []fcv1a1.NonResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + NonResourceRules: []flowcontrol.NonResourcePolicyRule{{ Verbs: []string{"goodverb"}, NonResourceURLs: []string{"*"}}}}, }) - checkRules(t, false, reqN, []fcv1a1.PolicyRulesWithSubjects{{ - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - NonResourceRules: []fcv1a1.NonResourcePolicyRule{{ + checkRules(t, false, reqN, []flowcontrol.PolicyRulesWithSubjects{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + NonResourceRules: []flowcontrol.NonResourcePolicyRule{{ Verbs: []string{"badverb"}, NonResourceURLs: []string{"/openapi/v2"}}}}, { - Subjects: []fcv1a1.Subject{{Kind: fcv1a1.SubjectKindUser, - User: &fcv1a1.UserSubject{"goodu"}}}, - NonResourceRules: []fcv1a1.NonResourcePolicyRule{{ + Subjects: []flowcontrol.Subject{{Kind: flowcontrol.SubjectKindUser, + User: &flowcontrol.UserSubject{"goodu"}}}, + NonResourceRules: []flowcontrol.NonResourcePolicyRule{{ Verbs: []string{"goodverb"}, NonResourceURLs: []string{"/closedapi/v2"}}}}, }) } -func checkRules(t *testing.T, expectMatch bool, digest RequestDigest, rules []fcv1a1.PolicyRulesWithSubjects) { +func checkRules(t *testing.T, expectMatch bool, digest RequestDigest, rules []flowcontrol.PolicyRulesWithSubjects) { for idx, rule := range rules { - fs := &fcv1a1.FlowSchema{ + fs := &flowcontrol.FlowSchema{ ObjectMeta: metav1.ObjectMeta{Name: fmt.Sprintf("rule%d", idx)}, - Spec: fcv1a1.FlowSchemaSpec{ - Rules: []fcv1a1.PolicyRulesWithSubjects{rule}}} + Spec: flowcontrol.FlowSchemaSpec{ + Rules: []flowcontrol.PolicyRulesWithSubjects{rule}}} actualMatch := matchesFlowSchema(digest, fs) if expectMatch != actualMatch { t.Errorf("expectMatch=%v, actualMatch=%v, digest=%#+v, fs=%s", expectMatch, actualMatch, digest, fcfmt.Fmt(fs)) diff --git a/pkg/util/flowcontrol/rule.go b/pkg/util/flowcontrol/rule.go index c6a046333..765e28790 100644 --- a/pkg/util/flowcontrol/rule.go +++ b/pkg/util/flowcontrol/rule.go @@ -19,7 +19,7 @@ package flowcontrol import ( "strings" - fctypesv1a1 "k8s.io/api/flowcontrol/v1alpha1" + flowcontrol "k8s.io/api/flowcontrol/v1beta1" "k8s.io/apiserver/pkg/authentication/serviceaccount" "k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/endpoints/request" @@ -27,7 +27,7 @@ import ( // Tests whether a given request and FlowSchema match. Nobody mutates // either input. -func matchesFlowSchema(digest RequestDigest, flowSchema *fctypesv1a1.FlowSchema) bool { +func matchesFlowSchema(digest RequestDigest, flowSchema *flowcontrol.FlowSchema) bool { for _, policyRule := range flowSchema.Spec.Rules { if matchesPolicyRule(digest, &policyRule) { return true @@ -36,7 +36,7 @@ func matchesFlowSchema(digest RequestDigest, flowSchema *fctypesv1a1.FlowSchema) return false } -func matchesPolicyRule(digest RequestDigest, policyRule *fctypesv1a1.PolicyRulesWithSubjects) bool { +func matchesPolicyRule(digest RequestDigest, policyRule *flowcontrol.PolicyRulesWithSubjects) bool { if !matchesASubject(digest.User, policyRule.Subjects) { return false } @@ -46,7 +46,7 @@ func matchesPolicyRule(digest RequestDigest, policyRule *fctypesv1a1.PolicyRules return matchesANonResourceRule(digest.RequestInfo, policyRule.NonResourceRules) } -func matchesASubject(user user.Info, subjects []fctypesv1a1.Subject) bool { +func matchesASubject(user user.Info, subjects []flowcontrol.Subject) bool { for _, subject := range subjects { if matchesSubject(user, subject) { return true @@ -55,11 +55,11 @@ func matchesASubject(user user.Info, subjects []fctypesv1a1.Subject) bool { return false } -func matchesSubject(user user.Info, subject fctypesv1a1.Subject) bool { +func matchesSubject(user user.Info, subject flowcontrol.Subject) bool { switch subject.Kind { - case fctypesv1a1.SubjectKindUser: - return subject.User != nil && (subject.User.Name == fctypesv1a1.NameAll || subject.User.Name == user.GetName()) - case fctypesv1a1.SubjectKindGroup: + case flowcontrol.SubjectKindUser: + return subject.User != nil && (subject.User.Name == flowcontrol.NameAll || subject.User.Name == user.GetName()) + case flowcontrol.SubjectKindGroup: if subject.Group == nil { return false } @@ -73,11 +73,11 @@ func matchesSubject(user user.Info, subject fctypesv1a1.Subject) bool { } } return false - case fctypesv1a1.SubjectKindServiceAccount: + case flowcontrol.SubjectKindServiceAccount: if subject.ServiceAccount == nil { return false } - if subject.ServiceAccount.Name == fctypesv1a1.NameAll { + if subject.ServiceAccount.Name == flowcontrol.NameAll { return serviceAccountMatchesNamespace(subject.ServiceAccount.Namespace, user.GetName()) } return serviceaccount.MatchesUsername(subject.ServiceAccount.Namespace, subject.ServiceAccount.Name, user.GetName()) @@ -107,7 +107,7 @@ func serviceAccountMatchesNamespace(namespace string, username string) bool { return strings.HasPrefix(username, ServiceAccountUsernameSeparator) } -func matchesAResourceRule(ri *request.RequestInfo, rules []fctypesv1a1.ResourcePolicyRule) bool { +func matchesAResourceRule(ri *request.RequestInfo, rules []flowcontrol.ResourcePolicyRule) bool { for _, rr := range rules { if matchesResourcePolicyRule(ri, rr) { return true @@ -116,7 +116,7 @@ func matchesAResourceRule(ri *request.RequestInfo, rules []fctypesv1a1.ResourceP return false } -func matchesResourcePolicyRule(ri *request.RequestInfo, policyRule fctypesv1a1.ResourcePolicyRule) bool { +func matchesResourcePolicyRule(ri *request.RequestInfo, policyRule flowcontrol.ResourcePolicyRule) bool { if !matchPolicyRuleVerb(policyRule.Verbs, ri.Verb) { return false } @@ -129,10 +129,10 @@ func matchesResourcePolicyRule(ri *request.RequestInfo, policyRule fctypesv1a1.R if len(ri.Namespace) == 0 { return policyRule.ClusterScope } - return containsString(ri.Namespace, policyRule.Namespaces, fctypesv1a1.NamespaceEvery) + return containsString(ri.Namespace, policyRule.Namespaces, flowcontrol.NamespaceEvery) } -func matchesANonResourceRule(ri *request.RequestInfo, rules []fctypesv1a1.NonResourcePolicyRule) bool { +func matchesANonResourceRule(ri *request.RequestInfo, rules []flowcontrol.NonResourcePolicyRule) bool { for _, rr := range rules { if matchesNonResourcePolicyRule(ri, rr) { return true @@ -141,7 +141,7 @@ func matchesANonResourceRule(ri *request.RequestInfo, rules []fctypesv1a1.NonRes return false } -func matchesNonResourcePolicyRule(ri *request.RequestInfo, policyRule fctypesv1a1.NonResourcePolicyRule) bool { +func matchesNonResourcePolicyRule(ri *request.RequestInfo, policyRule flowcontrol.NonResourcePolicyRule) bool { if !matchPolicyRuleVerb(policyRule.Verbs, ri.Verb) { return false } @@ -149,12 +149,12 @@ func matchesNonResourcePolicyRule(ri *request.RequestInfo, policyRule fctypesv1a } func matchPolicyRuleVerb(policyRuleVerbs []string, requestVerb string) bool { - return containsString(requestVerb, policyRuleVerbs, fctypesv1a1.VerbAll) + return containsString(requestVerb, policyRuleVerbs, flowcontrol.VerbAll) } func matchPolicyRuleNonResourceURL(policyRuleRequestURLs []string, requestPath string) bool { for _, rulePath := range policyRuleRequestURLs { - if rulePath == fctypesv1a1.NonResourceAll || rulePath == requestPath { + if rulePath == flowcontrol.NonResourceAll || rulePath == requestPath { return true } rulePrefix := strings.TrimSuffix(rulePath, "*") @@ -169,7 +169,7 @@ func matchPolicyRuleNonResourceURL(policyRuleRequestURLs []string, requestPath s } func matchPolicyRuleAPIGroup(policyRuleAPIGroups []string, requestAPIGroup string) bool { - return containsString(requestAPIGroup, policyRuleAPIGroups, fctypesv1a1.APIGroupAll) + return containsString(requestAPIGroup, policyRuleAPIGroups, flowcontrol.APIGroupAll) } func rsJoin(requestResource, requestSubresource string) string { @@ -181,7 +181,7 @@ func rsJoin(requestResource, requestSubresource string) string { } func matchPolicyRuleResource(policyRuleRequestResources []string, requestResource, requestSubresource string) bool { - return containsString(rsJoin(requestResource, requestSubresource), policyRuleRequestResources, fctypesv1a1.ResourceAll) + return containsString(rsJoin(requestResource, requestSubresource), policyRuleRequestResources, flowcontrol.ResourceAll) } // containsString returns true if either `x` or `wildcard` is in