From cd5bba178019244e7d07108fb6b6f6fff04326e9 Mon Sep 17 00:00:00 2001 From: Monis Khan Date: Wed, 14 Aug 2024 10:33:36 -0400 Subject: [PATCH] Ensure transformers have access to the resource via request info This guarantees that logs and metrics that rely on this information work as expected. Signed-off-by: Monis Khan Kubernetes-commit: 49d7b4c97e4f7ee5c664b068c207a39b8c3f759e --- pkg/server/options/encryptionconfig/config.go | 43 ++++++++++++++++++- .../options/encryptionconfig/config_test.go | 10 ++++- 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/pkg/server/options/encryptionconfig/config.go b/pkg/server/options/encryptionconfig/config.go index 703e830f8..d7b4fc05a 100644 --- a/pkg/server/options/encryptionconfig/config.go +++ b/pkg/server/options/encryptionconfig/config.go @@ -40,6 +40,7 @@ import ( "k8s.io/apiserver/pkg/apis/apiserver" apiserverv1 "k8s.io/apiserver/pkg/apis/apiserver/v1" "k8s.io/apiserver/pkg/apis/apiserver/validation" + "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/features" "k8s.io/apiserver/pkg/server/healthz" "k8s.io/apiserver/pkg/server/options/encryptionconfig/metrics" @@ -1009,7 +1010,9 @@ var anyGroupAnyResource = schema.GroupResource{ Resource: "*", } -func transformerFromOverrides(transformerOverrides map[schema.GroupResource]storagevalue.Transformer, resource schema.GroupResource) storagevalue.Transformer { +func transformerFromOverrides(transformerOverrides map[schema.GroupResource]storagevalue.Transformer, resource schema.GroupResource) (out storagevalue.Transformer) { + defer func() { out = newRequestInfoTransformer(resource, out) }() + if transformer := transformerOverrides[resource]; transformer != nil { return transformer } @@ -1035,3 +1038,41 @@ func grYAMLString(gr schema.GroupResource) string { return gr.String() } + +var _ storagevalue.Transformer = &requestInfoTransformer{} + +type requestInfoTransformer struct { + baseValueCtx context.Context + delegate storagevalue.Transformer +} + +func newRequestInfoTransformer(resource schema.GroupResource, delegate storagevalue.Transformer) *requestInfoTransformer { + return &requestInfoTransformer{ + baseValueCtx: request.WithRequestInfo(context.Background(), &request.RequestInfo{IsResourceRequest: true, APIGroup: resource.Group, Resource: resource.Resource}), + delegate: delegate, + } +} + +func (l *requestInfoTransformer) TransformFromStorage(ctx context.Context, data []byte, dataCtx storagevalue.Context) ([]byte, bool, error) { + return l.delegate.TransformFromStorage(l.withBaseValueCtx(ctx), data, dataCtx) +} + +func (l *requestInfoTransformer) TransformToStorage(ctx context.Context, data []byte, dataCtx storagevalue.Context) ([]byte, error) { + return l.delegate.TransformToStorage(l.withBaseValueCtx(ctx), data, dataCtx) +} + +func (l *requestInfoTransformer) withBaseValueCtx(ctx context.Context) context.Context { + return &joinValueContext{Context: ctx, baseValueCtx: l.baseValueCtx} +} + +type joinValueContext struct { + context.Context + baseValueCtx context.Context +} + +func (j *joinValueContext) Value(key any) any { + if val := j.Context.Value(key); val != nil { + return val + } + return j.baseValueCtx.Value(key) +} diff --git a/pkg/server/options/encryptionconfig/config_test.go b/pkg/server/options/encryptionconfig/config_test.go index 7b867f52b..26c259530 100644 --- a/pkg/server/options/encryptionconfig/config_test.go +++ b/pkg/server/options/encryptionconfig/config_test.go @@ -1424,7 +1424,15 @@ func TestWildcardStructure(t *testing.T) { for resource, expectedTransformerName := range tc.expectedResourceTransformers { transformer := transformerFromOverrides(transformers, schema.ParseGroupResource(resource)) transformerName := string( - reflect.ValueOf(transformer).Elem().FieldByName("transformers").Index(0).FieldByName("Prefix").Bytes(), + reflect.ValueOf(transformer). + Elem(). + FieldByName("delegate"). + Elem(). + Elem(). + FieldByName("transformers"). + Index(0). + FieldByName("Prefix"). + Bytes(), ) if transformerName != expectedTransformerName {