Merge pull request #117713 from flant/ssr-ga
KEP-3325: Promote SelfSubjectReview to GA Kubernetes-commit: 78833e1b3385ea3485d38aa46586d39195377ec9
This commit is contained in:
Kubernetes Publisher
commit
5ef32b94c0
8
go.mod
8
go.mod
|
|
@ -30,10 +30,10 @@ require (
|
||||||
github.com/stretchr/testify v1.8.2
|
github.com/stretchr/testify v1.8.2
|
||||||
golang.org/x/sys v0.7.0
|
golang.org/x/sys v0.7.0
|
||||||
gopkg.in/yaml.v2 v2.4.0
|
gopkg.in/yaml.v2 v2.4.0
|
||||||
k8s.io/api v0.0.0-20230503175222-2ef5057a4265
|
k8s.io/api v0.0.0-20230503175223-77aab51479c3
|
||||||
k8s.io/apimachinery v0.0.0-20230503174314-7ecc58659e5e
|
k8s.io/apimachinery v0.0.0-20230503174314-7ecc58659e5e
|
||||||
k8s.io/cli-runtime v0.0.0-20230503202151-25b144db1d13
|
k8s.io/cli-runtime v0.0.0-20230503202151-25b144db1d13
|
||||||
k8s.io/client-go v0.0.0-20230503180226-bea472626f88
|
k8s.io/client-go v0.0.0-20230503180228-383ccb06d023
|
||||||
k8s.io/component-base v0.0.0-20230503184328-d8237c55bb0d
|
k8s.io/component-base v0.0.0-20230503184328-d8237c55bb0d
|
||||||
k8s.io/component-helpers v0.0.0-20230503184823-e13365989545
|
k8s.io/component-helpers v0.0.0-20230503184823-e13365989545
|
||||||
k8s.io/klog/v2 v2.100.1
|
k8s.io/klog/v2 v2.100.1
|
||||||
|
|
@ -94,10 +94,10 @@ require (
|
||||||
)
|
)
|
||||||
|
|
||||||
replace (
|
replace (
|
||||||
k8s.io/api => k8s.io/api v0.0.0-20230503175222-2ef5057a4265
|
k8s.io/api => k8s.io/api v0.0.0-20230503175223-77aab51479c3
|
||||||
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20230503174314-7ecc58659e5e
|
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20230503174314-7ecc58659e5e
|
||||||
k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20230503202151-25b144db1d13
|
k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20230503202151-25b144db1d13
|
||||||
k8s.io/client-go => k8s.io/client-go v0.0.0-20230503180226-bea472626f88
|
k8s.io/client-go => k8s.io/client-go v0.0.0-20230503180228-383ccb06d023
|
||||||
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20230503172937-f7315244e4ce
|
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20230503172937-f7315244e4ce
|
||||||
k8s.io/component-base => k8s.io/component-base v0.0.0-20230503184328-d8237c55bb0d
|
k8s.io/component-base => k8s.io/component-base v0.0.0-20230503184328-d8237c55bb0d
|
||||||
k8s.io/component-helpers => k8s.io/component-helpers v0.0.0-20230503184823-e13365989545
|
k8s.io/component-helpers => k8s.io/component-helpers v0.0.0-20230503184823-e13365989545
|
||||||
|
|
|
||||||
8
go.sum
8
go.sum
|
|
@ -540,14 +540,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
|
||||||
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
|
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
|
||||||
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||||
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||||
k8s.io/api v0.0.0-20230503175222-2ef5057a4265 h1:hy6GFd7RhMrf5YKMw1IUzmmJpZu1qzRXwxmNzmrvqgU=
|
k8s.io/api v0.0.0-20230503175223-77aab51479c3 h1:VAGMARadnBVFTTRgO/VVDetZxPPjbx9unjDPqZwdw68=
|
||||||
k8s.io/api v0.0.0-20230503175222-2ef5057a4265/go.mod h1:/fu24lnfAhrloAI7EhcGTa0fXXQH5r4rUqEQMW9endY=
|
k8s.io/api v0.0.0-20230503175223-77aab51479c3/go.mod h1:/fu24lnfAhrloAI7EhcGTa0fXXQH5r4rUqEQMW9endY=
|
||||||
k8s.io/apimachinery v0.0.0-20230503174314-7ecc58659e5e h1:zTmKa/UVIS4WvRrYbIblypAjK81XFnlq8zxUCiBFgFE=
|
k8s.io/apimachinery v0.0.0-20230503174314-7ecc58659e5e h1:zTmKa/UVIS4WvRrYbIblypAjK81XFnlq8zxUCiBFgFE=
|
||||||
k8s.io/apimachinery v0.0.0-20230503174314-7ecc58659e5e/go.mod h1:jF849JXyKVKRC0O62ZBSygt6qOSEYju8i90sKd1mx4g=
|
k8s.io/apimachinery v0.0.0-20230503174314-7ecc58659e5e/go.mod h1:jF849JXyKVKRC0O62ZBSygt6qOSEYju8i90sKd1mx4g=
|
||||||
k8s.io/cli-runtime v0.0.0-20230503202151-25b144db1d13 h1:cHNxbVT3MKM2NMe8OJW6IMCvbnkYNhZGDpRO4ih5z78=
|
k8s.io/cli-runtime v0.0.0-20230503202151-25b144db1d13 h1:cHNxbVT3MKM2NMe8OJW6IMCvbnkYNhZGDpRO4ih5z78=
|
||||||
k8s.io/cli-runtime v0.0.0-20230503202151-25b144db1d13/go.mod h1:SWPvktCaJCMBiAt+uuprkgjt8K++EQDR6Vi9WsRFUa0=
|
k8s.io/cli-runtime v0.0.0-20230503202151-25b144db1d13/go.mod h1:SWPvktCaJCMBiAt+uuprkgjt8K++EQDR6Vi9WsRFUa0=
|
||||||
k8s.io/client-go v0.0.0-20230503180226-bea472626f88 h1:C0e5pbYlyCBWp7xc9T2SibAxSVejLRwPPJV8PL/IwMs=
|
k8s.io/client-go v0.0.0-20230503180228-383ccb06d023 h1:9CprHW1NhSeWSxank219/4nRksrf7Rl1zO6RJV3slsI=
|
||||||
k8s.io/client-go v0.0.0-20230503180226-bea472626f88/go.mod h1:62+c5C/jVhURS7capiemXnHZEfLK7mqou1RmqBe51pQ=
|
k8s.io/client-go v0.0.0-20230503180228-383ccb06d023/go.mod h1:BuU28P2qajaOzSi264lej3x21rYA3z27T0nlrwFE4GY=
|
||||||
k8s.io/component-base v0.0.0-20230503184328-d8237c55bb0d h1:fFtyr79NYtiblUPlY9jBGOxz6oJ+InvkHO2CuXCt9kY=
|
k8s.io/component-base v0.0.0-20230503184328-d8237c55bb0d h1:fFtyr79NYtiblUPlY9jBGOxz6oJ+InvkHO2CuXCt9kY=
|
||||||
k8s.io/component-base v0.0.0-20230503184328-d8237c55bb0d/go.mod h1:whrRS7Eo7V9CAjv5tN/lSHTNdU7GimImJs2398lzkHg=
|
k8s.io/component-base v0.0.0-20230503184328-d8237c55bb0d/go.mod h1:whrRS7Eo7V9CAjv5tN/lSHTNdU7GimImJs2398lzkHg=
|
||||||
k8s.io/component-helpers v0.0.0-20230503184823-e13365989545 h1:we8rVlPuvlPzZu0GPqB5mfJiFVypCn1mHRtcj/+RE+k=
|
k8s.io/component-helpers v0.0.0-20230503184823-e13365989545 h1:we8rVlPuvlPzZu0GPqB5mfJiFVypCn1mHRtcj/+RE+k=
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@ import (
|
||||||
"k8s.io/cli-runtime/pkg/genericclioptions"
|
"k8s.io/cli-runtime/pkg/genericclioptions"
|
||||||
"k8s.io/cli-runtime/pkg/genericiooptions"
|
"k8s.io/cli-runtime/pkg/genericiooptions"
|
||||||
"k8s.io/cli-runtime/pkg/printers"
|
"k8s.io/cli-runtime/pkg/printers"
|
||||||
|
authenticationv1client "k8s.io/client-go/kubernetes/typed/authentication/v1"
|
||||||
authenticationv1alpha1client "k8s.io/client-go/kubernetes/typed/authentication/v1alpha1"
|
authenticationv1alpha1client "k8s.io/client-go/kubernetes/typed/authentication/v1alpha1"
|
||||||
authenticationv1beta1client "k8s.io/client-go/kubernetes/typed/authentication/v1beta1"
|
authenticationv1beta1client "k8s.io/client-go/kubernetes/typed/authentication/v1beta1"
|
||||||
cmdutil "k8s.io/kubectl/pkg/cmd/util"
|
cmdutil "k8s.io/kubectl/pkg/cmd/util"
|
||||||
|
|
@ -85,6 +86,11 @@ func (flags *WhoAmIFlags) ToOptions(ctx context.Context, args []string) (*WhoAmI
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
w.authV1Client, err = authenticationv1client.NewForConfig(clientConfig)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
if !flags.PrintFlags.OutputFlagSpecified() {
|
if !flags.PrintFlags.OutputFlagSpecified() {
|
||||||
w.resourcePrinterFunc = printTableSelfSubjectAccessReview
|
w.resourcePrinterFunc = printTableSelfSubjectAccessReview
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -103,6 +109,7 @@ func (flags *WhoAmIFlags) ToOptions(ctx context.Context, args []string) (*WhoAmI
|
||||||
type WhoAmIOptions struct {
|
type WhoAmIOptions struct {
|
||||||
authV1alpha1Client authenticationv1alpha1client.AuthenticationV1alpha1Interface
|
authV1alpha1Client authenticationv1alpha1client.AuthenticationV1alpha1Interface
|
||||||
authV1beta1Client authenticationv1beta1client.AuthenticationV1beta1Interface
|
authV1beta1Client authenticationv1beta1client.AuthenticationV1beta1Interface
|
||||||
|
authV1Client authenticationv1client.AuthenticationV1Interface
|
||||||
|
|
||||||
ctx context.Context
|
ctx context.Context
|
||||||
|
|
||||||
|
|
@ -166,6 +173,11 @@ func (o WhoAmIOptions) Run() error {
|
||||||
err error
|
err error
|
||||||
)
|
)
|
||||||
|
|
||||||
|
res, err = o.authV1Client.
|
||||||
|
SelfSubjectReviews().
|
||||||
|
Create(context.TODO(), &authenticationv1.SelfSubjectReview{}, metav1.CreateOptions{})
|
||||||
|
if err != nil && errors.IsNotFound(err) {
|
||||||
|
// Fallback to Beta API if Beta is not enabled
|
||||||
res, err = o.authV1beta1Client.
|
res, err = o.authV1beta1Client.
|
||||||
SelfSubjectReviews().
|
SelfSubjectReviews().
|
||||||
Create(context.TODO(), &authenticationv1beta1.SelfSubjectReview{}, metav1.CreateOptions{})
|
Create(context.TODO(), &authenticationv1beta1.SelfSubjectReview{}, metav1.CreateOptions{})
|
||||||
|
|
@ -175,6 +187,7 @@ func (o WhoAmIOptions) Run() error {
|
||||||
SelfSubjectReviews().
|
SelfSubjectReviews().
|
||||||
Create(context.TODO(), &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{})
|
Create(context.TODO(), &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{})
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch {
|
switch {
|
||||||
case errors.IsForbidden(err):
|
case errors.IsForbidden(err):
|
||||||
|
|
@ -194,6 +207,8 @@ func getUserInfo(obj runtime.Object) (authenticationv1.UserInfo, error) {
|
||||||
return obj.(*authenticationv1alpha1.SelfSubjectReview).Status.UserInfo, nil
|
return obj.(*authenticationv1alpha1.SelfSubjectReview).Status.UserInfo, nil
|
||||||
case *authenticationv1beta1.SelfSubjectReview:
|
case *authenticationv1beta1.SelfSubjectReview:
|
||||||
return obj.(*authenticationv1beta1.SelfSubjectReview).Status.UserInfo, nil
|
return obj.(*authenticationv1beta1.SelfSubjectReview).Status.UserInfo, nil
|
||||||
|
case *authenticationv1.SelfSubjectReview:
|
||||||
|
return obj.(*authenticationv1.SelfSubjectReview).Status.UserInfo, nil
|
||||||
default:
|
default:
|
||||||
return authenticationv1.UserInfo{}, fmt.Errorf("unexpected response type %T, expected SelfSubjectReview", obj)
|
return authenticationv1.UserInfo{}, fmt.Errorf("unexpected response type %T, expected SelfSubjectReview", obj)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,7 @@ func TestWhoAmIRun(t *testing.T) {
|
||||||
serverErr error
|
serverErr error
|
||||||
alphaDisabled bool
|
alphaDisabled bool
|
||||||
betaDisabled bool
|
betaDisabled bool
|
||||||
|
stableDisabled bool
|
||||||
|
|
||||||
expectedError error
|
expectedError error
|
||||||
expectedBodyStrings []string
|
expectedBodyStrings []string
|
||||||
|
|
@ -73,7 +74,7 @@ func TestWhoAmIRun(t *testing.T) {
|
||||||
expectedBodyStrings: []string{
|
expectedBodyStrings: []string{
|
||||||
`{
|
`{
|
||||||
"kind": "SelfSubjectReview",
|
"kind": "SelfSubjectReview",
|
||||||
"apiVersion": "authentication.k8s.io/v1beta1",
|
"apiVersion": "authentication.k8s.io/v1",
|
||||||
"metadata": {
|
"metadata": {
|
||||||
"creationTimestamp": null
|
"creationTimestamp": null
|
||||||
},
|
},
|
||||||
|
|
@ -119,12 +120,13 @@ func TestWhoAmIRun(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "JSON test no alpha",
|
name: "JSON test no alpha and stable",
|
||||||
o: &WhoAmIOptions{
|
o: &WhoAmIOptions{
|
||||||
resourcePrinterFunc: printers.NewTypeSetter(scheme.Scheme).ToPrinter(&printers.JSONPrinter{}).PrintObj,
|
resourcePrinterFunc: printers.NewTypeSetter(scheme.Scheme).ToPrinter(&printers.JSONPrinter{}).PrintObj,
|
||||||
},
|
},
|
||||||
args: []string{},
|
args: []string{},
|
||||||
alphaDisabled: true,
|
alphaDisabled: true,
|
||||||
|
stableDisabled: true,
|
||||||
expectedBodyStrings: []string{
|
expectedBodyStrings: []string{
|
||||||
`{
|
`{
|
||||||
"kind": "SelfSubjectReview",
|
"kind": "SelfSubjectReview",
|
||||||
|
|
@ -183,7 +185,7 @@ func TestWhoAmIRun(t *testing.T) {
|
||||||
expectedBodyStrings: []string{
|
expectedBodyStrings: []string{
|
||||||
`{
|
`{
|
||||||
"kind": "SelfSubjectReview",
|
"kind": "SelfSubjectReview",
|
||||||
"apiVersion": "authentication.k8s.io/v1alpha1",
|
"apiVersion": "authentication.k8s.io/v1",
|
||||||
"metadata": {
|
"metadata": {
|
||||||
"creationTimestamp": null
|
"creationTimestamp": null
|
||||||
},
|
},
|
||||||
|
|
@ -212,13 +214,14 @@ func TestWhoAmIRun(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "both API disabled",
|
name: "all API disabled",
|
||||||
o: &WhoAmIOptions{
|
o: &WhoAmIOptions{
|
||||||
resourcePrinterFunc: printTableSelfSubjectAccessReview,
|
resourcePrinterFunc: printTableSelfSubjectAccessReview,
|
||||||
},
|
},
|
||||||
args: []string{},
|
args: []string{},
|
||||||
betaDisabled: true,
|
betaDisabled: true,
|
||||||
alphaDisabled: true,
|
alphaDisabled: true,
|
||||||
|
stableDisabled: true,
|
||||||
expectedError: notEnabledErr,
|
expectedError: notEnabledErr,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -304,12 +307,23 @@ func TestWhoAmIRun(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
return true, res, nil
|
return true, res, nil
|
||||||
|
case "authentication.k8s.io/v1":
|
||||||
|
if test.stableDisabled {
|
||||||
|
return true, nil, errors.NewNotFound(corev1.Resource("selfsubjectreviews"), "foo")
|
||||||
|
}
|
||||||
|
res := &authenticationv1.SelfSubjectReview{
|
||||||
|
Status: authenticationv1.SelfSubjectReviewStatus{
|
||||||
|
UserInfo: ui,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
return true, res, nil
|
||||||
default:
|
default:
|
||||||
return false, nil, fmt.Errorf("unknown API")
|
return false, nil, fmt.Errorf("unknown API")
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
test.o.authV1beta1Client = fakeAuthClientSet.AuthenticationV1beta1()
|
test.o.authV1beta1Client = fakeAuthClientSet.AuthenticationV1beta1()
|
||||||
test.o.authV1alpha1Client = fakeAuthClientSet.AuthenticationV1alpha1()
|
test.o.authV1alpha1Client = fakeAuthClientSet.AuthenticationV1alpha1()
|
||||||
|
test.o.authV1Client = fakeAuthClientSet.AuthenticationV1()
|
||||||
|
|
||||||
err := test.o.Run()
|
err := test.o.Run()
|
||||||
switch {
|
switch {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue