kubernetes
/
kubectl
mirror of https://github.com/kubernetes/kubectl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

KEP-3325: Promote SelfSubjectReview to GA 

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

Kubernetes-commit: 40de26dcff80f29380a4ba90a93ce3ece7482b78
This commit is contained in:
m.nabokikh 2023-05-02 01:26:20 +02:00 committed by Kubernetes Publisher
parent a9f0a4fbaa
commit deeeaea2a7
2 changed files with 50 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pkg/cmd/auth/whoami.go
View File

@ -32,6 +32,7 @@ import (
"k8s.io/cli-runtime/pkg/genericclioptions" "k8s.io/cli-runtime/pkg/genericclioptions"
"k8s.io/cli-runtime/pkg/genericiooptions" "k8s.io/cli-runtime/pkg/genericiooptions"
"k8s.io/cli-runtime/pkg/printers" "k8s.io/cli-runtime/pkg/printers"
authenticationv1client "k8s.io/client-go/kubernetes/typed/authentication/v1"
authenticationv1alpha1client "k8s.io/client-go/kubernetes/typed/authentication/v1alpha1" authenticationv1alpha1client "k8s.io/client-go/kubernetes/typed/authentication/v1alpha1"
authenticationv1beta1client "k8s.io/client-go/kubernetes/typed/authentication/v1beta1" authenticationv1beta1client "k8s.io/client-go/kubernetes/typed/authentication/v1beta1"
cmdutil "k8s.io/kubectl/pkg/cmd/util" cmdutil "k8s.io/kubectl/pkg/cmd/util"
@ -85,6 +86,11 @@ func (flags *WhoAmIFlags) ToOptions(ctx context.Context, args []string) (*WhoAmI
return nil, err return nil, err
} }
w.authV1Client, err = authenticationv1client.NewForConfig(clientConfig)
if err != nil {
return nil, err
}
if !flags.PrintFlags.OutputFlagSpecified() { if !flags.PrintFlags.OutputFlagSpecified() {
w.resourcePrinterFunc = printTableSelfSubjectAccessReview w.resourcePrinterFunc = printTableSelfSubjectAccessReview
} else { } else {
@ -103,6 +109,7 @@ func (flags *WhoAmIFlags) ToOptions(ctx context.Context, args []string) (*WhoAmI
type WhoAmIOptions struct { type WhoAmIOptions struct {
authV1alpha1Client authenticationv1alpha1client.AuthenticationV1alpha1Interface authV1alpha1Client authenticationv1alpha1client.AuthenticationV1alpha1Interface
authV1beta1Client authenticationv1beta1client.AuthenticationV1beta1Interface authV1beta1Client authenticationv1beta1client.AuthenticationV1beta1Interface
authV1Client authenticationv1client.AuthenticationV1Interface
ctx context.Context ctx context.Context
@ -166,14 +173,20 @@ func (o WhoAmIOptions) Run() error {
err error err error
) )
res, err = o.authV1beta1Client. res, err = o.authV1Client.
SelfSubjectReviews(). SelfSubjectReviews().
Create(context.TODO(), &authenticationv1beta1.SelfSubjectReview{}, metav1.CreateOptions{}) Create(context.TODO(), &authenticationv1.SelfSubjectReview{}, metav1.CreateOptions{})
if err != nil && errors.IsNotFound(err) { if err != nil && errors.IsNotFound(err) {
// Fallback to Alpha API if Beta is not enabled // Fallback to Beta API if Beta is not enabled
res, err = o.authV1alpha1Client. res, err = o.authV1beta1Client.
SelfSubjectReviews(). SelfSubjectReviews().
Create(context.TODO(), &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{}) Create(context.TODO(), &authenticationv1beta1.SelfSubjectReview{}, metav1.CreateOptions{})
if err != nil && errors.IsNotFound(err) {
// Fallback to Alpha API if Beta is not enabled
res, err = o.authV1alpha1Client.
SelfSubjectReviews().
Create(context.TODO(), &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{})
}
} }
if err != nil { if err != nil {
switch { switch {
@ -194,6 +207,8 @@ func getUserInfo(obj runtime.Object) (authenticationv1.UserInfo, error) {
return obj.(*authenticationv1alpha1.SelfSubjectReview).Status.UserInfo, nil return obj.(*authenticationv1alpha1.SelfSubjectReview).Status.UserInfo, nil
case *authenticationv1beta1.SelfSubjectReview: case *authenticationv1beta1.SelfSubjectReview:
return obj.(*authenticationv1beta1.SelfSubjectReview).Status.UserInfo, nil return obj.(*authenticationv1beta1.SelfSubjectReview).Status.UserInfo, nil
case *authenticationv1.SelfSubjectReview:
return obj.(*authenticationv1.SelfSubjectReview).Status.UserInfo, nil
default: default:
return authenticationv1.UserInfo{}, fmt.Errorf("unexpected response type %T, expected SelfSubjectReview", obj) return authenticationv1.UserInfo{}, fmt.Errorf("unexpected response type %T, expected SelfSubjectReview", obj)
} }

46
pkg/cmd/auth/whoami_test.go
View File

@ -38,12 +38,13 @@ import (
func TestWhoAmIRun(t *testing.T) { func TestWhoAmIRun(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
o *WhoAmIOptions o *WhoAmIOptions
args []string args []string
serverErr error serverErr error
alphaDisabled bool alphaDisabled bool
betaDisabled bool betaDisabled bool
stableDisabled bool
expectedError error expectedError error
expectedBodyStrings []string expectedBodyStrings []string
@ -73,7 +74,7 @@ func TestWhoAmIRun(t *testing.T) {
expectedBodyStrings: []string{ expectedBodyStrings: []string{
`{ `{
"kind": "SelfSubjectReview", "kind": "SelfSubjectReview",
"apiVersion": "authentication.k8s.io/v1beta1", "apiVersion": "authentication.k8s.io/v1",
"metadata": { "metadata": {
"creationTimestamp": null "creationTimestamp": null
}, },
@ -119,12 +120,13 @@ func TestWhoAmIRun(t *testing.T) {
}, },
}, },
{ {
name: "JSON test no alpha", name: "JSON test no alpha and stable",
o: &WhoAmIOptions{ o: &WhoAmIOptions{
resourcePrinterFunc: printers.NewTypeSetter(scheme.Scheme).ToPrinter(&printers.JSONPrinter{}).PrintObj, resourcePrinterFunc: printers.NewTypeSetter(scheme.Scheme).ToPrinter(&printers.JSONPrinter{}).PrintObj,
}, },
args: []string{}, args: []string{},
alphaDisabled: true, alphaDisabled: true,
stableDisabled: true,
expectedBodyStrings: []string{ expectedBodyStrings: []string{
`{ `{
"kind": "SelfSubjectReview", "kind": "SelfSubjectReview",
@ -183,7 +185,7 @@ func TestWhoAmIRun(t *testing.T) {
expectedBodyStrings: []string{ expectedBodyStrings: []string{
`{ `{
"kind": "SelfSubjectReview", "kind": "SelfSubjectReview",
"apiVersion": "authentication.k8s.io/v1alpha1", "apiVersion": "authentication.k8s.io/v1",
"metadata": { "metadata": {
"creationTimestamp": null "creationTimestamp": null
}, },
@ -212,14 +214,15 @@ func TestWhoAmIRun(t *testing.T) {
}, },
}, },
{ {
name: "both API disabled", name: "all API disabled",
o: &WhoAmIOptions{ o: &WhoAmIOptions{
resourcePrinterFunc: printTableSelfSubjectAccessReview, resourcePrinterFunc: printTableSelfSubjectAccessReview,
}, },
args: []string{}, args: []string{},
betaDisabled: true, betaDisabled: true,
alphaDisabled: true, alphaDisabled: true,
expectedError: notEnabledErr, stableDisabled: true,
expectedError: notEnabledErr,
}, },
{ {
name: "Forbidden error", name: "Forbidden error",
@ -304,12 +307,23 @@ func TestWhoAmIRun(t *testing.T) {
}, },
} }
return true, res, nil return true, res, nil
case "authentication.k8s.io/v1":
if test.stableDisabled {
return true, nil, errors.NewNotFound(corev1.Resource("selfsubjectreviews"), "foo")
}
res := &authenticationv1.SelfSubjectReview{
Status: authenticationv1.SelfSubjectReviewStatus{
UserInfo: ui,
},
}
return true, res, nil
default: default:
return false, nil, fmt.Errorf("unknown API") return false, nil, fmt.Errorf("unknown API")
} }
}) })
test.o.authV1beta1Client = fakeAuthClientSet.AuthenticationV1beta1() test.o.authV1beta1Client = fakeAuthClientSet.AuthenticationV1beta1()
test.o.authV1alpha1Client = fakeAuthClientSet.AuthenticationV1alpha1() test.o.authV1alpha1Client = fakeAuthClientSet.AuthenticationV1alpha1()
test.o.authV1Client = fakeAuthClientSet.AuthenticationV1()
err := test.o.Run() err := test.o.Run()
switch { switch {