k3s/pkg/registry/core/secret/strategy.go

/*
Copyright 2015 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package secret

import (
	"fmt"

	"k8s.io/apimachinery/pkg/api/errors"
	"k8s.io/apimachinery/pkg/fields"
	"k8s.io/apimachinery/pkg/labels"
	"k8s.io/apimachinery/pkg/runtime"
	"k8s.io/apimachinery/pkg/util/validation/field"
	genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
	"k8s.io/apiserver/pkg/registry/generic"
	"k8s.io/apiserver/pkg/registry/rest"
	apistorage "k8s.io/apiserver/pkg/storage"
	"k8s.io/apiserver/pkg/storage/names"
	"k8s.io/kubernetes/pkg/api/legacyscheme"
	api "k8s.io/kubernetes/pkg/apis/core"
	"k8s.io/kubernetes/pkg/apis/core/validation"
)

// strategy implements behavior for Secret objects
type strategy struct {
	runtime.ObjectTyper
	names.NameGenerator
}

// Strategy is the default logic that applies when creating and updating Secret
// objects via the REST API.
var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator}

var _ = rest.RESTCreateStrategy(Strategy)

var _ = rest.RESTUpdateStrategy(Strategy)

func (strategy) NamespaceScoped() bool {
	return true
}

func (strategy) PrepareForCreate(ctx genericapirequest.Context, obj runtime.Object) {
}

func (strategy) Validate(ctx genericapirequest.Context, obj runtime.Object) field.ErrorList {
	return validation.ValidateSecret(obj.(*api.Secret))
}

func (strategy) Canonicalize(obj runtime.Object) {
}

func (strategy) AllowCreateOnUpdate() bool {
	return false
}

func (strategy) PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime.Object) {
}

func (strategy) ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList {
	return validation.ValidateSecretUpdate(obj.(*api.Secret), old.(*api.Secret))
}

func (strategy) AllowUnconditionalUpdate() bool {
	return true
}

func (s strategy) Export(ctx genericapirequest.Context, obj runtime.Object, exact bool) error {
	t, ok := obj.(*api.Secret)
	if !ok {
		// unexpected programmer error
		return fmt.Errorf("unexpected object: %v", obj)
	}
	s.PrepareForCreate(ctx, obj)
	if exact {
		return nil
	}
	// secrets that are tied to the UID of a service account cannot be exported anyway
	if t.Type == api.SecretTypeServiceAccountToken || len(t.Annotations[api.ServiceAccountUIDKey]) > 0 {
		errs := []*field.Error{
			field.Invalid(field.NewPath("type"), t, "can not export service account secrets"),
		}
		return errors.NewInvalid(api.Kind("Secret"), t.Name, errs)
	}
	return nil
}

// GetAttrs returns labels and fields of a given object for filtering purposes.
func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, bool, error) {
	secret, ok := obj.(*api.Secret)
	if !ok {
		return nil, nil, false, fmt.Errorf("not a secret")
	}
	return labels.Set(secret.Labels), SelectableFields(secret), secret.Initializers != nil, nil
}

// Matcher returns a generic matcher for a given label and field selector.
func Matcher(label labels.Selector, field fields.Selector) apistorage.SelectionPredicate {
	return apistorage.SelectionPredicate{
		Label:    label,
		Field:    field,
		GetAttrs: GetAttrs,
	}
}

// SelectableFields returns a field set that can be used for filter selection
func SelectableFields(obj *api.Secret) fields.Set {
	objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&obj.ObjectMeta, true)
	secretSpecificFieldsSet := fields.Set{
		"type": string(obj.Type),
	}
	return generic.MergeFieldsSets(objectMetaFieldsSet, secretSpecificFieldsSet)
}
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`/*`
Remove "All rights reserved" from all the headers. 2016-06-03 00:25:58 +00:00			`Copyright 2015 The Kubernetes Authors.`
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package secret`

			`import (`
			`"fmt"`

mechanical 2017-01-13 17:48:50 +00:00			`"k8s.io/apimachinery/pkg/api/errors"`
move pkg/fields to apimachinery 2017-01-19 14:50:16 +00:00			`"k8s.io/apimachinery/pkg/fields"`
start the apimachinery repo 2017-01-11 14:09:48 +00:00			`"k8s.io/apimachinery/pkg/labels"`
			`"k8s.io/apimachinery/pkg/runtime"`
			`"k8s.io/apimachinery/pkg/util/validation/field"`
genericapiserver: fix imports 2017-01-17 10:38:25 +00:00			`genericapirequest "k8s.io/apiserver/pkg/endpoints/request"`
Mechanical fixup imports: pkg/genericapiserver 2017-02-02 09:25:56 +00:00			`"k8s.io/apiserver/pkg/registry/generic"`
			`"k8s.io/apiserver/pkg/registry/rest"`
move pkg/storage to apiserver 2017-01-31 16:47:19 +00:00			`apistorage "k8s.io/apiserver/pkg/storage"`
move name generation to generic api server storage helpers 2017-01-13 19:56:52 +00:00			`"k8s.io/apiserver/pkg/storage/names"`
pkg/api/legacyscheme: fixup imports 2017-10-16 11:41:50 +00:00			`"k8s.io/kubernetes/pkg/api/legacyscheme"`
pkg/apis/core: mechanical import fixes in dependencies 2017-11-08 22:34:54 +00:00			`api "k8s.io/kubernetes/pkg/apis/core"`
			`"k8s.io/kubernetes/pkg/apis/core/validation"`
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`)`

			`// strategy implements behavior for Secret objects`
			`type strategy struct {`
			`runtime.ObjectTyper`
move name generation to generic api server storage helpers 2017-01-13 19:56:52 +00:00			`names.NameGenerator`
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`}`

			`// Strategy is the default logic that applies when creating and updating Secret`
			`// objects via the REST API.`
pkg/api/legacyscheme: fixup imports 2017-10-16 11:41:50 +00:00			`var Strategy = strategy{legacyscheme.Scheme, names.SimpleNameGenerator}`
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00
			`var _ = rest.RESTCreateStrategy(Strategy)`

			`var _ = rest.RESTUpdateStrategy(Strategy)`

			`func (strategy) NamespaceScoped() bool {`
			`return true`
			`}`

Move pkg/api.{Context,RequestContextMapper} into pkg/genericapiserver/api/request 2017-01-02 14:07:36 +00:00			`func (strategy) PrepareForCreate(ctx genericapirequest.Context, obj runtime.Object) {`
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`}`

Move pkg/api.{Context,RequestContextMapper} into pkg/genericapiserver/api/request 2017-01-02 14:07:36 +00:00			`func (strategy) Validate(ctx genericapirequest.Context, obj runtime.Object) field.ErrorList {`
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`return validation.ValidateSecret(obj.(*api.Secret))`
			`}`

Add a REST hook for post-validation canonicalize This is a simple hook that only Endpoints uses for now. 2015-11-13 05:13:16 +00:00			`func (strategy) Canonicalize(obj runtime.Object) {`
			`}`

Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`func (strategy) AllowCreateOnUpdate() bool {`
			`return false`
			`}`

Move pkg/api.{Context,RequestContextMapper} into pkg/genericapiserver/api/request 2017-01-02 14:07:36 +00:00			`func (strategy) PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime.Object) {`
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`}`

Move pkg/api.{Context,RequestContextMapper} into pkg/genericapiserver/api/request 2017-01-02 14:07:36 +00:00			`func (strategy) ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList {`
Make order of fun consistent 2015-11-04 07:47:11 +00:00			`return validation.ValidateSecretUpdate(obj.(api.Secret), old.(api.Secret))`
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`}`

Allow update without resource version 2015-06-19 00:42:01 +00:00			`func (strategy) AllowUnconditionalUpdate() bool {`
			`return true`
			`}`

Move pkg/api.{Context,RequestContextMapper} into pkg/genericapiserver/api/request 2017-01-02 14:07:36 +00:00			`func (s strategy) Export(ctx genericapirequest.Context, obj runtime.Object, exact bool) error {`
Add a server side export facility 2015-12-01 23:45:29 +00:00			`t, ok := obj.(*api.Secret)`
			`if !ok {`
			`// unexpected programmer error`
			`return fmt.Errorf("unexpected object: %v", obj)`
			`}`
Plumb context to strategy methods 2016-08-08 20:15:33 +00:00			`s.PrepareForCreate(ctx, obj)`
Add a server side export facility 2015-12-01 23:45:29 +00:00			`if exact {`
			`return nil`
			`}`
			`// secrets that are tied to the UID of a service account cannot be exported anyway`
			`if t.Type == api.SecretTypeServiceAccountToken \|\| len(t.Annotations[api.ServiceAccountUIDKey]) > 0 {`
			`errs := []*field.Error{`
			`field.Invalid(field.NewPath("type"), t, "can not export service account secrets"),`
			`}`
update StatusDetails to handle Groups 2015-12-10 18:32:29 +00:00			`return errors.NewInvalid(api.Kind("Secret"), t.Name, errs)`
Add a server side export facility 2015-12-01 23:45:29 +00:00			`}`
			`return nil`
			`}`

Cache fields for filtering in watchCache. 2016-11-16 09:19:55 +00:00			`// GetAttrs returns labels and fields of a given object for filtering purposes.`
Grow signature for predicate attributes to include init status 2017-05-26 22:43:42 +00:00			`func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, bool, error) {`
Cache fields for filtering in watchCache. 2016-11-16 09:19:55 +00:00			`secret, ok := obj.(*api.Secret)`
			`if !ok {`
Grow signature for predicate attributes to include init status 2017-05-26 22:43:42 +00:00			`return nil, nil, false, fmt.Errorf("not a secret")`
Cache fields for filtering in watchCache. 2016-11-16 09:19:55 +00:00			`}`
Grow signature for predicate attributes to include init status 2017-05-26 22:43:42 +00:00			`return labels.Set(secret.Labels), SelectableFields(secret), secret.Initializers != nil, nil`
Cache fields for filtering in watchCache. 2016-11-16 09:19:55 +00:00			`}`

Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`// Matcher returns a generic matcher for a given label and field selector.`
pass SelectionPredicate instead of Filter to storage layer 2016-08-23 03:41:21 +00:00			`func Matcher(label labels.Selector, field fields.Selector) apistorage.SelectionPredicate {`
			`return apistorage.SelectionPredicate{`
Cache fields for filtering in watchCache. 2016-11-16 09:19:55 +00:00			`Label: label,`
			`Field: field,`
			`GetAttrs: GetAttrs,`
change all PredicateFunc to use SelectionPredicate 2016-08-12 18:50:51 +00:00			`}`
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`}`

change all PredicateFunc to use SelectionPredicate 2016-08-12 18:50:51 +00:00			`// SelectableFields returns a field set that can be used for filter selection`
			`func SelectableFields(obj *api.Secret) fields.Set {`
More efficient field selectors 2016-08-23 14:34:02 +00:00			`objectMetaFieldsSet := generic.ObjectMetaFieldsSet(&obj.ObjectMeta, true)`
Add missing field label conversions Added missing field labels conversion functions for kinds: - ConfigMap - DaemonSet - Deployment - Endpoints - Event - Ingress - Job - PersistentVolume - PersistentVolumeClaim - ResourceQuota - Secret - Service Completed conversion functions of few other kinds: - Namespace - ServiceAccount Added tests suite for the above. Signed-off-by: Michal Minar <miminar@redhat.com> 2015-10-29 16:34:59 +00:00			`secretSpecificFieldsSet := fields.Set{`
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`"type": string(obj.Type),`
			`}`
change all PredicateFunc to use SelectionPredicate 2016-08-12 18:50:51 +00:00			`return generic.MergeFieldsSets(objectMetaFieldsSet, secretSpecificFieldsSet)`
Convert Secret registry to use update/create strategy, allow filtering by Type 2015-04-28 03:50:56 +00:00			`}`