mirror of https://github.com/k3s-io/k3s
staging/src/*: run gofmt
Dr. Stefan Schimanski
parent
f6a2915f26
commit
3a6469c5ac
|
|
@ -17,18 +17,18 @@ limitations under the License.
|
|||
package testing
|
||||
|
||||
import (
|
||||
"os"
|
||||
"mime"
|
||||
"fmt"
|
||||
"mime"
|
||||
"os"
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
|
||||
"k8s.io/apimachinery/pkg/runtime/serializer/recognizer"
|
||||
)
|
||||
|
||||
var (
|
||||
testCodecMediaType string
|
||||
testCodecMediaType string
|
||||
testStorageCodecMediaType string
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -27,17 +27,17 @@ func TestValueFuzz(t *testing.T) {
|
|||
U uint
|
||||
}
|
||||
X struct {
|
||||
Ptr *X
|
||||
Y Y
|
||||
Map map[string]int
|
||||
Ptr *X
|
||||
Y Y
|
||||
Map map[string]int
|
||||
Slice []int
|
||||
}
|
||||
)
|
||||
|
||||
x := X{
|
||||
Ptr: &X{},
|
||||
Map: map[string]int{"foo": 42},
|
||||
Slice: []int{1,2,3},
|
||||
Ptr: &X{},
|
||||
Map: map[string]int{"foo": 42},
|
||||
Slice: []int{1, 2, 3},
|
||||
}
|
||||
|
||||
p := x.Ptr
|
||||
|
|
|
|||
|
|
@ -49,8 +49,8 @@ func TestListOptions(t *testing.T) {
|
|||
|
||||
// verify failing conversion
|
||||
for i, failingObject := range []*metav1.ListOptions{
|
||||
&metav1.ListOptions{LabelSelector: "a!!!"},
|
||||
&metav1.ListOptions{FieldSelector: "a!!!"},
|
||||
{LabelSelector: "a!!!"},
|
||||
{FieldSelector: "a!!!"},
|
||||
} {
|
||||
out = &ListOptions{}
|
||||
if err := scheme.Convert(failingObject, out, nil); err == nil {
|
||||
|
|
|
|||
|
|
@ -29,28 +29,28 @@ import (
|
|||
|
||||
// Definte a number of test types.
|
||||
type A struct {
|
||||
A int `json:"aa,omitempty"`
|
||||
A int `json:"aa,omitempty"`
|
||||
B string `json:"ab,omitempty"`
|
||||
C bool `json:"ac,omitempty"`
|
||||
C bool `json:"ac,omitempty"`
|
||||
}
|
||||
|
||||
type B struct {
|
||||
A A `json:"ba"`
|
||||
B string `json:"bb"`
|
||||
A A `json:"ba"`
|
||||
B string `json:"bb"`
|
||||
C map[string]string `json:"bc"`
|
||||
D []string `json:"bd"`
|
||||
D []string `json:"bd"`
|
||||
}
|
||||
|
||||
type C struct {
|
||||
A []A `json:"ca"`
|
||||
B B `json:",inline"`
|
||||
C string `json:"cc"`
|
||||
D *int64 `json:"cd"`
|
||||
A []A `json:"ca"`
|
||||
B B `json:",inline"`
|
||||
C string `json:"cc"`
|
||||
D *int64 `json:"cd"`
|
||||
E map[string]int `json:"ce"`
|
||||
F []bool `json:"cf"`
|
||||
G []int `json"cg"`
|
||||
H float32 `json:ch"`
|
||||
I []interface{} `json:"ci"`
|
||||
F []bool `json:"cf"`
|
||||
G []int `json"cg"`
|
||||
H float32 `json:ch"`
|
||||
I []interface{} `json:"ci"`
|
||||
}
|
||||
|
||||
type D struct {
|
||||
|
|
@ -62,15 +62,15 @@ type E struct {
|
|||
}
|
||||
|
||||
type F struct {
|
||||
A string `json:"fa"`
|
||||
A string `json:"fa"`
|
||||
B map[string]string `json:"fb"`
|
||||
C []A `json:"fc"`
|
||||
D int `json:"fd"`
|
||||
E float32 `json:"fe"`
|
||||
F []string `json:"ff"`
|
||||
G []int `json:"fg"`
|
||||
H []bool `json:"fh"`
|
||||
I []float32 `json:"fi"`
|
||||
C []A `json:"fc"`
|
||||
D int `json:"fd"`
|
||||
E float32 `json:"fe"`
|
||||
F []string `json:"ff"`
|
||||
G []int `json:"fg"`
|
||||
H []bool `json:"fh"`
|
||||
I []float32 `json:"fi"`
|
||||
}
|
||||
|
||||
// Implement runtime.Object to make types usable for tests.
|
||||
|
|
@ -142,7 +142,7 @@ func doRoundTrip(t *testing.T, item runtime.Object) {
|
|||
|
||||
func TestRoundTrip(t *testing.T) {
|
||||
intVal := int64(42)
|
||||
testCases := []struct{
|
||||
testCases := []struct {
|
||||
obj runtime.Object
|
||||
}{
|
||||
{
|
||||
|
|
@ -250,10 +250,10 @@ func doUnrecognized(t *testing.T, jsonData string, item runtime.Object, expected
|
|||
}
|
||||
|
||||
func TestUnrecognized(t *testing.T) {
|
||||
testCases := []struct{
|
||||
testCases := []struct {
|
||||
data string
|
||||
obj runtime.Object
|
||||
err error
|
||||
err error
|
||||
}{
|
||||
{
|
||||
data: "{\"da\":[3.0,\"3.0\",null]}",
|
||||
|
|
@ -265,15 +265,15 @@ func TestUnrecognized(t *testing.T) {
|
|||
},
|
||||
{
|
||||
data: "{\"ea\":[null,null,null]}",
|
||||
obj: &E{},
|
||||
obj: &E{},
|
||||
},
|
||||
{
|
||||
data: "{\"ea\":[[],[null]]}",
|
||||
obj: &E{},
|
||||
obj: &E{},
|
||||
},
|
||||
{
|
||||
data: "{\"ea\":{\"a\":[],\"b\":null}}",
|
||||
obj: &E{},
|
||||
obj: &E{},
|
||||
},
|
||||
{
|
||||
data: "{\"fa\":\"fa\",\"fb\":{\"a\":\"a\"}}",
|
||||
|
|
|
|||
|
|
@ -20,8 +20,8 @@ import (
|
|||
"fmt"
|
||||
"reflect"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/json"
|
||||
"github.com/evanphx/json-patch"
|
||||
"k8s.io/apimachinery/pkg/util/json"
|
||||
"k8s.io/apimachinery/pkg/util/mergepatch"
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -21,9 +21,9 @@ import (
|
|||
"reflect"
|
||||
"testing"
|
||||
|
||||
"github.com/davecgh/go-spew/spew"
|
||||
"github.com/evanphx/json-patch"
|
||||
"github.com/ghodss/yaml"
|
||||
"github.com/davecgh/go-spew/spew"
|
||||
"k8s.io/apimachinery/pkg/util/json"
|
||||
)
|
||||
|
||||
|
|
@ -32,9 +32,9 @@ type FilterNullTestCases struct {
|
|||
}
|
||||
|
||||
type FilterNullTestCase struct {
|
||||
Description string
|
||||
OriginalObj map[string]interface{}
|
||||
ExpectedWithNull map[string]interface{}
|
||||
Description string
|
||||
OriginalObj map[string]interface{}
|
||||
ExpectedWithNull map[string]interface{}
|
||||
ExpectedWithoutNull map[string]interface{}
|
||||
}
|
||||
|
||||
|
|
@ -171,7 +171,6 @@ func TestKeepOrDeleteNullInObj(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
type JSONMergePatchTestCases struct {
|
||||
TestCases []JSONMergePatchTestCase
|
||||
}
|
||||
|
|
@ -622,10 +621,10 @@ func testPatchApplication(t *testing.T, original, patch, expected []byte, descri
|
|||
|
||||
func threeWayTestCaseToJSONOrFail(t *testing.T, c JSONMergePatchTestCase) ([]byte, []byte, []byte, []byte, []byte) {
|
||||
return testObjectToJSONOrFail(t, c.Original),
|
||||
testObjectToJSONOrFail(t, c.Modified),
|
||||
testObjectToJSONOrFail(t, c.Current),
|
||||
testObjectToJSONOrFail(t, c.ThreeWay),
|
||||
testObjectToJSONOrFail(t, c.Result)
|
||||
testObjectToJSONOrFail(t, c.Modified),
|
||||
testObjectToJSONOrFail(t, c.Current),
|
||||
testObjectToJSONOrFail(t, c.ThreeWay),
|
||||
testObjectToJSONOrFail(t, c.Result)
|
||||
}
|
||||
|
||||
func testObjectToJSONOrFail(t *testing.T, o map[string]interface{}) []byte {
|
||||
|
|
@ -661,4 +660,4 @@ func jsonToYAML(j []byte) ([]byte, error) {
|
|||
return nil, fmt.Errorf("json to yaml failed: %v\n%v\n", err, j)
|
||||
}
|
||||
return y, nil
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,8 +23,8 @@ import (
|
|||
"strings"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/json"
|
||||
forkedjson "k8s.io/apimachinery/third_party/forked/golang/json"
|
||||
"k8s.io/apimachinery/pkg/util/mergepatch"
|
||||
forkedjson "k8s.io/apimachinery/third_party/forked/golang/json"
|
||||
)
|
||||
|
||||
// An alternate implementation of JSON Merge Patch
|
||||
|
|
|
|||
|
|
@ -22,8 +22,8 @@ import (
|
|||
apitesting "k8s.io/apimachinery/pkg/api/testing"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
|
||||
examplev1 "k8s.io/apiserver/pkg/apis/example/v1"
|
||||
"k8s.io/apiserver/pkg/apis/example"
|
||||
examplev1 "k8s.io/apiserver/pkg/apis/example/v1"
|
||||
)
|
||||
|
||||
// overrideGenericFuncs override some generic fuzzer funcs from k8s.io/apiserver in order to have more realistic
|
||||
|
|
|
|||
|
|
@ -21,10 +21,10 @@ import (
|
|||
)
|
||||
|
||||
type (
|
||||
ConditionStatus string
|
||||
ConditionStatus string
|
||||
PodConditionType string
|
||||
PodPhase string
|
||||
RestartPolicy string
|
||||
PodPhase string
|
||||
RestartPolicy string
|
||||
)
|
||||
|
||||
// Pod is a collection of containers, used as either input (create, update) or as output (list, get).
|
||||
|
|
|
|||
|
|
@ -23,4 +23,3 @@ import (
|
|||
func addDefaultingFuncs(scheme *runtime.Scheme) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,10 +21,10 @@ import (
|
|||
)
|
||||
|
||||
type (
|
||||
ConditionStatus string
|
||||
ConditionStatus string
|
||||
PodConditionType string
|
||||
PodPhase string
|
||||
RestartPolicy string
|
||||
PodPhase string
|
||||
RestartPolicy string
|
||||
)
|
||||
|
||||
// Pod is a collection of containers, used as either input (create, update) or as output (list, get).
|
||||
|
|
|
|||
|
|
@ -17,24 +17,24 @@ limitations under the License.
|
|||
package x509
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"reflect"
|
||||
"sort"
|
||||
"testing"
|
||||
"time"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"reflect"
|
||||
"sort"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/apiserver/pkg/authentication/authenticator"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/apiserver/pkg/authentication/authenticator"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
)
|
||||
|
||||
const (
|
||||
rootCACert = `-----BEGIN CERTIFICATE-----
|
||||
rootCACert = `-----BEGIN CERTIFICATE-----
|
||||
MIIDOTCCAqKgAwIBAgIJAOoObf5kuGgZMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNV
|
||||
BAYTAlVTMREwDwYDVQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTEPMA0G
|
||||
A1UEChMGTXkgT3JnMRAwDgYDVQQLEwdNeSBVbml0MRAwDgYDVQQDEwdST09UIENB
|
||||
|
|
@ -56,7 +56,7 @@ H9oc7u5zhTGXeV8WPg==
|
|||
-----END CERTIFICATE-----
|
||||
`
|
||||
|
||||
selfSignedCert = `-----BEGIN CERTIFICATE-----
|
||||
selfSignedCert = `-----BEGIN CERTIFICATE-----
|
||||
MIIDEzCCAnygAwIBAgIJAMaPaFbGgJN+MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV
|
||||
BAYTAlVTMREwDwYDVQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTEPMA0G
|
||||
A1UEChMGTXkgT3JnMRAwDgYDVQQLEwdNeSBVbml0MQ4wDAYDVQQDEwVzZWxmMTAe
|
||||
|
|
@ -77,7 +77,7 @@ ze3kOoP+iWSmTySHMSKVMppp0Xnls6t38mrsXtPuY8fGD2GS6VllaizMqc3wShNK
|
|||
-----END CERTIFICATE-----
|
||||
`
|
||||
|
||||
clientCNCert = `Certificate:
|
||||
clientCNCert = `Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 1 (0x1)
|
||||
|
|
@ -151,7 +151,7 @@ AjARBglghkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADgYEACLy0gKU7vpp4
|
|||
i5fmaPPBNzzBFCaQoN3TAjrpwp5Z0kQ=
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
clientDNSCert = `Certificate:
|
||||
clientDNSCert = `Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 4 (0x4)
|
||||
|
|
@ -224,7 +224,7 @@ gGolrD3igQXkiStVY5otSto7xJdeGulvg7gFSty9q7CgddAetcWN8/aS8VLSgWf8
|
|||
b3TuSTdzCLz1JoZn9YIE/9tan/lr3y/1dWHypZELBVZb6NE211Z67X3lXyoIh8JI
|
||||
-----END CERTIFICATE-----`
|
||||
|
||||
clientEmailCert = `Certificate:
|
||||
clientEmailCert = `Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 2 (0x2)
|
||||
|
|
@ -299,7 +299,7 @@ BIaMiQ==
|
|||
-----END CERTIFICATE-----
|
||||
`
|
||||
|
||||
serverCert = `Certificate:
|
||||
serverCert = `Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 7 (0x7)
|
||||
|
|
@ -374,17 +374,17 @@ mFlG6tStAWz3TmydciZNdiEbeqHw5uaIYWj1zC5AdvFXBFue0ojIrJ5JtbTWccH9
|
|||
-----END CERTIFICATE-----
|
||||
`
|
||||
|
||||
/*
|
||||
openssl genrsa -out ca.key 4096
|
||||
openssl req -new -x509 -days 36500 \
|
||||
-sha256 -key ca.key -extensions v3_ca \
|
||||
-out ca.crt \
|
||||
-subj "/C=US/ST=My State/L=My City/O=My Org/O=My Org 1/O=My Org 2/CN=ROOT CA WITH GROUPS"
|
||||
openssl x509 -in ca.crt -text
|
||||
*/
|
||||
/*
|
||||
openssl genrsa -out ca.key 4096
|
||||
openssl req -new -x509 -days 36500 \
|
||||
-sha256 -key ca.key -extensions v3_ca \
|
||||
-out ca.crt \
|
||||
-subj "/C=US/ST=My State/L=My City/O=My Org/O=My Org 1/O=My Org 2/CN=ROOT CA WITH GROUPS"
|
||||
openssl x509 -in ca.crt -text
|
||||
*/
|
||||
|
||||
// A certificate with multiple organizations.
|
||||
caWithGroups = `Certificate:
|
||||
// A certificate with multiple organizations.
|
||||
caWithGroups = `Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number:
|
||||
|
|
@ -510,424 +510,424 @@ PKJQCs0CM0zkesktuLi/gFpuB0nEwyOgLg==
|
|||
)
|
||||
|
||||
func TestX509(t *testing.T) {
|
||||
multilevelOpts := DefaultVerifyOptions()
|
||||
multilevelOpts.Roots = x509.NewCertPool()
|
||||
multilevelOpts.Roots.AddCert(getCertsFromFile(t, "root")[0])
|
||||
multilevelOpts := DefaultVerifyOptions()
|
||||
multilevelOpts.Roots = x509.NewCertPool()
|
||||
multilevelOpts.Roots.AddCert(getCertsFromFile(t, "root")[0])
|
||||
|
||||
testCases := map[string]struct {
|
||||
Insecure bool
|
||||
Certs []*x509.Certificate
|
||||
testCases := map[string]struct {
|
||||
Insecure bool
|
||||
Certs []*x509.Certificate
|
||||
|
||||
Opts x509.VerifyOptions
|
||||
User UserConversion
|
||||
Opts x509.VerifyOptions
|
||||
User UserConversion
|
||||
|
||||
ExpectUserName string
|
||||
ExpectGroups []string
|
||||
ExpectOK bool
|
||||
ExpectErr bool
|
||||
}{
|
||||
"non-tls": {
|
||||
Insecure: true,
|
||||
ExpectUserName string
|
||||
ExpectGroups []string
|
||||
ExpectOK bool
|
||||
ExpectErr bool
|
||||
}{
|
||||
"non-tls": {
|
||||
Insecure: true,
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"tls, no certs": {
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"tls, no certs": {
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"self signed": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, selfSignedCert),
|
||||
User: CommonNameUserConversion,
|
||||
"self signed": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, selfSignedCert),
|
||||
User: CommonNameUserConversion,
|
||||
|
||||
ExpectErr: true,
|
||||
},
|
||||
ExpectErr: true,
|
||||
},
|
||||
|
||||
"server cert": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, serverCert),
|
||||
User: CommonNameUserConversion,
|
||||
"server cert": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, serverCert),
|
||||
User: CommonNameUserConversion,
|
||||
|
||||
ExpectErr: true,
|
||||
},
|
||||
"server cert allowing non-client cert usages": {
|
||||
Opts: x509.VerifyOptions{Roots: getRootCertPool(t)},
|
||||
Certs: getCerts(t, serverCert),
|
||||
User: CommonNameUserConversion,
|
||||
ExpectErr: true,
|
||||
},
|
||||
"server cert allowing non-client cert usages": {
|
||||
Opts: x509.VerifyOptions{Roots: getRootCertPool(t)},
|
||||
Certs: getCerts(t, serverCert),
|
||||
User: CommonNameUserConversion,
|
||||
|
||||
ExpectUserName: "127.0.0.1",
|
||||
ExpectGroups: []string{"My Org"},
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
ExpectUserName: "127.0.0.1",
|
||||
ExpectGroups: []string{"My Org"},
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"common name": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: CommonNameUserConversion,
|
||||
"common name": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: CommonNameUserConversion,
|
||||
|
||||
ExpectUserName: "client_cn",
|
||||
ExpectGroups: []string{"My Org"},
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"ca with multiple organizations": {
|
||||
Opts: x509.VerifyOptions{
|
||||
Roots: getRootCertPoolFor(t, caWithGroups),
|
||||
},
|
||||
Certs: getCerts(t, caWithGroups),
|
||||
User: CommonNameUserConversion,
|
||||
ExpectUserName: "client_cn",
|
||||
ExpectGroups: []string{"My Org"},
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"ca with multiple organizations": {
|
||||
Opts: x509.VerifyOptions{
|
||||
Roots: getRootCertPoolFor(t, caWithGroups),
|
||||
},
|
||||
Certs: getCerts(t, caWithGroups),
|
||||
User: CommonNameUserConversion,
|
||||
|
||||
ExpectUserName: "ROOT CA WITH GROUPS",
|
||||
ExpectGroups: []string{"My Org", "My Org 1", "My Org 2"},
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"empty dns": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: DNSNameUserConversion,
|
||||
ExpectUserName: "ROOT CA WITH GROUPS",
|
||||
ExpectGroups: []string{"My Org", "My Org 1", "My Org 2"},
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"empty dns": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: DNSNameUserConversion,
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"dns": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientDNSCert),
|
||||
User: DNSNameUserConversion,
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"dns": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientDNSCert),
|
||||
User: DNSNameUserConversion,
|
||||
|
||||
ExpectUserName: "client_dns.example.com",
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
ExpectUserName: "client_dns.example.com",
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"empty email": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: EmailAddressUserConversion,
|
||||
"empty email": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: EmailAddressUserConversion,
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"email": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientEmailCert),
|
||||
User: EmailAddressUserConversion,
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"email": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientEmailCert),
|
||||
User: EmailAddressUserConversion,
|
||||
|
||||
ExpectUserName: "client_email@example.com",
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
ExpectUserName: "client_email@example.com",
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"custom conversion error": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
|
||||
return nil, false, errors.New("custom error")
|
||||
}),
|
||||
"custom conversion error": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
|
||||
return nil, false, errors.New("custom error")
|
||||
}),
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
"custom conversion success": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
|
||||
return &user.DefaultInfo{Name: "custom"}, true, nil
|
||||
}),
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
"custom conversion success": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
|
||||
return &user.DefaultInfo{Name: "custom"}, true, nil
|
||||
}),
|
||||
|
||||
ExpectUserName: "custom",
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
ExpectUserName: "custom",
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"future cert": {
|
||||
Opts: x509.VerifyOptions{
|
||||
CurrentTime: time.Now().Add(time.Duration(-100 * time.Hour * 24 * 365)),
|
||||
Roots: getRootCertPool(t),
|
||||
},
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: CommonNameUserConversion,
|
||||
"future cert": {
|
||||
Opts: x509.VerifyOptions{
|
||||
CurrentTime: time.Now().Add(time.Duration(-100 * time.Hour * 24 * 365)),
|
||||
Roots: getRootCertPool(t),
|
||||
},
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: CommonNameUserConversion,
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
"expired cert": {
|
||||
Opts: x509.VerifyOptions{
|
||||
CurrentTime: time.Now().Add(time.Duration(100 * time.Hour * 24 * 365)),
|
||||
Roots: getRootCertPool(t),
|
||||
},
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: CommonNameUserConversion,
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
"expired cert": {
|
||||
Opts: x509.VerifyOptions{
|
||||
CurrentTime: time.Now().Add(time.Duration(100 * time.Hour * 24 * 365)),
|
||||
Roots: getRootCertPool(t),
|
||||
},
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
User: CommonNameUserConversion,
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
|
||||
"multi-level, valid": {
|
||||
Opts: multilevelOpts,
|
||||
Certs: getCertsFromFile(t, "client-valid", "intermediate"),
|
||||
User: CommonNameUserConversion,
|
||||
"multi-level, valid": {
|
||||
Opts: multilevelOpts,
|
||||
Certs: getCertsFromFile(t, "client-valid", "intermediate"),
|
||||
User: CommonNameUserConversion,
|
||||
|
||||
ExpectUserName: "My Client",
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"multi-level, expired": {
|
||||
Opts: multilevelOpts,
|
||||
Certs: getCertsFromFile(t, "client-expired", "intermediate"),
|
||||
User: CommonNameUserConversion,
|
||||
ExpectUserName: "My Client",
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"multi-level, expired": {
|
||||
Opts: multilevelOpts,
|
||||
Certs: getCertsFromFile(t, "client-expired", "intermediate"),
|
||||
User: CommonNameUserConversion,
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
}
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
}
|
||||
|
||||
for k, testCase := range testCases {
|
||||
req, _ := http.NewRequest("GET", "/", nil)
|
||||
if !testCase.Insecure {
|
||||
req.TLS = &tls.ConnectionState{PeerCertificates: testCase.Certs}
|
||||
}
|
||||
for k, testCase := range testCases {
|
||||
req, _ := http.NewRequest("GET", "/", nil)
|
||||
if !testCase.Insecure {
|
||||
req.TLS = &tls.ConnectionState{PeerCertificates: testCase.Certs}
|
||||
}
|
||||
|
||||
a := New(testCase.Opts, testCase.User)
|
||||
a := New(testCase.Opts, testCase.User)
|
||||
|
||||
user, ok, err := a.AuthenticateRequest(req)
|
||||
user, ok, err := a.AuthenticateRequest(req)
|
||||
|
||||
if testCase.ExpectErr && err == nil {
|
||||
t.Errorf("%s: Expected error, got none", k)
|
||||
continue
|
||||
}
|
||||
if !testCase.ExpectErr && err != nil {
|
||||
t.Errorf("%s: Got unexpected error: %v", k, err)
|
||||
continue
|
||||
}
|
||||
if testCase.ExpectErr && err == nil {
|
||||
t.Errorf("%s: Expected error, got none", k)
|
||||
continue
|
||||
}
|
||||
if !testCase.ExpectErr && err != nil {
|
||||
t.Errorf("%s: Got unexpected error: %v", k, err)
|
||||
continue
|
||||
}
|
||||
|
||||
if testCase.ExpectOK != ok {
|
||||
t.Errorf("%s: Expected ok=%v, got %v", k, testCase.ExpectOK, ok)
|
||||
continue
|
||||
}
|
||||
if testCase.ExpectOK != ok {
|
||||
t.Errorf("%s: Expected ok=%v, got %v", k, testCase.ExpectOK, ok)
|
||||
continue
|
||||
}
|
||||
|
||||
if testCase.ExpectOK {
|
||||
if testCase.ExpectUserName != user.GetName() {
|
||||
t.Errorf("%s: Expected user.name=%v, got %v", k, testCase.ExpectUserName, user.GetName())
|
||||
}
|
||||
if testCase.ExpectOK {
|
||||
if testCase.ExpectUserName != user.GetName() {
|
||||
t.Errorf("%s: Expected user.name=%v, got %v", k, testCase.ExpectUserName, user.GetName())
|
||||
}
|
||||
|
||||
groups := user.GetGroups()
|
||||
sort.Strings(testCase.ExpectGroups)
|
||||
sort.Strings(groups)
|
||||
if !reflect.DeepEqual(testCase.ExpectGroups, groups) {
|
||||
t.Errorf("%s: Expected user.groups=%v, got %v", k, testCase.ExpectGroups, groups)
|
||||
}
|
||||
}
|
||||
}
|
||||
groups := user.GetGroups()
|
||||
sort.Strings(testCase.ExpectGroups)
|
||||
sort.Strings(groups)
|
||||
if !reflect.DeepEqual(testCase.ExpectGroups, groups) {
|
||||
t.Errorf("%s: Expected user.groups=%v, got %v", k, testCase.ExpectGroups, groups)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestX509Verifier(t *testing.T) {
|
||||
multilevelOpts := DefaultVerifyOptions()
|
||||
multilevelOpts.Roots = x509.NewCertPool()
|
||||
multilevelOpts.Roots.AddCert(getCertsFromFile(t, "root")[0])
|
||||
multilevelOpts := DefaultVerifyOptions()
|
||||
multilevelOpts.Roots = x509.NewCertPool()
|
||||
multilevelOpts.Roots.AddCert(getCertsFromFile(t, "root")[0])
|
||||
|
||||
testCases := map[string]struct {
|
||||
Insecure bool
|
||||
Certs []*x509.Certificate
|
||||
testCases := map[string]struct {
|
||||
Insecure bool
|
||||
Certs []*x509.Certificate
|
||||
|
||||
Opts x509.VerifyOptions
|
||||
Opts x509.VerifyOptions
|
||||
|
||||
AllowedCNs sets.String
|
||||
AllowedCNs sets.String
|
||||
|
||||
ExpectOK bool
|
||||
ExpectErr bool
|
||||
}{
|
||||
"non-tls": {
|
||||
Insecure: true,
|
||||
ExpectOK bool
|
||||
ExpectErr bool
|
||||
}{
|
||||
"non-tls": {
|
||||
Insecure: true,
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"tls, no certs": {
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"tls, no certs": {
|
||||
ExpectOK: false,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"self signed": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, selfSignedCert),
|
||||
"self signed": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, selfSignedCert),
|
||||
|
||||
ExpectErr: true,
|
||||
},
|
||||
ExpectErr: true,
|
||||
},
|
||||
|
||||
"server cert disallowed": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, serverCert),
|
||||
"server cert disallowed": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, serverCert),
|
||||
|
||||
ExpectErr: true,
|
||||
},
|
||||
"server cert allowing non-client cert usages": {
|
||||
Opts: x509.VerifyOptions{Roots: getRootCertPool(t)},
|
||||
Certs: getCerts(t, serverCert),
|
||||
ExpectErr: true,
|
||||
},
|
||||
"server cert allowing non-client cert usages": {
|
||||
Opts: x509.VerifyOptions{Roots: getRootCertPool(t)},
|
||||
Certs: getCerts(t, serverCert),
|
||||
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"valid client cert": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
"valid client cert": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"valid client cert with wrong CN": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
AllowedCNs: sets.NewString("foo", "bar"),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"valid client cert with wrong CN": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
AllowedCNs: sets.NewString("foo", "bar"),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
"valid client cert with right CN": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
AllowedCNs: sets.NewString("client_cn"),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
"valid client cert with right CN": {
|
||||
Opts: getDefaultVerifyOptions(t),
|
||||
AllowedCNs: sets.NewString("client_cn"),
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
|
||||
"future cert": {
|
||||
Opts: x509.VerifyOptions{
|
||||
CurrentTime: time.Now().Add(-100 * time.Hour * 24 * 365),
|
||||
Roots: getRootCertPool(t),
|
||||
},
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
"future cert": {
|
||||
Opts: x509.VerifyOptions{
|
||||
CurrentTime: time.Now().Add(-100 * time.Hour * 24 * 365),
|
||||
Roots: getRootCertPool(t),
|
||||
},
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
"expired cert": {
|
||||
Opts: x509.VerifyOptions{
|
||||
CurrentTime: time.Now().Add(100 * time.Hour * 24 * 365),
|
||||
Roots: getRootCertPool(t),
|
||||
},
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
"expired cert": {
|
||||
Opts: x509.VerifyOptions{
|
||||
CurrentTime: time.Now().Add(100 * time.Hour * 24 * 365),
|
||||
Roots: getRootCertPool(t),
|
||||
},
|
||||
Certs: getCerts(t, clientCNCert),
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
|
||||
"multi-level, valid": {
|
||||
Opts: multilevelOpts,
|
||||
Certs: getCertsFromFile(t, "client-valid", "intermediate"),
|
||||
"multi-level, valid": {
|
||||
Opts: multilevelOpts,
|
||||
Certs: getCertsFromFile(t, "client-valid", "intermediate"),
|
||||
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"multi-level, expired": {
|
||||
Opts: multilevelOpts,
|
||||
Certs: getCertsFromFile(t, "client-expired", "intermediate"),
|
||||
ExpectOK: true,
|
||||
ExpectErr: false,
|
||||
},
|
||||
"multi-level, expired": {
|
||||
Opts: multilevelOpts,
|
||||
Certs: getCertsFromFile(t, "client-expired", "intermediate"),
|
||||
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
}
|
||||
ExpectOK: false,
|
||||
ExpectErr: true,
|
||||
},
|
||||
}
|
||||
|
||||
for k, testCase := range testCases {
|
||||
req, _ := http.NewRequest("GET", "/", nil)
|
||||
if !testCase.Insecure {
|
||||
req.TLS = &tls.ConnectionState{PeerCertificates: testCase.Certs}
|
||||
}
|
||||
for k, testCase := range testCases {
|
||||
req, _ := http.NewRequest("GET", "/", nil)
|
||||
if !testCase.Insecure {
|
||||
req.TLS = &tls.ConnectionState{PeerCertificates: testCase.Certs}
|
||||
}
|
||||
|
||||
authCall := false
|
||||
auth := authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
|
||||
authCall = true
|
||||
return &user.DefaultInfo{Name: "innerauth"}, true, nil
|
||||
})
|
||||
authCall := false
|
||||
auth := authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
|
||||
authCall = true
|
||||
return &user.DefaultInfo{Name: "innerauth"}, true, nil
|
||||
})
|
||||
|
||||
a := NewVerifier(testCase.Opts, auth, testCase.AllowedCNs)
|
||||
a := NewVerifier(testCase.Opts, auth, testCase.AllowedCNs)
|
||||
|
||||
user, ok, err := a.AuthenticateRequest(req)
|
||||
user, ok, err := a.AuthenticateRequest(req)
|
||||
|
||||
if testCase.ExpectErr && err == nil {
|
||||
t.Errorf("%s: Expected error, got none", k)
|
||||
continue
|
||||
}
|
||||
if !testCase.ExpectErr && err != nil {
|
||||
t.Errorf("%s: Got unexpected error: %v", k, err)
|
||||
continue
|
||||
}
|
||||
if testCase.ExpectErr && err == nil {
|
||||
t.Errorf("%s: Expected error, got none", k)
|
||||
continue
|
||||
}
|
||||
if !testCase.ExpectErr && err != nil {
|
||||
t.Errorf("%s: Got unexpected error: %v", k, err)
|
||||
continue
|
||||
}
|
||||
|
||||
if testCase.ExpectOK != ok {
|
||||
t.Errorf("%s: Expected ok=%v, got %v", k, testCase.ExpectOK, ok)
|
||||
continue
|
||||
}
|
||||
if testCase.ExpectOK != ok {
|
||||
t.Errorf("%s: Expected ok=%v, got %v", k, testCase.ExpectOK, ok)
|
||||
continue
|
||||
}
|
||||
|
||||
if testCase.ExpectOK {
|
||||
if !authCall {
|
||||
t.Errorf("%s: Expected inner auth called, wasn't", k)
|
||||
continue
|
||||
}
|
||||
if "innerauth" != user.GetName() {
|
||||
t.Errorf("%s: Expected user.name=%v, got %v", k, "innerauth", user.GetName())
|
||||
continue
|
||||
}
|
||||
} else {
|
||||
if authCall {
|
||||
t.Errorf("%s: Expected inner auth not to be called, was", k)
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
if testCase.ExpectOK {
|
||||
if !authCall {
|
||||
t.Errorf("%s: Expected inner auth called, wasn't", k)
|
||||
continue
|
||||
}
|
||||
if "innerauth" != user.GetName() {
|
||||
t.Errorf("%s: Expected user.name=%v, got %v", k, "innerauth", user.GetName())
|
||||
continue
|
||||
}
|
||||
} else {
|
||||
if authCall {
|
||||
t.Errorf("%s: Expected inner auth not to be called, was", k)
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func getDefaultVerifyOptions(t *testing.T) x509.VerifyOptions {
|
||||
options := DefaultVerifyOptions()
|
||||
options.Roots = getRootCertPool(t)
|
||||
return options
|
||||
options := DefaultVerifyOptions()
|
||||
options.Roots = getRootCertPool(t)
|
||||
return options
|
||||
}
|
||||
|
||||
func getRootCertPool(t *testing.T) *x509.CertPool {
|
||||
return getRootCertPoolFor(t, rootCACert)
|
||||
return getRootCertPoolFor(t, rootCACert)
|
||||
}
|
||||
|
||||
func getRootCertPoolFor(t *testing.T, certs ...string) *x509.CertPool {
|
||||
pool := x509.NewCertPool()
|
||||
for _, cert := range certs {
|
||||
pool.AddCert(getCert(t, cert))
|
||||
}
|
||||
return pool
|
||||
pool := x509.NewCertPool()
|
||||
for _, cert := range certs {
|
||||
pool.AddCert(getCert(t, cert))
|
||||
}
|
||||
return pool
|
||||
}
|
||||
|
||||
func getCertsFromFile(t *testing.T, names ...string) []*x509.Certificate {
|
||||
certs := []*x509.Certificate{}
|
||||
for _, name := range names {
|
||||
filename := "testdata/" + name + ".pem"
|
||||
data, err := ioutil.ReadFile(filename)
|
||||
if err != nil {
|
||||
t.Fatalf("error reading %s: %v", filename, err)
|
||||
}
|
||||
certs = append(certs, getCert(t, string(data)))
|
||||
}
|
||||
return certs
|
||||
certs := []*x509.Certificate{}
|
||||
for _, name := range names {
|
||||
filename := "testdata/" + name + ".pem"
|
||||
data, err := ioutil.ReadFile(filename)
|
||||
if err != nil {
|
||||
t.Fatalf("error reading %s: %v", filename, err)
|
||||
}
|
||||
certs = append(certs, getCert(t, string(data)))
|
||||
}
|
||||
return certs
|
||||
}
|
||||
|
||||
func getCert(t *testing.T, pemData string) *x509.Certificate {
|
||||
pemBlock, _ := pem.Decode([]byte(pemData))
|
||||
cert, err := x509.ParseCertificate(pemBlock.Bytes)
|
||||
if err != nil {
|
||||
t.Fatalf("Error parsing cert: %v", err)
|
||||
return nil
|
||||
}
|
||||
return cert
|
||||
pemBlock, _ := pem.Decode([]byte(pemData))
|
||||
cert, err := x509.ParseCertificate(pemBlock.Bytes)
|
||||
if err != nil {
|
||||
t.Fatalf("Error parsing cert: %v", err)
|
||||
return nil
|
||||
}
|
||||
return cert
|
||||
}
|
||||
|
||||
func getCerts(t *testing.T, pemData ...string) []*x509.Certificate {
|
||||
certs := []*x509.Certificate{}
|
||||
for _, pemData := range pemData {
|
||||
certs = append(certs, getCert(t, pemData))
|
||||
}
|
||||
return certs
|
||||
certs := []*x509.Certificate{}
|
||||
for _, pemData := range pemData {
|
||||
certs = append(certs, getCert(t, pemData))
|
||||
}
|
||||
return certs
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,9 +54,9 @@ import (
|
|||
"k8s.io/apiserver/pkg/apis/example"
|
||||
examplefuzzer "k8s.io/apiserver/pkg/apis/example/fuzzer"
|
||||
examplev1 "k8s.io/apiserver/pkg/apis/example/v1"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
genericapifilters "k8s.io/apiserver/pkg/endpoints/filters"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
genericapitesting "k8s.io/apiserver/pkg/endpoints/testing"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
"k8s.io/kubernetes/plugin/pkg/admission/admit"
|
||||
|
|
|
|||
|
|
@ -27,8 +27,8 @@ import (
|
|||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/negotiation"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/negotiation"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -30,9 +30,9 @@ import (
|
|||
"github.com/pborman/uuid"
|
||||
|
||||
utilnet "k8s.io/apimachinery/pkg/util/net"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
authenticationapi "k8s.io/client-go/pkg/apis/authentication"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
)
|
||||
|
||||
var _ http.ResponseWriter = &auditResponseWriter{}
|
||||
|
|
|
|||
|
|
@ -23,8 +23,8 @@ import (
|
|||
"github.com/golang/glog"
|
||||
|
||||
"k8s.io/apiserver/pkg/authorization/authorizer"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
)
|
||||
|
||||
// WithAuthorizationCheck passes all authorized requests on to handler, and returns a forbidden error otherwise.
|
||||
|
|
|
|||
|
|
@ -24,9 +24,9 @@ import (
|
|||
"testing"
|
||||
|
||||
"k8s.io/apiserver/pkg/authorization/authorizer"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/kubernetes/pkg/apis/batch"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
)
|
||||
|
||||
func TestGetAuthorizerAttributes(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -27,11 +27,11 @@ import (
|
|||
"k8s.io/apiserver/pkg/authentication/serviceaccount"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
"k8s.io/apiserver/pkg/authorization/authorizer"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/server/httplog"
|
||||
"k8s.io/client-go/pkg/api"
|
||||
authenticationapi "k8s.io/client-go/pkg/apis/authentication"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
)
|
||||
|
||||
// WithImpersonation is a filter that will inspect and check requests that attempt to change the user.Info for their requests
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@ import (
|
|||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
)
|
||||
|
||||
// WithRequestInfo attaches a RequestInfo to the context.
|
||||
|
|
|
|||
|
|
@ -30,8 +30,8 @@ import (
|
|||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
utilerrors "k8s.io/apimachinery/pkg/util/errors"
|
||||
"k8s.io/apiserver/pkg/admission"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -32,12 +32,12 @@ import (
|
|||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/util/httpstream"
|
||||
"k8s.io/apimachinery/pkg/util/net"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
"k8s.io/apiserver/pkg/endpoints/metrics"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
"k8s.io/apiserver/pkg/server/httplog"
|
||||
proxyutil "k8s.io/apiserver/pkg/util/proxy"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
|
||||
"github.com/golang/glog"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -27,9 +27,9 @@ import (
|
|||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/negotiation"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
"k8s.io/apiserver/pkg/util/flushwriter"
|
||||
"k8s.io/apiserver/pkg/util/wsstream"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
)
|
||||
|
||||
// WriteObject renders a returned runtime.Object to the response as a stream or an encoded object. If the object
|
||||
|
|
|
|||
|
|
@ -38,15 +38,15 @@ import (
|
|||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/mergepatch"
|
||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/strategicpatch"
|
||||
"k8s.io/apiserver/pkg/admission"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/negotiation"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
utiltrace "k8s.io/apiserver/pkg/util/trace"
|
||||
"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
utiltrace "k8s.io/apiserver/pkg/util/trace"
|
||||
)
|
||||
|
||||
// ContextFunc returns a Context given a request - a context must be returned
|
||||
|
|
|
|||
|
|
@ -35,10 +35,10 @@ import (
|
|||
"k8s.io/apimachinery/pkg/util/diff"
|
||||
"k8s.io/apimachinery/pkg/util/strategicpatch"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
"k8s.io/kubernetes/pkg/api"
|
||||
"k8s.io/kubernetes/pkg/api/testapi"
|
||||
"k8s.io/kubernetes/pkg/api/v1"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
)
|
||||
|
||||
type testPatchType struct {
|
||||
|
|
|
|||
|
|
@ -43,5 +43,5 @@ func init() {
|
|||
// To add a new feature, define a key for it above and add it here. The features will be
|
||||
// available throughout Kubernetes binaries.
|
||||
var defaultKubernetesFeatureGates = map[utilfeature.Feature]utilfeature.FeatureSpec{
|
||||
StreamingProxyRedirects: {Default: true, PreRelease: utilfeature.Beta},
|
||||
StreamingProxyRedirects: {Default: true, PreRelease: utilfeature.Beta},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,11 +18,11 @@ package registry
|
|||
|
||||
import (
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apiserver/pkg/registry/generic"
|
||||
"k8s.io/apiserver/pkg/storage"
|
||||
etcdstorage "k8s.io/apiserver/pkg/storage/etcd"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend/factory"
|
||||
"k8s.io/apiserver/pkg/registry/generic"
|
||||
)
|
||||
|
||||
var _ generic.StorageDecorator = StorageWithCacher
|
||||
|
|
|
|||
|
|
@ -36,10 +36,10 @@ import (
|
|||
"k8s.io/apimachinery/pkg/util/validation/field"
|
||||
"k8s.io/apimachinery/pkg/watch"
|
||||
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/storage"
|
||||
storeerr "k8s.io/apiserver/pkg/storage/errors"
|
||||
"k8s.io/apiserver/pkg/registry/generic"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
"k8s.io/apiserver/pkg/storage"
|
||||
storeerr "k8s.io/apiserver/pkg/storage/errors"
|
||||
|
||||
"github.com/golang/glog"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -42,14 +42,14 @@ import (
|
|||
"k8s.io/apiserver/pkg/apis/example"
|
||||
examplev1 "k8s.io/apiserver/pkg/apis/example/v1"
|
||||
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/registry/generic"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
"k8s.io/apiserver/pkg/storage"
|
||||
etcdstorage "k8s.io/apiserver/pkg/storage/etcd"
|
||||
etcdtesting "k8s.io/apiserver/pkg/storage/etcd/testing"
|
||||
"k8s.io/apiserver/pkg/storage/names"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend/factory"
|
||||
storagetesting "k8s.io/apiserver/pkg/storage/testing"
|
||||
"k8s.io/apiserver/pkg/registry/generic"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
)
|
||||
|
||||
var scheme = runtime.NewScheme()
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@ import (
|
|||
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/util/sets"
|
||||
apirequest "k8s.io/apiserver/pkg/endpoints/request"
|
||||
apifilters "k8s.io/apiserver/pkg/endpoints/filters"
|
||||
apirequest "k8s.io/apiserver/pkg/endpoints/request"
|
||||
)
|
||||
|
||||
func createMaxInflightServer(callsWg, blockWg *sync.WaitGroup, disableCallsWg *bool, disableCallsWgMutex *sync.Mutex, nonMutating, mutating int) *httptest.Server {
|
||||
|
|
|
|||
|
|
@ -27,8 +27,8 @@ import (
|
|||
|
||||
"k8s.io/apimachinery/pkg/openapi"
|
||||
"k8s.io/apimachinery/pkg/util/json"
|
||||
"k8s.io/apiserver/pkg/util/trie"
|
||||
genericmux "k8s.io/apiserver/pkg/server/mux"
|
||||
"k8s.io/apiserver/pkg/util/trie"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ type EtcdOptions struct {
|
|||
|
||||
func NewEtcdOptions(backendConfig *storagebackend.Config) *EtcdOptions {
|
||||
return &EtcdOptions{
|
||||
StorageConfig: *backendConfig,
|
||||
StorageConfig: *backendConfig,
|
||||
DefaultStorageMediaType: "application/json",
|
||||
DeleteCollectionWorkers: 1,
|
||||
EnableGarbageCollection: true,
|
||||
|
|
@ -135,7 +135,7 @@ func (f *simpleRestOptionsFactory) GetRESTOptions(resource schema.GroupResource)
|
|||
}
|
||||
|
||||
type storageFactoryRestOptionsFactory struct {
|
||||
Options EtcdOptions
|
||||
Options EtcdOptions
|
||||
StorageFactory serverstorage.StorageFactory
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@ import (
|
|||
"net/http"
|
||||
|
||||
apimetrics "k8s.io/apiserver/pkg/endpoints/metrics"
|
||||
etcdmetrics "k8s.io/apiserver/pkg/storage/etcd/metrics"
|
||||
"k8s.io/apiserver/pkg/server/mux"
|
||||
etcdmetrics "k8s.io/apiserver/pkg/storage/etcd/metrics"
|
||||
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@ import (
|
|||
|
||||
assetfs "github.com/elazarl/go-bindata-assetfs"
|
||||
|
||||
"k8s.io/apiserver/pkg/server/routes/data/swagger"
|
||||
"k8s.io/apiserver/pkg/server/mux"
|
||||
"k8s.io/apiserver/pkg/server/routes/data/swagger"
|
||||
)
|
||||
|
||||
// SwaggerUI exposes files in third_party/swagger-ui/ under /swagger-ui.
|
||||
|
|
|
|||
|
|
@ -23,21 +23,21 @@ import (
|
|||
|
||||
"k8s.io/apimachinery/pkg/apimachinery/announced"
|
||||
"k8s.io/apimachinery/pkg/apimachinery/registered"
|
||||
exampleinstall "k8s.io/apiserver/pkg/apis/example/install"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/runtime/serializer"
|
||||
"k8s.io/apiserver/pkg/apis/example"
|
||||
exampleinstall "k8s.io/apiserver/pkg/apis/example/install"
|
||||
examplev1 "k8s.io/apiserver/pkg/apis/example/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||
)
|
||||
|
||||
var (
|
||||
v1GroupVersion = schema.GroupVersion{Group: "", Version: "v1"}
|
||||
|
||||
registry = registered.NewOrDie(os.Getenv("KUBE_API_VERSIONS"))
|
||||
announce = make(announced.APIGroupFactoryRegistry)
|
||||
registry = registered.NewOrDie(os.Getenv("KUBE_API_VERSIONS"))
|
||||
announce = make(announced.APIGroupFactoryRegistry)
|
||||
scheme = runtime.NewScheme()
|
||||
codecs = serializer.NewCodecFactory(scheme)
|
||||
parameterCodec = runtime.NewParameterCodec(scheme)
|
||||
|
|
|
|||
|
|
@ -29,9 +29,9 @@ import (
|
|||
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||
"k8s.io/apiserver/pkg/storage/etcd/etcdtest"
|
||||
"k8s.io/apiserver/pkg/storage/etcd/testing/testingcert"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||
|
||||
etcd "github.com/coreos/etcd/client"
|
||||
"github.com/coreos/etcd/clientv3"
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@ import (
|
|||
|
||||
utilnet "k8s.io/apimachinery/pkg/util/net"
|
||||
"k8s.io/apiserver/pkg/storage"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||
"k8s.io/apiserver/pkg/storage/etcd"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||
)
|
||||
|
||||
func newETCD2Storage(c storagebackend.Config) (storage.Interface, DestroyFunc, error) {
|
||||
|
|
|
|||
|
|
@ -18,8 +18,8 @@ package factory
|
|||
|
||||
import (
|
||||
"k8s.io/apiserver/pkg/storage"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||
"k8s.io/apiserver/pkg/storage/etcd3"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||
|
||||
"github.com/coreos/etcd/clientv3"
|
||||
"github.com/coreos/etcd/pkg/transport"
|
||||
|
|
|
|||
|
|
@ -33,8 +33,8 @@ import (
|
|||
"k8s.io/apimachinery/pkg/runtime/serializer"
|
||||
"k8s.io/apiserver/pkg/apis/example"
|
||||
examplev1 "k8s.io/apiserver/pkg/apis/example/v1"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||
"k8s.io/apiserver/pkg/storage/etcd/testing/testingcert"
|
||||
"k8s.io/apiserver/pkg/storage/storagebackend"
|
||||
)
|
||||
|
||||
var scheme = runtime.NewScheme()
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ const (
|
|||
// Values for PreRelease.
|
||||
Alpha = prerelease("ALPHA")
|
||||
Beta = prerelease("BETA")
|
||||
GA = prerelease("")
|
||||
GA = prerelease("")
|
||||
)
|
||||
|
||||
// FeatureGate parses and stores flag gates for known features from
|
||||
|
|
|
|||
Loading…
Reference in New Issue