diff --git a/hack/.golint_failures b/hack/.golint_failures index accd1e479c..98d3f4a71d 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -368,7 +368,6 @@ pkg/registry/extensions/deployment pkg/registry/extensions/deployment/storage pkg/registry/extensions/ingress pkg/registry/extensions/ingress/storage -pkg/registry/extensions/networkpolicy/storage pkg/registry/extensions/replicaset pkg/registry/extensions/replicaset/storage pkg/registry/extensions/rest diff --git a/hack/test-update-storage-objects.sh b/hack/test-update-storage-objects.sh index 147ab13957..ff0293af23 100755 --- a/hack/test-update-storage-objects.sh +++ b/hack/test-update-storage-objects.sh @@ -112,8 +112,8 @@ tests=( examples/persistent-volume-provisioning/rbd/rbd-storage-class.yaml,storageclasses,,slow,v1beta1,v1 ) -KUBE_OLD_API_VERSION="storage.k8s.io/v1beta1,extensions/v1beta1" -KUBE_NEW_API_VERSION="storage.k8s.io/v1,extensions/v1beta1" +KUBE_OLD_API_VERSION="networking.k8s.io/v1,storage.k8s.io/v1beta1,extensions/v1beta1" +KUBE_NEW_API_VERSION="networking.k8s.io/v1,storage.k8s.io/v1,extensions/v1beta1" KUBE_OLD_STORAGE_VERSIONS="storage.k8s.io/v1beta1" KUBE_NEW_STORAGE_VERSIONS="storage.k8s.io/v1" diff --git a/pkg/apis/extensions/BUILD b/pkg/apis/extensions/BUILD index d0c4efdda4..95f6365612 100644 --- a/pkg/apis/extensions/BUILD +++ b/pkg/apis/extensions/BUILD @@ -23,6 +23,7 @@ go_library( ], deps = [ "//pkg/api:go_default_library", + "//pkg/apis/networking:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//vendor/k8s.io/apimachinery/pkg/conversion:go_default_library", diff --git a/pkg/apis/extensions/register.go b/pkg/apis/extensions/register.go index 5983636c22..780f58dc74 100644 --- a/pkg/apis/extensions/register.go +++ b/pkg/apis/extensions/register.go @@ -19,6 +19,7 @@ package extensions import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/kubernetes/pkg/apis/networking" ) // GroupName is the group name use in this package @@ -63,8 +64,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ReplicaSetList{}, &PodSecurityPolicy{}, &PodSecurityPolicyList{}, - &NetworkPolicy{}, - &NetworkPolicyList{}, + &networking.NetworkPolicy{}, + &networking.NetworkPolicyList{}, ) return nil } diff --git a/pkg/apis/extensions/types.go b/pkg/apis/extensions/types.go index 50f3f9522d..8e60c6f9ed 100644 --- a/pkg/apis/extensions/types.go +++ b/pkg/apis/extensions/types.go @@ -1091,98 +1091,3 @@ type PodSecurityPolicyList struct { Items []PodSecurityPolicy } - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NetworkPolicy describes what network traffic is allowed for a set of Pods -type NetworkPolicy struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Specification of the desired behavior for this NetworkPolicy. - // +optional - Spec NetworkPolicySpec -} - -type NetworkPolicySpec struct { - // Selects the pods to which this NetworkPolicy object applies. The array of ingress rules - // is applied to any pods selected by this field. Multiple network policies can select the - // same set of pods. In this case, the ingress rules for each are combined additively. - // This field is NOT optional and follows standard label selector semantics. - // An empty podSelector matches all pods in this namespace. - PodSelector metav1.LabelSelector - - // List of ingress rules to be applied to the selected pods. - // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod - // OR if the traffic source is the pod's local node, - // OR if the traffic matches at least one ingress rule across all of the NetworkPolicy - // objects whose podSelector matches the pod. - // If this field is empty then this NetworkPolicy does not allow any traffic - // (and serves solely to ensure that the pods it selects are isolated by default). - // +optional - Ingress []NetworkPolicyIngressRule -} - -// This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from. -type NetworkPolicyIngressRule struct { - // List of ports which should be made accessible on the pods selected for this rule. - // Each item in this list is combined using a logical OR. - // If this field is empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows traffic - // only if the traffic matches at least one port in the list. - // +optional - Ports []NetworkPolicyPort - - // List of sources which should be able to access the pods selected for this rule. - // Items in this list are combined using a logical OR operation. - // If this field is empty or missing, this rule matches all sources (traffic not restricted by source). - // If this field is present and contains at least on item, this rule allows traffic only if the - // traffic matches at least one item in the from list. - // +optional - From []NetworkPolicyPeer -} - -type NetworkPolicyPort struct { - // Optional. The protocol (TCP or UDP) which traffic must match. - // If not specified, this field defaults to TCP. - // +optional - Protocol *api.Protocol - - // If specified, the port on the given protocol. This can - // either be a numerical or named port on a pod. If this field is not provided, - // this matches all port names and numbers. - // If present, only traffic on the specified protocol AND port - // will be matched. - // +optional - Port *intstr.IntOrString -} - -type NetworkPolicyPeer struct { - // Exactly one of the following must be specified. - - // This is a label selector which selects Pods in this namespace. - // This field follows standard label selector semantics. - // If present but empty, this selector selects all pods in this namespace. - // +optional - PodSelector *metav1.LabelSelector - - // Selects Namespaces using cluster scoped-labels. This - // matches all pods in all namespaces selected by this label selector. - // This field follows standard label selector semantics. - // If present but empty, this selector selects all namespaces. - // +optional - NamespaceSelector *metav1.LabelSelector -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NetworkPolicyList is a list of NetworkPolicy objects. -type NetworkPolicyList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []NetworkPolicy -} diff --git a/pkg/apis/extensions/v1beta1/zz_generated.conversion.go b/pkg/apis/extensions/v1beta1/zz_generated.conversion.go index 339c5ab3a3..e9b2aa64a3 100644 --- a/pkg/apis/extensions/v1beta1/zz_generated.conversion.go +++ b/pkg/apis/extensions/v1beta1/zz_generated.conversion.go @@ -26,7 +26,6 @@ import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" api "k8s.io/kubernetes/pkg/api" api_v1 "k8s.io/kubernetes/pkg/api/v1" extensions "k8s.io/kubernetes/pkg/apis/extensions" @@ -99,18 +98,6 @@ func RegisterConversions(scheme *runtime.Scheme) error { Convert_extensions_IngressStatus_To_v1beta1_IngressStatus, Convert_v1beta1_IngressTLS_To_extensions_IngressTLS, Convert_extensions_IngressTLS_To_v1beta1_IngressTLS, - Convert_v1beta1_NetworkPolicy_To_extensions_NetworkPolicy, - Convert_extensions_NetworkPolicy_To_v1beta1_NetworkPolicy, - Convert_v1beta1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule, - Convert_extensions_NetworkPolicyIngressRule_To_v1beta1_NetworkPolicyIngressRule, - Convert_v1beta1_NetworkPolicyList_To_extensions_NetworkPolicyList, - Convert_extensions_NetworkPolicyList_To_v1beta1_NetworkPolicyList, - Convert_v1beta1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer, - Convert_extensions_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer, - Convert_v1beta1_NetworkPolicyPort_To_extensions_NetworkPolicyPort, - Convert_extensions_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort, - Convert_v1beta1_NetworkPolicySpec_To_extensions_NetworkPolicySpec, - Convert_extensions_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec, Convert_v1beta1_PodSecurityPolicy_To_extensions_PodSecurityPolicy, Convert_extensions_PodSecurityPolicy_To_v1beta1_PodSecurityPolicy, Convert_v1beta1_PodSecurityPolicyList_To_extensions_PodSecurityPolicyList, @@ -980,146 +967,6 @@ func Convert_extensions_IngressTLS_To_v1beta1_IngressTLS(in *extensions.IngressT return autoConvert_extensions_IngressTLS_To_v1beta1_IngressTLS(in, out, s) } -func autoConvert_v1beta1_NetworkPolicy_To_extensions_NetworkPolicy(in *v1beta1.NetworkPolicy, out *extensions.NetworkPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_v1beta1_NetworkPolicySpec_To_extensions_NetworkPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_v1beta1_NetworkPolicy_To_extensions_NetworkPolicy is an autogenerated conversion function. -func Convert_v1beta1_NetworkPolicy_To_extensions_NetworkPolicy(in *v1beta1.NetworkPolicy, out *extensions.NetworkPolicy, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkPolicy_To_extensions_NetworkPolicy(in, out, s) -} - -func autoConvert_extensions_NetworkPolicy_To_v1beta1_NetworkPolicy(in *extensions.NetworkPolicy, out *v1beta1.NetworkPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - if err := Convert_extensions_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - return nil -} - -// Convert_extensions_NetworkPolicy_To_v1beta1_NetworkPolicy is an autogenerated conversion function. -func Convert_extensions_NetworkPolicy_To_v1beta1_NetworkPolicy(in *extensions.NetworkPolicy, out *v1beta1.NetworkPolicy, s conversion.Scope) error { - return autoConvert_extensions_NetworkPolicy_To_v1beta1_NetworkPolicy(in, out, s) -} - -func autoConvert_v1beta1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule(in *v1beta1.NetworkPolicyIngressRule, out *extensions.NetworkPolicyIngressRule, s conversion.Scope) error { - out.Ports = *(*[]extensions.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) - out.From = *(*[]extensions.NetworkPolicyPeer)(unsafe.Pointer(&in.From)) - return nil -} - -// Convert_v1beta1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule is an autogenerated conversion function. -func Convert_v1beta1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule(in *v1beta1.NetworkPolicyIngressRule, out *extensions.NetworkPolicyIngressRule, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule(in, out, s) -} - -func autoConvert_extensions_NetworkPolicyIngressRule_To_v1beta1_NetworkPolicyIngressRule(in *extensions.NetworkPolicyIngressRule, out *v1beta1.NetworkPolicyIngressRule, s conversion.Scope) error { - out.Ports = *(*[]v1beta1.NetworkPolicyPort)(unsafe.Pointer(&in.Ports)) - out.From = *(*[]v1beta1.NetworkPolicyPeer)(unsafe.Pointer(&in.From)) - return nil -} - -// Convert_extensions_NetworkPolicyIngressRule_To_v1beta1_NetworkPolicyIngressRule is an autogenerated conversion function. -func Convert_extensions_NetworkPolicyIngressRule_To_v1beta1_NetworkPolicyIngressRule(in *extensions.NetworkPolicyIngressRule, out *v1beta1.NetworkPolicyIngressRule, s conversion.Scope) error { - return autoConvert_extensions_NetworkPolicyIngressRule_To_v1beta1_NetworkPolicyIngressRule(in, out, s) -} - -func autoConvert_v1beta1_NetworkPolicyList_To_extensions_NetworkPolicyList(in *v1beta1.NetworkPolicyList, out *extensions.NetworkPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = *(*[]extensions.NetworkPolicy)(unsafe.Pointer(&in.Items)) - return nil -} - -// Convert_v1beta1_NetworkPolicyList_To_extensions_NetworkPolicyList is an autogenerated conversion function. -func Convert_v1beta1_NetworkPolicyList_To_extensions_NetworkPolicyList(in *v1beta1.NetworkPolicyList, out *extensions.NetworkPolicyList, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkPolicyList_To_extensions_NetworkPolicyList(in, out, s) -} - -func autoConvert_extensions_NetworkPolicyList_To_v1beta1_NetworkPolicyList(in *extensions.NetworkPolicyList, out *v1beta1.NetworkPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - if in.Items == nil { - out.Items = make([]v1beta1.NetworkPolicy, 0) - } else { - out.Items = *(*[]v1beta1.NetworkPolicy)(unsafe.Pointer(&in.Items)) - } - return nil -} - -// Convert_extensions_NetworkPolicyList_To_v1beta1_NetworkPolicyList is an autogenerated conversion function. -func Convert_extensions_NetworkPolicyList_To_v1beta1_NetworkPolicyList(in *extensions.NetworkPolicyList, out *v1beta1.NetworkPolicyList, s conversion.Scope) error { - return autoConvert_extensions_NetworkPolicyList_To_v1beta1_NetworkPolicyList(in, out, s) -} - -func autoConvert_v1beta1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer(in *v1beta1.NetworkPolicyPeer, out *extensions.NetworkPolicyPeer, s conversion.Scope) error { - out.PodSelector = (*v1.LabelSelector)(unsafe.Pointer(in.PodSelector)) - out.NamespaceSelector = (*v1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - return nil -} - -// Convert_v1beta1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer is an autogenerated conversion function. -func Convert_v1beta1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer(in *v1beta1.NetworkPolicyPeer, out *extensions.NetworkPolicyPeer, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer(in, out, s) -} - -func autoConvert_extensions_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(in *extensions.NetworkPolicyPeer, out *v1beta1.NetworkPolicyPeer, s conversion.Scope) error { - out.PodSelector = (*v1.LabelSelector)(unsafe.Pointer(in.PodSelector)) - out.NamespaceSelector = (*v1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector)) - return nil -} - -// Convert_extensions_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer is an autogenerated conversion function. -func Convert_extensions_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(in *extensions.NetworkPolicyPeer, out *v1beta1.NetworkPolicyPeer, s conversion.Scope) error { - return autoConvert_extensions_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(in, out, s) -} - -func autoConvert_v1beta1_NetworkPolicyPort_To_extensions_NetworkPolicyPort(in *v1beta1.NetworkPolicyPort, out *extensions.NetworkPolicyPort, s conversion.Scope) error { - out.Protocol = (*api.Protocol)(unsafe.Pointer(in.Protocol)) - out.Port = (*intstr.IntOrString)(unsafe.Pointer(in.Port)) - return nil -} - -// Convert_v1beta1_NetworkPolicyPort_To_extensions_NetworkPolicyPort is an autogenerated conversion function. -func Convert_v1beta1_NetworkPolicyPort_To_extensions_NetworkPolicyPort(in *v1beta1.NetworkPolicyPort, out *extensions.NetworkPolicyPort, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkPolicyPort_To_extensions_NetworkPolicyPort(in, out, s) -} - -func autoConvert_extensions_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort(in *extensions.NetworkPolicyPort, out *v1beta1.NetworkPolicyPort, s conversion.Scope) error { - out.Protocol = (*core_v1.Protocol)(unsafe.Pointer(in.Protocol)) - out.Port = (*intstr.IntOrString)(unsafe.Pointer(in.Port)) - return nil -} - -// Convert_extensions_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort is an autogenerated conversion function. -func Convert_extensions_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort(in *extensions.NetworkPolicyPort, out *v1beta1.NetworkPolicyPort, s conversion.Scope) error { - return autoConvert_extensions_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort(in, out, s) -} - -func autoConvert_v1beta1_NetworkPolicySpec_To_extensions_NetworkPolicySpec(in *v1beta1.NetworkPolicySpec, out *extensions.NetworkPolicySpec, s conversion.Scope) error { - out.PodSelector = in.PodSelector - out.Ingress = *(*[]extensions.NetworkPolicyIngressRule)(unsafe.Pointer(&in.Ingress)) - return nil -} - -// Convert_v1beta1_NetworkPolicySpec_To_extensions_NetworkPolicySpec is an autogenerated conversion function. -func Convert_v1beta1_NetworkPolicySpec_To_extensions_NetworkPolicySpec(in *v1beta1.NetworkPolicySpec, out *extensions.NetworkPolicySpec, s conversion.Scope) error { - return autoConvert_v1beta1_NetworkPolicySpec_To_extensions_NetworkPolicySpec(in, out, s) -} - -func autoConvert_extensions_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec(in *extensions.NetworkPolicySpec, out *v1beta1.NetworkPolicySpec, s conversion.Scope) error { - out.PodSelector = in.PodSelector - out.Ingress = *(*[]v1beta1.NetworkPolicyIngressRule)(unsafe.Pointer(&in.Ingress)) - return nil -} - -// Convert_extensions_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec is an autogenerated conversion function. -func Convert_extensions_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec(in *extensions.NetworkPolicySpec, out *v1beta1.NetworkPolicySpec, s conversion.Scope) error { - return autoConvert_extensions_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec(in, out, s) -} - func autoConvert_v1beta1_PodSecurityPolicy_To_extensions_PodSecurityPolicy(in *v1beta1.PodSecurityPolicy, out *extensions.PodSecurityPolicy, s conversion.Scope) error { out.ObjectMeta = in.ObjectMeta if err := Convert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySpec(&in.Spec, &out.Spec, s); err != nil { diff --git a/pkg/apis/extensions/validation/validation.go b/pkg/apis/extensions/validation/validation.go index 04879c9b84..d145fd421f 100644 --- a/pkg/apis/extensions/validation/validation.go +++ b/pkg/apis/extensions/validation/validation.go @@ -19,7 +19,6 @@ package validation import ( "fmt" "net" - "reflect" "regexp" "strconv" "strings" @@ -887,73 +886,3 @@ func ValidatePodSecurityPolicyUpdate(old *extensions.PodSecurityPolicy, new *ext allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&new.Spec, field.NewPath("spec"))...) return allErrs } - -// ValidateNetworkPolicyName can be used to check whether the given networkpolicy -// name is valid. -func ValidateNetworkPolicyName(name string, prefix bool) []string { - return apivalidation.NameIsDNSSubdomain(name, prefix) -} - -// ValidateNetworkPolicySpec tests if required fields in the networkpolicy spec are set. -func ValidateNetworkPolicySpec(spec *extensions.NetworkPolicySpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(&spec.PodSelector, fldPath.Child("podSelector"))...) - - // Validate ingress rules. - for i, ingress := range spec.Ingress { - ingressPath := fldPath.Child("ingress").Index(i) - for i, port := range ingress.Ports { - portPath := ingressPath.Child("ports").Index(i) - if port.Protocol != nil && *port.Protocol != api.ProtocolTCP && *port.Protocol != api.ProtocolUDP { - allErrs = append(allErrs, field.NotSupported(portPath.Child("protocol"), *port.Protocol, []string{string(api.ProtocolTCP), string(api.ProtocolUDP)})) - } - if port.Port != nil { - if port.Port.Type == intstr.Int { - for _, msg := range validation.IsValidPortNum(int(port.Port.IntVal)) { - allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.IntVal, msg)) - } - } else { - for _, msg := range validation.IsValidPortName(port.Port.StrVal) { - allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.StrVal, msg)) - } - } - } - } - for i, from := range ingress.From { - fromPath := ingressPath.Child("from").Index(i) - numFroms := 0 - if from.PodSelector != nil { - numFroms++ - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(from.PodSelector, fromPath.Child("podSelector"))...) - } - if from.NamespaceSelector != nil { - numFroms++ - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(from.NamespaceSelector, fromPath.Child("namespaceSelector"))...) - } - - if numFroms == 0 { - allErrs = append(allErrs, field.Required(fromPath, "must specify a from type")) - } else if numFroms > 1 { - allErrs = append(allErrs, field.Forbidden(fromPath, "may not specify more than 1 from type")) - } - } - } - return allErrs -} - -// ValidateNetworkPolicy validates a networkpolicy. -func ValidateNetworkPolicy(np *extensions.NetworkPolicy) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&np.ObjectMeta, true, ValidateNetworkPolicyName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateNetworkPolicySpec(&np.Spec, field.NewPath("spec"))...) - return allErrs -} - -// ValidateNetworkPolicyUpdate tests if an update to a NetworkPolicy is valid. -func ValidateNetworkPolicyUpdate(update, old *extensions.NetworkPolicy) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&update.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) - if !reflect.DeepEqual(update.Spec, old.Spec) { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to networkpolicy spec are forbidden.")) - } - return allErrs -} diff --git a/pkg/apis/extensions/validation/validation_test.go b/pkg/apis/extensions/validation/validation_test.go index c19e60646e..5e6c6df8ee 100644 --- a/pkg/apis/extensions/validation/validation_test.go +++ b/pkg/apis/extensions/validation/validation_test.go @@ -2768,326 +2768,6 @@ func TestValidatePSPVolumes(t *testing.T) { } } -func TestValidateNetworkPolicy(t *testing.T) { - protocolTCP := api.ProtocolTCP - protocolUDP := api.ProtocolUDP - protocolICMP := api.Protocol("ICMP") - - successCases := []extensions.NetworkPolicy{ - { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{}, - Ports: []extensions.NetworkPolicyPort{}, - }, - }, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - Ports: []extensions.NetworkPolicyPort{ - { - Protocol: nil, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 80}, - }, - { - Protocol: &protocolTCP, - Port: nil, - }, - { - Protocol: &protocolTCP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 443}, - }, - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.String, StrVal: "dns"}, - }, - }, - }, - }, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - PodSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{"c": "d"}, - }, - }, - }, - }, - }, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{"c": "d"}, - }, - }, - }, - }, - }, - }, - }, - } - - // Success cases are expected to pass validation. - for k, v := range successCases { - if errs := ValidateNetworkPolicy(&v); len(errs) != 0 { - t.Errorf("Expected success for %d, got %v", k, errs) - } - } - - invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"} - errorCases := map[string]extensions.NetworkPolicy{ - "namespaceSelector and podSelector": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - PodSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{"c": "d"}, - }, - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{"c": "d"}, - }, - }, - }, - }, - }, - }, - }, - "invalid spec.podSelector": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: invalidSelector, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{"c": "d"}, - }, - }, - }, - }, - }, - }, - }, - "invalid ingress.ports.protocol": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - Ports: []extensions.NetworkPolicyPort{ - { - Protocol: &protocolICMP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 80}, - }, - }, - }, - }, - }, - }, - "invalid ingress.ports.port (int)": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - Ports: []extensions.NetworkPolicyPort{ - { - Protocol: &protocolTCP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 123456789}, - }, - }, - }, - }, - }, - }, - "invalid ingress.ports.port (str)": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - Ports: []extensions.NetworkPolicyPort{ - { - Protocol: &protocolTCP, - Port: &intstr.IntOrString{Type: intstr.String, StrVal: "!@#$"}, - }, - }, - }, - }, - }, - }, - "invalid ingress.from.podSelector": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - PodSelector: &metav1.LabelSelector{ - MatchLabels: invalidSelector, - }, - }, - }, - }, - }, - }, - }, - "invalid ingress.from.namespaceSelector": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: invalidSelector, - }, - }, - }, - }, - }, - }, - }, - } - - // Error cases are not expected to pass validation. - for testName, networkPolicy := range errorCases { - if errs := ValidateNetworkPolicy(&networkPolicy); len(errs) == 0 { - t.Errorf("Expected failure for test: %s", testName) - } - } -} - -func TestValidateNetworkPolicyUpdate(t *testing.T) { - type npUpdateTest struct { - old extensions.NetworkPolicy - update extensions.NetworkPolicy - } - successCases := []npUpdateTest{ - { - old: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - update: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - }, - } - - for _, successCase := range successCases { - successCase.old.ObjectMeta.ResourceVersion = "1" - successCase.update.ObjectMeta.ResourceVersion = "1" - if errs := ValidateNetworkPolicyUpdate(&successCase.update, &successCase.old); len(errs) != 0 { - t.Errorf("expected success: %v", errs) - } - } - errorCases := map[string]npUpdateTest{ - "change name": { - old: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - update: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "baz", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - }, - "change spec": { - old: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - update: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - }, - } - - for testName, errorCase := range errorCases { - if errs := ValidateNetworkPolicyUpdate(&errorCase.update, &errorCase.old); len(errs) == 0 { - t.Errorf("expected failure: %s", testName) - } - } -} - func TestIsValidSysctlPattern(t *testing.T) { valid := []string{ "a.b.c.d", diff --git a/pkg/apis/extensions/zz_generated.deepcopy.go b/pkg/apis/extensions/zz_generated.deepcopy.go index fa0d6b8ee1..d5af9371df 100644 --- a/pkg/apis/extensions/zz_generated.deepcopy.go +++ b/pkg/apis/extensions/zz_generated.deepcopy.go @@ -24,7 +24,6 @@ import ( v1 "k8s.io/apimachinery/pkg/apis/meta/v1" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" - intstr "k8s.io/apimachinery/pkg/util/intstr" api "k8s.io/kubernetes/pkg/api" reflect "reflect" ) @@ -159,30 +158,6 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error { in.(*IngressTLS).DeepCopyInto(out.(*IngressTLS)) return nil }, InType: reflect.TypeOf(&IngressTLS{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*NetworkPolicy).DeepCopyInto(out.(*NetworkPolicy)) - return nil - }, InType: reflect.TypeOf(&NetworkPolicy{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*NetworkPolicyIngressRule).DeepCopyInto(out.(*NetworkPolicyIngressRule)) - return nil - }, InType: reflect.TypeOf(&NetworkPolicyIngressRule{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*NetworkPolicyList).DeepCopyInto(out.(*NetworkPolicyList)) - return nil - }, InType: reflect.TypeOf(&NetworkPolicyList{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*NetworkPolicyPeer).DeepCopyInto(out.(*NetworkPolicyPeer)) - return nil - }, InType: reflect.TypeOf(&NetworkPolicyPeer{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*NetworkPolicyPort).DeepCopyInto(out.(*NetworkPolicyPort)) - return nil - }, InType: reflect.TypeOf(&NetworkPolicyPort{})}, - conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { - in.(*NetworkPolicySpec).DeepCopyInto(out.(*NetworkPolicySpec)) - return nil - }, InType: reflect.TypeOf(&NetworkPolicySpec{})}, conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error { in.(*PodSecurityPolicy).DeepCopyInto(out.(*PodSecurityPolicy)) return nil @@ -1039,190 +1014,6 @@ func (in *IngressTLS) DeepCopy() *IngressTLS { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicy. -func (in *NetworkPolicy) DeepCopy() *NetworkPolicy { - if in == nil { - return nil - } - out := new(NetworkPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NetworkPolicy) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } else { - return nil - } -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicyIngressRule) DeepCopyInto(out *NetworkPolicyIngressRule) { - *out = *in - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]NetworkPolicyPort, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.From != nil { - in, out := &in.From, &out.From - *out = make([]NetworkPolicyPeer, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyIngressRule. -func (in *NetworkPolicyIngressRule) DeepCopy() *NetworkPolicyIngressRule { - if in == nil { - return nil - } - out := new(NetworkPolicyIngressRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicyList) DeepCopyInto(out *NetworkPolicyList) { - *out = *in - out.TypeMeta = in.TypeMeta - out.ListMeta = in.ListMeta - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]NetworkPolicy, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyList. -func (in *NetworkPolicyList) DeepCopy() *NetworkPolicyList { - if in == nil { - return nil - } - out := new(NetworkPolicyList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *NetworkPolicyList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } else { - return nil - } -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer) { - *out = *in - if in.PodSelector != nil { - in, out := &in.PodSelector, &out.PodSelector - if *in == nil { - *out = nil - } else { - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - } - if in.NamespaceSelector != nil { - in, out := &in.NamespaceSelector, &out.NamespaceSelector - if *in == nil { - *out = nil - } else { - *out = new(v1.LabelSelector) - (*in).DeepCopyInto(*out) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPeer. -func (in *NetworkPolicyPeer) DeepCopy() *NetworkPolicyPeer { - if in == nil { - return nil - } - out := new(NetworkPolicyPeer) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicyPort) DeepCopyInto(out *NetworkPolicyPort) { - *out = *in - if in.Protocol != nil { - in, out := &in.Protocol, &out.Protocol - if *in == nil { - *out = nil - } else { - *out = new(api.Protocol) - **out = **in - } - } - if in.Port != nil { - in, out := &in.Port, &out.Port - if *in == nil { - *out = nil - } else { - *out = new(intstr.IntOrString) - **out = **in - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPort. -func (in *NetworkPolicyPort) DeepCopy() *NetworkPolicyPort { - if in == nil { - return nil - } - out := new(NetworkPolicyPort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec) { - *out = *in - in.PodSelector.DeepCopyInto(&out.PodSelector) - if in.Ingress != nil { - in, out := &in.Ingress, &out.Ingress - *out = make([]NetworkPolicyIngressRule, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicySpec. -func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec { - if in == nil { - return nil - } - out := new(NetworkPolicySpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PodSecurityPolicy) DeepCopyInto(out *PodSecurityPolicy) { *out = *in diff --git a/pkg/apis/networking/v1/BUILD b/pkg/apis/networking/v1/BUILD index 5edf89f5e8..068600eb7b 100644 --- a/pkg/apis/networking/v1/BUILD +++ b/pkg/apis/networking/v1/BUILD @@ -8,7 +8,6 @@ load( go_library( name = "go_default_library", srcs = [ - "conversion.go", "defaults.go", "doc.go", "register.go", @@ -17,7 +16,6 @@ go_library( ], deps = [ "//pkg/api:go_default_library", - "//pkg/apis/extensions:go_default_library", "//pkg/apis/networking:go_default_library", "//vendor/k8s.io/api/core/v1:go_default_library", "//vendor/k8s.io/api/networking/v1:go_default_library", diff --git a/pkg/apis/networking/v1/conversion.go b/pkg/apis/networking/v1/conversion.go deleted file mode 100644 index 4d833f4139..0000000000 --- a/pkg/apis/networking/v1/conversion.go +++ /dev/null @@ -1,196 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/api/core/v1" - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/extensions" -) - -func addConversionFuncs(scheme *runtime.Scheme) error { - return scheme.AddConversionFuncs( - Convert_v1_NetworkPolicy_To_extensions_NetworkPolicy, - Convert_extensions_NetworkPolicy_To_v1_NetworkPolicy, - Convert_v1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule, - Convert_extensions_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule, - Convert_v1_NetworkPolicyList_To_extensions_NetworkPolicyList, - Convert_extensions_NetworkPolicyList_To_v1_NetworkPolicyList, - Convert_v1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer, - Convert_extensions_NetworkPolicyPeer_To_v1_NetworkPolicyPeer, - Convert_v1_NetworkPolicyPort_To_extensions_NetworkPolicyPort, - Convert_extensions_NetworkPolicyPort_To_v1_NetworkPolicyPort, - Convert_v1_NetworkPolicySpec_To_extensions_NetworkPolicySpec, - Convert_extensions_NetworkPolicySpec_To_v1_NetworkPolicySpec, - ) -} - -func Convert_v1_NetworkPolicy_To_extensions_NetworkPolicy(in *networkingv1.NetworkPolicy, out *extensions.NetworkPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - return Convert_v1_NetworkPolicySpec_To_extensions_NetworkPolicySpec(&in.Spec, &out.Spec, s) -} - -func Convert_extensions_NetworkPolicy_To_v1_NetworkPolicy(in *extensions.NetworkPolicy, out *networkingv1.NetworkPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - return Convert_extensions_NetworkPolicySpec_To_v1_NetworkPolicySpec(&in.Spec, &out.Spec, s) -} - -func Convert_v1_NetworkPolicySpec_To_extensions_NetworkPolicySpec(in *networkingv1.NetworkPolicySpec, out *extensions.NetworkPolicySpec, s conversion.Scope) error { - if err := s.Convert(&in.PodSelector, &out.PodSelector, 0); err != nil { - return err - } - out.Ingress = make([]extensions.NetworkPolicyIngressRule, len(in.Ingress)) - for i := range in.Ingress { - if err := Convert_v1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule(&in.Ingress[i], &out.Ingress[i], s); err != nil { - return err - } - } - return nil -} - -func Convert_extensions_NetworkPolicySpec_To_v1_NetworkPolicySpec(in *extensions.NetworkPolicySpec, out *networkingv1.NetworkPolicySpec, s conversion.Scope) error { - if err := s.Convert(&in.PodSelector, &out.PodSelector, 0); err != nil { - return err - } - out.Ingress = make([]networkingv1.NetworkPolicyIngressRule, len(in.Ingress)) - for i := range in.Ingress { - if err := Convert_extensions_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule(&in.Ingress[i], &out.Ingress[i], s); err != nil { - return err - } - } - return nil -} - -func Convert_v1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule(in *networkingv1.NetworkPolicyIngressRule, out *extensions.NetworkPolicyIngressRule, s conversion.Scope) error { - out.Ports = make([]extensions.NetworkPolicyPort, len(in.Ports)) - for i := range in.Ports { - if err := Convert_v1_NetworkPolicyPort_To_extensions_NetworkPolicyPort(&in.Ports[i], &out.Ports[i], s); err != nil { - return err - } - } - out.From = make([]extensions.NetworkPolicyPeer, len(in.From)) - for i := range in.From { - if err := Convert_v1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer(&in.From[i], &out.From[i], s); err != nil { - return err - } - } - return nil -} - -func Convert_extensions_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule(in *extensions.NetworkPolicyIngressRule, out *networkingv1.NetworkPolicyIngressRule, s conversion.Scope) error { - out.Ports = make([]networkingv1.NetworkPolicyPort, len(in.Ports)) - for i := range in.Ports { - if err := Convert_extensions_NetworkPolicyPort_To_v1_NetworkPolicyPort(&in.Ports[i], &out.Ports[i], s); err != nil { - return err - } - } - out.From = make([]networkingv1.NetworkPolicyPeer, len(in.From)) - for i := range in.From { - if err := Convert_extensions_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(&in.From[i], &out.From[i], s); err != nil { - return err - } - } - return nil -} - -func Convert_v1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer(in *networkingv1.NetworkPolicyPeer, out *extensions.NetworkPolicyPeer, s conversion.Scope) error { - if in.PodSelector != nil { - out.PodSelector = new(metav1.LabelSelector) - if err := s.Convert(in.PodSelector, out.PodSelector, 0); err != nil { - return err - } - } else { - out.PodSelector = nil - } - if in.NamespaceSelector != nil { - out.NamespaceSelector = new(metav1.LabelSelector) - if err := s.Convert(in.NamespaceSelector, out.NamespaceSelector, 0); err != nil { - return err - } - } else { - out.NamespaceSelector = nil - } - return nil -} - -func Convert_extensions_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(in *extensions.NetworkPolicyPeer, out *networkingv1.NetworkPolicyPeer, s conversion.Scope) error { - if in.PodSelector != nil { - out.PodSelector = new(metav1.LabelSelector) - if err := s.Convert(in.PodSelector, out.PodSelector, 0); err != nil { - return err - } - } else { - out.PodSelector = nil - } - if in.NamespaceSelector != nil { - out.NamespaceSelector = new(metav1.LabelSelector) - if err := s.Convert(in.NamespaceSelector, out.NamespaceSelector, 0); err != nil { - return err - } - } else { - out.NamespaceSelector = nil - } - return nil -} - -func Convert_v1_NetworkPolicyPort_To_extensions_NetworkPolicyPort(in *networkingv1.NetworkPolicyPort, out *extensions.NetworkPolicyPort, s conversion.Scope) error { - if in.Protocol != nil { - out.Protocol = new(api.Protocol) - *out.Protocol = api.Protocol(*in.Protocol) - } else { - out.Protocol = nil - } - out.Port = in.Port - return nil -} - -func Convert_extensions_NetworkPolicyPort_To_v1_NetworkPolicyPort(in *extensions.NetworkPolicyPort, out *networkingv1.NetworkPolicyPort, s conversion.Scope) error { - if in.Protocol != nil { - out.Protocol = new(v1.Protocol) - *out.Protocol = v1.Protocol(*in.Protocol) - } else { - out.Protocol = nil - } - out.Port = in.Port - return nil -} - -func Convert_v1_NetworkPolicyList_To_extensions_NetworkPolicyList(in *networkingv1.NetworkPolicyList, out *extensions.NetworkPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = make([]extensions.NetworkPolicy, len(in.Items)) - for i := range in.Items { - if err := Convert_v1_NetworkPolicy_To_extensions_NetworkPolicy(&in.Items[i], &out.Items[i], s); err != nil { - return err - } - } - return nil -} - -func Convert_extensions_NetworkPolicyList_To_v1_NetworkPolicyList(in *extensions.NetworkPolicyList, out *networkingv1.NetworkPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = make([]networkingv1.NetworkPolicy, len(in.Items)) - for i := range in.Items { - if err := Convert_extensions_NetworkPolicy_To_v1_NetworkPolicy(&in.Items[i], &out.Items[i], s); err != nil { - return err - } - } - return nil -} diff --git a/pkg/apis/networking/v1/doc.go b/pkg/apis/networking/v1/doc.go index ca997773e2..d069022f53 100644 --- a/pkg/apis/networking/v1/doc.go +++ b/pkg/apis/networking/v1/doc.go @@ -16,6 +16,7 @@ limitations under the License. // +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/networking // +k8s:conversion-gen-external-types=../../../../vendor/k8s.io/api/networking/v1 +// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/extensions // +k8s:defaulter-gen=TypeMeta // +k8s:defaulter-gen-input=../../../../vendor/k8s.io/api/networking/v1 // +groupName=networking.k8s.io diff --git a/pkg/apis/networking/v1/register.go b/pkg/apis/networking/v1/register.go index 7d205b95c1..35a60bd8df 100644 --- a/pkg/apis/networking/v1/register.go +++ b/pkg/apis/networking/v1/register.go @@ -41,5 +41,5 @@ func init() { // We only register manually written functions here. The registration of the // generated functions takes place in the generated files. The separation // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs, addConversionFuncs) + localSchemeBuilder.Register(addDefaultingFuncs) } diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/BUILD b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/BUILD index 4acadb0687..e6e9496be3 100644 --- a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/BUILD +++ b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/BUILD @@ -15,7 +15,6 @@ go_library( "extensions_client.go", "generated_expansion.go", "ingress.go", - "networkpolicy.go", "podsecuritypolicy.go", "replicaset.go", "scale.go", diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/extensions_client.go b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/extensions_client.go index 90a1ef975d..a89a837191 100644 --- a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/extensions_client.go +++ b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/extensions_client.go @@ -26,7 +26,6 @@ type ExtensionsInterface interface { DaemonSetsGetter DeploymentsGetter IngressesGetter - NetworkPoliciesGetter PodSecurityPoliciesGetter ReplicaSetsGetter ScalesGetter @@ -50,10 +49,6 @@ func (c *ExtensionsClient) Ingresses(namespace string) IngressInterface { return newIngresses(c, namespace) } -func (c *ExtensionsClient) NetworkPolicies(namespace string) NetworkPolicyInterface { - return newNetworkPolicies(c, namespace) -} - func (c *ExtensionsClient) PodSecurityPolicies() PodSecurityPolicyInterface { return newPodSecurityPolicies(c) } diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/BUILD b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/BUILD index 762bf89498..ab3d9294de 100644 --- a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/BUILD +++ b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/BUILD @@ -14,7 +14,6 @@ go_library( "fake_deployment_expansion.go", "fake_extensions_client.go", "fake_ingress.go", - "fake_networkpolicy.go", "fake_podsecuritypolicy.go", "fake_replicaset.go", "fake_scale.go", diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_extensions_client.go b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_extensions_client.go index 252399db4b..82ec8abfa2 100644 --- a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_extensions_client.go +++ b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_extensions_client.go @@ -38,10 +38,6 @@ func (c *FakeExtensions) Ingresses(namespace string) internalversion.IngressInte return &FakeIngresses{c, namespace} } -func (c *FakeExtensions) NetworkPolicies(namespace string) internalversion.NetworkPolicyInterface { - return &FakeNetworkPolicies{c, namespace} -} - func (c *FakeExtensions) PodSecurityPolicies() internalversion.PodSecurityPolicyInterface { return &FakePodSecurityPolicies{c} } diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_networkpolicy.go b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_networkpolicy.go deleted file mode 100644 index 2afa69d2ee..0000000000 --- a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_networkpolicy.go +++ /dev/null @@ -1,126 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fake - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" - extensions "k8s.io/kubernetes/pkg/apis/extensions" -) - -// FakeNetworkPolicies implements NetworkPolicyInterface -type FakeNetworkPolicies struct { - Fake *FakeExtensions - ns string -} - -var networkpoliciesResource = schema.GroupVersionResource{Group: "extensions", Version: "", Resource: "networkpolicies"} - -var networkpoliciesKind = schema.GroupVersionKind{Group: "extensions", Version: "", Kind: "NetworkPolicy"} - -// Get takes name of the networkPolicy, and returns the corresponding networkPolicy object, and an error if there is any. -func (c *FakeNetworkPolicies) Get(name string, options v1.GetOptions) (result *extensions.NetworkPolicy, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(networkpoliciesResource, c.ns, name), &extensions.NetworkPolicy{}) - - if obj == nil { - return nil, err - } - return obj.(*extensions.NetworkPolicy), err -} - -// List takes label and field selectors, and returns the list of NetworkPolicies that match those selectors. -func (c *FakeNetworkPolicies) List(opts v1.ListOptions) (result *extensions.NetworkPolicyList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(networkpoliciesResource, networkpoliciesKind, c.ns, opts), &extensions.NetworkPolicyList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &extensions.NetworkPolicyList{} - for _, item := range obj.(*extensions.NetworkPolicyList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested networkPolicies. -func (c *FakeNetworkPolicies) Watch(opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(networkpoliciesResource, c.ns, opts)) - -} - -// Create takes the representation of a networkPolicy and creates it. Returns the server's representation of the networkPolicy, and an error, if there is any. -func (c *FakeNetworkPolicies) Create(networkPolicy *extensions.NetworkPolicy) (result *extensions.NetworkPolicy, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(networkpoliciesResource, c.ns, networkPolicy), &extensions.NetworkPolicy{}) - - if obj == nil { - return nil, err - } - return obj.(*extensions.NetworkPolicy), err -} - -// Update takes the representation of a networkPolicy and updates it. Returns the server's representation of the networkPolicy, and an error, if there is any. -func (c *FakeNetworkPolicies) Update(networkPolicy *extensions.NetworkPolicy) (result *extensions.NetworkPolicy, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(networkpoliciesResource, c.ns, networkPolicy), &extensions.NetworkPolicy{}) - - if obj == nil { - return nil, err - } - return obj.(*extensions.NetworkPolicy), err -} - -// Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs. -func (c *FakeNetworkPolicies) Delete(name string, options *v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(networkpoliciesResource, c.ns, name), &extensions.NetworkPolicy{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeNetworkPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(networkpoliciesResource, c.ns, listOptions) - - _, err := c.Fake.Invokes(action, &extensions.NetworkPolicyList{}) - return err -} - -// Patch applies the patch and returns the patched networkPolicy. -func (c *FakeNetworkPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *extensions.NetworkPolicy, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(networkpoliciesResource, c.ns, name, data, subresources...), &extensions.NetworkPolicy{}) - - if obj == nil { - return nil, err - } - return obj.(*extensions.NetworkPolicy), err -} diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/generated_expansion.go b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/generated_expansion.go index 7081551e98..d59199eb50 100644 --- a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/generated_expansion.go +++ b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/generated_expansion.go @@ -20,8 +20,6 @@ type DaemonSetExpansion interface{} type IngressExpansion interface{} -type NetworkPolicyExpansion interface{} - type PodSecurityPolicyExpansion interface{} type ReplicaSetExpansion interface{} diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/networkpolicy.go b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/networkpolicy.go deleted file mode 100644 index 9d33cf6ef1..0000000000 --- a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/networkpolicy.go +++ /dev/null @@ -1,155 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package internalversion - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - rest "k8s.io/client-go/rest" - extensions "k8s.io/kubernetes/pkg/apis/extensions" - scheme "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/scheme" -) - -// NetworkPoliciesGetter has a method to return a NetworkPolicyInterface. -// A group's client should implement this interface. -type NetworkPoliciesGetter interface { - NetworkPolicies(namespace string) NetworkPolicyInterface -} - -// NetworkPolicyInterface has methods to work with NetworkPolicy resources. -type NetworkPolicyInterface interface { - Create(*extensions.NetworkPolicy) (*extensions.NetworkPolicy, error) - Update(*extensions.NetworkPolicy) (*extensions.NetworkPolicy, error) - Delete(name string, options *v1.DeleteOptions) error - DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error - Get(name string, options v1.GetOptions) (*extensions.NetworkPolicy, error) - List(opts v1.ListOptions) (*extensions.NetworkPolicyList, error) - Watch(opts v1.ListOptions) (watch.Interface, error) - Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *extensions.NetworkPolicy, err error) - NetworkPolicyExpansion -} - -// networkPolicies implements NetworkPolicyInterface -type networkPolicies struct { - client rest.Interface - ns string -} - -// newNetworkPolicies returns a NetworkPolicies -func newNetworkPolicies(c *ExtensionsClient, namespace string) *networkPolicies { - return &networkPolicies{ - client: c.RESTClient(), - ns: namespace, - } -} - -// Get takes name of the networkPolicy, and returns the corresponding networkPolicy object, and an error if there is any. -func (c *networkPolicies) Get(name string, options v1.GetOptions) (result *extensions.NetworkPolicy, err error) { - result = &extensions.NetworkPolicy{} - err = c.client.Get(). - Namespace(c.ns). - Resource("networkpolicies"). - Name(name). - VersionedParams(&options, scheme.ParameterCodec). - Do(). - Into(result) - return -} - -// List takes label and field selectors, and returns the list of NetworkPolicies that match those selectors. -func (c *networkPolicies) List(opts v1.ListOptions) (result *extensions.NetworkPolicyList, err error) { - result = &extensions.NetworkPolicyList{} - err = c.client.Get(). - Namespace(c.ns). - Resource("networkpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Do(). - Into(result) - return -} - -// Watch returns a watch.Interface that watches the requested networkPolicies. -func (c *networkPolicies) Watch(opts v1.ListOptions) (watch.Interface, error) { - opts.Watch = true - return c.client.Get(). - Namespace(c.ns). - Resource("networkpolicies"). - VersionedParams(&opts, scheme.ParameterCodec). - Watch() -} - -// Create takes the representation of a networkPolicy and creates it. Returns the server's representation of the networkPolicy, and an error, if there is any. -func (c *networkPolicies) Create(networkPolicy *extensions.NetworkPolicy) (result *extensions.NetworkPolicy, err error) { - result = &extensions.NetworkPolicy{} - err = c.client.Post(). - Namespace(c.ns). - Resource("networkpolicies"). - Body(networkPolicy). - Do(). - Into(result) - return -} - -// Update takes the representation of a networkPolicy and updates it. Returns the server's representation of the networkPolicy, and an error, if there is any. -func (c *networkPolicies) Update(networkPolicy *extensions.NetworkPolicy) (result *extensions.NetworkPolicy, err error) { - result = &extensions.NetworkPolicy{} - err = c.client.Put(). - Namespace(c.ns). - Resource("networkpolicies"). - Name(networkPolicy.Name). - Body(networkPolicy). - Do(). - Into(result) - return -} - -// Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs. -func (c *networkPolicies) Delete(name string, options *v1.DeleteOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("networkpolicies"). - Name(name). - Body(options). - Do(). - Error() -} - -// DeleteCollection deletes a collection of objects. -func (c *networkPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - return c.client.Delete(). - Namespace(c.ns). - Resource("networkpolicies"). - VersionedParams(&listOptions, scheme.ParameterCodec). - Body(options). - Do(). - Error() -} - -// Patch applies the patch and returns the patched networkPolicy. -func (c *networkPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *extensions.NetworkPolicy, err error) { - result = &extensions.NetworkPolicy{} - err = c.client.Patch(pt). - Namespace(c.ns). - Resource("networkpolicies"). - SubResource(subresources...). - Name(name). - Body(data). - Do(). - Into(result) - return -} diff --git a/pkg/client/informers/informers_generated/internalversion/extensions/internalversion/BUILD b/pkg/client/informers/informers_generated/internalversion/extensions/internalversion/BUILD index ddf7cbf777..58793ed066 100644 --- a/pkg/client/informers/informers_generated/internalversion/extensions/internalversion/BUILD +++ b/pkg/client/informers/informers_generated/internalversion/extensions/internalversion/BUILD @@ -12,7 +12,6 @@ go_library( "deployment.go", "ingress.go", "interface.go", - "networkpolicy.go", "podsecuritypolicy.go", "replicaset.go", "thirdpartyresource.go", diff --git a/pkg/client/informers/informers_generated/internalversion/extensions/internalversion/interface.go b/pkg/client/informers/informers_generated/internalversion/extensions/internalversion/interface.go index 6143ea3e17..04e131c807 100644 --- a/pkg/client/informers/informers_generated/internalversion/extensions/internalversion/interface.go +++ b/pkg/client/informers/informers_generated/internalversion/extensions/internalversion/interface.go @@ -30,8 +30,6 @@ type Interface interface { Deployments() DeploymentInformer // Ingresses returns a IngressInformer. Ingresses() IngressInformer - // NetworkPolicies returns a NetworkPolicyInformer. - NetworkPolicies() NetworkPolicyInformer // PodSecurityPolicies returns a PodSecurityPolicyInformer. PodSecurityPolicies() PodSecurityPolicyInformer // ReplicaSets returns a ReplicaSetInformer. @@ -64,11 +62,6 @@ func (v *version) Ingresses() IngressInformer { return &ingressInformer{factory: v.SharedInformerFactory} } -// NetworkPolicies returns a NetworkPolicyInformer. -func (v *version) NetworkPolicies() NetworkPolicyInformer { - return &networkPolicyInformer{factory: v.SharedInformerFactory} -} - // PodSecurityPolicies returns a PodSecurityPolicyInformer. func (v *version) PodSecurityPolicies() PodSecurityPolicyInformer { return &podSecurityPolicyInformer{factory: v.SharedInformerFactory} diff --git a/pkg/client/informers/informers_generated/internalversion/extensions/internalversion/networkpolicy.go b/pkg/client/informers/informers_generated/internalversion/extensions/internalversion/networkpolicy.go deleted file mode 100644 index 6850882fb5..0000000000 --- a/pkg/client/informers/informers_generated/internalversion/extensions/internalversion/networkpolicy.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// This file was automatically generated by informer-gen - -package internalversion - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" - extensions "k8s.io/kubernetes/pkg/apis/extensions" - internalclientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset" - internalinterfaces "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/internalinterfaces" - internalversion "k8s.io/kubernetes/pkg/client/listers/extensions/internalversion" - time "time" -) - -// NetworkPolicyInformer provides access to a shared informer and lister for -// NetworkPolicies. -type NetworkPolicyInformer interface { - Informer() cache.SharedIndexInformer - Lister() internalversion.NetworkPolicyLister -} - -type networkPolicyInformer struct { - factory internalinterfaces.SharedInformerFactory -} - -// NewNetworkPolicyInformer constructs a new informer for NetworkPolicy type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewNetworkPolicyInformer(client internalclientset.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - return client.Extensions().NetworkPolicies(namespace).List(options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - return client.Extensions().NetworkPolicies(namespace).Watch(options) - }, - }, - &extensions.NetworkPolicy{}, - resyncPeriod, - indexers, - ) -} - -func defaultNetworkPolicyInformer(client internalclientset.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewNetworkPolicyInformer(client, v1.NamespaceAll, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}) -} - -func (f *networkPolicyInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&extensions.NetworkPolicy{}, defaultNetworkPolicyInformer) -} - -func (f *networkPolicyInformer) Lister() internalversion.NetworkPolicyLister { - return internalversion.NewNetworkPolicyLister(f.Informer().GetIndexer()) -} diff --git a/pkg/client/informers/informers_generated/internalversion/generic.go b/pkg/client/informers/informers_generated/internalversion/generic.go index d88ffd74a6..8fa88584b7 100644 --- a/pkg/client/informers/informers_generated/internalversion/generic.go +++ b/pkg/client/informers/informers_generated/internalversion/generic.go @@ -130,8 +130,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().InternalVersion().Deployments().Informer()}, nil case extensions.SchemeGroupVersion.WithResource("ingresses"): return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().InternalVersion().Ingresses().Informer()}, nil - case extensions.SchemeGroupVersion.WithResource("networkpolicies"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().InternalVersion().NetworkPolicies().Informer()}, nil case extensions.SchemeGroupVersion.WithResource("podsecuritypolicies"): return &genericInformer{resource: resource.GroupResource(), informer: f.Extensions().InternalVersion().PodSecurityPolicies().Informer()}, nil case extensions.SchemeGroupVersion.WithResource("replicasets"): diff --git a/pkg/client/listers/extensions/internalversion/BUILD b/pkg/client/listers/extensions/internalversion/BUILD index acec6253e7..6178d48767 100644 --- a/pkg/client/listers/extensions/internalversion/BUILD +++ b/pkg/client/listers/extensions/internalversion/BUILD @@ -15,7 +15,6 @@ go_library( "deployment_expansion.go", "expansion_generated.go", "ingress.go", - "networkpolicy.go", "podsecuritypolicy.go", "replicaset.go", "replicaset_expansion.go", diff --git a/pkg/client/listers/extensions/internalversion/expansion_generated.go b/pkg/client/listers/extensions/internalversion/expansion_generated.go index 4ba769f780..1faa9b7494 100644 --- a/pkg/client/listers/extensions/internalversion/expansion_generated.go +++ b/pkg/client/listers/extensions/internalversion/expansion_generated.go @@ -26,14 +26,6 @@ type IngressListerExpansion interface{} // IngressNamespaceLister. type IngressNamespaceListerExpansion interface{} -// NetworkPolicyListerExpansion allows custom methods to be added to -// NetworkPolicyLister. -type NetworkPolicyListerExpansion interface{} - -// NetworkPolicyNamespaceListerExpansion allows custom methods to be added to -// NetworkPolicyNamespaceLister. -type NetworkPolicyNamespaceListerExpansion interface{} - // PodSecurityPolicyListerExpansion allows custom methods to be added to // PodSecurityPolicyLister. type PodSecurityPolicyListerExpansion interface{} diff --git a/pkg/client/listers/extensions/internalversion/networkpolicy.go b/pkg/client/listers/extensions/internalversion/networkpolicy.go deleted file mode 100644 index 207caa31e8..0000000000 --- a/pkg/client/listers/extensions/internalversion/networkpolicy.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// This file was automatically generated by lister-gen - -package internalversion - -import ( - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/tools/cache" - extensions "k8s.io/kubernetes/pkg/apis/extensions" -) - -// NetworkPolicyLister helps list NetworkPolicies. -type NetworkPolicyLister interface { - // List lists all NetworkPolicies in the indexer. - List(selector labels.Selector) (ret []*extensions.NetworkPolicy, err error) - // NetworkPolicies returns an object that can list and get NetworkPolicies. - NetworkPolicies(namespace string) NetworkPolicyNamespaceLister - NetworkPolicyListerExpansion -} - -// networkPolicyLister implements the NetworkPolicyLister interface. -type networkPolicyLister struct { - indexer cache.Indexer -} - -// NewNetworkPolicyLister returns a new NetworkPolicyLister. -func NewNetworkPolicyLister(indexer cache.Indexer) NetworkPolicyLister { - return &networkPolicyLister{indexer: indexer} -} - -// List lists all NetworkPolicies in the indexer. -func (s *networkPolicyLister) List(selector labels.Selector) (ret []*extensions.NetworkPolicy, err error) { - err = cache.ListAll(s.indexer, selector, func(m interface{}) { - ret = append(ret, m.(*extensions.NetworkPolicy)) - }) - return ret, err -} - -// NetworkPolicies returns an object that can list and get NetworkPolicies. -func (s *networkPolicyLister) NetworkPolicies(namespace string) NetworkPolicyNamespaceLister { - return networkPolicyNamespaceLister{indexer: s.indexer, namespace: namespace} -} - -// NetworkPolicyNamespaceLister helps list and get NetworkPolicies. -type NetworkPolicyNamespaceLister interface { - // List lists all NetworkPolicies in the indexer for a given namespace. - List(selector labels.Selector) (ret []*extensions.NetworkPolicy, err error) - // Get retrieves the NetworkPolicy from the indexer for a given namespace and name. - Get(name string) (*extensions.NetworkPolicy, error) - NetworkPolicyNamespaceListerExpansion -} - -// networkPolicyNamespaceLister implements the NetworkPolicyNamespaceLister -// interface. -type networkPolicyNamespaceLister struct { - indexer cache.Indexer - namespace string -} - -// List lists all NetworkPolicies in the indexer for a given namespace. -func (s networkPolicyNamespaceLister) List(selector labels.Selector) (ret []*extensions.NetworkPolicy, err error) { - err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { - ret = append(ret, m.(*extensions.NetworkPolicy)) - }) - return ret, err -} - -// Get retrieves the NetworkPolicy from the indexer for a given namespace and name. -func (s networkPolicyNamespaceLister) Get(name string) (*extensions.NetworkPolicy, error) { - obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) - if err != nil { - return nil, err - } - if !exists { - return nil, errors.NewNotFound(extensions.Resource("networkpolicy"), name) - } - return obj.(*extensions.NetworkPolicy), nil -} diff --git a/pkg/printers/internalversion/describe.go b/pkg/printers/internalversion/describe.go index d8ef33de39..00e732dd4a 100644 --- a/pkg/printers/internalversion/describe.go +++ b/pkg/printers/internalversion/describe.go @@ -134,7 +134,7 @@ func describerMap(c clientset.Interface) map[schema.GroupKind]printers.Describer api.Kind("PriorityClass"): &PriorityClassDescriber{c}, extensions.Kind("ReplicaSet"): &ReplicaSetDescriber{c}, - extensions.Kind("NetworkPolicy"): &ExtensionsNetworkPolicyDescriber{c}, + extensions.Kind("NetworkPolicy"): &NetworkPolicyDescriber{c}, extensions.Kind("PodSecurityPolicy"): &PodSecurityPolicyDescriber{c}, autoscaling.Kind("HorizontalPodAutoscaler"): &HorizontalPodAutoscalerDescriber{c}, extensions.Kind("DaemonSet"): &DaemonSetDescriber{c}, @@ -3019,34 +3019,6 @@ func describeCluster(cluster *federation.Cluster) (string, error) { }) } -// ExtensionsNetworkPolicyDescriber generates information about an extensions.NetworkPolicy -type ExtensionsNetworkPolicyDescriber struct { - clientset.Interface -} - -func (d *ExtensionsNetworkPolicyDescriber) Describe(namespace, name string, describerSettings printers.DescriberSettings) (string, error) { - c := d.Extensions().NetworkPolicies(namespace) - - networkPolicy, err := c.Get(name, metav1.GetOptions{}) - if err != nil { - return "", err - } - - return describeExtensionsNetworkPolicy(networkPolicy) -} - -func describeExtensionsNetworkPolicy(networkPolicy *extensions.NetworkPolicy) (string, error) { - return tabbedString(func(out io.Writer) error { - w := NewPrefixWriter(out) - w.Write(LEVEL_0, "Name:\t%s\n", networkPolicy.Name) - w.Write(LEVEL_0, "Namespace:\t%s\n", networkPolicy.Namespace) - printLabelsMultiline(w, "Labels", networkPolicy.Labels) - printAnnotationsMultiline(w, "Annotations", networkPolicy.Annotations) - - return nil - }) -} - // NetworkPolicyDescriber generates information about a networking.NetworkPolicy type NetworkPolicyDescriber struct { clientset.Interface diff --git a/pkg/printers/internalversion/printers.go b/pkg/printers/internalversion/printers.go index b038658138..3da77c4583 100644 --- a/pkg/printers/internalversion/printers.go +++ b/pkg/printers/internalversion/printers.go @@ -364,8 +364,6 @@ func AddHandlers(h printers.PrintHandler) { {Name: "Pod-Selector", Type: "string", Description: extensionsv1beta1.NetworkPolicySpec{}.SwaggerDoc()["podSelector"]}, {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, } - h.TableHandler(networkPolicyColumnDefinitioins, printExtensionsNetworkPolicy) - h.TableHandler(networkPolicyColumnDefinitioins, printExtensionsNetworkPolicyList) h.TableHandler(networkPolicyColumnDefinitioins, printNetworkPolicy) h.TableHandler(networkPolicyColumnDefinitioins, printNetworkPolicyList) @@ -1661,26 +1659,6 @@ func printPodSecurityPolicyList(list *extensions.PodSecurityPolicyList, options return rows, nil } -func printExtensionsNetworkPolicy(obj *extensions.NetworkPolicy, options printers.PrintOptions) ([]metav1alpha1.TableRow, error) { - row := metav1alpha1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, metav1.FormatLabelSelector(&obj.Spec.PodSelector), translateTimestamp(obj.CreationTimestamp)) - return []metav1alpha1.TableRow{row}, nil -} - -func printExtensionsNetworkPolicyList(list *extensions.NetworkPolicyList, options printers.PrintOptions) ([]metav1alpha1.TableRow, error) { - rows := make([]metav1alpha1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printExtensionsNetworkPolicy(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - func printNetworkPolicy(obj *networking.NetworkPolicy, options printers.PrintOptions) ([]metav1alpha1.TableRow, error) { row := metav1alpha1.TableRow{ Object: runtime.RawExtension{Object: obj}, diff --git a/pkg/registry/BUILD b/pkg/registry/BUILD index c2ed8b6e87..d73bca0a28 100644 --- a/pkg/registry/BUILD +++ b/pkg/registry/BUILD @@ -64,7 +64,6 @@ filegroup( "//pkg/registry/extensions/daemonset:all-srcs", "//pkg/registry/extensions/deployment:all-srcs", "//pkg/registry/extensions/ingress:all-srcs", - "//pkg/registry/extensions/networkpolicy:all-srcs", "//pkg/registry/extensions/podsecuritypolicy:all-srcs", "//pkg/registry/extensions/replicaset:all-srcs", "//pkg/registry/extensions/rest:all-srcs", diff --git a/pkg/registry/extensions/networkpolicy/BUILD b/pkg/registry/extensions/networkpolicy/BUILD deleted file mode 100644 index b4938c0274..0000000000 --- a/pkg/registry/extensions/networkpolicy/BUILD +++ /dev/null @@ -1,52 +0,0 @@ -package(default_visibility = ["//visibility:public"]) - -load( - "@io_bazel_rules_go//go:def.bzl", - "go_library", - "go_test", -) - -go_library( - name = "go_default_library", - srcs = [ - "doc.go", - "strategy.go", - ], - deps = [ - "//pkg/api:go_default_library", - "//pkg/apis/extensions:go_default_library", - "//pkg/apis/extensions/validation:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/api/equality:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library", - "//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library", - "//vendor/k8s.io/apiserver/pkg/storage/names:go_default_library", - ], -) - -go_test( - name = "go_default_test", - srcs = ["strategy_test.go"], - library = ":go_default_library", - deps = [ - "//pkg/apis/extensions:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", - "//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library", - ], -) - -filegroup( - name = "package-srcs", - srcs = glob(["**"]), - tags = ["automanaged"], - visibility = ["//visibility:private"], -) - -filegroup( - name = "all-srcs", - srcs = [ - ":package-srcs", - "//pkg/registry/extensions/networkpolicy/storage:all-srcs", - ], - tags = ["automanaged"], -) diff --git a/pkg/registry/extensions/networkpolicy/doc.go b/pkg/registry/extensions/networkpolicy/doc.go deleted file mode 100644 index fb5ea65fd0..0000000000 --- a/pkg/registry/extensions/networkpolicy/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package networkpolicy // import "k8s.io/kubernetes/pkg/registry/extensions/networkpolicy" diff --git a/pkg/registry/extensions/networkpolicy/storage/BUILD b/pkg/registry/extensions/networkpolicy/storage/BUILD deleted file mode 100644 index 17f20ad948..0000000000 --- a/pkg/registry/extensions/networkpolicy/storage/BUILD +++ /dev/null @@ -1,52 +0,0 @@ -package(default_visibility = ["//visibility:public"]) - -load( - "@io_bazel_rules_go//go:def.bzl", - "go_library", - "go_test", -) - -go_test( - name = "go_default_test", - srcs = ["storage_test.go"], - library = ":go_default_library", - deps = [ - "//pkg/apis/extensions:go_default_library", - "//pkg/registry/registrytest:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/fields:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/labels:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/util/intstr:go_default_library", - "//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library", - "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library", - "//vendor/k8s.io/apiserver/pkg/storage/etcd/testing:go_default_library", - ], -) - -go_library( - name = "go_default_library", - srcs = ["storage.go"], - deps = [ - "//pkg/api:go_default_library", - "//pkg/apis/extensions:go_default_library", - "//pkg/registry/cachesize:go_default_library", - "//pkg/registry/extensions/networkpolicy:go_default_library", - "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", - "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library", - "//vendor/k8s.io/apiserver/pkg/registry/generic/registry:go_default_library", - ], -) - -filegroup( - name = "package-srcs", - srcs = glob(["**"]), - tags = ["automanaged"], - visibility = ["//visibility:private"], -) - -filegroup( - name = "all-srcs", - srcs = [":package-srcs"], - tags = ["automanaged"], -) diff --git a/pkg/registry/extensions/networkpolicy/storage/storage.go b/pkg/registry/extensions/networkpolicy/storage/storage.go deleted file mode 100644 index cb69d55ee4..0000000000 --- a/pkg/registry/extensions/networkpolicy/storage/storage.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/kubernetes/pkg/api" - extensionsapi "k8s.io/kubernetes/pkg/apis/extensions" - "k8s.io/kubernetes/pkg/registry/cachesize" - "k8s.io/kubernetes/pkg/registry/extensions/networkpolicy" -) - -// rest implements a RESTStorage for network policies -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against network policies. -func NewREST(optsGetter generic.RESTOptionsGetter) *REST { - store := &genericregistry.Store{ - Copier: api.Scheme, - NewFunc: func() runtime.Object { return &extensionsapi.NetworkPolicy{} }, - NewListFunc: func() runtime.Object { return &extensionsapi.NetworkPolicyList{} }, - DefaultQualifiedResource: extensionsapi.Resource("networkpolicies"), - WatchCacheSize: cachesize.GetWatchCacheSizeByResource("networkpolicies"), - - CreateStrategy: networkpolicy.Strategy, - UpdateStrategy: networkpolicy.Strategy, - DeleteStrategy: networkpolicy.Strategy, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - panic(err) // TODO: Propagate error up - } - return &REST{store} -} diff --git a/pkg/registry/extensions/networkpolicy/storage/storage_test.go b/pkg/registry/extensions/networkpolicy/storage/storage_test.go deleted file mode 100644 index 2850ea2014..0000000000 --- a/pkg/registry/extensions/networkpolicy/storage/storage_test.go +++ /dev/null @@ -1,185 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "testing" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/intstr" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - etcdtesting "k8s.io/apiserver/pkg/storage/etcd/testing" - "k8s.io/kubernetes/pkg/apis/extensions" - "k8s.io/kubernetes/pkg/registry/registrytest" -) - -func newStorage(t *testing.T) (*REST, *etcdtesting.EtcdTestServer) { - etcdStorage, server := registrytest.NewEtcdStorage(t, "extensions") - restOptions := generic.RESTOptions{ - StorageConfig: etcdStorage, - Decorator: generic.UndecoratedStorage, - DeleteCollectionWorkers: 1, - ResourcePrefix: "networkpolicies", - } - return NewREST(restOptions), server -} - -// createNetworkPolicy is a helper function that returns a NetworkPolicy with the updated resource version. -func createNetworkPolicy(storage *REST, np extensions.NetworkPolicy, t *testing.T) (extensions.NetworkPolicy, error) { - ctx := genericapirequest.WithNamespace(genericapirequest.NewContext(), np.Namespace) - obj, err := storage.Create(ctx, &np, false) - if err != nil { - t.Errorf("Failed to create NetworkPolicy, %v", err) - } - newNP := obj.(*extensions.NetworkPolicy) - return *newNP, nil -} - -func validNewNetworkPolicy() *extensions.NetworkPolicy { - port := intstr.FromInt(80) - return &extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{ - Name: "foo", - Namespace: metav1.NamespaceDefault, - Labels: map[string]string{"a": "b"}, - }, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{MatchLabels: map[string]string{"a": "b"}}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"c": "d"}}, - }, - }, - Ports: []extensions.NetworkPolicyPort{ - { - Port: &port, - }, - }, - }, - }, - }, - } -} - -var validNetworkPolicy = *validNewNetworkPolicy() - -func TestCreate(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - np := validNewNetworkPolicy() - np.ObjectMeta = metav1.ObjectMeta{} - - invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"} - test.TestCreate( - // valid - np, - // invalid (invalid selector) - &extensions.NetworkPolicy{ - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{MatchLabels: invalidSelector}, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - ) -} - -func TestUpdate(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - test.TestUpdate( - // valid - validNewNetworkPolicy(), - // valid updateFunc - func(obj runtime.Object) runtime.Object { - object := obj.(*extensions.NetworkPolicy) - return object - }, - // invalid updateFunc - func(obj runtime.Object) runtime.Object { - object := obj.(*extensions.NetworkPolicy) - object.Name = "" - return object - }, - func(obj runtime.Object) runtime.Object { - object := obj.(*extensions.NetworkPolicy) - object.Spec.PodSelector = metav1.LabelSelector{MatchLabels: map[string]string{}} - return object - }, - ) -} - -func TestDelete(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - test.TestDelete(validNewNetworkPolicy()) -} - -func TestGet(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - test.TestGet(validNewNetworkPolicy()) -} - -func TestList(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - test.TestList(validNewNetworkPolicy()) -} - -func TestWatch(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - test.TestWatch( - validNewNetworkPolicy(), - // matching labels - []labels.Set{ - {"a": "b"}, - }, - // not matching labels - []labels.Set{ - {"a": "c"}, - {"foo": "bar"}, - }, - // matching fields - []fields.Set{ - {"metadata.name": "foo"}, - }, - // not matchin fields - []fields.Set{ - {"metadata.name": "bar"}, - {"name": "foo"}, - }, - ) -} diff --git a/pkg/registry/extensions/networkpolicy/strategy.go b/pkg/registry/extensions/networkpolicy/strategy.go deleted file mode 100644 index 1c1ea71377..0000000000 --- a/pkg/registry/extensions/networkpolicy/strategy.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package networkpolicy - -import ( - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/extensions" - "k8s.io/kubernetes/pkg/apis/extensions/validation" -) - -// networkPolicyStrategy implements verification logic for NetworkPolicys. -type networkPolicyStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating NetworkPolicy objects. -var Strategy = networkPolicyStrategy{api.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns true because all NetworkPolicys need to be within a namespace. -func (networkPolicyStrategy) NamespaceScoped() bool { - return true -} - -// PrepareForCreate clears the status of an NetworkPolicy before creation. -func (networkPolicyStrategy) PrepareForCreate(ctx genericapirequest.Context, obj runtime.Object) { - networkPolicy := obj.(*extensions.NetworkPolicy) - networkPolicy.Generation = 1 -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (networkPolicyStrategy) PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime.Object) { - newNetworkPolicy := obj.(*extensions.NetworkPolicy) - oldNetworkPolicy := old.(*extensions.NetworkPolicy) - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. - // See metav1.ObjectMeta description for more information on Generation. - if !apiequality.Semantic.DeepEqual(oldNetworkPolicy.Spec, newNetworkPolicy.Spec) { - newNetworkPolicy.Generation = oldNetworkPolicy.Generation + 1 - } -} - -// Validate validates a new NetworkPolicy. -func (networkPolicyStrategy) Validate(ctx genericapirequest.Context, obj runtime.Object) field.ErrorList { - networkPolicy := obj.(*extensions.NetworkPolicy) - return validation.ValidateNetworkPolicy(networkPolicy) -} - -// Canonicalize normalizes the object after validation. -func (networkPolicyStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for NetworkPolicy; this means you may not create one with a PUT request. -func (networkPolicyStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (networkPolicyStrategy) ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList { - validationErrorList := validation.ValidateNetworkPolicy(obj.(*extensions.NetworkPolicy)) - updateErrorList := validation.ValidateNetworkPolicyUpdate(obj.(*extensions.NetworkPolicy), old.(*extensions.NetworkPolicy)) - return append(validationErrorList, updateErrorList...) -} - -// AllowUnconditionalUpdate is the default update policy for NetworkPolicy objects. -func (networkPolicyStrategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/pkg/registry/extensions/networkpolicy/strategy_test.go b/pkg/registry/extensions/networkpolicy/strategy_test.go deleted file mode 100644 index b609acb7e2..0000000000 --- a/pkg/registry/extensions/networkpolicy/strategy_test.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package networkpolicy - -import ( - "testing" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/kubernetes/pkg/apis/extensions" -) - -func TestNetworkPolicyStrategy(t *testing.T) { - ctx := genericapirequest.NewDefaultContext() - if !Strategy.NamespaceScoped() { - t.Errorf("NetworkPolicy must be namespace scoped") - } - if Strategy.AllowCreateOnUpdate() { - t.Errorf("NetworkPolicy should not allow create on update") - } - - validMatchLabels := map[string]string{"a": "b"} - np := &extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{MatchLabels: validMatchLabels}, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - } - - Strategy.PrepareForCreate(ctx, np) - errs := Strategy.Validate(ctx, np) - if len(errs) != 0 { - t.Errorf("Unexpected error validating %v", errs) - } - - invalidNp := &extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "bar", ResourceVersion: "4"}, - } - Strategy.PrepareForUpdate(ctx, invalidNp, np) - errs = Strategy.ValidateUpdate(ctx, invalidNp, np) - if len(errs) == 0 { - t.Errorf("Expected a validation error") - } - if invalidNp.ResourceVersion != "4" { - t.Errorf("Incoming resource version on update should not be mutated") - } -} diff --git a/pkg/registry/extensions/rest/BUILD b/pkg/registry/extensions/rest/BUILD index 1b4193ccb5..cbb04d444a 100644 --- a/pkg/registry/extensions/rest/BUILD +++ b/pkg/registry/extensions/rest/BUILD @@ -15,9 +15,9 @@ go_library( "//pkg/registry/extensions/daemonset/storage:go_default_library", "//pkg/registry/extensions/deployment/storage:go_default_library", "//pkg/registry/extensions/ingress/storage:go_default_library", - "//pkg/registry/extensions/networkpolicy/storage:go_default_library", "//pkg/registry/extensions/podsecuritypolicy/storage:go_default_library", "//pkg/registry/extensions/replicaset/storage:go_default_library", + "//pkg/registry/networking/networkpolicy/storage:go_default_library", "//vendor/k8s.io/api/extensions/v1beta1:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library", diff --git a/pkg/registry/extensions/rest/storage_extensions.go b/pkg/registry/extensions/rest/storage_extensions.go index 674b2aab79..57e85b3a6f 100644 --- a/pkg/registry/extensions/rest/storage_extensions.go +++ b/pkg/registry/extensions/rest/storage_extensions.go @@ -28,9 +28,9 @@ import ( daemonstore "k8s.io/kubernetes/pkg/registry/extensions/daemonset/storage" deploymentstore "k8s.io/kubernetes/pkg/registry/extensions/deployment/storage" ingressstore "k8s.io/kubernetes/pkg/registry/extensions/ingress/storage" - networkpolicystore "k8s.io/kubernetes/pkg/registry/extensions/networkpolicy/storage" pspstore "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage" replicasetstore "k8s.io/kubernetes/pkg/registry/extensions/replicaset/storage" + networkpolicystore "k8s.io/kubernetes/pkg/registry/networking/networkpolicy/storage" ) type RESTStorageProvider struct { diff --git a/test/test_owners.csv b/test/test_owners.csv index d260e06fb8..23a51ca21d 100644 --- a/test/test_owners.csv +++ b/test/test_owners.csv @@ -816,8 +816,6 @@ k8s.io/kubernetes/pkg/registry/extensions/deployment,dchen1107,1, k8s.io/kubernetes/pkg/registry/extensions/deployment/storage,timothysc,1, k8s.io/kubernetes/pkg/registry/extensions/ingress,apelisse,1, k8s.io/kubernetes/pkg/registry/extensions/ingress/storage,luxas,1, -k8s.io/kubernetes/pkg/registry/extensions/networkpolicy,deads2k,1, -k8s.io/kubernetes/pkg/registry/extensions/networkpolicy/storage,lavalamp,1, k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage,dchen1107,1, k8s.io/kubernetes/pkg/registry/extensions/replicaset,rrati,0, k8s.io/kubernetes/pkg/registry/extensions/replicaset/storage,wojtek-t,1,