Skip to content

Remove external kubernetes proxy mode #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
sttts wants to merge 21 commits into from
Closed

Remove external kubernetes proxy mode #18

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
3765bec
api: install origin api groups under /apis
mfojtik Feb 22, 2017
a3d93a1
api: announce all api groups in latest Versions
mfojtik Feb 22, 2017
f2df52a
api: register origin types into API groups
mfojtik Feb 22, 2017
af9f48b
api: register storage for api groups
mfojtik Feb 22, 2017
ffa37a6
api: make sure we check all gvk for requiring the namespace
mfojtik Feb 22, 2017
5665475
bootstrap: update policy to include both legacy and new api group
mfojtik Feb 22, 2017
47440c1
tests: fix tests to support api groups
mfojtik Feb 22, 2017
1936573
allow various functions to work with both legacy and api group
mfojtik Feb 22, 2017
5b5d1a5
fix authorization informers to get proper resource
mfojtik Feb 22, 2017
6f0c380
fix sample project template to use proper scheme
mfojtik Feb 22, 2017
6226eaa
AddFieldLabelConversionFunc for network api group
mfojtik Feb 22, 2017
dd1398c
FIXME: CrossVersionObjectReference should really be accepting Group
mfojtik Feb 22, 2017
57c7667
FIXME: nasty stuff around createNamespacedProcessedTemplateV1
mfojtik Feb 22, 2017
edbd03b
update swagger
mfojtik Feb 22, 2017
a90c2cd
cli: fix describer to recognize core group resources
mfojtik Feb 22, 2017
b1612d5
api: add groups to storage options
mfojtik Feb 23, 2017
026bf50
integration: sort the users and groups in authorization test
mfojtik Feb 23, 2017
88c3d0a
integration: disable clientset test until we fix the client-gen to de…
mfojtik Feb 23, 2017
9a01449
quota: use LegacyKind() for InternalGroupKind (this should allow for …
mfojtik Feb 23, 2017
4ce3e9b
integration: add legacy resources to non-reading resource list
mfojtik Feb 23, 2017
aaf9308
Remove external kubernetes proxy mode
sttts Feb 27, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27,978 changes: 23,738 additions & 4,240 deletions api/swagger-spec/openshift-openapi-spec.json
View file
Open in desktop

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions pkg/api/graph/test/overlapping-hpas.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ items:
scaleRef:
kind: DeploymentConfig
name: frontend
apiVersion: v1
apiVersion: deploy.openshift.io/v1
subresource: scale
minReplicas: 1
maxReplicas: 10
Expand All @@ -23,7 +23,7 @@ items:
scaleRef:
kind: DeploymentConfig
name: frontend
apiVersion: v1
apiVersion: deploy.openshift.io/v1
subresource: scale
minReplicas: 1
maxReplicas: 10
Expand All @@ -37,7 +37,7 @@ items:
scaleRef:
kind: DeploymentConfig
name: frontend
apiVersion: v1
apiVersion: deploy.openshift.io/v1
subresource: scale
minReplicas: 1
maxReplicas: 10
Expand All @@ -51,7 +51,7 @@ items:
scaleRef:
kind: DeploymentConfig
name: someotherdc
apiVersion: v1
apiVersion: deploy.openshift.io/v1
subresource: scale
minReplicas: 1
maxReplicas: 10
Expand All @@ -71,7 +71,7 @@ items:
maxReplicas: 10
cpuUtilization:
targetPercentage: 80
- apiVersion: v1
- apiVersion: deploy.openshift.io/v1
kind: DeploymentConfig
metadata:
creationTimestamp: null
Expand Down Expand Up @@ -137,4 +137,4 @@ items:
dnsPolicy: ClusterFirst
restartPolicy: Always
status:
replicas: 0
replicas: 0
5 changes: 3 additions & 2 deletions pkg/api/kubegraph/edge_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,8 +179,9 @@ func TestHPADCEdges(t *testing.T) {
hpa.Name = "test-hpa"
hpa.Spec = autoscaling.HorizontalPodAutoscalerSpec{
ScaleTargetRef: autoscaling.CrossVersionObjectReference{
Name: "test-dc",
Kind: "DeploymentConfig",
Name: "test-dc",
Kind: "DeploymentConfig",
APIVersion: "deploy.openshift.io/v1",
},
}

Expand Down
15 changes: 14 additions & 1 deletion pkg/api/latest/latest.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,20 @@ var OldestVersion = unversioned.GroupVersion{Group: "", Version: "v1"}
// may be assumed to be most preferred to least preferred, and clients may
// choose to prefer the earlier items in the list over the latter items when presented
// with a set of versions to choose.
var Versions = []unversioned.GroupVersion{{Group: "", Version: "v1"}}
var Versions = []unversioned.GroupVersion{
{Group: "authorization.openshift.io", Version: "v1"},
{Group: "build.openshift.io", Version: "v1"},
{Group: "deploy.openshift.io", Version: "v1"},
{Group: "template.openshift.io", Version: "v1"},
{Group: "image.openshift.io", Version: "v1"},
{Group: "project.openshift.io", Version: "v1"},
{Group: "user.openshift.io", Version: "v1"},
{Group: "oauth.openshift.io", Version: "v1"},
{Group: "network.openshift.io", Version: "v1"},
{Group: "quota.openshift.io", Version: "v1"},
{Group: "security.openshift.io", Version: "v1"},
{Group: "", Version: "v1"},
}

// originTypes are the hardcoded types defined by the OpenShift API.
var originTypes map[unversioned.GroupVersionKind]bool
Expand Down
2 changes: 1 addition & 1 deletion pkg/api/latest/latest_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ func TestRESTRootScope(t *testing.T) {
func TestResourceToKind(t *testing.T) {
// Ensure we resolve to latest.Version
expectedGVK := Version.WithKind("User")
gvk, err := registered.RESTMapper().KindFor(userapi.SchemeGroupVersion.WithResource("User"))
gvk, err := registered.RESTMapper().KindFor(userapi.LegacyResource("User"))
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
Expand Down
1 change: 1 addition & 0 deletions pkg/api/register.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
const (
LegacyPrefix = "/osapi" // TODO: make configurable
Prefix = "/oapi" // TODO: make configurable
GroupPrefix = "/apis"
GroupName = ""
)

Expand Down
4 changes: 2 additions & 2 deletions pkg/api/serialization_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -609,8 +609,8 @@ var nonInternalRoundTrippableTypes = sets.NewString("WatchEvent")
// TestTypes will try to roundtrip all OpenShift and Kubernetes stable api types
func TestTypes(t *testing.T) {
internalVersionToExternalVersions := map[unversioned.GroupVersion][]unversioned.GroupVersion{
osapi.SchemeGroupVersion: {v1.SchemeGroupVersion},
quotaapi.SchemeGroupVersion: {quotaapiv1.SchemeGroupVersion},
osapi.SchemeGroupVersion: {v1.SchemeGroupVersion},
quotaapi.LegacySchemeGroupVersion: {quotaapiv1.LegacySchemeGroupVersion},
}

for internalVersion, externalVersions := range internalVersionToExternalVersions {
Expand Down
13 changes: 9 additions & 4 deletions pkg/api/validation/validation.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,12 +128,17 @@ func GetRequiresNamespace(obj runtime.Object) (bool, error) {
return false, err
}

restMapping, err := registered.RESTMapper().RESTMapping(groupVersionKinds[0].GroupKind())
if err != nil {
return false, err
for _, gvk := range groupVersionKinds {
restMapping, err := registered.RESTMapper().RESTMapping(gvk.GroupKind())
if err != nil {
return false, err
}
if restMapping.Scope.Name() == meta.RESTScopeNameNamespace {
return true, nil
}
}

return restMapping.Scope.Name() == meta.RESTScopeNameNamespace, nil
return false, nil
}

func HasObjectMeta(obj runtime.Object) bool {
Expand Down
8 changes: 4 additions & 4 deletions pkg/authorization/admission/restrictusers/restrictusers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@ func objectReferenceDelta(elementsToIgnore, elements []kapi.ObjectReference) []k
func (q *restrictUsersAdmission) Admit(a admission.Attributes) (err error) {
// We only care about rolebindings and policybindings; ignore anything else.
switch a.GetResource().GroupResource() {
case authorizationapi.Resource("rolebindings"):
case authorizationapi.Resource("policybindings"):
case authorizationapi.Resource("rolebindings"), authorizationapi.LegacyResource("rolebindings"):
case authorizationapi.Resource("policybindings"), authorizationapi.LegacyResource("policybindings"):
default:
return nil
}
Expand All @@ -107,7 +107,7 @@ func (q *restrictUsersAdmission) Admit(a admission.Attributes) (err error) {

obj, oldObj := a.GetObject(), a.GetOldObject()
switch a.GetResource().GroupResource() {
case authorizationapi.Resource("rolebindings"):
case authorizationapi.Resource("rolebindings"), authorizationapi.LegacyResource("rolebindings"):
rolebinding, ok := obj.(*authorizationapi.RoleBinding)
if !ok {
return admission.NewForbidden(a,
Expand All @@ -132,7 +132,7 @@ func (q *restrictUsersAdmission) Admit(a admission.Attributes) (err error) {
glog.V(4).Infof("Handling rolebinding %s/%s",
rolebinding.Namespace, rolebinding.Name)

case authorizationapi.Resource("policybindings"):
case authorizationapi.Resource("policybindings"), authorizationapi.LegacyResource("policybindings"):
policybinding, ok := obj.(*authorizationapi.PolicyBinding)
if !ok {
return admission.NewForbidden(a,
Expand Down
26 changes: 26 additions & 0 deletions pkg/authorization/api/install/apigroup.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
package install

import (
"k8s.io/kubernetes/pkg/apimachinery/announced"
"k8s.io/kubernetes/pkg/util/sets"

"github.com/openshift/origin/pkg/authorization/api"
"github.com/openshift/origin/pkg/authorization/api/v1"
)

func init() {
if err := announced.NewGroupMetaFactory(
&announced.GroupMetaFactoryArgs{
GroupName: api.GroupName,
VersionPreferenceOrder: []string{v1.SchemeGroupVersion.Version},
ImportPrefix: importPrefix,
AddInternalObjectsToScheme: api.AddToScheme,
RootScopedKinds: sets.NewString("ClusterRole", "ClusterRoleBinding", "ClusterPolicy", "ClusterPolicyBinding"),
},
announced.VersionToSchemeFunc{
v1.SchemeGroupVersion.Version: v1.AddToScheme,
},
).Announce().RegisterAndEnable(); err != nil {
panic(err)
}
}
10 changes: 5 additions & 5 deletions pkg/authorization/api/install/install.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ const importPrefix = "github.com/openshift/origin/pkg/authorization/api"
var accessor = meta.NewAccessor()

// availableVersions lists all known external versions for this group from most preferred to least preferred
var availableVersions = []unversioned.GroupVersion{v1.SchemeGroupVersion}
var availableVersions = []unversioned.GroupVersion{v1.LegacySchemeGroupVersion}

func init() {
registered.RegisterVersions(availableVersions)
Expand Down Expand Up @@ -69,16 +69,16 @@ func enableVersions(externalVersions []unversioned.GroupVersion) error {

func addVersionsToScheme(externalVersions ...unversioned.GroupVersion) {
// add the internal version to Scheme
api.AddToScheme(kapi.Scheme)
api.AddToSchemeInCoreGroup(kapi.Scheme)
// add the enabled external versions to Scheme
for _, v := range externalVersions {
if !registered.IsEnabledVersion(v) {
glog.Errorf("Version %s is not enabled, so it will not be added to the Scheme.", v)
continue
}
switch v {
case v1.SchemeGroupVersion:
v1.AddToScheme(kapi.Scheme)
case v1.LegacySchemeGroupVersion:
v1.AddToSchemeInCoreGroup(kapi.Scheme)

default:
glog.Errorf("Version %s is not known, so it will not be added to the Scheme.", v)
Expand All @@ -95,7 +95,7 @@ func newRESTMapper(externalVersions []unversioned.GroupVersion) meta.RESTMapper

func interfacesFor(version unversioned.GroupVersion) (*meta.VersionInterfaces, error) {
switch version {
case v1.SchemeGroupVersion:
case v1.LegacySchemeGroupVersion:
return &meta.VersionInterfaces{
ObjectConvertor: kapi.Scheme,
MetadataAccessor: accessor,
Expand Down
77 changes: 68 additions & 9 deletions pkg/authorization/api/register.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,27 @@
package api

import (
kapi "k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/unversioned"
"k8s.io/kubernetes/pkg/runtime"
"k8s.io/kubernetes/pkg/watch/versioned"
)

const GroupName = ""
const FutureGroupName = "authorization.openshift.io"
const (
LegacyGroupName = ""
GroupName = "authorization.openshift.io"
)

var (
SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
LegacySchemeGroupVersion = unversioned.GroupVersion{Group: LegacyGroupName, Version: runtime.APIVersionInternal}

// SchemeGroupVersion is group version used to register these objects
var SchemeGroupVersion = unversioned.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
LegacySchemeBuilder = runtime.NewSchemeBuilder(addLegacyKnownTypes)
AddToSchemeInCoreGroup = LegacySchemeBuilder.AddToScheme

SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
AddToScheme = SchemeBuilder.AddToScheme
)

// Kind takes an unqualified kind and returns back a Group qualified GroupKind
func Kind(kind string) unversioned.GroupKind {
Expand All @@ -21,14 +33,15 @@ func Resource(resource string) unversioned.GroupResource {
return SchemeGroupVersion.WithResource(resource).GroupResource()
}

var (
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
AddToScheme = SchemeBuilder.AddToScheme
)
// LegacyResource takes an unqualified resource and returns back a Group qualified
// GroupResource using legacy API
func LegacyResource(resource string) unversioned.GroupResource {
return LegacySchemeGroupVersion.WithResource(resource).GroupResource()
}

// Adds the list of known types to api.Scheme.
func addKnownTypes(scheme *runtime.Scheme) error {
scheme.AddKnownTypes(SchemeGroupVersion,
types := []runtime.Object{
&Role{},
&RoleBinding{},
&Policy{},
Expand Down Expand Up @@ -59,6 +72,52 @@ func addKnownTypes(scheme *runtime.Scheme) error {

&RoleBindingRestriction{},
&RoleBindingRestrictionList{},
}
scheme.AddKnownTypes(SchemeGroupVersion,
append(types,
&unversioned.Status{}, // TODO: revisit in 1.6 when Status is actually registered as unversioned
&kapi.ListOptions{},
&kapi.DeleteOptions{},
&kapi.ExportOptions{},
)...,
)
versioned.AddToGroupVersion(scheme, SchemeGroupVersion)
return nil
}

func addLegacyKnownTypes(scheme *runtime.Scheme) error {
types := []runtime.Object{
&Role{},
&RoleBinding{},
&Policy{},
&PolicyBinding{},
&PolicyList{},
&PolicyBindingList{},
&RoleBindingList{},
&RoleList{},

&SelfSubjectRulesReview{},
&SubjectRulesReview{},
&ResourceAccessReview{},
&SubjectAccessReview{},
&LocalResourceAccessReview{},
&LocalSubjectAccessReview{},
&ResourceAccessReviewResponse{},
&SubjectAccessReviewResponse{},
&IsPersonalSubjectAccessReview{},

&ClusterRole{},
&ClusterRoleBinding{},
&ClusterPolicy{},
&ClusterPolicyBinding{},
&ClusterPolicyList{},
&ClusterPolicyBindingList{},
&ClusterRoleBindingList{},
&ClusterRoleList{},

&RoleBindingRestriction{},
&RoleBindingRestrictionList{},
}
scheme.AddKnownTypes(LegacySchemeGroupVersion, types...)
return nil
}
Loading