Add generated file
This PR adds generated files under pkg/client and vendor folder.
This commit is contained in:
xing-yang
42
vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/BUILD
generated
vendored
Normal file
42
vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/BUILD
generated
vendored
Normal file
@@ -0,0 +1,42 @@
|
||||
package(default_visibility = ["//visibility:public"])
|
||||
|
||||
load(
|
||||
"@io_bazel_rules_go//go:def.bzl",
|
||||
"go_library",
|
||||
)
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = ["config.go"],
|
||||
importpath = "k8s.io/kubernetes/pkg/kubeapiserver/authorizer",
|
||||
deps = [
|
||||
"//pkg/auth/authorizer/abac:go_default_library",
|
||||
"//pkg/auth/nodeidentifier:go_default_library",
|
||||
"//pkg/client/informers/informers_generated/internalversion:go_default_library",
|
||||
"//pkg/kubeapiserver/authorizer/modes:go_default_library",
|
||||
"//plugin/pkg/auth/authorizer/node:go_default_library",
|
||||
"//plugin/pkg/auth/authorizer/rbac:go_default_library",
|
||||
"//plugin/pkg/auth/authorizer/rbac/bootstrappolicy:go_default_library",
|
||||
"//vendor/k8s.io/apiserver/pkg/authorization/authorizer:go_default_library",
|
||||
"//vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory:go_default_library",
|
||||
"//vendor/k8s.io/apiserver/pkg/authorization/union:go_default_library",
|
||||
"//vendor/k8s.io/apiserver/plugin/pkg/authorizer/webhook:go_default_library",
|
||||
"//vendor/k8s.io/client-go/informers:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "package-srcs",
|
||||
srcs = glob(["**"]),
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:private"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "all-srcs",
|
||||
srcs = [
|
||||
":package-srcs",
|
||||
"//pkg/kubeapiserver/authorizer/modes:all-srcs",
|
||||
],
|
||||
tags = ["automanaged"],
|
||||
)
|
||||
124
vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/config.go
generated
vendored
Normal file
124
vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/config.go
generated
vendored
Normal file
@@ -0,0 +1,124 @@
|
||||
/*
|
||||
Copyright 2016 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package authorizer
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"k8s.io/apiserver/pkg/authorization/authorizer"
|
||||
"k8s.io/apiserver/pkg/authorization/authorizerfactory"
|
||||
"k8s.io/apiserver/pkg/authorization/union"
|
||||
"k8s.io/apiserver/plugin/pkg/authorizer/webhook"
|
||||
versionedinformers "k8s.io/client-go/informers"
|
||||
"k8s.io/kubernetes/pkg/auth/authorizer/abac"
|
||||
"k8s.io/kubernetes/pkg/auth/nodeidentifier"
|
||||
informers "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion"
|
||||
"k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes"
|
||||
"k8s.io/kubernetes/plugin/pkg/auth/authorizer/node"
|
||||
"k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac"
|
||||
"k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy"
|
||||
)
|
||||
|
||||
type AuthorizationConfig struct {
|
||||
AuthorizationModes []string
|
||||
|
||||
// Options for ModeABAC
|
||||
|
||||
// Path to an ABAC policy file.
|
||||
PolicyFile string
|
||||
|
||||
// Options for ModeWebhook
|
||||
|
||||
// Kubeconfig file for Webhook authorization plugin.
|
||||
WebhookConfigFile string
|
||||
// TTL for caching of authorized responses from the webhook server.
|
||||
WebhookCacheAuthorizedTTL time.Duration
|
||||
// TTL for caching of unauthorized responses from the webhook server.
|
||||
WebhookCacheUnauthorizedTTL time.Duration
|
||||
|
||||
InformerFactory informers.SharedInformerFactory
|
||||
VersionedInformerFactory versionedinformers.SharedInformerFactory
|
||||
}
|
||||
|
||||
// New returns the right sort of union of multiple authorizer.Authorizer objects
|
||||
// based on the authorizationMode or an error.
|
||||
func (config AuthorizationConfig) New() (authorizer.Authorizer, authorizer.RuleResolver, error) {
|
||||
if len(config.AuthorizationModes) == 0 {
|
||||
return nil, nil, fmt.Errorf("at least one authorization mode must be passed")
|
||||
}
|
||||
|
||||
var (
|
||||
authorizers []authorizer.Authorizer
|
||||
ruleResolvers []authorizer.RuleResolver
|
||||
)
|
||||
|
||||
for _, authorizationMode := range config.AuthorizationModes {
|
||||
// Keep cases in sync with constant list in k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/modes.go.
|
||||
switch authorizationMode {
|
||||
case modes.ModeNode:
|
||||
graph := node.NewGraph()
|
||||
node.AddGraphEventHandlers(
|
||||
graph,
|
||||
config.InformerFactory.Core().InternalVersion().Nodes(),
|
||||
config.InformerFactory.Core().InternalVersion().Pods(),
|
||||
config.InformerFactory.Core().InternalVersion().PersistentVolumes(),
|
||||
config.VersionedInformerFactory.Storage().V1beta1().VolumeAttachments(),
|
||||
)
|
||||
nodeAuthorizer := node.NewAuthorizer(graph, nodeidentifier.NewDefaultNodeIdentifier(), bootstrappolicy.NodeRules())
|
||||
authorizers = append(authorizers, nodeAuthorizer)
|
||||
|
||||
case modes.ModeAlwaysAllow:
|
||||
alwaysAllowAuthorizer := authorizerfactory.NewAlwaysAllowAuthorizer()
|
||||
authorizers = append(authorizers, alwaysAllowAuthorizer)
|
||||
ruleResolvers = append(ruleResolvers, alwaysAllowAuthorizer)
|
||||
case modes.ModeAlwaysDeny:
|
||||
alwaysDenyAuthorizer := authorizerfactory.NewAlwaysDenyAuthorizer()
|
||||
authorizers = append(authorizers, alwaysDenyAuthorizer)
|
||||
ruleResolvers = append(ruleResolvers, alwaysDenyAuthorizer)
|
||||
case modes.ModeABAC:
|
||||
abacAuthorizer, err := abac.NewFromFile(config.PolicyFile)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
authorizers = append(authorizers, abacAuthorizer)
|
||||
ruleResolvers = append(ruleResolvers, abacAuthorizer)
|
||||
case modes.ModeWebhook:
|
||||
webhookAuthorizer, err := webhook.New(config.WebhookConfigFile,
|
||||
config.WebhookCacheAuthorizedTTL,
|
||||
config.WebhookCacheUnauthorizedTTL)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
authorizers = append(authorizers, webhookAuthorizer)
|
||||
ruleResolvers = append(ruleResolvers, webhookAuthorizer)
|
||||
case modes.ModeRBAC:
|
||||
rbacAuthorizer := rbac.New(
|
||||
&rbac.RoleGetter{Lister: config.VersionedInformerFactory.Rbac().V1().Roles().Lister()},
|
||||
&rbac.RoleBindingLister{Lister: config.VersionedInformerFactory.Rbac().V1().RoleBindings().Lister()},
|
||||
&rbac.ClusterRoleGetter{Lister: config.VersionedInformerFactory.Rbac().V1().ClusterRoles().Lister()},
|
||||
&rbac.ClusterRoleBindingLister{Lister: config.VersionedInformerFactory.Rbac().V1().ClusterRoleBindings().Lister()},
|
||||
)
|
||||
authorizers = append(authorizers, rbacAuthorizer)
|
||||
ruleResolvers = append(ruleResolvers, rbacAuthorizer)
|
||||
default:
|
||||
return nil, nil, fmt.Errorf("unknown authorization mode %s specified", authorizationMode)
|
||||
}
|
||||
}
|
||||
|
||||
return union.New(authorizers...), union.NewRuleResolvers(ruleResolvers...), nil
|
||||
}
|
||||
33
vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/BUILD
generated
vendored
Normal file
33
vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/BUILD
generated
vendored
Normal file
@@ -0,0 +1,33 @@
|
||||
package(default_visibility = ["//visibility:public"])
|
||||
|
||||
load(
|
||||
"@io_bazel_rules_go//go:def.bzl",
|
||||
"go_library",
|
||||
"go_test",
|
||||
)
|
||||
|
||||
go_test(
|
||||
name = "go_default_test",
|
||||
srcs = ["modes_test.go"],
|
||||
embed = [":go_default_library"],
|
||||
)
|
||||
|
||||
go_library(
|
||||
name = "go_default_library",
|
||||
srcs = ["modes.go"],
|
||||
importpath = "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes",
|
||||
deps = ["//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "package-srcs",
|
||||
srcs = glob(["**"]),
|
||||
tags = ["automanaged"],
|
||||
visibility = ["//visibility:private"],
|
||||
)
|
||||
|
||||
filegroup(
|
||||
name = "all-srcs",
|
||||
srcs = [":package-srcs"],
|
||||
tags = ["automanaged"],
|
||||
)
|
||||
35
vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/modes.go
generated
vendored
Normal file
35
vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/modes.go
generated
vendored
Normal file
@@ -0,0 +1,35 @@
|
||||
/*
|
||||
Copyright 2017 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package modes
|
||||
|
||||
import "k8s.io/apimachinery/pkg/util/sets"
|
||||
|
||||
const (
|
||||
ModeAlwaysAllow string = "AlwaysAllow"
|
||||
ModeAlwaysDeny string = "AlwaysDeny"
|
||||
ModeABAC string = "ABAC"
|
||||
ModeWebhook string = "Webhook"
|
||||
ModeRBAC string = "RBAC"
|
||||
ModeNode string = "Node"
|
||||
)
|
||||
|
||||
var AuthorizationModeChoices = []string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABAC, ModeWebhook, ModeRBAC, ModeNode}
|
||||
|
||||
// IsValidAuthorizationMode returns true if the given authorization mode is a valid one for the apiserver
|
||||
func IsValidAuthorizationMode(authzMode string) bool {
|
||||
return sets.NewString(AuthorizationModeChoices...).Has(authzMode)
|
||||
}
|
||||
45
vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/modes_test.go
generated
vendored
Normal file
45
vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/modes_test.go
generated
vendored
Normal file
@@ -0,0 +1,45 @@
|
||||
/*
|
||||
Copyright 2017 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package modes
|
||||
|
||||
import "testing"
|
||||
|
||||
func TestIsValidAuthorizationMode(t *testing.T) {
|
||||
var tests = []struct {
|
||||
authzMode string
|
||||
expected bool
|
||||
}{
|
||||
{"", false},
|
||||
{"rBAC", false}, // not supported
|
||||
{"falsy value", false}, // not supported
|
||||
{"RBAC", true}, // supported
|
||||
{"ABAC", true}, // supported
|
||||
{"Webhook", true}, // supported
|
||||
{"AlwaysAllow", true}, // supported
|
||||
{"AlwaysDeny", true}, // supported
|
||||
}
|
||||
for _, rt := range tests {
|
||||
actual := IsValidAuthorizationMode(rt.authzMode)
|
||||
if actual != rt.expected {
|
||||
t.Errorf(
|
||||
"failed ValidAuthorizationMode:\n\texpected: %t\n\t actual: %t",
|
||||
rt.expected,
|
||||
actual,
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user