scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2026-01-08 16:21:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

pkg/controlplane: split up config into generic controlplane and kube-related part

Browse Source 
Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
This commit is contained in:
Dr. Stefan Schimanski
2023-06-27 12:07:05 +02:00
parent ba05a8deb3
commit e37917fea7
26 changed files with 333 additions and 263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
test/integration/auth/accessreview_test.go
View File

@@ -62,9 +62,9 @@ func TestSubjectAccessReview(t *testing.T) {
clientset, _, tearDownFn := framework.StartTestServer(tCtx, t, framework.TestServerSetup{
ModifyServerConfig: func(config *controlplane.Config) {
// Unset BearerToken to disable BearerToken authenticator.
config.GenericConfig.LoopbackClientConfig.BearerToken = ""
config.GenericConfig.Authentication.Authenticator = authenticator.RequestFunc(alwaysAlice)
config.GenericConfig.Authorization.Authorizer = sarAuthorizer{}
config.ControlPlane.Generic.LoopbackClientConfig.BearerToken = ""
config.ControlPlane.Generic.Authentication.Authenticator = authenticator.RequestFunc(alwaysAlice)
config.ControlPlane.Generic.Authorization.Authorizer = sarAuthorizer{}
},
})
defer tearDownFn()
@@ -172,9 +172,9 @@ func TestSelfSubjectAccessReview(t *testing.T) {
clientset, _, tearDownFn := framework.StartTestServer(tCtx, t, framework.TestServerSetup{
ModifyServerConfig: func(config *controlplane.Config) {
// Unset BearerToken to disable BearerToken authenticator.
config.GenericConfig.LoopbackClientConfig.BearerToken = ""
config.GenericConfig.Authentication.Authenticator = authenticator.RequestFunc(authenticatorFunc)
config.GenericConfig.Authorization.Authorizer = sarAuthorizer{}
config.ControlPlane.Generic.LoopbackClientConfig.BearerToken = ""
config.ControlPlane.Generic.Authentication.Authenticator = authenticator.RequestFunc(authenticatorFunc)
config.ControlPlane.Generic.Authorization.Authorizer = sarAuthorizer{}
},
})
defer tearDownFn()
@@ -256,9 +256,9 @@ func TestLocalSubjectAccessReview(t *testing.T) {
clientset, _, tearDownFn := framework.StartTestServer(tCtx, t, framework.TestServerSetup{
ModifyServerConfig: func(config *controlplane.Config) {
// Unset BearerToken to disable BearerToken authenticator.
config.GenericConfig.LoopbackClientConfig.BearerToken = ""
config.GenericConfig.Authentication.Authenticator = authenticator.RequestFunc(alwaysAlice)
config.GenericConfig.Authorization.Authorizer = sarAuthorizer{}
config.ControlPlane.Generic.LoopbackClientConfig.BearerToken = ""
config.ControlPlane.Generic.Authentication.Authenticator = authenticator.RequestFunc(alwaysAlice)
config.ControlPlane.Generic.Authorization.Authorizer = sarAuthorizer{}
},
})
defer tearDownFn()

8
test/integration/auth/auth_test.go
View File

@@ -813,7 +813,7 @@ func TestImpersonateIsForbidden(t *testing.T) {
},
ModifyServerConfig: func(config *controlplane.Config) {
// Prepend an impersonation authorizer with specific opinions about alice and bob
config.GenericConfig.Authorization.Authorizer = unionauthz.New(impersonateAuthorizer{}, config.GenericConfig.Authorization.Authorizer)
config.ControlPlane.Generic.Authorization.Authorizer = unionauthz.New(impersonateAuthorizer{}, config.ControlPlane.Generic.Authorization.Authorizer)
},
})
defer tearDownFn()
@@ -1118,7 +1118,7 @@ func TestAuthorizationAttributeDetermination(t *testing.T) {
opts.Authentication.TokenFile.TokenFile = "testdata/tokens.csv"
},
ModifyServerConfig: func(config *controlplane.Config) {
config.GenericConfig.Authorization.Authorizer = unionauthz.New(config.GenericConfig.Authorization.Authorizer, trackingAuthorizer)
config.ControlPlane.Generic.Authorization.Authorizer = unionauthz.New(config.ControlPlane.Generic.Authorization.Authorizer, trackingAuthorizer)
},
})
defer tearDownFn()
@@ -1458,9 +1458,9 @@ func testWebhookTokenAuthenticator(customDialer bool, t *testing.T) {
opts.Authorization.PolicyFile = "testdata/allowalice.jsonl"
},
ModifyServerConfig: func(config *controlplane.Config) {
config.GenericConfig.Authentication.Authenticator = group.NewAuthenticatedGroupAdder(authenticator)
config.ControlPlane.Generic.Authentication.Authenticator = group.NewAuthenticatedGroupAdder(authenticator)
// Disable checking API audiences that is set by testserver by default.
config.GenericConfig.Authentication.APIAudiences = nil
config.ControlPlane.Generic.Authentication.APIAudiences = nil
},
})
defer tearDownFn()

2
test/integration/auth/bootstraptoken_test.go
View File

@@ -128,7 +128,7 @@ func TestBootstrapTokenAuth(t *testing.T) {
opts.Authorization.Modes = []string{"AlwaysAllow"}
},
ModifyServerConfig: func(config *controlplane.Config) {
config.GenericConfig.Authentication.Authenticator = authenticator
config.ControlPlane.Generic.Authentication.Authenticator = authenticator
},
})
defer tearDownFn()

6
test/integration/auth/rbac_test.go
View File

@@ -81,7 +81,7 @@ type testRESTOptionsGetter struct {
}
func (getter *testRESTOptionsGetter) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error) {
storageConfig, err := getter.config.ExtraConfig.StorageFactory.NewConfig(resource)
storageConfig, err := getter.config.ControlPlane.Extra.StorageFactory.NewConfig(resource)
if err != nil {
return generic.RESTOptions{}, fmt.Errorf("failed to get storage: %v", err)
}
@@ -556,11 +556,11 @@ func TestRBAC(t *testing.T) {
},
ModifyServerConfig: func(config *controlplane.Config) {
// Append our custom test authenticator
config.GenericConfig.Authentication.Authenticator = unionauthn.New(config.GenericConfig.Authentication.Authenticator, authenticator)
config.ControlPlane.Generic.Authentication.Authenticator = unionauthn.New(config.ControlPlane.Generic.Authentication.Authenticator, authenticator)
// Append our custom test authorizer
var rbacAuthz authorizer.Authorizer
rbacAuthz, tearDownAuthorizerFn = newRBACAuthorizer(t, config)
config.GenericConfig.Authorization.Authorizer = unionauthz.New(config.GenericConfig.Authorization.Authorizer, rbacAuthz)
config.ControlPlane.Generic.Authorization.Authorizer = unionauthz.New(config.ControlPlane.Generic.Authorization.Authorizer, rbacAuthz)
},
})
defer tearDownFn()

8
test/integration/auth/selfsubjectreview_test.go
View File

@@ -101,8 +101,8 @@ func TestGetsSelfAttributes(t *testing.T) {
},
ModifyServerConfig: func(config *controlplane.Config) {
// Unset BearerToken to disable BearerToken authenticator.
config.GenericConfig.LoopbackClientConfig.BearerToken = ""
config.GenericConfig.Authentication.Authenticator = authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) {
config.ControlPlane.Generic.LoopbackClientConfig.BearerToken = ""
config.ControlPlane.Generic.Authentication.Authenticator = authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) {
respMu.RLock()
defer respMu.RUnlock()
return &authenticator.Response{User: response}, true, nil
@@ -215,8 +215,8 @@ func TestGetsSelfAttributesError(t *testing.T) {
},
ModifyServerConfig: func(config *controlplane.Config) {
// Unset BearerToken to disable BearerToken authenticator.
config.GenericConfig.LoopbackClientConfig.BearerToken = ""
config.GenericConfig.Authentication.Authenticator = authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) {
config.ControlPlane.Generic.LoopbackClientConfig.BearerToken = ""
config.ControlPlane.Generic.Authentication.Authenticator = authenticator.RequestFunc(func(req *http.Request) (*authenticator.Response, bool, error) {
if toggle.Load().(bool) {
return &authenticator.Response{
User: &user.DefaultInfo{

6
test/integration/auth/svcaccttoken_test.go
View File

@@ -104,10 +104,10 @@ func TestServiceAccountTokenCreate(t *testing.T) {
},
ModifyServerConfig: func(config *controlplane.Config) {
// extract token generator
tokenGenerator = config.ExtraConfig.ServiceAccountIssuer
tokenGenerator = config.ControlPlane.Extra.ServiceAccountIssuer
config.ExtraConfig.ServiceAccountMaxExpiration = maxExpirationDuration
config.ExtraConfig.ExtendExpiration = true
config.ControlPlane.Extra.ServiceAccountMaxExpiration = maxExpirationDuration
config.ControlPlane.Extra.ExtendExpiration = true
},
})
defer tearDownFn()