Add get volumeattachments support to Node authorizer

2025-11-02 11:18:16 +00:00 · 2018-01-16 23:39:11 -05:00
parent ba09fadecf
commit ecfd18e2a6
9 changed files with 244 additions and 35 deletions
--- a/plugin/pkg/auth/authorizer/node/graph_populator.go
+++ b/plugin/pkg/auth/authorizer/node/graph_populator.go
@@ -19,16 +19,25 @@ package node
 import (
 	"github.com/golang/glog"

+	storagev1alpha1 "k8s.io/api/storage/v1alpha1"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
+	storageinformers "k8s.io/client-go/informers/storage/v1alpha1"
 	"k8s.io/client-go/tools/cache"
 	api "k8s.io/kubernetes/pkg/apis/core"
 	coreinformers "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion/core/internalversion"
+	"k8s.io/kubernetes/pkg/features"
 )

 type graphPopulator struct {
 	graph *Graph
 }

-func AddGraphEventHandlers(graph *Graph, pods coreinformers.PodInformer, pvs coreinformers.PersistentVolumeInformer) {
+func AddGraphEventHandlers(
+	graph *Graph,
+	pods coreinformers.PodInformer,
+	pvs coreinformers.PersistentVolumeInformer,
+	attachments storageinformers.VolumeAttachmentInformer,
+) {
 	g := &graphPopulator{
 		graph: graph,
 	}
@@ -44,6 +53,14 @@ func AddGraphEventHandlers(graph *Graph, pods coreinformers.PodInformer, pvs cor
 		UpdateFunc: g.updatePV,
 		DeleteFunc: g.deletePV,
 	})
+
+	if utilfeature.DefaultFeatureGate.Enabled(features.CSIPersistentVolume) {
+		attachments.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
+			AddFunc:    g.addVolumeAttachment,
+			UpdateFunc: g.updateVolumeAttachment,
+			DeleteFunc: g.deleteVolumeAttachment,
+		})
+	}
 }

 func (g *graphPopulator) addPod(obj interface{}) {
@@ -106,3 +123,31 @@ func (g *graphPopulator) deletePV(obj interface{}) {
 	}
 	g.graph.DeletePV(pv.Name)
 }
+
+func (g *graphPopulator) addVolumeAttachment(obj interface{}) {
+	g.updateVolumeAttachment(nil, obj)
+}
+
+func (g *graphPopulator) updateVolumeAttachment(oldObj, obj interface{}) {
+	attachment := obj.(*storagev1alpha1.VolumeAttachment)
+	if oldObj != nil {
+		// skip add if node name is identical
+		oldAttachment := oldObj.(*storagev1alpha1.VolumeAttachment)
+		if oldAttachment.Spec.NodeName == attachment.Spec.NodeName {
+			return
+		}
+	}
+	g.graph.AddVolumeAttachment(attachment.Name, attachment.Spec.NodeName)
+}
+
+func (g *graphPopulator) deleteVolumeAttachment(obj interface{}) {
+	if tombstone, ok := obj.(cache.DeletedFinalStateUnknown); ok {
+		obj = tombstone.Obj
+	}
+	attachment, ok := obj.(*api.PersistentVolume)
+	if !ok {
+		glog.Infof("unexpected type %T", obj)
+		return
+	}
+	g.graph.DeleteVolumeAttachment(attachment.Name)
+}