pkg/util: move flags from pkg/util/config to pkg/util/flags

pkg/util/flag/configuration_map.go

@@ -0,0 +1,53 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flag
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+)
+
+type ConfigurationMap map[string]string
+
+func (m *ConfigurationMap) String() string {
+	pairs := []string{}
+	for k, v := range *m {
+		pairs = append(pairs, fmt.Sprintf("%s=%s", k, v))
+	}
+	sort.Strings(pairs)
+	return strings.Join(pairs, ",")
+}
+
+func (m *ConfigurationMap) Set(value string) error {
+	for _, s := range strings.Split(value, ",") {
+		if len(s) == 0 {
+			continue
+		}
+		arr := strings.SplitN(s, "=", 2)
+		if len(arr) == 2 {
+			(*m)[strings.TrimSpace(arr[0])] = strings.TrimSpace(arr[1])
+		} else {
+			(*m)[strings.TrimSpace(arr[0])] = ""
+		}
+	}
+	return nil
+}
+
+func (*ConfigurationMap) Type() string {
+	return "mapStringString"
+}

pkg/util/flag/feature_gate.go

@@ -0,0 +1,260 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flag
+
+import (
+	"fmt"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/golang/glog"
+	"github.com/spf13/pflag"
+)
+
+const (
+	flagName = "feature-gates"
+
+	// All known feature keys
+	// To add a new feature, define a key for it below and add
+	// a featureSpec entry to knownFeatures.
+
+	// allAlphaGate is a global toggle for alpha features. Per-feature key
+	// values override the default set by allAlphaGate. Examples:
+	//   AllAlpha=false,NewFeature=true  will result in newFeature=true
+	//   AllAlpha=true,NewFeature=false  will result in newFeature=false
+	allAlphaGate              = "AllAlpha"
+	externalTrafficLocalOnly  = "AllowExtTrafficLocalEndpoints"
+	appArmor                  = "AppArmor"
+	dynamicKubeletConfig      = "DynamicKubeletConfig"
+	dynamicVolumeProvisioning = "DynamicVolumeProvisioning"
+	streamingProxyRedirects   = "StreamingProxyRedirects"
+
+	// experimentalHostUserNamespaceDefaulting Default userns=host for containers
+	// that are using other host namespaces, host mounts, the pod contains a privileged container,
+	// or specific non-namespaced capabilities
+	// (MKNOD, SYS_MODULE, SYS_TIME). This should only be enabled if user namespace remapping is enabled
+	// in the docker daemon.
+	experimentalHostUserNamespaceDefaultingGate = "ExperimentalHostUserNamespaceDefaulting"
+)
+
+var (
+	// Default values for recorded features.  Every new feature gate should be
+	// represented here.
+	knownFeatures = map[string]featureSpec{
+		allAlphaGate:                                {false, alpha},
+		externalTrafficLocalOnly:                    {true, beta},
+		appArmor:                                    {true, beta},
+		dynamicKubeletConfig:                        {false, alpha},
+		dynamicVolumeProvisioning:                   {true, alpha},
+		streamingProxyRedirects:                     {true, beta},
+		experimentalHostUserNamespaceDefaultingGate: {false, alpha},
+	}
+
+	// Special handling for a few gates.
+	specialFeatures = map[string]func(f *featureGate, val bool){
+		allAlphaGate: setUnsetAlphaGates,
+	}
+
+	// DefaultFeatureGate is a shared global FeatureGate.
+	DefaultFeatureGate = &featureGate{
+		known:   knownFeatures,
+		special: specialFeatures,
+	}
+)
+
+type featureSpec struct {
+	enabled    bool
+	prerelease prerelease
+}
+
+type prerelease string
+
+const (
+	// Values for prerelease.
+	alpha = prerelease("ALPHA")
+	beta  = prerelease("BETA")
+	ga    = prerelease("")
+)
+
+// FeatureGate parses and stores flag gates for known features from
+// a string like feature1=true,feature2=false,...
+type FeatureGate interface {
+	AddFlag(fs *pflag.FlagSet)
+	Set(value string) error
+	KnownFeatures() []string
+
+	// Every feature gate should add method here following this template:
+	//
+	// // owner: @username
+	// // alpha: v1.4
+	// MyFeature() bool
+
+	// owner: @timstclair
+	// beta: v1.4
+	AppArmor() bool
+
+	// owner: @girishkalele
+	// alpha: v1.4
+	ExternalTrafficLocalOnly() bool
+
+	// owner: @saad-ali
+	// alpha: v1.3
+	DynamicVolumeProvisioning() bool
+
+	// owner: @mtaufen
+	// alpha: v1.4
+	DynamicKubeletConfig() bool
+
+	// owner: timstclair
+	// alpha: v1.5
+	StreamingProxyRedirects() bool
+
+	// owner: @pweil-
+	// alpha: v1.5
+	ExperimentalHostUserNamespaceDefaulting() bool
+}
+
+// featureGate implements FeatureGate as well as pflag.Value for flag parsing.
+type featureGate struct {
+	known   map[string]featureSpec
+	special map[string]func(*featureGate, bool)
+	enabled map[string]bool
+}
+
+func setUnsetAlphaGates(f *featureGate, val bool) {
+	for k, v := range f.known {
+		if v.prerelease == alpha {
+			if _, found := f.enabled[k]; !found {
+				f.enabled[k] = val
+			}
+		}
+	}
+}
+
+// Set, String, and Type implement pflag.Value
+
+// Set Parses a string of the form // "key1=value1,key2=value2,..." into a
+// map[string]bool of known keys or returns an error.
+func (f *featureGate) Set(value string) error {
+	f.enabled = make(map[string]bool)
+	for _, s := range strings.Split(value, ",") {
+		if len(s) == 0 {
+			continue
+		}
+		arr := strings.SplitN(s, "=", 2)
+		k := strings.TrimSpace(arr[0])
+		_, ok := f.known[k]
+		if !ok {
+			return fmt.Errorf("unrecognized key: %s", k)
+		}
+		if len(arr) != 2 {
+			return fmt.Errorf("missing bool value for %s", k)
+		}
+		v := strings.TrimSpace(arr[1])
+		boolValue, err := strconv.ParseBool(v)
+		if err != nil {
+			return fmt.Errorf("invalid value of %s: %s, err: %v", k, v, err)
+		}
+		f.enabled[k] = boolValue
+
+		// Handle "special" features like "all alpha gates"
+		if fn, found := f.special[k]; found {
+			fn(f, boolValue)
+		}
+	}
+
+	glog.Infof("feature gates: %v", f.enabled)
+	return nil
+}
+
+func (f *featureGate) String() string {
+	pairs := []string{}
+	for k, v := range f.enabled {
+		pairs = append(pairs, fmt.Sprintf("%s=%t", k, v))
+	}
+	sort.Strings(pairs)
+	return strings.Join(pairs, ",")
+}
+
+func (f *featureGate) Type() string {
+	return "mapStringBool"
+}
+
+// ExternalTrafficLocalOnly returns value for AllowExtTrafficLocalEndpoints
+func (f *featureGate) ExternalTrafficLocalOnly() bool {
+	return f.lookup(externalTrafficLocalOnly)
+}
+
+// AppArmor returns the value for the AppArmor feature gate.
+func (f *featureGate) AppArmor() bool {
+	return f.lookup(appArmor)
+}
+
+// DynamicKubeletConfig returns value for dynamicKubeletConfig
+func (f *featureGate) DynamicKubeletConfig() bool {
+	return f.lookup(dynamicKubeletConfig)
+}
+
+// DynamicVolumeProvisioning returns value for dynamicVolumeProvisioning
+func (f *featureGate) DynamicVolumeProvisioning() bool {
+	return f.lookup(dynamicVolumeProvisioning)
+}
+
+// StreamingProxyRedirects controls whether the apiserver should intercept (and follow)
+// redirects from the backend (Kubelet) for streaming requests (exec/attach/port-forward).
+func (f *featureGate) StreamingProxyRedirects() bool {
+	return f.lookup(streamingProxyRedirects)
+}
+
+// ExperimentalHostUserNamespaceDefaulting returns value for experimentalHostUserNamespaceDefaulting
+func (f *featureGate) ExperimentalHostUserNamespaceDefaulting() bool {
+	return f.lookup(experimentalHostUserNamespaceDefaultingGate)
+}
+
+func (f *featureGate) lookup(key string) bool {
+	defaultValue := f.known[key].enabled
+	if f.enabled != nil {
+		if v, ok := f.enabled[key]; ok {
+			return v
+		}
+	}
+	return defaultValue
+
+}
+
+// AddFlag adds a flag for setting global feature gates to the specified FlagSet.
+func (f *featureGate) AddFlag(fs *pflag.FlagSet) {
+	known := f.KnownFeatures()
+	fs.Var(f, flagName, ""+
+		"A set of key=value pairs that describe feature gates for alpha/experimental features. "+
+		"Options are:\n"+strings.Join(known, "\n"))
+}
+
+// Returns a string describing the FeatureGate's known features.
+func (f *featureGate) KnownFeatures() []string {
+	var known []string
+	for k, v := range f.known {
+		pre := ""
+		if v.prerelease != ga {
+			pre = fmt.Sprintf("%s - ", v.prerelease)
+		}
+		known = append(known, fmt.Sprintf("%s=true|false (%sdefault=%t)", k, pre, v.enabled))
+	}
+	sort.Strings(known)
+	return known
+}

pkg/util/flag/feature_gate_test.go

@@ -0,0 +1,159 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flag
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/spf13/pflag"
+)
+
+func TestFeatureGateFlag(t *testing.T) {
+	// gates for testing
+	const testAlphaGate = "TestAlpha"
+	const testBetaGate = "TestBeta"
+
+	tests := []struct {
+		arg        string
+		expect     map[string]bool
+		parseError string
+	}{
+		{
+			arg: "",
+			expect: map[string]bool{
+				allAlphaGate:  false,
+				testAlphaGate: false,
+				testBetaGate:  false,
+			},
+		},
+		{
+			arg: "fooBarBaz=maybeidk",
+			expect: map[string]bool{
+				allAlphaGate:  false,
+				testAlphaGate: false,
+				testBetaGate:  false,
+			},
+			parseError: "unrecognized key: fooBarBaz",
+		},
+		{
+			arg: "AllAlpha=false",
+			expect: map[string]bool{
+				allAlphaGate:  false,
+				testAlphaGate: false,
+				testBetaGate:  false,
+			},
+		},
+		{
+			arg: "AllAlpha=true",
+			expect: map[string]bool{
+				allAlphaGate:  true,
+				testAlphaGate: true,
+				testBetaGate:  false,
+			},
+		},
+		{
+			arg: "AllAlpha=banana",
+			expect: map[string]bool{
+				allAlphaGate:  false,
+				testAlphaGate: false,
+				testBetaGate:  false,
+			},
+			parseError: "invalid value of AllAlpha",
+		},
+		{
+			arg: "AllAlpha=false,TestAlpha=true",
+			expect: map[string]bool{
+				allAlphaGate:  false,
+				testAlphaGate: true,
+				testBetaGate:  false,
+			},
+		},
+		{
+			arg: "TestAlpha=true,AllAlpha=false",
+			expect: map[string]bool{
+				allAlphaGate:  false,
+				testAlphaGate: true,
+				testBetaGate:  false,
+			},
+		},
+		{
+			arg: "AllAlpha=true,TestAlpha=false",
+			expect: map[string]bool{
+				allAlphaGate:  true,
+				testAlphaGate: false,
+				testBetaGate:  false,
+			},
+		},
+		{
+			arg: "TestAlpha=false,AllAlpha=true",
+			expect: map[string]bool{
+				allAlphaGate:  true,
+				testAlphaGate: false,
+				testBetaGate:  false,
+			},
+		},
+		{
+			arg: "TestBeta=true,AllAlpha=false",
+			expect: map[string]bool{
+				allAlphaGate:  false,
+				testAlphaGate: false,
+				testBetaGate:  true,
+			},
+		},
+	}
+	for i, test := range tests {
+		fs := pflag.NewFlagSet("testfeaturegateflag", pflag.ContinueOnError)
+		f := DefaultFeatureGate
+		f.known[testAlphaGate] = featureSpec{false, alpha}
+		f.known[testBetaGate] = featureSpec{false, beta}
+		f.AddFlag(fs)
+
+		err := fs.Parse([]string{fmt.Sprintf("--%s=%s", flagName, test.arg)})
+		if test.parseError != "" {
+			if !strings.Contains(err.Error(), test.parseError) {
+				t.Errorf("%d: Parse() Expected %v, Got %v", i, test.parseError, err)
+			}
+		} else if err != nil {
+			t.Errorf("%d: Parse() Expected nil, Got %v", i, err)
+		}
+		for k, v := range test.expect {
+			if f.enabled[k] != v {
+				t.Errorf("%d: expected %s=%v, Got %v", i, k, v, f.enabled[k])
+			}
+		}
+	}
+}
+
+func TestFeatureGateFlagDefaults(t *testing.T) {
+	// gates for testing
+	const testAlphaGate = "TestAlpha"
+	const testBetaGate = "TestBeta"
+
+	// Don't parse the flag, assert defaults are used.
+	f := DefaultFeatureGate
+	f.known[testAlphaGate] = featureSpec{false, alpha}
+	f.known[testBetaGate] = featureSpec{true, beta}
+
+	if f.lookup(testAlphaGate) != false {
+		t.Errorf("Expected false")
+	}
+	if f.lookup(testBetaGate) != true {
+		t.Errorf("Expected true")
+	}
+}

pkg/util/flag/namedcertkey_flag.go

@@ -0,0 +1,113 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flag
+
+import (
+	"errors"
+	"flag"
+	"strings"
+)
+
+// NamedCertKey is a flag value parsing "certfile,keyfile" and "certfile,keyfile:name,name,name".
+type NamedCertKey struct {
+	Names             []string
+	CertFile, KeyFile string
+}
+
+var _ flag.Value = &NamedCertKey{}
+
+func (nkc *NamedCertKey) String() string {
+	s := nkc.CertFile + "," + nkc.KeyFile
+	if len(nkc.Names) > 0 {
+		s = s + ":" + strings.Join(nkc.Names, ",")
+	}
+	return s
+}
+
+func (nkc *NamedCertKey) Set(value string) error {
+	cs := strings.SplitN(value, ":", 2)
+	var keycert string
+	if len(cs) == 2 {
+		var names string
+		keycert, names = strings.TrimSpace(cs[0]), strings.TrimSpace(cs[1])
+		if names == "" {
+			return errors.New("empty names list is not allowed")
+		}
+		nkc.Names = nil
+		for _, name := range strings.Split(names, ",") {
+			nkc.Names = append(nkc.Names, strings.TrimSpace(name))
+		}
+	} else {
+		nkc.Names = nil
+		keycert = strings.TrimSpace(cs[0])
+	}
+	cs = strings.Split(keycert, ",")
+	if len(cs) != 2 {
+		return errors.New("expected comma separated certificate and key file paths")
+	}
+	nkc.CertFile = strings.TrimSpace(cs[0])
+	nkc.KeyFile = strings.TrimSpace(cs[1])
+	return nil
+}
+
+func (*NamedCertKey) Type() string {
+	return "namedCertKey"
+}
+
+// NamedCertKeyArray is a flag value parsing NamedCertKeys, each passed with its own
+// flag instance (in contrast to comma separated slices).
+type NamedCertKeyArray struct {
+	value   *[]NamedCertKey
+	changed bool
+}
+
+var _ flag.Value = &NamedCertKey{}
+
+// NewNamedKeyCertArray creates a new NamedCertKeyArray with the internal value
+// pointing to p.
+func NewNamedCertKeyArray(p *[]NamedCertKey) *NamedCertKeyArray {
+	return &NamedCertKeyArray{
+		value: p,
+	}
+}
+
+func (a *NamedCertKeyArray) Set(val string) error {
+	nkc := NamedCertKey{}
+	err := nkc.Set(val)
+	if err != nil {
+		return err
+	}
+	if !a.changed {
+		*a.value = []NamedCertKey{nkc}
+		a.changed = true
+	} else {
+		*a.value = append(*a.value, nkc)
+	}
+	return nil
+}
+
+func (a *NamedCertKeyArray) Type() string {
+	return "namedCertKey"
+}
+
+func (a *NamedCertKeyArray) String() string {
+	nkcs := make([]string, 0, len(*a.value))
+	for i := range *a.value {
+		nkcs = append(nkcs, (*a.value)[i].String())
+	}
+	return "[" + strings.Join(nkcs, ";") + "]"
+}

pkg/util/flag/namedcertkey_flag_test.go

@@ -0,0 +1,139 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flag
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+	"testing"
+
+	"github.com/spf13/pflag"
+)
+
+func TestNamedCertKeyArrayFlag(t *testing.T) {
+	tests := []struct {
+		args       []string
+		def        []NamedCertKey
+		expected   []NamedCertKey
+		parseError string
+	}{
+		{
+			args:     []string{},
+			expected: nil,
+		},
+		{
+			args: []string{"foo.crt,foo.key"},
+			expected: []NamedCertKey{{
+				KeyFile:  "foo.key",
+				CertFile: "foo.crt",
+			}},
+		},
+		{
+			args: []string{"  foo.crt , foo.key    "},
+			expected: []NamedCertKey{{
+				KeyFile:  "foo.key",
+				CertFile: "foo.crt",
+			}},
+		},
+		{
+			args: []string{"foo.crt,foo.key:abc"},
+			expected: []NamedCertKey{{
+				KeyFile:  "foo.key",
+				CertFile: "foo.crt",
+				Names:    []string{"abc"},
+			}},
+		},
+		{
+			args: []string{"foo.crt,foo.key: abc  "},
+			expected: []NamedCertKey{{
+				KeyFile:  "foo.key",
+				CertFile: "foo.crt",
+				Names:    []string{"abc"},
+			}},
+		},
+		{
+			args:       []string{"foo.crt,foo.key:"},
+			parseError: "empty names list is not allowed",
+		},
+		{
+			args:       []string{""},
+			parseError: "expected comma separated certificate and key file paths",
+		},
+		{
+			args:       []string{"   "},
+			parseError: "expected comma separated certificate and key file paths",
+		},
+		{
+			args:       []string{"a,b,c"},
+			parseError: "expected comma separated certificate and key file paths",
+		},
+		{
+			args: []string{"foo.crt,foo.key:abc,def,ghi"},
+			expected: []NamedCertKey{{
+				KeyFile:  "foo.key",
+				CertFile: "foo.crt",
+				Names:    []string{"abc", "def", "ghi"},
+			}},
+		},
+		{
+			args: []string{"foo.crt,foo.key:*.*.*"},
+			expected: []NamedCertKey{{
+				KeyFile:  "foo.key",
+				CertFile: "foo.crt",
+				Names:    []string{"*.*.*"},
+			}},
+		},
+		{
+			args: []string{"foo.crt,foo.key", "bar.crt,bar.key"},
+			expected: []NamedCertKey{{
+				KeyFile:  "foo.key",
+				CertFile: "foo.crt",
+			}, {
+				KeyFile:  "bar.key",
+				CertFile: "bar.crt",
+			}},
+		},
+	}
+	for i, test := range tests {
+		fs := pflag.NewFlagSet("testNamedCertKeyArray", pflag.ContinueOnError)
+		var nkcs []NamedCertKey
+		for _, d := range test.def {
+			nkcs = append(nkcs, d)
+		}
+		fs.Var(NewNamedCertKeyArray(&nkcs), "tls-sni-cert-key", "usage")
+
+		args := []string{}
+		for _, a := range test.args {
+			args = append(args, fmt.Sprintf("--tls-sni-cert-key=%s", a))
+		}
+
+		err := fs.Parse(args)
+		if test.parseError != "" {
+			if err == nil {
+				t.Errorf("%d: expected error %q, got nil", i, test.parseError)
+			} else if !strings.Contains(err.Error(), test.parseError) {
+				t.Errorf("%d: expected error %q, got %q", i, test.parseError, err)
+			}
+		} else if err != nil {
+			t.Errorf("%d: expected nil error, got %v", i, err)
+		}
+		if !reflect.DeepEqual(nkcs, test.expected) {
+			t.Errorf("%d: expected %+v, got %+v", i, test.expected, nkcs)
+		}
+	}
+}