From b0b5de6eaf547ebe3fe5d4fc17cf6004a4b94c75 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Tue, 8 Aug 2017 16:41:25 +0200 Subject: [PATCH] Port internal extensions/Network* to networking.k8s.io API group --- hack/.golint_failures | 1 - hack/test-update-storage-objects.sh | 4 +- pkg/apis/extensions/register.go | 5 +- pkg/apis/extensions/types.go | 95 ------ pkg/apis/extensions/validation/validation.go | 71 ---- .../extensions/validation/validation_test.go | 320 ------------------ pkg/apis/networking/v1/conversion.go | 196 ----------- pkg/apis/networking/v1/doc.go | 1 + pkg/apis/networking/v1/register.go | 2 +- .../fake/fake_networkpolicy.go | 126 ------- pkg/printers/internalversion/describe.go | 30 +- pkg/printers/internalversion/printers.go | 22 -- pkg/registry/extensions/networkpolicy/doc.go | 17 - .../networkpolicy/storage/storage.go | 52 --- .../networkpolicy/storage/storage_test.go | 185 ---------- .../extensions/networkpolicy/strategy.go | 88 ----- .../extensions/networkpolicy/strategy_test.go | 62 ---- .../extensions/rest/storage_extensions.go | 2 +- 18 files changed, 9 insertions(+), 1270 deletions(-) delete mode 100644 pkg/apis/networking/v1/conversion.go delete mode 100644 pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_networkpolicy.go delete mode 100644 pkg/registry/extensions/networkpolicy/doc.go delete mode 100644 pkg/registry/extensions/networkpolicy/storage/storage.go delete mode 100644 pkg/registry/extensions/networkpolicy/storage/storage_test.go delete mode 100644 pkg/registry/extensions/networkpolicy/strategy.go delete mode 100644 pkg/registry/extensions/networkpolicy/strategy_test.go diff --git a/hack/.golint_failures b/hack/.golint_failures index accd1e479c0..98d3f4a71d2 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -368,7 +368,6 @@ pkg/registry/extensions/deployment pkg/registry/extensions/deployment/storage pkg/registry/extensions/ingress pkg/registry/extensions/ingress/storage -pkg/registry/extensions/networkpolicy/storage pkg/registry/extensions/replicaset pkg/registry/extensions/replicaset/storage pkg/registry/extensions/rest diff --git a/hack/test-update-storage-objects.sh b/hack/test-update-storage-objects.sh index 147ab139574..ff0293af232 100755 --- a/hack/test-update-storage-objects.sh +++ b/hack/test-update-storage-objects.sh @@ -112,8 +112,8 @@ tests=( examples/persistent-volume-provisioning/rbd/rbd-storage-class.yaml,storageclasses,,slow,v1beta1,v1 ) -KUBE_OLD_API_VERSION="storage.k8s.io/v1beta1,extensions/v1beta1" -KUBE_NEW_API_VERSION="storage.k8s.io/v1,extensions/v1beta1" +KUBE_OLD_API_VERSION="networking.k8s.io/v1,storage.k8s.io/v1beta1,extensions/v1beta1" +KUBE_NEW_API_VERSION="networking.k8s.io/v1,storage.k8s.io/v1,extensions/v1beta1" KUBE_OLD_STORAGE_VERSIONS="storage.k8s.io/v1beta1" KUBE_NEW_STORAGE_VERSIONS="storage.k8s.io/v1" diff --git a/pkg/apis/extensions/register.go b/pkg/apis/extensions/register.go index 5983636c225..780f58dc747 100644 --- a/pkg/apis/extensions/register.go +++ b/pkg/apis/extensions/register.go @@ -19,6 +19,7 @@ package extensions import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/kubernetes/pkg/apis/networking" ) // GroupName is the group name use in this package @@ -63,8 +64,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ReplicaSetList{}, &PodSecurityPolicy{}, &PodSecurityPolicyList{}, - &NetworkPolicy{}, - &NetworkPolicyList{}, + &networking.NetworkPolicy{}, + &networking.NetworkPolicyList{}, ) return nil } diff --git a/pkg/apis/extensions/types.go b/pkg/apis/extensions/types.go index 50f3f9522d9..8e60c6f9ed9 100644 --- a/pkg/apis/extensions/types.go +++ b/pkg/apis/extensions/types.go @@ -1091,98 +1091,3 @@ type PodSecurityPolicyList struct { Items []PodSecurityPolicy } - -// +genclient -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NetworkPolicy describes what network traffic is allowed for a set of Pods -type NetworkPolicy struct { - metav1.TypeMeta - // +optional - metav1.ObjectMeta - - // Specification of the desired behavior for this NetworkPolicy. - // +optional - Spec NetworkPolicySpec -} - -type NetworkPolicySpec struct { - // Selects the pods to which this NetworkPolicy object applies. The array of ingress rules - // is applied to any pods selected by this field. Multiple network policies can select the - // same set of pods. In this case, the ingress rules for each are combined additively. - // This field is NOT optional and follows standard label selector semantics. - // An empty podSelector matches all pods in this namespace. - PodSelector metav1.LabelSelector - - // List of ingress rules to be applied to the selected pods. - // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod - // OR if the traffic source is the pod's local node, - // OR if the traffic matches at least one ingress rule across all of the NetworkPolicy - // objects whose podSelector matches the pod. - // If this field is empty then this NetworkPolicy does not allow any traffic - // (and serves solely to ensure that the pods it selects are isolated by default). - // +optional - Ingress []NetworkPolicyIngressRule -} - -// This NetworkPolicyIngressRule matches traffic if and only if the traffic matches both ports AND from. -type NetworkPolicyIngressRule struct { - // List of ports which should be made accessible on the pods selected for this rule. - // Each item in this list is combined using a logical OR. - // If this field is empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows traffic - // only if the traffic matches at least one port in the list. - // +optional - Ports []NetworkPolicyPort - - // List of sources which should be able to access the pods selected for this rule. - // Items in this list are combined using a logical OR operation. - // If this field is empty or missing, this rule matches all sources (traffic not restricted by source). - // If this field is present and contains at least on item, this rule allows traffic only if the - // traffic matches at least one item in the from list. - // +optional - From []NetworkPolicyPeer -} - -type NetworkPolicyPort struct { - // Optional. The protocol (TCP or UDP) which traffic must match. - // If not specified, this field defaults to TCP. - // +optional - Protocol *api.Protocol - - // If specified, the port on the given protocol. This can - // either be a numerical or named port on a pod. If this field is not provided, - // this matches all port names and numbers. - // If present, only traffic on the specified protocol AND port - // will be matched. - // +optional - Port *intstr.IntOrString -} - -type NetworkPolicyPeer struct { - // Exactly one of the following must be specified. - - // This is a label selector which selects Pods in this namespace. - // This field follows standard label selector semantics. - // If present but empty, this selector selects all pods in this namespace. - // +optional - PodSelector *metav1.LabelSelector - - // Selects Namespaces using cluster scoped-labels. This - // matches all pods in all namespaces selected by this label selector. - // This field follows standard label selector semantics. - // If present but empty, this selector selects all namespaces. - // +optional - NamespaceSelector *metav1.LabelSelector -} - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// NetworkPolicyList is a list of NetworkPolicy objects. -type NetworkPolicyList struct { - metav1.TypeMeta - // +optional - metav1.ListMeta - - Items []NetworkPolicy -} diff --git a/pkg/apis/extensions/validation/validation.go b/pkg/apis/extensions/validation/validation.go index 04879c9b840..d145fd421fb 100644 --- a/pkg/apis/extensions/validation/validation.go +++ b/pkg/apis/extensions/validation/validation.go @@ -19,7 +19,6 @@ package validation import ( "fmt" "net" - "reflect" "regexp" "strconv" "strings" @@ -887,73 +886,3 @@ func ValidatePodSecurityPolicyUpdate(old *extensions.PodSecurityPolicy, new *ext allErrs = append(allErrs, ValidatePodSecurityPolicySpec(&new.Spec, field.NewPath("spec"))...) return allErrs } - -// ValidateNetworkPolicyName can be used to check whether the given networkpolicy -// name is valid. -func ValidateNetworkPolicyName(name string, prefix bool) []string { - return apivalidation.NameIsDNSSubdomain(name, prefix) -} - -// ValidateNetworkPolicySpec tests if required fields in the networkpolicy spec are set. -func ValidateNetworkPolicySpec(spec *extensions.NetworkPolicySpec, fldPath *field.Path) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(&spec.PodSelector, fldPath.Child("podSelector"))...) - - // Validate ingress rules. - for i, ingress := range spec.Ingress { - ingressPath := fldPath.Child("ingress").Index(i) - for i, port := range ingress.Ports { - portPath := ingressPath.Child("ports").Index(i) - if port.Protocol != nil && *port.Protocol != api.ProtocolTCP && *port.Protocol != api.ProtocolUDP { - allErrs = append(allErrs, field.NotSupported(portPath.Child("protocol"), *port.Protocol, []string{string(api.ProtocolTCP), string(api.ProtocolUDP)})) - } - if port.Port != nil { - if port.Port.Type == intstr.Int { - for _, msg := range validation.IsValidPortNum(int(port.Port.IntVal)) { - allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.IntVal, msg)) - } - } else { - for _, msg := range validation.IsValidPortName(port.Port.StrVal) { - allErrs = append(allErrs, field.Invalid(portPath.Child("port"), port.Port.StrVal, msg)) - } - } - } - } - for i, from := range ingress.From { - fromPath := ingressPath.Child("from").Index(i) - numFroms := 0 - if from.PodSelector != nil { - numFroms++ - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(from.PodSelector, fromPath.Child("podSelector"))...) - } - if from.NamespaceSelector != nil { - numFroms++ - allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(from.NamespaceSelector, fromPath.Child("namespaceSelector"))...) - } - - if numFroms == 0 { - allErrs = append(allErrs, field.Required(fromPath, "must specify a from type")) - } else if numFroms > 1 { - allErrs = append(allErrs, field.Forbidden(fromPath, "may not specify more than 1 from type")) - } - } - } - return allErrs -} - -// ValidateNetworkPolicy validates a networkpolicy. -func ValidateNetworkPolicy(np *extensions.NetworkPolicy) field.ErrorList { - allErrs := apivalidation.ValidateObjectMeta(&np.ObjectMeta, true, ValidateNetworkPolicyName, field.NewPath("metadata")) - allErrs = append(allErrs, ValidateNetworkPolicySpec(&np.Spec, field.NewPath("spec"))...) - return allErrs -} - -// ValidateNetworkPolicyUpdate tests if an update to a NetworkPolicy is valid. -func ValidateNetworkPolicyUpdate(update, old *extensions.NetworkPolicy) field.ErrorList { - allErrs := field.ErrorList{} - allErrs = append(allErrs, apivalidation.ValidateObjectMetaUpdate(&update.ObjectMeta, &old.ObjectMeta, field.NewPath("metadata"))...) - if !reflect.DeepEqual(update.Spec, old.Spec) { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "updates to networkpolicy spec are forbidden.")) - } - return allErrs -} diff --git a/pkg/apis/extensions/validation/validation_test.go b/pkg/apis/extensions/validation/validation_test.go index c19e60646e0..5e6c6df8ee2 100644 --- a/pkg/apis/extensions/validation/validation_test.go +++ b/pkg/apis/extensions/validation/validation_test.go @@ -2768,326 +2768,6 @@ func TestValidatePSPVolumes(t *testing.T) { } } -func TestValidateNetworkPolicy(t *testing.T) { - protocolTCP := api.ProtocolTCP - protocolUDP := api.ProtocolUDP - protocolICMP := api.Protocol("ICMP") - - successCases := []extensions.NetworkPolicy{ - { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{}, - Ports: []extensions.NetworkPolicyPort{}, - }, - }, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - Ports: []extensions.NetworkPolicyPort{ - { - Protocol: nil, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 80}, - }, - { - Protocol: &protocolTCP, - Port: nil, - }, - { - Protocol: &protocolTCP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 443}, - }, - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.String, StrVal: "dns"}, - }, - }, - }, - }, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - PodSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{"c": "d"}, - }, - }, - }, - }, - }, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{"c": "d"}, - }, - }, - }, - }, - }, - }, - }, - } - - // Success cases are expected to pass validation. - for k, v := range successCases { - if errs := ValidateNetworkPolicy(&v); len(errs) != 0 { - t.Errorf("Expected success for %d, got %v", k, errs) - } - } - - invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"} - errorCases := map[string]extensions.NetworkPolicy{ - "namespaceSelector and podSelector": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - PodSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{"c": "d"}, - }, - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{"c": "d"}, - }, - }, - }, - }, - }, - }, - }, - "invalid spec.podSelector": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: invalidSelector, - }, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{"c": "d"}, - }, - }, - }, - }, - }, - }, - }, - "invalid ingress.ports.protocol": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - Ports: []extensions.NetworkPolicyPort{ - { - Protocol: &protocolICMP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 80}, - }, - }, - }, - }, - }, - }, - "invalid ingress.ports.port (int)": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - Ports: []extensions.NetworkPolicyPort{ - { - Protocol: &protocolTCP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 123456789}, - }, - }, - }, - }, - }, - }, - "invalid ingress.ports.port (str)": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - Ports: []extensions.NetworkPolicyPort{ - { - Protocol: &protocolTCP, - Port: &intstr.IntOrString{Type: intstr.String, StrVal: "!@#$"}, - }, - }, - }, - }, - }, - }, - "invalid ingress.from.podSelector": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - PodSelector: &metav1.LabelSelector{ - MatchLabels: invalidSelector, - }, - }, - }, - }, - }, - }, - }, - "invalid ingress.from.namespaceSelector": { - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: invalidSelector, - }, - }, - }, - }, - }, - }, - }, - } - - // Error cases are not expected to pass validation. - for testName, networkPolicy := range errorCases { - if errs := ValidateNetworkPolicy(&networkPolicy); len(errs) == 0 { - t.Errorf("Expected failure for test: %s", testName) - } - } -} - -func TestValidateNetworkPolicyUpdate(t *testing.T) { - type npUpdateTest struct { - old extensions.NetworkPolicy - update extensions.NetworkPolicy - } - successCases := []npUpdateTest{ - { - old: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - update: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - }, - } - - for _, successCase := range successCases { - successCase.old.ObjectMeta.ResourceVersion = "1" - successCase.update.ObjectMeta.ResourceVersion = "1" - if errs := ValidateNetworkPolicyUpdate(&successCase.update, &successCase.old); len(errs) != 0 { - t.Errorf("expected success: %v", errs) - } - } - errorCases := map[string]npUpdateTest{ - "change name": { - old: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - update: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "baz", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - }, - "change spec": { - old: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{}, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - update: extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{"a": "b"}, - }, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - }, - } - - for testName, errorCase := range errorCases { - if errs := ValidateNetworkPolicyUpdate(&errorCase.update, &errorCase.old); len(errs) == 0 { - t.Errorf("expected failure: %s", testName) - } - } -} - func TestIsValidSysctlPattern(t *testing.T) { valid := []string{ "a.b.c.d", diff --git a/pkg/apis/networking/v1/conversion.go b/pkg/apis/networking/v1/conversion.go deleted file mode 100644 index 4d833f4139e..00000000000 --- a/pkg/apis/networking/v1/conversion.go +++ /dev/null @@ -1,196 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/api/core/v1" - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/extensions" -) - -func addConversionFuncs(scheme *runtime.Scheme) error { - return scheme.AddConversionFuncs( - Convert_v1_NetworkPolicy_To_extensions_NetworkPolicy, - Convert_extensions_NetworkPolicy_To_v1_NetworkPolicy, - Convert_v1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule, - Convert_extensions_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule, - Convert_v1_NetworkPolicyList_To_extensions_NetworkPolicyList, - Convert_extensions_NetworkPolicyList_To_v1_NetworkPolicyList, - Convert_v1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer, - Convert_extensions_NetworkPolicyPeer_To_v1_NetworkPolicyPeer, - Convert_v1_NetworkPolicyPort_To_extensions_NetworkPolicyPort, - Convert_extensions_NetworkPolicyPort_To_v1_NetworkPolicyPort, - Convert_v1_NetworkPolicySpec_To_extensions_NetworkPolicySpec, - Convert_extensions_NetworkPolicySpec_To_v1_NetworkPolicySpec, - ) -} - -func Convert_v1_NetworkPolicy_To_extensions_NetworkPolicy(in *networkingv1.NetworkPolicy, out *extensions.NetworkPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - return Convert_v1_NetworkPolicySpec_To_extensions_NetworkPolicySpec(&in.Spec, &out.Spec, s) -} - -func Convert_extensions_NetworkPolicy_To_v1_NetworkPolicy(in *extensions.NetworkPolicy, out *networkingv1.NetworkPolicy, s conversion.Scope) error { - out.ObjectMeta = in.ObjectMeta - return Convert_extensions_NetworkPolicySpec_To_v1_NetworkPolicySpec(&in.Spec, &out.Spec, s) -} - -func Convert_v1_NetworkPolicySpec_To_extensions_NetworkPolicySpec(in *networkingv1.NetworkPolicySpec, out *extensions.NetworkPolicySpec, s conversion.Scope) error { - if err := s.Convert(&in.PodSelector, &out.PodSelector, 0); err != nil { - return err - } - out.Ingress = make([]extensions.NetworkPolicyIngressRule, len(in.Ingress)) - for i := range in.Ingress { - if err := Convert_v1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule(&in.Ingress[i], &out.Ingress[i], s); err != nil { - return err - } - } - return nil -} - -func Convert_extensions_NetworkPolicySpec_To_v1_NetworkPolicySpec(in *extensions.NetworkPolicySpec, out *networkingv1.NetworkPolicySpec, s conversion.Scope) error { - if err := s.Convert(&in.PodSelector, &out.PodSelector, 0); err != nil { - return err - } - out.Ingress = make([]networkingv1.NetworkPolicyIngressRule, len(in.Ingress)) - for i := range in.Ingress { - if err := Convert_extensions_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule(&in.Ingress[i], &out.Ingress[i], s); err != nil { - return err - } - } - return nil -} - -func Convert_v1_NetworkPolicyIngressRule_To_extensions_NetworkPolicyIngressRule(in *networkingv1.NetworkPolicyIngressRule, out *extensions.NetworkPolicyIngressRule, s conversion.Scope) error { - out.Ports = make([]extensions.NetworkPolicyPort, len(in.Ports)) - for i := range in.Ports { - if err := Convert_v1_NetworkPolicyPort_To_extensions_NetworkPolicyPort(&in.Ports[i], &out.Ports[i], s); err != nil { - return err - } - } - out.From = make([]extensions.NetworkPolicyPeer, len(in.From)) - for i := range in.From { - if err := Convert_v1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer(&in.From[i], &out.From[i], s); err != nil { - return err - } - } - return nil -} - -func Convert_extensions_NetworkPolicyIngressRule_To_v1_NetworkPolicyIngressRule(in *extensions.NetworkPolicyIngressRule, out *networkingv1.NetworkPolicyIngressRule, s conversion.Scope) error { - out.Ports = make([]networkingv1.NetworkPolicyPort, len(in.Ports)) - for i := range in.Ports { - if err := Convert_extensions_NetworkPolicyPort_To_v1_NetworkPolicyPort(&in.Ports[i], &out.Ports[i], s); err != nil { - return err - } - } - out.From = make([]networkingv1.NetworkPolicyPeer, len(in.From)) - for i := range in.From { - if err := Convert_extensions_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(&in.From[i], &out.From[i], s); err != nil { - return err - } - } - return nil -} - -func Convert_v1_NetworkPolicyPeer_To_extensions_NetworkPolicyPeer(in *networkingv1.NetworkPolicyPeer, out *extensions.NetworkPolicyPeer, s conversion.Scope) error { - if in.PodSelector != nil { - out.PodSelector = new(metav1.LabelSelector) - if err := s.Convert(in.PodSelector, out.PodSelector, 0); err != nil { - return err - } - } else { - out.PodSelector = nil - } - if in.NamespaceSelector != nil { - out.NamespaceSelector = new(metav1.LabelSelector) - if err := s.Convert(in.NamespaceSelector, out.NamespaceSelector, 0); err != nil { - return err - } - } else { - out.NamespaceSelector = nil - } - return nil -} - -func Convert_extensions_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(in *extensions.NetworkPolicyPeer, out *networkingv1.NetworkPolicyPeer, s conversion.Scope) error { - if in.PodSelector != nil { - out.PodSelector = new(metav1.LabelSelector) - if err := s.Convert(in.PodSelector, out.PodSelector, 0); err != nil { - return err - } - } else { - out.PodSelector = nil - } - if in.NamespaceSelector != nil { - out.NamespaceSelector = new(metav1.LabelSelector) - if err := s.Convert(in.NamespaceSelector, out.NamespaceSelector, 0); err != nil { - return err - } - } else { - out.NamespaceSelector = nil - } - return nil -} - -func Convert_v1_NetworkPolicyPort_To_extensions_NetworkPolicyPort(in *networkingv1.NetworkPolicyPort, out *extensions.NetworkPolicyPort, s conversion.Scope) error { - if in.Protocol != nil { - out.Protocol = new(api.Protocol) - *out.Protocol = api.Protocol(*in.Protocol) - } else { - out.Protocol = nil - } - out.Port = in.Port - return nil -} - -func Convert_extensions_NetworkPolicyPort_To_v1_NetworkPolicyPort(in *extensions.NetworkPolicyPort, out *networkingv1.NetworkPolicyPort, s conversion.Scope) error { - if in.Protocol != nil { - out.Protocol = new(v1.Protocol) - *out.Protocol = v1.Protocol(*in.Protocol) - } else { - out.Protocol = nil - } - out.Port = in.Port - return nil -} - -func Convert_v1_NetworkPolicyList_To_extensions_NetworkPolicyList(in *networkingv1.NetworkPolicyList, out *extensions.NetworkPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = make([]extensions.NetworkPolicy, len(in.Items)) - for i := range in.Items { - if err := Convert_v1_NetworkPolicy_To_extensions_NetworkPolicy(&in.Items[i], &out.Items[i], s); err != nil { - return err - } - } - return nil -} - -func Convert_extensions_NetworkPolicyList_To_v1_NetworkPolicyList(in *extensions.NetworkPolicyList, out *networkingv1.NetworkPolicyList, s conversion.Scope) error { - out.ListMeta = in.ListMeta - out.Items = make([]networkingv1.NetworkPolicy, len(in.Items)) - for i := range in.Items { - if err := Convert_extensions_NetworkPolicy_To_v1_NetworkPolicy(&in.Items[i], &out.Items[i], s); err != nil { - return err - } - } - return nil -} diff --git a/pkg/apis/networking/v1/doc.go b/pkg/apis/networking/v1/doc.go index ca997773e2c..d069022f53d 100644 --- a/pkg/apis/networking/v1/doc.go +++ b/pkg/apis/networking/v1/doc.go @@ -16,6 +16,7 @@ limitations under the License. // +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/networking // +k8s:conversion-gen-external-types=../../../../vendor/k8s.io/api/networking/v1 +// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/extensions // +k8s:defaulter-gen=TypeMeta // +k8s:defaulter-gen-input=../../../../vendor/k8s.io/api/networking/v1 // +groupName=networking.k8s.io diff --git a/pkg/apis/networking/v1/register.go b/pkg/apis/networking/v1/register.go index 7d205b95c17..35a60bd8df6 100644 --- a/pkg/apis/networking/v1/register.go +++ b/pkg/apis/networking/v1/register.go @@ -41,5 +41,5 @@ func init() { // We only register manually written functions here. The registration of the // generated functions takes place in the generated files. The separation // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addDefaultingFuncs, addConversionFuncs) + localSchemeBuilder.Register(addDefaultingFuncs) } diff --git a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_networkpolicy.go b/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_networkpolicy.go deleted file mode 100644 index 2afa69d2ee8..00000000000 --- a/pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_networkpolicy.go +++ /dev/null @@ -1,126 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fake - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" - extensions "k8s.io/kubernetes/pkg/apis/extensions" -) - -// FakeNetworkPolicies implements NetworkPolicyInterface -type FakeNetworkPolicies struct { - Fake *FakeExtensions - ns string -} - -var networkpoliciesResource = schema.GroupVersionResource{Group: "extensions", Version: "", Resource: "networkpolicies"} - -var networkpoliciesKind = schema.GroupVersionKind{Group: "extensions", Version: "", Kind: "NetworkPolicy"} - -// Get takes name of the networkPolicy, and returns the corresponding networkPolicy object, and an error if there is any. -func (c *FakeNetworkPolicies) Get(name string, options v1.GetOptions) (result *extensions.NetworkPolicy, err error) { - obj, err := c.Fake. - Invokes(testing.NewGetAction(networkpoliciesResource, c.ns, name), &extensions.NetworkPolicy{}) - - if obj == nil { - return nil, err - } - return obj.(*extensions.NetworkPolicy), err -} - -// List takes label and field selectors, and returns the list of NetworkPolicies that match those selectors. -func (c *FakeNetworkPolicies) List(opts v1.ListOptions) (result *extensions.NetworkPolicyList, err error) { - obj, err := c.Fake. - Invokes(testing.NewListAction(networkpoliciesResource, networkpoliciesKind, c.ns, opts), &extensions.NetworkPolicyList{}) - - if obj == nil { - return nil, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &extensions.NetworkPolicyList{} - for _, item := range obj.(*extensions.NetworkPolicyList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested networkPolicies. -func (c *FakeNetworkPolicies) Watch(opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewWatchAction(networkpoliciesResource, c.ns, opts)) - -} - -// Create takes the representation of a networkPolicy and creates it. Returns the server's representation of the networkPolicy, and an error, if there is any. -func (c *FakeNetworkPolicies) Create(networkPolicy *extensions.NetworkPolicy) (result *extensions.NetworkPolicy, err error) { - obj, err := c.Fake. - Invokes(testing.NewCreateAction(networkpoliciesResource, c.ns, networkPolicy), &extensions.NetworkPolicy{}) - - if obj == nil { - return nil, err - } - return obj.(*extensions.NetworkPolicy), err -} - -// Update takes the representation of a networkPolicy and updates it. Returns the server's representation of the networkPolicy, and an error, if there is any. -func (c *FakeNetworkPolicies) Update(networkPolicy *extensions.NetworkPolicy) (result *extensions.NetworkPolicy, err error) { - obj, err := c.Fake. - Invokes(testing.NewUpdateAction(networkpoliciesResource, c.ns, networkPolicy), &extensions.NetworkPolicy{}) - - if obj == nil { - return nil, err - } - return obj.(*extensions.NetworkPolicy), err -} - -// Delete takes name of the networkPolicy and deletes it. Returns an error if one occurs. -func (c *FakeNetworkPolicies) Delete(name string, options *v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewDeleteAction(networkpoliciesResource, c.ns, name), &extensions.NetworkPolicy{}) - - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeNetworkPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { - action := testing.NewDeleteCollectionAction(networkpoliciesResource, c.ns, listOptions) - - _, err := c.Fake.Invokes(action, &extensions.NetworkPolicyList{}) - return err -} - -// Patch applies the patch and returns the patched networkPolicy. -func (c *FakeNetworkPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *extensions.NetworkPolicy, err error) { - obj, err := c.Fake. - Invokes(testing.NewPatchSubresourceAction(networkpoliciesResource, c.ns, name, data, subresources...), &extensions.NetworkPolicy{}) - - if obj == nil { - return nil, err - } - return obj.(*extensions.NetworkPolicy), err -} diff --git a/pkg/printers/internalversion/describe.go b/pkg/printers/internalversion/describe.go index d8ef33de39f..00e732dd4a2 100644 --- a/pkg/printers/internalversion/describe.go +++ b/pkg/printers/internalversion/describe.go @@ -134,7 +134,7 @@ func describerMap(c clientset.Interface) map[schema.GroupKind]printers.Describer api.Kind("PriorityClass"): &PriorityClassDescriber{c}, extensions.Kind("ReplicaSet"): &ReplicaSetDescriber{c}, - extensions.Kind("NetworkPolicy"): &ExtensionsNetworkPolicyDescriber{c}, + extensions.Kind("NetworkPolicy"): &NetworkPolicyDescriber{c}, extensions.Kind("PodSecurityPolicy"): &PodSecurityPolicyDescriber{c}, autoscaling.Kind("HorizontalPodAutoscaler"): &HorizontalPodAutoscalerDescriber{c}, extensions.Kind("DaemonSet"): &DaemonSetDescriber{c}, @@ -3019,34 +3019,6 @@ func describeCluster(cluster *federation.Cluster) (string, error) { }) } -// ExtensionsNetworkPolicyDescriber generates information about an extensions.NetworkPolicy -type ExtensionsNetworkPolicyDescriber struct { - clientset.Interface -} - -func (d *ExtensionsNetworkPolicyDescriber) Describe(namespace, name string, describerSettings printers.DescriberSettings) (string, error) { - c := d.Extensions().NetworkPolicies(namespace) - - networkPolicy, err := c.Get(name, metav1.GetOptions{}) - if err != nil { - return "", err - } - - return describeExtensionsNetworkPolicy(networkPolicy) -} - -func describeExtensionsNetworkPolicy(networkPolicy *extensions.NetworkPolicy) (string, error) { - return tabbedString(func(out io.Writer) error { - w := NewPrefixWriter(out) - w.Write(LEVEL_0, "Name:\t%s\n", networkPolicy.Name) - w.Write(LEVEL_0, "Namespace:\t%s\n", networkPolicy.Namespace) - printLabelsMultiline(w, "Labels", networkPolicy.Labels) - printAnnotationsMultiline(w, "Annotations", networkPolicy.Annotations) - - return nil - }) -} - // NetworkPolicyDescriber generates information about a networking.NetworkPolicy type NetworkPolicyDescriber struct { clientset.Interface diff --git a/pkg/printers/internalversion/printers.go b/pkg/printers/internalversion/printers.go index b0386581388..3da77c4583c 100644 --- a/pkg/printers/internalversion/printers.go +++ b/pkg/printers/internalversion/printers.go @@ -364,8 +364,6 @@ func AddHandlers(h printers.PrintHandler) { {Name: "Pod-Selector", Type: "string", Description: extensionsv1beta1.NetworkPolicySpec{}.SwaggerDoc()["podSelector"]}, {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, } - h.TableHandler(networkPolicyColumnDefinitioins, printExtensionsNetworkPolicy) - h.TableHandler(networkPolicyColumnDefinitioins, printExtensionsNetworkPolicyList) h.TableHandler(networkPolicyColumnDefinitioins, printNetworkPolicy) h.TableHandler(networkPolicyColumnDefinitioins, printNetworkPolicyList) @@ -1661,26 +1659,6 @@ func printPodSecurityPolicyList(list *extensions.PodSecurityPolicyList, options return rows, nil } -func printExtensionsNetworkPolicy(obj *extensions.NetworkPolicy, options printers.PrintOptions) ([]metav1alpha1.TableRow, error) { - row := metav1alpha1.TableRow{ - Object: runtime.RawExtension{Object: obj}, - } - row.Cells = append(row.Cells, obj.Name, metav1.FormatLabelSelector(&obj.Spec.PodSelector), translateTimestamp(obj.CreationTimestamp)) - return []metav1alpha1.TableRow{row}, nil -} - -func printExtensionsNetworkPolicyList(list *extensions.NetworkPolicyList, options printers.PrintOptions) ([]metav1alpha1.TableRow, error) { - rows := make([]metav1alpha1.TableRow, 0, len(list.Items)) - for i := range list.Items { - r, err := printExtensionsNetworkPolicy(&list.Items[i], options) - if err != nil { - return nil, err - } - rows = append(rows, r...) - } - return rows, nil -} - func printNetworkPolicy(obj *networking.NetworkPolicy, options printers.PrintOptions) ([]metav1alpha1.TableRow, error) { row := metav1alpha1.TableRow{ Object: runtime.RawExtension{Object: obj}, diff --git a/pkg/registry/extensions/networkpolicy/doc.go b/pkg/registry/extensions/networkpolicy/doc.go deleted file mode 100644 index fb5ea65fd03..00000000000 --- a/pkg/registry/extensions/networkpolicy/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package networkpolicy // import "k8s.io/kubernetes/pkg/registry/extensions/networkpolicy" diff --git a/pkg/registry/extensions/networkpolicy/storage/storage.go b/pkg/registry/extensions/networkpolicy/storage/storage.go deleted file mode 100644 index cb69d55ee47..00000000000 --- a/pkg/registry/extensions/networkpolicy/storage/storage.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apiserver/pkg/registry/generic" - genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" - "k8s.io/kubernetes/pkg/api" - extensionsapi "k8s.io/kubernetes/pkg/apis/extensions" - "k8s.io/kubernetes/pkg/registry/cachesize" - "k8s.io/kubernetes/pkg/registry/extensions/networkpolicy" -) - -// rest implements a RESTStorage for network policies -type REST struct { - *genericregistry.Store -} - -// NewREST returns a RESTStorage object that will work against network policies. -func NewREST(optsGetter generic.RESTOptionsGetter) *REST { - store := &genericregistry.Store{ - Copier: api.Scheme, - NewFunc: func() runtime.Object { return &extensionsapi.NetworkPolicy{} }, - NewListFunc: func() runtime.Object { return &extensionsapi.NetworkPolicyList{} }, - DefaultQualifiedResource: extensionsapi.Resource("networkpolicies"), - WatchCacheSize: cachesize.GetWatchCacheSizeByResource("networkpolicies"), - - CreateStrategy: networkpolicy.Strategy, - UpdateStrategy: networkpolicy.Strategy, - DeleteStrategy: networkpolicy.Strategy, - } - options := &generic.StoreOptions{RESTOptions: optsGetter} - if err := store.CompleteWithOptions(options); err != nil { - panic(err) // TODO: Propagate error up - } - return &REST{store} -} diff --git a/pkg/registry/extensions/networkpolicy/storage/storage_test.go b/pkg/registry/extensions/networkpolicy/storage/storage_test.go deleted file mode 100644 index 2850ea20147..00000000000 --- a/pkg/registry/extensions/networkpolicy/storage/storage_test.go +++ /dev/null @@ -1,185 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package storage - -import ( - "testing" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/fields" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/intstr" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/registry/generic" - etcdtesting "k8s.io/apiserver/pkg/storage/etcd/testing" - "k8s.io/kubernetes/pkg/apis/extensions" - "k8s.io/kubernetes/pkg/registry/registrytest" -) - -func newStorage(t *testing.T) (*REST, *etcdtesting.EtcdTestServer) { - etcdStorage, server := registrytest.NewEtcdStorage(t, "extensions") - restOptions := generic.RESTOptions{ - StorageConfig: etcdStorage, - Decorator: generic.UndecoratedStorage, - DeleteCollectionWorkers: 1, - ResourcePrefix: "networkpolicies", - } - return NewREST(restOptions), server -} - -// createNetworkPolicy is a helper function that returns a NetworkPolicy with the updated resource version. -func createNetworkPolicy(storage *REST, np extensions.NetworkPolicy, t *testing.T) (extensions.NetworkPolicy, error) { - ctx := genericapirequest.WithNamespace(genericapirequest.NewContext(), np.Namespace) - obj, err := storage.Create(ctx, &np, false) - if err != nil { - t.Errorf("Failed to create NetworkPolicy, %v", err) - } - newNP := obj.(*extensions.NetworkPolicy) - return *newNP, nil -} - -func validNewNetworkPolicy() *extensions.NetworkPolicy { - port := intstr.FromInt(80) - return &extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{ - Name: "foo", - Namespace: metav1.NamespaceDefault, - Labels: map[string]string{"a": "b"}, - }, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{MatchLabels: map[string]string{"a": "b"}}, - Ingress: []extensions.NetworkPolicyIngressRule{ - { - From: []extensions.NetworkPolicyPeer{ - { - PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"c": "d"}}, - }, - }, - Ports: []extensions.NetworkPolicyPort{ - { - Port: &port, - }, - }, - }, - }, - }, - } -} - -var validNetworkPolicy = *validNewNetworkPolicy() - -func TestCreate(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - np := validNewNetworkPolicy() - np.ObjectMeta = metav1.ObjectMeta{} - - invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"} - test.TestCreate( - // valid - np, - // invalid (invalid selector) - &extensions.NetworkPolicy{ - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{MatchLabels: invalidSelector}, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - }, - ) -} - -func TestUpdate(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - test.TestUpdate( - // valid - validNewNetworkPolicy(), - // valid updateFunc - func(obj runtime.Object) runtime.Object { - object := obj.(*extensions.NetworkPolicy) - return object - }, - // invalid updateFunc - func(obj runtime.Object) runtime.Object { - object := obj.(*extensions.NetworkPolicy) - object.Name = "" - return object - }, - func(obj runtime.Object) runtime.Object { - object := obj.(*extensions.NetworkPolicy) - object.Spec.PodSelector = metav1.LabelSelector{MatchLabels: map[string]string{}} - return object - }, - ) -} - -func TestDelete(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - test.TestDelete(validNewNetworkPolicy()) -} - -func TestGet(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - test.TestGet(validNewNetworkPolicy()) -} - -func TestList(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - test.TestList(validNewNetworkPolicy()) -} - -func TestWatch(t *testing.T) { - storage, server := newStorage(t) - defer server.Terminate(t) - defer storage.Store.DestroyFunc() - test := registrytest.New(t, storage.Store) - test.TestWatch( - validNewNetworkPolicy(), - // matching labels - []labels.Set{ - {"a": "b"}, - }, - // not matching labels - []labels.Set{ - {"a": "c"}, - {"foo": "bar"}, - }, - // matching fields - []fields.Set{ - {"metadata.name": "foo"}, - }, - // not matchin fields - []fields.Set{ - {"metadata.name": "bar"}, - {"name": "foo"}, - }, - ) -} diff --git a/pkg/registry/extensions/networkpolicy/strategy.go b/pkg/registry/extensions/networkpolicy/strategy.go deleted file mode 100644 index 1c1ea71377d..00000000000 --- a/pkg/registry/extensions/networkpolicy/strategy.go +++ /dev/null @@ -1,88 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package networkpolicy - -import ( - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/validation/field" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/apiserver/pkg/storage/names" - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/apis/extensions" - "k8s.io/kubernetes/pkg/apis/extensions/validation" -) - -// networkPolicyStrategy implements verification logic for NetworkPolicys. -type networkPolicyStrategy struct { - runtime.ObjectTyper - names.NameGenerator -} - -// Strategy is the default logic that applies when creating and updating NetworkPolicy objects. -var Strategy = networkPolicyStrategy{api.Scheme, names.SimpleNameGenerator} - -// NamespaceScoped returns true because all NetworkPolicys need to be within a namespace. -func (networkPolicyStrategy) NamespaceScoped() bool { - return true -} - -// PrepareForCreate clears the status of an NetworkPolicy before creation. -func (networkPolicyStrategy) PrepareForCreate(ctx genericapirequest.Context, obj runtime.Object) { - networkPolicy := obj.(*extensions.NetworkPolicy) - networkPolicy.Generation = 1 -} - -// PrepareForUpdate clears fields that are not allowed to be set by end users on update. -func (networkPolicyStrategy) PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime.Object) { - newNetworkPolicy := obj.(*extensions.NetworkPolicy) - oldNetworkPolicy := old.(*extensions.NetworkPolicy) - - // Any changes to the spec increment the generation number, any changes to the - // status should reflect the generation number of the corresponding object. - // See metav1.ObjectMeta description for more information on Generation. - if !apiequality.Semantic.DeepEqual(oldNetworkPolicy.Spec, newNetworkPolicy.Spec) { - newNetworkPolicy.Generation = oldNetworkPolicy.Generation + 1 - } -} - -// Validate validates a new NetworkPolicy. -func (networkPolicyStrategy) Validate(ctx genericapirequest.Context, obj runtime.Object) field.ErrorList { - networkPolicy := obj.(*extensions.NetworkPolicy) - return validation.ValidateNetworkPolicy(networkPolicy) -} - -// Canonicalize normalizes the object after validation. -func (networkPolicyStrategy) Canonicalize(obj runtime.Object) { -} - -// AllowCreateOnUpdate is false for NetworkPolicy; this means you may not create one with a PUT request. -func (networkPolicyStrategy) AllowCreateOnUpdate() bool { - return false -} - -// ValidateUpdate is the default update validation for an end user. -func (networkPolicyStrategy) ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList { - validationErrorList := validation.ValidateNetworkPolicy(obj.(*extensions.NetworkPolicy)) - updateErrorList := validation.ValidateNetworkPolicyUpdate(obj.(*extensions.NetworkPolicy), old.(*extensions.NetworkPolicy)) - return append(validationErrorList, updateErrorList...) -} - -// AllowUnconditionalUpdate is the default update policy for NetworkPolicy objects. -func (networkPolicyStrategy) AllowUnconditionalUpdate() bool { - return true -} diff --git a/pkg/registry/extensions/networkpolicy/strategy_test.go b/pkg/registry/extensions/networkpolicy/strategy_test.go deleted file mode 100644 index b609acb7e29..00000000000 --- a/pkg/registry/extensions/networkpolicy/strategy_test.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package networkpolicy - -import ( - "testing" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - "k8s.io/kubernetes/pkg/apis/extensions" -) - -func TestNetworkPolicyStrategy(t *testing.T) { - ctx := genericapirequest.NewDefaultContext() - if !Strategy.NamespaceScoped() { - t.Errorf("NetworkPolicy must be namespace scoped") - } - if Strategy.AllowCreateOnUpdate() { - t.Errorf("NetworkPolicy should not allow create on update") - } - - validMatchLabels := map[string]string{"a": "b"} - np := &extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "abc", Namespace: metav1.NamespaceDefault}, - Spec: extensions.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{MatchLabels: validMatchLabels}, - Ingress: []extensions.NetworkPolicyIngressRule{}, - }, - } - - Strategy.PrepareForCreate(ctx, np) - errs := Strategy.Validate(ctx, np) - if len(errs) != 0 { - t.Errorf("Unexpected error validating %v", errs) - } - - invalidNp := &extensions.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{Name: "bar", ResourceVersion: "4"}, - } - Strategy.PrepareForUpdate(ctx, invalidNp, np) - errs = Strategy.ValidateUpdate(ctx, invalidNp, np) - if len(errs) == 0 { - t.Errorf("Expected a validation error") - } - if invalidNp.ResourceVersion != "4" { - t.Errorf("Incoming resource version on update should not be mutated") - } -} diff --git a/pkg/registry/extensions/rest/storage_extensions.go b/pkg/registry/extensions/rest/storage_extensions.go index 674b2aab79e..57e85b3a6f8 100644 --- a/pkg/registry/extensions/rest/storage_extensions.go +++ b/pkg/registry/extensions/rest/storage_extensions.go @@ -28,9 +28,9 @@ import ( daemonstore "k8s.io/kubernetes/pkg/registry/extensions/daemonset/storage" deploymentstore "k8s.io/kubernetes/pkg/registry/extensions/deployment/storage" ingressstore "k8s.io/kubernetes/pkg/registry/extensions/ingress/storage" - networkpolicystore "k8s.io/kubernetes/pkg/registry/extensions/networkpolicy/storage" pspstore "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage" replicasetstore "k8s.io/kubernetes/pkg/registry/extensions/replicaset/storage" + networkpolicystore "k8s.io/kubernetes/pkg/registry/networking/networkpolicy/storage" ) type RESTStorageProvider struct {