Remove all api.Scheme references by using explicit package aliases
This commit is contained in:
Dr. Stefan Schimanski
@@ -30,7 +30,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
"k8s.io/apiserver/pkg/authorization/authorizer"
|
||||
api "k8s.io/kubernetes/pkg/apis/abac"
|
||||
"k8s.io/kubernetes/pkg/apis/abac"
|
||||
_ "k8s.io/kubernetes/pkg/apis/abac/latest"
|
||||
"k8s.io/kubernetes/pkg/apis/abac/v0"
|
||||
)
|
||||
@@ -49,7 +49,7 @@ func (p policyLoadError) Error() string {
|
||||
return fmt.Sprintf("error reading policy file %s: %v", p.path, p.err)
|
||||
}
|
||||
|
||||
type policyList []*api.Policy
|
||||
type policyList []*abac.Policy
|
||||
|
||||
// TODO: Have policies be created via an API call and stored in REST storage.
|
||||
func NewFromFile(path string) (policyList, error) {
|
||||
@@ -64,13 +64,13 @@ func NewFromFile(path string) (policyList, error) {
|
||||
scanner := bufio.NewScanner(file)
|
||||
pl := make(policyList, 0)
|
||||
|
||||
decoder := api.Codecs.UniversalDecoder()
|
||||
decoder := abac.Codecs.UniversalDecoder()
|
||||
|
||||
i := 0
|
||||
unversionedLines := 0
|
||||
for scanner.Scan() {
|
||||
i++
|
||||
p := &api.Policy{}
|
||||
p := &abac.Policy{}
|
||||
b := scanner.Bytes()
|
||||
|
||||
// skip comment lines and blank lines
|
||||
@@ -90,14 +90,14 @@ func NewFromFile(path string) (policyList, error) {
|
||||
if err := runtime.DecodeInto(decoder, b, oldPolicy); err != nil {
|
||||
return nil, policyLoadError{path, i, b, err}
|
||||
}
|
||||
if err := api.Scheme.Convert(oldPolicy, p, nil); err != nil {
|
||||
if err := abac.Scheme.Convert(oldPolicy, p, nil); err != nil {
|
||||
return nil, policyLoadError{path, i, b, err}
|
||||
}
|
||||
pl = append(pl, p)
|
||||
continue
|
||||
}
|
||||
|
||||
decodedPolicy, ok := decodedObj.(*api.Policy)
|
||||
decodedPolicy, ok := decodedObj.(*abac.Policy)
|
||||
if !ok {
|
||||
return nil, policyLoadError{path, i, b, fmt.Errorf("unrecognized object: %#v", decodedObj)}
|
||||
}
|
||||
@@ -114,7 +114,7 @@ func NewFromFile(path string) (policyList, error) {
|
||||
return pl, nil
|
||||
}
|
||||
|
||||
func matches(p api.Policy, a authorizer.Attributes) bool {
|
||||
func matches(p abac.Policy, a authorizer.Attributes) bool {
|
||||
if subjectMatches(p, a.GetUser()) {
|
||||
if verbMatches(p, a) {
|
||||
// Resource and non-resource requests are mutually exclusive, at most one will match a policy
|
||||
@@ -130,7 +130,7 @@ func matches(p api.Policy, a authorizer.Attributes) bool {
|
||||
}
|
||||
|
||||
// subjectMatches returns true if specified user and group properties in the policy match the attributes
|
||||
func subjectMatches(p api.Policy, user user.Info) bool {
|
||||
func subjectMatches(p abac.Policy, user user.Info) bool {
|
||||
matched := false
|
||||
|
||||
if user == nil {
|
||||
@@ -171,7 +171,7 @@ func subjectMatches(p api.Policy, user user.Info) bool {
|
||||
return matched
|
||||
}
|
||||
|
||||
func verbMatches(p api.Policy, a authorizer.Attributes) bool {
|
||||
func verbMatches(p abac.Policy, a authorizer.Attributes) bool {
|
||||
// TODO: match on verb
|
||||
|
||||
// All policies allow read only requests
|
||||
@@ -187,7 +187,7 @@ func verbMatches(p api.Policy, a authorizer.Attributes) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func nonResourceMatches(p api.Policy, a authorizer.Attributes) bool {
|
||||
func nonResourceMatches(p abac.Policy, a authorizer.Attributes) bool {
|
||||
// A non-resource policy cannot match a resource request
|
||||
if !a.IsResourceRequest() {
|
||||
// Allow wildcard match
|
||||
@@ -206,7 +206,7 @@ func nonResourceMatches(p api.Policy, a authorizer.Attributes) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
func resourceMatches(p api.Policy, a authorizer.Attributes) bool {
|
||||
func resourceMatches(p abac.Policy, a authorizer.Attributes) bool {
|
||||
// A resource policy cannot match a non-resource request
|
||||
if a.IsResourceRequest() {
|
||||
if p.Spec.Namespace == "*" || p.Spec.Namespace == a.GetNamespace() {
|
||||
|
||||
@@ -25,7 +25,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apiserver/pkg/authentication/user"
|
||||
"k8s.io/apiserver/pkg/authorization/authorizer"
|
||||
api "k8s.io/kubernetes/pkg/apis/abac"
|
||||
"k8s.io/kubernetes/pkg/apis/abac"
|
||||
"k8s.io/kubernetes/pkg/apis/abac/v0"
|
||||
"k8s.io/kubernetes/pkg/apis/abac/v1beta1"
|
||||
)
|
||||
@@ -799,8 +799,8 @@ func TestSubjectMatches(t *testing.T) {
|
||||
}
|
||||
|
||||
for k, tc := range testCases {
|
||||
policy := &api.Policy{}
|
||||
if err := api.Scheme.Convert(tc.Policy, policy, nil); err != nil {
|
||||
policy := &abac.Policy{}
|
||||
if err := abac.Scheme.Convert(tc.Policy, policy, nil); err != nil {
|
||||
t.Errorf("%s: error converting: %v", k, err)
|
||||
continue
|
||||
}
|
||||
@@ -1254,8 +1254,8 @@ func TestPolicy(t *testing.T) {
|
||||
},
|
||||
}
|
||||
for _, test := range tests {
|
||||
policy := &api.Policy{}
|
||||
if err := api.Scheme.Convert(test.policy, policy, nil); err != nil {
|
||||
policy := &abac.Policy{}
|
||||
if err := abac.Scheme.Convert(test.policy, policy, nil); err != nil {
|
||||
t.Errorf("%s: error converting: %v", test.name, err)
|
||||
continue
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user