diff --git a/internal/controllers/watchdog/crds_watcher.go b/internal/controllers/watchdog/crds_watcher.go index e3f49fda..2aecde5a 100644 --- a/internal/controllers/watchdog/crds_watcher.go +++ b/internal/controllers/watchdog/crds_watcher.go @@ -161,7 +161,7 @@ func (c *CRDWatcher) SetupWithManager(ctx context.Context, mgr manager.Manager) } return ctrl.NewControllerManagedBy(mgr). - WatchesRawSource(&source.Channel{Source: c.requeue}, &handler.EnqueueRequestForObject{}). + WatchesRawSource(source.Channel(c.requeue, &handler.EnqueueRequestForObject{})). For(&apiextensionsv1.CustomResourceDefinition{}, builder.WithPredicates(predicate.NewPredicateFuncs(func(object client.Object) bool { crd := object.(*apiextensionsv1.CustomResourceDefinition) diff --git a/internal/modules/clusterscoped/get.go b/internal/modules/clusterscoped/get.go index 7272bee9..8ab2dac7 100644 --- a/internal/modules/clusterscoped/get.go +++ b/internal/modules/clusterscoped/get.go @@ -41,6 +41,10 @@ func Get(discovery *discovery.DiscoveryClient, client client.Reader, writer clie } } +func (g get) GroupVersionKind() schema.GroupVersionKind { + return schema.GroupVersionKind{} +} + func (g get) GroupKind() schema.GroupKind { return schema.GroupKind{} } @@ -58,7 +62,7 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req gvk := utils.GetGVKFromURL(proxyRequest.GetHTTPRequest().URL.Path) - operations, requirements := getRequirements(gvk, proxyTenants) + operations, requirements := utils.GetClusterScopeRequirements(gvk, proxyTenants) if len(requirements) > 0 { // Verify if the list operation is allowed if slices.Contains(operations, v1beta1.ClusterResourceOperationList) { diff --git a/internal/modules/clusterscoped/list.go b/internal/modules/clusterscoped/list.go index c95874ea..a0992a8a 100644 --- a/internal/modules/clusterscoped/list.go +++ b/internal/modules/clusterscoped/list.go @@ -34,6 +34,10 @@ func List(client client.Reader, writer client.Writer, path string) modules.Modul } } +func (l list) GroupVersionKind() schema.GroupVersionKind { + return schema.GroupVersionKind{} +} + func (l list) GroupKind() schema.GroupKind { return schema.GroupKind{} } @@ -49,7 +53,7 @@ func (l list) Methods() []string { func (l list) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Request) (selector labels.Selector, err error) { gvk := utils.GetGVKFromURL(proxyRequest.GetHTTPRequest().URL.Path) - operations, requirements := getRequirements(gvk, proxyTenants) + operations, requirements := utils.GetClusterScopeRequirements(gvk, proxyTenants) if len(requirements) > 0 { // Verify if the list operation is allowed if slices.Contains(operations, v1beta1.ClusterResourceOperationList) { diff --git a/internal/modules/clusterscoped/utils.go b/internal/modules/clusterscoped/utils.go deleted file mode 100644 index 549c3226..00000000 --- a/internal/modules/clusterscoped/utils.go +++ /dev/null @@ -1,92 +0,0 @@ -package clusterscoped - -import ( - "regexp" - "strings" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime/schema" - - v1beta1 "github.com/projectcapsule/capsule-proxy/api/v1beta1" - "github.com/projectcapsule/capsule-proxy/internal/tenant" -) - -func getRequirements(gvk *schema.GroupVersionKind, proxyTenants []*tenant.ProxyTenant) (operations []v1beta1.ClusterResourceOperation, requirements []labels.Requirement) { - operations = []v1beta1.ClusterResourceOperation{} - requirements = []labels.Requirement{} - - for _, pt := range proxyTenants { - for _, cr := range pt.ClusterResources { - if matchResource(gvk, cr) { - // Append Operations - operations = append(operations, cr.Operations...) - - // Append Selector - selector, err := metav1.LabelSelectorAsSelector(cr.Selector) - if err != nil { - continue - } - - reqs, selectable := selector.Requirements() - if !selectable { - continue - } - - requirements = append(requirements, reqs...) - } - } - } - - return operations, requirements -} - -func matchResource(gvk *schema.GroupVersionKind, cr v1beta1.ClusterResource) (match bool) { - kindMatch := false - groupVersionMatch := false - - for _, resource := range cr.Resources { - if resource == "*" { - kindMatch = true - - break - } - - if gvk.Kind == resource { - kindMatch = true - - break - } - } - - if !kindMatch { - return match - } - - // Check if the group/version matches any of the apiGroups using regex - for _, apiGroup := range cr.APIGroups { - // Handle wildcard "*" to match any group - if apiGroup == "*" { - groupVersionMatch = true - - break - } - - // Replace "*" with ".*" for regex compatibility and ensure match against the entire string - regexPattern := "^" + regexp.QuoteMeta(apiGroup) + "$" - regexPattern = strings.ReplaceAll(regexPattern, "\\*", ".*") - - matched, _ := regexp.MatchString(regexPattern, gvk.Group+"/"+gvk.Version) - if matched { - groupVersionMatch = true - - break - } - } - - if kindMatch && groupVersionMatch { - match = true - } - - return match -} diff --git a/internal/modules/ingressclass/get.go b/internal/modules/ingressclass/get.go index 1f1a5e2c..cf7e0cf6 100644 --- a/internal/modules/ingressclass/get.go +++ b/internal/modules/ingressclass/get.go @@ -25,24 +25,29 @@ import ( type get struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func Get(client client.Reader) modules.Module { return &get{ client: client, log: ctrl.Log.WithName("ingressclass_get"), - gk: schema.GroupKind{ - Group: networkingv1.GroupName, - Kind: "ingressclasses", + gk: schema.GroupVersionKind{ + Group: networkingv1.GroupName, + Version: "*", + Kind: "ingressclasses", }, } } -func (g get) GroupKind() schema.GroupKind { +func (g get) GroupVersionKind() schema.GroupVersionKind { return g.gk } +func (g get) GroupKind() schema.GroupKind { + return g.gk.GroupKind() +} + func (g get) Path() string { return "/apis/networking.k8s.io/{version}/{endpoint:ingressclasses}/{name}" } @@ -60,19 +65,19 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req if len(requirements) > 0 { ic, errIc := getIngressClassFromRequest(httpRequest) if errIc != nil { - return nil, errors.NewBadRequest(errIc, g.gk) + return nil, errors.NewBadRequest(errIc, g.GroupKind()) } - return utils.HandleGetSelector(httpRequest.Context(), ic, g.client, requirements, name, g.gk) + return utils.HandleGetSelector(httpRequest.Context(), ic, g.client, requirements, name, g.GroupKind()) } icl, err := getIngressClassListFromRequest(httpRequest) if err != nil { - return nil, errors.NewBadRequest(err, g.gk) + return nil, errors.NewBadRequest(err, g.GroupKind()) } if err = g.client.List(httpRequest.Context(), icl, client.MatchingLabels{corev1.LabelMetadataName: name}); err != nil { - return nil, errors.NewBadRequest(err, g.gk) + return nil, errors.NewBadRequest(err, g.GroupKind()) } var r *labels.Requirement @@ -83,7 +88,7 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req switch httpRequest.Method { case http.MethodGet: - return nil, errors.NewNotFoundError(name, g.gk) + return nil, errors.NewNotFoundError(name, g.GroupKind()) default: return nil, nil } diff --git a/internal/modules/ingressclass/list.go b/internal/modules/ingressclass/list.go index 328f087b..9fc19527 100644 --- a/internal/modules/ingressclass/list.go +++ b/internal/modules/ingressclass/list.go @@ -22,24 +22,29 @@ import ( type list struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func List(client client.Reader) modules.Module { return &list{ client: client, log: ctrl.Log.WithName("ingressclass_list"), - gk: schema.GroupKind{ - Group: networkingv1.GroupName, - Kind: "ingressclasses", + gk: schema.GroupVersionKind{ + Group: networkingv1.GroupName, + Version: "*", + Kind: "ingressclasses", }, } } -func (l list) GroupKind() schema.GroupKind { +func (l list) GroupVersionKind() schema.GroupVersionKind { return l.gk } +func (l list) GroupKind() schema.GroupKind { + return l.gk.GroupKind() +} + func (l list) Path() string { return "/apis/networking.k8s.io/{version}/{endpoint:ingressclasses/?}" } @@ -58,18 +63,18 @@ func (l list) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Re icl, err := getIngressClassListFromRequest(httpRequest) if err != nil { - return nil, errors.NewBadRequest(err, l.gk) + return nil, errors.NewBadRequest(err, l.GroupKind()) } if err = l.client.List(httpRequest.Context(), icl); err != nil { - return nil, errors.NewBadRequest(err, l.gk) + return nil, errors.NewBadRequest(err, l.GroupKind()) } var r *labels.Requirement if r, err = getIngressClassSelector(icl, exactMatch, regexMatch); err != nil { if !allowed { - return nil, errors.NewNotAllowed(l.gk) + return nil, errors.NewNotAllowed(l.GroupKind()) } r, _ = labels.NewRequirement("dontexistsignoreme", selection.Exists, []string{}) diff --git a/internal/modules/lease/get.go b/internal/modules/lease/get.go index 5ed8a60d..bad0684e 100644 --- a/internal/modules/lease/get.go +++ b/internal/modules/lease/get.go @@ -22,24 +22,29 @@ import ( type get struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func Get(client client.Reader) modules.Module { return &get{ client: client, log: ctrl.Log.WithName("node_get"), - gk: schema.GroupKind{ - Group: corev1.GroupName, - Kind: "nodes", + gk: schema.GroupVersionKind{ + Group: corev1.GroupName, + Version: "*", + Kind: "nodes", }, } } -func (g get) GroupKind() schema.GroupKind { +func (g get) GroupVersionKind() schema.GroupVersionKind { return g.gk } +func (g get) GroupKind() schema.GroupKind { + return g.gk.GroupKind() +} + func (g get) Path() string { return "/apis/coordination.k8s.io/v1/namespaces/kube-node-lease/leases/{name}" } diff --git a/internal/modules/metric/get.go b/internal/modules/metric/get.go index 711dd132..9990f734 100644 --- a/internal/modules/metric/get.go +++ b/internal/modules/metric/get.go @@ -24,24 +24,29 @@ import ( type get struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func Get(client client.Reader) modules.Module { return &get{ client: client, log: ctrl.Log.WithName("metric_get"), - gk: schema.GroupKind{ - Group: "metrics.k8s.io", - Kind: "nodes", + gk: schema.GroupVersionKind{ + Group: "metrics.k8s.io", + Version: "*", + Kind: "nodes", }, } } -func (g get) GroupKind() schema.GroupKind { +func (g get) GroupVersionKind() schema.GroupVersionKind { return g.gk } +func (g get) GroupKind() schema.GroupKind { + return g.gk.GroupKind() +} + func (g get) Path() string { return "/apis/metrics.k8s.io/{version}/nodes/{name}" } @@ -59,7 +64,7 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req nl := &corev1.NodeList{} if err = g.client.List(httpRequest.Context(), nl, client.MatchingLabels{"kubernetes.io/hostname": name}); err != nil { - return nil, errors.NewBadRequest(err, g.gk) + return nil, errors.NewBadRequest(err, g.GroupKind()) } var r *labels.Requirement @@ -69,7 +74,7 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req } if httpRequest.Method == http.MethodGet { - return nil, errors.NewNotFoundError(name, g.gk) + return nil, errors.NewNotFoundError(name, g.GroupKind()) } return nil, nil diff --git a/internal/modules/metric/list.go b/internal/modules/metric/list.go index 61abfdf3..4b8c975d 100644 --- a/internal/modules/metric/list.go +++ b/internal/modules/metric/list.go @@ -22,24 +22,29 @@ import ( type list struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func List(client client.Reader) modules.Module { return &list{ client: client, log: ctrl.Log.WithName("metric_list"), - gk: schema.GroupKind{ - Group: "metrics.k8s.io", - Kind: "nodes", + gk: schema.GroupVersionKind{ + Group: "metrics.k8s.io", + Version: "*", + Kind: "nodes", }, } } -func (l list) GroupKind() schema.GroupKind { +func (l list) GroupVersionKind() schema.GroupVersionKind { return l.gk } +func (l list) GroupKind() schema.GroupKind { + return l.gk.GroupKind() +} + func (l list) Path() string { return "/apis/metrics.k8s.io/{version}/{endpoint:nodes/?}" } @@ -55,7 +60,7 @@ func (l list) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Re nl := &corev1.NodeList{} if err = l.client.List(httpRequest.Context(), nl); err != nil { - return nil, errors.NewBadRequest(err, l.gk) + return nil, errors.NewBadRequest(err, l.GroupKind()) } var r *labels.Requirement diff --git a/internal/modules/module.go b/internal/modules/module.go index 9acebddd..6983f626 100644 --- a/internal/modules/module.go +++ b/internal/modules/module.go @@ -12,6 +12,7 @@ import ( ) type Module interface { + GroupVersionKind() schema.GroupVersionKind GroupKind() schema.GroupKind Path() string Methods() []string diff --git a/internal/modules/namespace/get.go b/internal/modules/namespace/get.go index d5c74215..7fe74359 100644 --- a/internal/modules/namespace/get.go +++ b/internal/modules/namespace/get.go @@ -30,7 +30,7 @@ type get struct { client client.Reader log logr.Logger rbReflector *controllers.RoleBindingReflector - gk schema.GroupKind + gk schema.GroupVersionKind } func Get(roleBindingsReflector *controllers.RoleBindingReflector, client client.Reader) modules.Module { @@ -41,17 +41,22 @@ func Get(roleBindingsReflector *controllers.RoleBindingReflector, client client. client: client, log: ctrl.Log.WithName("namespace_get"), rbReflector: roleBindingsReflector, - gk: schema.GroupKind{ - Group: corev1.GroupName, - Kind: "namespaces", + gk: schema.GroupVersionKind{ + Group: corev1.GroupName, + Version: "*", + Kind: "namespaces", }, } } -func (l get) GroupKind() schema.GroupKind { +func (l get) GroupVersionKind() schema.GroupVersionKind { return l.gk } +func (l get) GroupKind() schema.GroupKind { + return l.gk.GroupKind() +} + func (l get) Path() string { return "/api/v1/namespaces/{name}" } @@ -70,7 +75,7 @@ func (l get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req } // Returning a not found if the Namespace is not owned by a Tenant resource. if len(ns.GetOwnerReferences()) == 0 || ns.GetOwnerReferences()[0].Kind != "Tenant" { - return nil, errors.NewNotFoundError(name, l.gk) + return nil, errors.NewNotFoundError(name, l.GroupKind()) } // Extracting the Tenant name from the owner reference: // in some scenarios Capsule could lag in reconciling the Tenant resources as performing the Namespace metadata @@ -88,14 +93,14 @@ func (l get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req // in case of rolebinding reflector, using the local cache. if l.rbReflector != nil { if userNamespaces, err = l.rbReflector.GetUserNamespacesFromRequest(proxyRequest); err != nil { - return nil, errors.NewBadRequest(err, l.gk) + return nil, errors.NewBadRequest(err, l.GroupKind()) } if !sets.NewString(userNamespaces...).Has(name) { - return nil, errors.NewNotFoundError(name, l.gk) + return nil, errors.NewNotFoundError(name, l.GroupKind()) } } else if !tenants.Has(tntName) { - return nil, errors.NewNotFoundError(name, l.gk) + return nil, errors.NewNotFoundError(name, l.GroupKind()) } return labels.NewSelector(), nil diff --git a/internal/modules/namespace/list.go b/internal/modules/namespace/list.go index 0786a310..1b5bf6d1 100644 --- a/internal/modules/namespace/list.go +++ b/internal/modules/namespace/list.go @@ -23,24 +23,29 @@ import ( type list struct { roleBindingsReflector *controllers.RoleBindingReflector log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func List(roleBindingsReflector *controllers.RoleBindingReflector) modules.Module { return &list{ roleBindingsReflector: roleBindingsReflector, log: ctrl.Log.WithName("namespace_list"), - gk: schema.GroupKind{ - Group: corev1.GroupName, - Kind: "namespaces", + gk: schema.GroupVersionKind{ + Group: corev1.GroupName, + Version: "*", + Kind: "namespaces", }, } } -func (l list) GroupKind() schema.GroupKind { +func (l list) GroupVersionKind() schema.GroupVersionKind { return l.gk } +func (l list) GroupKind() schema.GroupKind { + return l.gk.GroupKind() +} + func (l list) Path() string { return basePath } @@ -55,7 +60,7 @@ func (l list) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Re if l.roleBindingsReflector != nil { userNamespaces, err = l.roleBindingsReflector.GetUserNamespacesFromRequest(proxyRequest) if err != nil { - return nil, errors.NewBadRequest(err, l.gk) + return nil, errors.NewBadRequest(err, l.GroupKind()) } } else { for _, tnt := range proxyTenants { @@ -73,7 +78,7 @@ func (l list) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Re } if err != nil { - return nil, errors.NewBadRequest(err, l.gk) + return nil, errors.NewBadRequest(err, l.GroupKind()) } return labels.NewSelector().Add(*r), nil diff --git a/internal/modules/namespace/post.go b/internal/modules/namespace/post.go index a46ee1cb..cbb62219 100644 --- a/internal/modules/namespace/post.go +++ b/internal/modules/namespace/post.go @@ -20,6 +20,10 @@ func Post() modules.Module { return &post{} } +func (l post) GroupVersionKind() schema.GroupVersionKind { + return schema.GroupVersionKind{} +} + func (l post) GroupKind() schema.GroupKind { return schema.GroupKind{} } diff --git a/internal/modules/namespaced/catchall.go b/internal/modules/namespaced/catchall.go index ce94eb84..612fd70a 100644 --- a/internal/modules/namespaced/catchall.go +++ b/internal/modules/namespaced/catchall.go @@ -30,6 +30,10 @@ func CatchAll(client client.Reader, writer client.Writer, path string) modules.M } } +func (l catchall) GroupVersionKind() schema.GroupVersionKind { + return schema.GroupVersionKind{} +} + func (l catchall) GroupKind() schema.GroupKind { return schema.GroupKind{} } diff --git a/internal/modules/node/get.go b/internal/modules/node/get.go index 1813c1eb..a7e79048 100644 --- a/internal/modules/node/get.go +++ b/internal/modules/node/get.go @@ -24,24 +24,29 @@ import ( type get struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func Get(client client.Reader) modules.Module { return &get{ client: client, log: ctrl.Log.WithName("node_get"), - gk: schema.GroupKind{ - Group: corev1.GroupName, - Kind: "nodes", + gk: schema.GroupVersionKind{ + Group: corev1.GroupName, + Version: "*", + Kind: "nodes", }, } } -func (g get) GroupKind() schema.GroupKind { +func (g get) GroupVersionKind() schema.GroupVersionKind { return g.gk } +func (g get) GroupKind() schema.GroupKind { + return g.gk.GroupKind() +} + func (g get) Path() string { return "/api/v1/nodes/{name}" } @@ -58,7 +63,7 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req nl := &corev1.NodeList{} if err = g.client.List(httpRequest.Context(), nl, client.MatchingLabels{"kubernetes.io/hostname": name}); err != nil { - return nil, errors.NewBadRequest(err, g.gk) + return nil, errors.NewBadRequest(err, g.GroupKind()) } var r *labels.Requirement @@ -68,7 +73,7 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req } if httpRequest.Method == http.MethodGet { - return nil, errors.NewNotFoundError(name, g.gk) + return nil, errors.NewNotFoundError(name, g.GroupKind()) } return nil, nil diff --git a/internal/modules/node/list.go b/internal/modules/node/list.go index ade70f39..eb32dc36 100644 --- a/internal/modules/node/list.go +++ b/internal/modules/node/list.go @@ -22,24 +22,29 @@ import ( type list struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func List(client client.Reader) modules.Module { return &list{ client: client, log: ctrl.Log.WithName("node_list"), - gk: schema.GroupKind{ - Group: corev1.GroupName, - Kind: "nodes", + gk: schema.GroupVersionKind{ + Group: corev1.GroupName, + Version: "*", + Kind: "nodes", }, } } -func (l list) GroupKind() schema.GroupKind { +func (l list) GroupVersionKind() schema.GroupVersionKind { return l.gk } +func (l list) GroupKind() schema.GroupKind { + return l.gk.GroupKind() +} + func (l list) Path() string { return "/api/v1/{endpoint:nodes/?}" } @@ -54,7 +59,7 @@ func (l list) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Re nl := &corev1.NodeList{} if err = l.client.List(httpRequest.Context(), nl); err != nil { - return nil, errors.NewBadRequest(err, l.gk) + return nil, errors.NewBadRequest(err, l.GroupKind()) } var r *labels.Requirement diff --git a/internal/modules/persistentvolume/get.go b/internal/modules/persistentvolume/get.go index 6a35f37d..406c6e36 100644 --- a/internal/modules/persistentvolume/get.go +++ b/internal/modules/persistentvolume/get.go @@ -23,7 +23,7 @@ type get struct { client client.Reader log logr.Logger labelKey string - gk schema.GroupKind + gk schema.GroupVersionKind } func Get(client client.Reader) modules.Module { @@ -33,17 +33,22 @@ func Get(client client.Reader) modules.Module { client: client, log: ctrl.Log.WithName("persistentvolume_get"), labelKey: label, - gk: schema.GroupKind{ - Group: corev1.GroupName, - Kind: "persistentvolumes", + gk: schema.GroupVersionKind{ + Group: corev1.GroupName, + Version: "*", + Kind: "persistentvolumes", }, } } -func (g get) GroupKind() schema.GroupKind { +func (g get) GroupVersionKind() schema.GroupVersionKind { return g.gk } +func (g get) GroupKind() schema.GroupKind { + return g.gk.GroupKind() +} + func (g get) Path() string { return "/api/v1/{endpoint:persistentvolumes}/{name}" } @@ -61,5 +66,5 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req rc := &corev1.PersistentVolume{} - return utils.HandleGetSelector(httpRequest.Context(), rc, g.client, []labels.Requirement{requirement}, name, g.gk) + return utils.HandleGetSelector(httpRequest.Context(), rc, g.client, []labels.Requirement{requirement}, name, g.GroupKind()) } diff --git a/internal/modules/persistentvolume/list.go b/internal/modules/persistentvolume/list.go index 9ff9a477..a03210ec 100644 --- a/internal/modules/persistentvolume/list.go +++ b/internal/modules/persistentvolume/list.go @@ -23,7 +23,7 @@ type list struct { client client.Reader log logr.Logger labelKey string - gk schema.GroupKind + gk schema.GroupVersionKind } func List(client client.Reader) modules.Module { @@ -33,17 +33,22 @@ func List(client client.Reader) modules.Module { client: client, log: ctrl.Log.WithName("persistentvolume_list"), labelKey: label, - gk: schema.GroupKind{ - Group: corev1.GroupName, - Kind: "persistentvolumes", + gk: schema.GroupVersionKind{ + Group: corev1.GroupName, + Version: "*", + Kind: "persistentvolumes", }, } } -func (l list) GroupKind() schema.GroupKind { +func (l list) GroupVersionKind() schema.GroupVersionKind { return l.gk } +func (l list) GroupKind() schema.GroupKind { + return l.gk.GroupKind() +} + func (l list) Path() string { return "/api/v1/{endpoint:persistentvolumes/?}" } @@ -57,7 +62,7 @@ func (l list) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Re allowed, requirement := getPersistentVolume(httpRequest, proxyTenants, l.labelKey) if !allowed { - return nil, errors.NewNotAllowed(l.gk) + return nil, errors.NewNotAllowed(l.GroupKind()) } return utils.HandleListSelector([]labels.Requirement{requirement}) diff --git a/internal/modules/pod/get.go b/internal/modules/pod/get.go index 33125dc8..2ffba10c 100644 --- a/internal/modules/pod/get.go +++ b/internal/modules/pod/get.go @@ -24,24 +24,29 @@ import ( type get struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func Get(client client.Reader) modules.Module { return &get{ client: client, log: ctrl.Log.WithName("node_get"), - gk: schema.GroupKind{ - Group: corev1.GroupName, - Kind: "nodes", + gk: schema.GroupVersionKind{ + Group: corev1.GroupName, + Version: "*", + Kind: "nodes", }, } } -func (g get) GroupKind() schema.GroupKind { +func (g get) GroupVersionKind() schema.GroupVersionKind { return g.gk } +func (g get) GroupKind() schema.GroupKind { + return g.gk.GroupKind() +} + func (g get) Path() string { return "/api/v1/pods" } @@ -93,7 +98,7 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req node := &corev1.Node{} if err = g.client.Get(httpRequest.Context(), types.NamespacedName{Name: name}, node); err != nil { - return nil, errors.NewBadRequest(err, g.gk) + return nil, errors.NewBadRequest(err, g.GroupKind()) } for _, sel := range selectors { diff --git a/internal/modules/priorityclass/get.go b/internal/modules/priorityclass/get.go index 1c8f205e..461b5ee8 100644 --- a/internal/modules/priorityclass/get.go +++ b/internal/modules/priorityclass/get.go @@ -25,24 +25,29 @@ import ( type get struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func Get(client client.Reader) modules.Module { return &get{ client: client, log: ctrl.Log.WithName("priorityclass_get"), - gk: schema.GroupKind{ - Group: schedulingv1.GroupName, - Kind: "priorityclasses", + gk: schema.GroupVersionKind{ + Group: schedulingv1.GroupName, + Version: "*", + Kind: "priorityclasses", }, } } -func (g get) GroupKind() schema.GroupKind { +func (g get) GroupVersionKind() schema.GroupVersionKind { return g.gk } +func (g get) GroupKind() schema.GroupKind { + return g.gk.GroupKind() +} + func (g get) Path() string { return "/apis/scheduling.k8s.io/v1/{endpoint:priorityclasses}/{name}" } @@ -60,12 +65,12 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req if len(requirements) > 0 { pc := &schedulingv1.PriorityClass{} - return utils.HandleGetSelector(httpRequest.Context(), pc, g.client, requirements, name, g.gk) + return utils.HandleGetSelector(httpRequest.Context(), pc, g.client, requirements, name, g.GroupKind()) } sc := &schedulingv1.PriorityClassList{} if err = g.client.List(httpRequest.Context(), sc, client.MatchingLabels{corev1.LabelMetadataName: name}); err != nil { - return nil, errors.NewBadRequest(err, g.gk) + return nil, errors.NewBadRequest(err, g.GroupKind()) } var r *labels.Requirement @@ -75,7 +80,7 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req case err == nil: return labels.NewSelector().Add(*r), nil case httpRequest.Method == http.MethodGet: - return nil, errors.NewNotFoundError(name, g.gk) + return nil, errors.NewNotFoundError(name, g.GroupKind()) default: return nil, nil } diff --git a/internal/modules/priorityclass/list.go b/internal/modules/priorityclass/list.go index 16df0d2b..ba122521 100644 --- a/internal/modules/priorityclass/list.go +++ b/internal/modules/priorityclass/list.go @@ -22,24 +22,29 @@ import ( type list struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func List(client client.Reader) modules.Module { return &list{ client: client, log: ctrl.Log.WithName("priorityclass_list"), - gk: schema.GroupKind{ - Group: schedulingv1.GroupName, - Kind: "priorityclasses", + gk: schema.GroupVersionKind{ + Group: schedulingv1.GroupName, + Version: "*", + Kind: "priorityclasses", }, } } -func (l list) GroupKind() schema.GroupKind { +func (l list) GroupVersionKind() schema.GroupVersionKind { return l.gk } +func (l list) GroupKind() schema.GroupKind { + return l.gk.GroupKind() +} + func (l list) Path() string { return "/apis/scheduling.k8s.io/v1/{endpoint:priorityclasses/?}" } @@ -56,16 +61,17 @@ func (l list) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Re return utils.HandleListSelector(selectorsMatch) } + // Regex Deprecated, Therefor handeled last sc := &schedulingv1.PriorityClassList{} if err = l.client.List(httpRequest.Context(), sc); err != nil { - return nil, errors.NewBadRequest(err, l.gk) + return nil, errors.NewBadRequest(err, l.GroupKind()) } var r *labels.Requirement if r, err = getPriorityClassSelector(sc, exactMatch, regexMatch); err != nil { if !allowed { - return nil, errors.NewNotAllowed(l.gk) + return nil, errors.NewNotAllowed(l.GroupKind()) } r, _ = labels.NewRequirement("dontexistsignoreme", selection.Exists, []string{}) diff --git a/internal/modules/runtimeclass/get.go b/internal/modules/runtimeclass/get.go index b2ad1af7..b324eb3e 100644 --- a/internal/modules/runtimeclass/get.go +++ b/internal/modules/runtimeclass/get.go @@ -22,24 +22,29 @@ import ( type get struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func Get(client client.Reader) modules.Module { return &get{ client: client, log: ctrl.Log.WithName("runtimeclass_get"), - gk: schema.GroupKind{ - Group: nodev1.GroupName, - Kind: "runtimeclasses", + gk: schema.GroupVersionKind{ + Group: nodev1.GroupName, + Version: "*", + Kind: "runtimeclasses", }, } } -func (g get) GroupKind() schema.GroupKind { +func (g get) GroupVersionKind() schema.GroupVersionKind { return g.gk } +func (g get) GroupKind() schema.GroupKind { + return g.gk.GroupKind() +} + func (g get) Path() string { return "/apis/node.k8s.io/v1/{endpoint:runtimeclasses}/{name}" } @@ -55,10 +60,10 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req _, requirements := getRuntimeClass(httpRequest, proxyTenants) if len(requirements) == 0 { - return nil, errors.NewNotFoundError(name, g.gk) + return nil, errors.NewNotFoundError(name, g.GroupKind()) } rc := &nodev1.RuntimeClass{} - return utils.HandleGetSelector(httpRequest.Context(), rc, g.client, requirements, name, g.gk) + return utils.HandleGetSelector(httpRequest.Context(), rc, g.client, requirements, name, g.GroupKind()) } diff --git a/internal/modules/runtimeclass/list.go b/internal/modules/runtimeclass/list.go index 2e02adca..61ae2b1d 100644 --- a/internal/modules/runtimeclass/list.go +++ b/internal/modules/runtimeclass/list.go @@ -22,24 +22,29 @@ import ( type list struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func List(client client.Reader) modules.Module { return &list{ client: client, log: ctrl.Log.WithName("runtimeclass_list"), - gk: schema.GroupKind{ - Group: nodev1.GroupName, - Kind: "runtimeclasses", + gk: schema.GroupVersionKind{ + Group: nodev1.GroupName, + Version: "*", + Kind: "runtimeclasses", }, } } -func (l list) GroupKind() schema.GroupKind { +func (l list) GroupVersionKind() schema.GroupVersionKind { return l.gk } +func (l list) GroupKind() schema.GroupKind { + return l.gk.GroupKind() +} + func (l list) Path() string { return "/apis/node.k8s.io/v1/{endpoint:runtimeclasses/?}" } @@ -52,8 +57,9 @@ func (l list) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Re httpRequest := proxyRequest.GetHTTPRequest() allowed, selectorsMatch := getRuntimeClass(httpRequest, proxyTenants) + if !allowed { - return nil, errors.NewNotAllowed(l.gk) + return nil, errors.NewNotAllowed(l.GroupKind()) } if len(selectorsMatch) == 0 { diff --git a/internal/modules/storageclass/get.go b/internal/modules/storageclass/get.go index a0a08b9c..5dc1381f 100644 --- a/internal/modules/storageclass/get.go +++ b/internal/modules/storageclass/get.go @@ -25,24 +25,29 @@ import ( type get struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func Get(client client.Reader) modules.Module { return &get{ client: client, log: ctrl.Log.WithName("storageclass_get"), - gk: schema.GroupKind{ - Group: storagev1.GroupName, - Kind: "storageclasses", + gk: schema.GroupVersionKind{ + Group: storagev1.GroupName, + Version: "*", + Kind: "storageclasses", }, } } -func (g get) GroupKind() schema.GroupKind { +func (g get) GroupVersionKind() schema.GroupVersionKind { return g.gk } +func (g get) GroupKind() schema.GroupKind { + return g.gk.GroupKind() +} + func (g get) Path() string { return "/apis/storage.k8s.io/v1/{endpoint:storageclasses}/{name}" } @@ -60,12 +65,12 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req if len(requirements) > 0 { sc := &storagev1.StorageClass{} - return utils.HandleGetSelector(httpRequest.Context(), sc, g.client, requirements, name, g.gk) + return utils.HandleGetSelector(httpRequest.Context(), sc, g.client, requirements, name, g.GroupKind()) } sc := &storagev1.StorageClassList{} if err = g.client.List(httpRequest.Context(), sc, client.MatchingLabels{corev1.LabelMetadataName: name}); err != nil { - return nil, errors.NewBadRequest(err, g.gk) + return nil, errors.NewBadRequest(err, g.GroupKind()) } var r *labels.Requirement @@ -75,7 +80,7 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req case err == nil: return labels.NewSelector().Add(*r), nil case httpRequest.Method == http.MethodGet: - return nil, errors.NewNotFoundError(name, g.gk) + return nil, errors.NewNotFoundError(name, g.GroupKind()) default: return nil, nil } diff --git a/internal/modules/storageclass/list.go b/internal/modules/storageclass/list.go index fd668474..c308f1ef 100644 --- a/internal/modules/storageclass/list.go +++ b/internal/modules/storageclass/list.go @@ -22,24 +22,29 @@ import ( type list struct { client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func List(client client.Reader) modules.Module { return &list{ client: client, log: ctrl.Log.WithName("storageclass_list"), - gk: schema.GroupKind{ - Group: storagev1.GroupName, - Kind: "storageclasses", + gk: schema.GroupVersionKind{ + Group: storagev1.GroupName, + Version: "*", + Kind: "storageclasses", }, } } -func (l list) GroupKind() schema.GroupKind { +func (l list) GroupVersionKind() schema.GroupVersionKind { return l.gk } +func (l list) GroupKind() schema.GroupKind { + return l.gk.GroupKind() +} + func (l list) Path() string { return "/apis/storage.k8s.io/v1/{endpoint:storageclasses/?}" } @@ -58,14 +63,14 @@ func (l list) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Re sc := &storagev1.StorageClassList{} if err = l.client.List(httpRequest.Context(), sc); err != nil { - return nil, errors.NewBadRequest(err, l.gk) + return nil, errors.NewBadRequest(err, l.GroupKind()) } var r *labels.Requirement if r, err = getStorageClassSelector(sc, exactMatch, regexMatch); err != nil { if !allowed { - return nil, errors.NewNotAllowed(l.gk) + return nil, errors.NewNotAllowed(l.GroupKind()) } r, _ = labels.NewRequirement("dontexistsignoreme", selection.Exists, []string{}) diff --git a/internal/modules/tenants/get.go b/internal/modules/tenants/get.go index aa8acf56..9cc8ae6a 100644 --- a/internal/modules/tenants/get.go +++ b/internal/modules/tenants/get.go @@ -25,7 +25,7 @@ type get struct { capsuleLabel string client client.Reader log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func Get(client client.Reader) modules.Module { @@ -35,19 +35,24 @@ func Get(client client.Reader) modules.Module { capsuleLabel: label, client: client, log: ctrl.Log.WithName("tenant_get"), - gk: schema.GroupKind{ - Group: "capsule.clastix.io", - Kind: "tenants", + gk: schema.GroupVersionKind{ + Group: "capsule.clastix.io", + Version: "*", + Kind: "tenants", }, } } -func (g get) GroupKind() schema.GroupKind { +func (g get) GroupVersionKind() schema.GroupVersionKind { return g.gk } +func (g get) GroupKind() schema.GroupKind { + return g.gk.GroupKind() +} + func (g get) Path() string { - return "/apis/capsule.clastix.io/v1beta2/tenants/{name}" + return "/apis/{}/v1beta2/tenants/{name}" } func (g get) Methods() []string { @@ -67,5 +72,5 @@ func (g get) Handle(proxyTenants []*tenant.ProxyTenant, proxyRequest request.Req return labels.NewSelector(), nil } - return nil, errors.NewNotFoundError(name, g.gk) + return nil, errors.NewNotFoundError(name, g.GroupKind()) } diff --git a/internal/modules/tenants/list.go b/internal/modules/tenants/list.go index 55a1e732..5d28a6f5 100644 --- a/internal/modules/tenants/list.go +++ b/internal/modules/tenants/list.go @@ -20,23 +20,28 @@ import ( type list struct { log logr.Logger - gk schema.GroupKind + gk schema.GroupVersionKind } func List() modules.Module { return &list{ log: ctrl.Log.WithName("tenant_list"), - gk: schema.GroupKind{ - Group: "capsule.clastix.io", - Kind: "tenants", + gk: schema.GroupVersionKind{ + Group: "capsule.clastix.io", + Version: "*", + Kind: "tenants", }, } } -func (l list) GroupKind() schema.GroupKind { +func (l list) GroupVersionKind() schema.GroupVersionKind { return l.gk } +func (l list) GroupKind() schema.GroupKind { + return l.gk.GroupKind() +} + func (l list) Path() string { return basePath } @@ -62,7 +67,7 @@ func (l list) Handle(proxyTenants []*tenant.ProxyTenant, _ request.Request) (sel } if err != nil { - return nil, errors.NewBadRequest(err, l.gk) + return nil, errors.NewBadRequest(err, l.GroupKind()) } return labels.NewSelector().Add(*r), nil