// NewEtcdHelper returns an EtcdHelper for the provided storage version.
func NewEtcdStorage(client *etcdclient.Client, version, prefix string) (oshelper storage.Interface, err error) {
interfaces, err := latest.InterfacesFor(version)
if err != nil {
return nil, err
}
return etcdstorage.NewEtcdStorage(client, interfaces.Codec, prefix), nil
}
// SetOpenShiftDefaults sets the default settings on the passed
// client configuration
func SetOpenShiftDefaults(config *kclient.Config) error {
if len(config.UserAgent) == 0 {
config.UserAgent = DefaultOpenShiftUserAgent()
}
if config.Version == "" {
// Clients default to the preferred code API version
// TODO: implement version negotiation (highest version supported by server)
config.Version = latest.Version
}
if config.Prefix == "" {
switch config.Version {
case "v1beta3":
config.Prefix = "/osapi"
default:
config.Prefix = "/oapi"
}
}
version := config.Version
versionInterfaces, err := latest.InterfacesFor(version)
if err != nil {
return fmt.Errorf("API version '%s' is not recognized (valid values: %s)", version, strings.Join(latest.Versions, ", "))
}
if config.Codec == nil {
config.Codec = versionInterfaces.Codec
}
return nil
}
// NewEtcdHelper returns an EtcdHelper for the provided storage version.
func NewEtcdHelper(client *etcdclient.Client, version, prefix string) (oshelper tools.EtcdHelper, err error) {
interfaces, err := latest.InterfacesFor(version)
if err != nil {
return tools.EtcdHelper{}, err
}
return tools.NewEtcdHelper(client, interfaces.Codec, prefix), nil
}
// newStorage returns an EtcdHelper for the provided storage version.
func newStorage(client *etcdclient.Client, version, prefix string) (oshelper storage.Interface, err error) {
// TODO: this will need more care after the rebase
interfaces, err := latest.InterfacesFor(unversioned.GroupVersion{Group: "", Version: version})
if err != nil {
return nil, err
}
return etcdstorage.NewEtcdStorage(client, interfaces.Codec, prefix), nil
}
func TestTemplateTransformationFromConfig(t *testing.T) {
osMux := http.NewServeMux()
server := httptest.NewServer(osMux)
defer server.Close()
osClient := osclient.NewOrDie(&kclient.Config{Host: server.URL, GroupVersion: &latest.Version})
storage := map[string]rest.Storage{
"processedTemplates": templateregistry.NewREST(),
}
for k, v := range storage {
delete(storage, k)
storage[strings.ToLower(k)] = v
}
interfaces, _ := latest.InterfacesFor(latest.Version)
handlerContainer := master.NewHandlerContainer(osMux)
version := apiserver.APIGroupVersion{
Root: "/oapi",
GroupVersion: latest.Version,
Mapper: latest.RESTMapper,
Storage: storage,
Codec: interfaces.Codec,
Creater: kapi.Scheme,
Typer: kapi.Scheme,
Convertor: kapi.Scheme,
Linker: interfaces.MetadataAccessor,
Admit: admit.NewAlwaysAdmit(),
Context: kapi.NewRequestContextMapper(),
}
if err := version.InstallREST(handlerContainer); err != nil {
t.Fatalf("unexpected error: %v", err)
}
walkJSONFiles("fixtures", func(name, path string, data []byte) {
template, err := interfaces.Codec.Decode(data)
if err != nil {
t.Errorf("%q: unexpected error: %v", path, err)
return
}
config, err := osClient.TemplateConfigs("default").Create(template.(*templateapi.Template))
if err != nil {
t.Errorf("%q: unexpected error: %v", path, err)
return
}
if len(config.Objects) == 0 {
t.Errorf("%q: no items in config object", path)
return
}
t.Logf("tested %q", path)
})
}
// RunBuildController starts the build sync loop for builds and buildConfig processing.
func (c *MasterConfig) RunBuildController() {
// initialize build controller
dockerImage := c.ImageFor("docker-builder")
stiImage := c.ImageFor("sti-builder")
storageVersion := c.Options.EtcdStorageConfig.OpenShiftStorageVersion
groupVersion := unversioned.GroupVersion{Group: "", Version: storageVersion}
interfaces, err := latest.InterfacesFor(groupVersion)
if err != nil {
glog.Fatalf("Unable to load storage version %s: %v", storageVersion, err)
}
admissionControl := admission.NewFromPlugins(c.PrivilegedLoopbackKubernetesClient, []string{"SecurityContextConstraint"}, "")
osclient, kclient := c.BuildControllerClients()
factory := buildcontrollerfactory.BuildControllerFactory{
OSClient: osclient,
KubeClient: kclient,
BuildUpdater: buildclient.NewOSClientBuildClient(osclient),
DockerBuildStrategy: &buildstrategy.DockerBuildStrategy{
Image: dockerImage,
// TODO: this will be set to --storage-version (the internal schema we use)
Codec: interfaces.Codec,
},
SourceBuildStrategy: &buildstrategy.SourceBuildStrategy{
Image: stiImage,
TempDirectoryCreator: buildstrategy.STITempDirectoryCreator,
// TODO: this will be set to --storage-version (the internal schema we use)
Codec: interfaces.Codec,
AdmissionControl: admissionControl,
},
CustomBuildStrategy: &buildstrategy.CustomBuildStrategy{
// TODO: this will be set to --storage-version (the internal schema we use)
Codec: interfaces.Codec,
},
}
controller := factory.Create()
controller.Run()
deleteController := factory.CreateDeleteController()
deleteController.Run()
}
// SetOpenShiftDefaults sets the default settings on the passed
// client configuration
func SetOpenShiftDefaults(config *kclient.Config) error {
if len(config.UserAgent) == 0 {
config.UserAgent = DefaultOpenShiftUserAgent()
}
if config.Version == "" {
// Clients default to the preferred code API version
config.Version = latest.Version
}
if config.Prefix == "" {
config.Prefix = "/oapi"
}
version := config.Version
versionInterfaces, err := latest.InterfacesFor(version)
if err != nil {
return fmt.Errorf("API version '%s' is not recognized (valid values: %s)", version, strings.Join(latest.Versions, ", "))
}
if config.Codec == nil {
config.Codec = versionInterfaces.Codec
}
return nil
}
// SetOpenShiftDefaults sets the default settings on the passed
// client configuration
func SetOpenShiftDefaults(config *kclient.Config) error {
if len(config.UserAgent) == 0 {
config.UserAgent = DefaultOpenShiftUserAgent()
}
if config.GroupVersion == nil {
// Clients default to the preferred code API version
groupVersionCopy := latest.Version
config.GroupVersion = &groupVersionCopy
}
if config.Prefix == "" {
config.Prefix = "/oapi"
}
version := config.GroupVersion
versionInterfaces, err := latest.InterfacesFor(*version)
if err != nil {
return fmt.Errorf("API version %q is not recognized (valid values: %v)", version, latest.Versions)
}
if config.Codec == nil {
config.Codec = versionInterfaces.Codec
}
return nil
}
// RunBuildController starts the build sync loop for builds and buildConfig processing.
func (c *MasterConfig) RunBuildController() {
// initialize build controller
dockerImage := c.ImageFor("docker-builder")
stiImage := c.ImageFor("sti-builder")
storageVersion := c.Options.EtcdStorageConfig.OpenShiftStorageVersion
interfaces, err := latest.InterfacesFor(storageVersion)
if err != nil {
glog.Fatalf("Unable to load storage version %s: %v", storageVersion, err)
}
osclient, kclient := c.BuildControllerClients()
factory := buildcontrollerfactory.BuildControllerFactory{
OSClient: osclient,
KubeClient: kclient,
BuildUpdater: buildclient.NewOSClientBuildClient(osclient),
DockerBuildStrategy: &buildstrategy.DockerBuildStrategy{
Image: dockerImage,
// TODO: this will be set to --storage-version (the internal schema we use)
Codec: interfaces.Codec,
},
SourceBuildStrategy: &buildstrategy.SourceBuildStrategy{
Image: stiImage,
TempDirectoryCreator: buildstrategy.STITempDirectoryCreator,
// TODO: this will be set to --storage-version (the internal schema we use)
Codec: interfaces.Codec,
},
CustomBuildStrategy: &buildstrategy.CustomBuildStrategy{
// TODO: this will be set to --storage-version (the internal schema we use)
Codec: interfaces.Codec,
},
}
controller := factory.Create()
controller.Run()
deleteController := factory.CreateDeleteController()
deleteController.Run()
}
func NewTestDeployOpenshift(t *testing.T) *testDeployOpenshift {
t.Logf("Starting test openshift")
openshift := &testDeployOpenshift{
stop: make(chan struct{}),
}
openshift.lock.Lock()
defer openshift.lock.Unlock()
etcdClient := testutil.NewEtcdClient()
etcdHelper, _ := master.NewEtcdHelper(etcdClient, latest.Version, etcdtest.PathPrefix())
osMux := http.NewServeMux()
openshift.server = httptest.NewServer(osMux)
kubeClient := client.NewOrDie(&client.Config{Host: openshift.server.URL, Version: klatest.Version})
osClient := osclient.NewOrDie(&client.Config{Host: openshift.server.URL, Version: latest.Version})
openshift.Client = osClient
openshift.KubeClient = kubeClient
kubeletClient, err := kclient.NewKubeletClient(&kclient.KubeletConfig{Port: 10250})
if err != nil {
t.Fatalf("Unable to configure Kubelet client: %v", err)
}
handlerContainer := master.NewHandlerContainer(osMux)
_ = master.New(&master.Config{
EtcdHelper: etcdHelper,
KubeletClient: kubeletClient,
APIPrefix: "/api",
AdmissionControl: admit.NewAlwaysAdmit(),
RestfulContainer: handlerContainer,
DisableV1: false,
})
interfaces, _ := latest.InterfacesFor(latest.Version)
imageStorage := imageetcd.NewREST(etcdHelper)
imageRegistry := image.NewRegistry(imageStorage)
imageStreamStorage, imageStreamStatus := imagestreametcd.NewREST(
etcdHelper,
imagestream.DefaultRegistryFunc(func() (string, bool) {
return "registry:3000", true
}),
&fakeSubjectAccessReviewRegistry{},
)
imageStreamRegistry := imagestream.NewRegistry(imageStreamStorage, imageStreamStatus)
imageStreamMappingStorage := imagestreammapping.NewREST(imageRegistry, imageStreamRegistry)
imageStreamImageStorage := imagestreamimage.NewREST(imageRegistry, imageStreamRegistry)
//imageStreamImageRegistry := imagestreamimage.NewRegistry(imageStreamImageStorage)
imageStreamTagStorage := imagestreamtag.NewREST(imageRegistry, imageStreamRegistry)
//imageStreamTagRegistry := imagestreamtag.NewRegistry(imageStreamTagStorage)
deployConfigStorage := deployconfigetcd.NewStorage(etcdHelper)
deployConfigRegistry := deployconfigregistry.NewRegistry(deployConfigStorage)
deployConfigGenerator := &deployconfiggenerator.DeploymentConfigGenerator{
Client: deployconfiggenerator.Client{
DCFn: deployConfigRegistry.GetDeploymentConfig,
ISFn: imageStreamRegistry.GetImageStream,
LISFn2: imageStreamRegistry.ListImageStreams,
},
}
storage := map[string]rest.Storage{
"images": imageStorage,
"imageStreams": imageStreamStorage,
"imageStreamImages": imageStreamImageStorage,
"imageStreamMappings": imageStreamMappingStorage,
"imageStreamTags": imageStreamTagStorage,
"deploymentConfigs": deployConfigStorage,
"generateDeploymentConfigs": deployconfiggenerator.NewREST(deployConfigGenerator, latest.Codec),
}
for k, v := range storage {
storage[strings.ToLower(k)] = v
}
version := &apiserver.APIGroupVersion{
Root: "/oapi",
Version: "v1",
Storage: storage,
Codec: latest.Codec,
Mapper: latest.RESTMapper,
Creater: kapi.Scheme,
Typer: kapi.Scheme,
Convertor: kapi.Scheme,
Linker: interfaces.MetadataAccessor,
Admit: admit.NewAlwaysAdmit(),
Context: kapi.NewRequestContextMapper(),
}
if err := version.InstallREST(handlerContainer); err != nil {
t.Fatalf("unable to install REST: %v", err)
}
dccFactory := deployconfigcontroller.DeploymentConfigControllerFactory{
Client: osClient,
KubeClient: kubeClient,
Codec: latest.Codec,
}
dccFactory.Create().Run()
cccFactory := configchangecontroller.DeploymentConfigChangeControllerFactory{
Client: osClient,
KubeClient: kubeClient,
Codec: latest.Codec,
}
cccFactory.Create().Run()
iccFactory := imagechangecontroller.ImageChangeControllerFactory{
Client: osClient,
}
iccFactory.Create().Run()
return openshift
}
func NewTestBuildOpenshift(t *testing.T) *testBuildOpenshift {
openshift := &testBuildOpenshift{
stop: make(chan struct{}),
}
openshift.lock.Lock()
defer openshift.lock.Unlock()
etcdClient := testutil.NewEtcdClient()
etcdHelper, _ := master.NewEtcdHelper(etcdClient, latest.Version, etcdtest.PathPrefix())
osMux := http.NewServeMux()
openshift.server = httptest.NewServer(osMux)
kubeClient := client.NewOrDie(&client.Config{Host: openshift.server.URL, Version: klatest.Version})
osClient := osclient.NewOrDie(&client.Config{Host: openshift.server.URL, Version: latest.Version})
openshift.Client = osClient
openshift.KubeClient = kubeClient
kubeletClient, err := kclient.NewKubeletClient(&kclient.KubeletConfig{Port: 10250})
if err != nil {
t.Fatalf("Unable to configure Kubelet client: %v", err)
}
handlerContainer := master.NewHandlerContainer(osMux)
_ = master.New(&master.Config{
EtcdHelper: etcdHelper,
KubeletClient: kubeletClient,
APIPrefix: "/api",
AdmissionControl: admit.NewAlwaysAdmit(),
RestfulContainer: handlerContainer,
DisableV1: false,
})
interfaces, _ := latest.InterfacesFor(latest.Version)
buildStorage := buildetcd.NewStorage(etcdHelper)
buildRegistry := buildregistry.NewRegistry(buildStorage)
buildConfigStorage := buildconfigetcd.NewStorage(etcdHelper)
buildConfigRegistry := buildconfigregistry.NewRegistry(buildConfigStorage)
imageStorage := imageetcd.NewREST(etcdHelper)
imageRegistry := image.NewRegistry(imageStorage)
imageStreamStorage, imageStreamStatus := imagestreametcd.NewREST(
etcdHelper,
imagestream.DefaultRegistryFunc(func() (string, bool) {
return "registry:3000", true
}),
&fakeSubjectAccessReviewRegistry{},
)
imageStreamRegistry := imagestream.NewRegistry(imageStreamStorage, imageStreamStatus)
imageStreamImageStorage := imagestreamimage.NewREST(imageRegistry, imageStreamRegistry)
imageStreamImageRegistry := imagestreamimage.NewRegistry(imageStreamImageStorage)
imageStreamTagStorage := imagestreamtag.NewREST(imageRegistry, imageStreamRegistry)
imageStreamTagRegistry := imagestreamtag.NewRegistry(imageStreamTagStorage)
buildGenerator := &buildgenerator.BuildGenerator{
Client: buildgenerator.Client{
GetBuildConfigFunc: buildConfigRegistry.GetBuildConfig,
UpdateBuildConfigFunc: buildConfigRegistry.UpdateBuildConfig,
GetBuildFunc: buildRegistry.GetBuild,
CreateBuildFunc: buildRegistry.CreateBuild,
GetImageStreamFunc: imageStreamRegistry.GetImageStream,
GetImageStreamImageFunc: imageStreamImageRegistry.GetImageStreamImage,
GetImageStreamTagFunc: imageStreamTagRegistry.GetImageStreamTag,
},
}
buildConfigWebHooks := buildconfigregistry.NewWebHookREST(
buildConfigRegistry,
buildclient.NewOSClientBuildConfigInstantiatorClient(osClient),
map[string]webhook.Plugin{
"generic": generic.New(),
"github": github.New(),
},
)
storage := map[string]rest.Storage{
"builds": buildStorage,
"buildConfigs": buildConfigStorage,
"buildConfigs/webhooks": buildConfigWebHooks,
"builds/clone": buildclonestorage.NewStorage(buildGenerator),
"buildConfigs/instantiate": buildinstantiatestorage.NewStorage(buildGenerator),
"imageStreams": imageStreamStorage,
"imageStreams/status": imageStreamStatus,
"imageStreamTags": imageStreamTagStorage,
"imageStreamImages": imageStreamImageStorage,
}
for k, v := range storage {
storage[strings.ToLower(k)] = v
}
version := &apiserver.APIGroupVersion{
Root: "/oapi",
Version: "v1",
Storage: storage,
Codec: latest.Codec,
Mapper: latest.RESTMapper,
Creater: kapi.Scheme,
Typer: kapi.Scheme,
Convertor: kapi.Scheme,
Linker: interfaces.MetadataAccessor,
Admit: admit.NewAlwaysAdmit(),
Context: kapi.NewRequestContextMapper(),
}
if err := version.InstallREST(handlerContainer); err != nil {
t.Fatalf("unable to install REST: %v", err)
}
bcFactory := buildcontrollerfactory.BuildControllerFactory{
OSClient: osClient,
KubeClient: kubeClient,
BuildUpdater: buildclient.NewOSClientBuildClient(osClient),
DockerBuildStrategy: &buildstrategy.DockerBuildStrategy{
Image: "test-docker-builder",
Codec: latest.Codec,
},
SourceBuildStrategy: &buildstrategy.SourceBuildStrategy{
Image: "test-sti-builder",
TempDirectoryCreator: buildstrategy.STITempDirectoryCreator,
Codec: latest.Codec,
},
Stop: openshift.stop,
}
bcFactory.Create().Run()
bpcFactory := buildcontrollerfactory.BuildPodControllerFactory{
OSClient: osClient,
KubeClient: kubeClient,
BuildUpdater: buildclient.NewOSClientBuildClient(osClient),
Stop: openshift.stop,
}
bpcFactory.Create().Run()
return openshift
}
// TestProjectIsNamespace verifies that a project is a namespace, and a namespace is a project
func TestProjectIsNamespace(t *testing.T) {
testutil.DeleteAllEtcdKeys()
etcdClient := testutil.NewEtcdClient()
etcdHelper, err := master.NewEtcdStorage(etcdClient, latest.InterfacesFor, "v1", etcdtest.PathPrefix())
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
// create a kube and its client
kubeInterfaces, _ := klatest.InterfacesFor(klatest.Version)
namespaceStorage, _, _ := namespaceetcd.NewStorage(etcdHelper)
kubeStorage := map[string]rest.Storage{
"namespaces": namespaceStorage,
}
osMux := http.NewServeMux()
server := httptest.NewServer(osMux)
defer server.Close()
handlerContainer := master.NewHandlerContainer(osMux)
version := &apiserver.APIGroupVersion{
Root: "/api",
Version: "v1beta3",
Storage: kubeStorage,
Codec: kv1beta3.Codec,
Mapper: klatest.RESTMapper,
Creater: kapi.Scheme,
Typer: kapi.Scheme,
Convertor: kapi.Scheme,
Linker: kubeInterfaces.MetadataAccessor,
Admit: admit.NewAlwaysAdmit(),
Context: kapi.NewRequestContextMapper(),
}
if err := version.InstallREST(handlerContainer); err != nil {
t.Fatalf("unable to install REST: %v", err)
}
kubeClient, err := kclient.New(&kclient.Config{Host: server.URL, Version: "v1beta3"})
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
// create an origin
originInterfaces, _ := latest.InterfacesFor(latest.Version)
originStorage := map[string]rest.Storage{
"projects": projectregistry.NewREST(kubeClient.Namespaces(), nil),
}
osVersion := &apiserver.APIGroupVersion{
Root: "/oapi",
Version: "v1",
Storage: originStorage,
Codec: latest.Codec,
Mapper: latest.RESTMapper,
Creater: kapi.Scheme,
Typer: kapi.Scheme,
Convertor: kapi.Scheme,
Linker: originInterfaces.MetadataAccessor,
Admit: admit.NewAlwaysAdmit(),
Context: kapi.NewRequestContextMapper(),
}
if err := osVersion.InstallREST(handlerContainer); err != nil {
t.Fatalf("unable to install REST: %v", err)
}
originClient, err := client.New(&kclient.Config{Host: server.URL})
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// create a namespace
namespace := &kapi.Namespace{
ObjectMeta: kapi.ObjectMeta{Name: "integration-test"},
}
namespaceResult, err := kubeClient.Namespaces().Create(namespace)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// now try to get the project with the same name and ensure it is our namespace
project, err := originClient.Projects().Get(namespaceResult.Name)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if project.Name != namespace.Name {
t.Fatalf("Project name did not match namespace name, project %v, namespace %v", project.Name, namespace.Name)
}
// now create a project
project = &projectapi.Project{
ObjectMeta: kapi.ObjectMeta{
Name: "new-project",
Annotations: map[string]string{
"openshift.io/display-name": "Hello World",
"openshift.io/node-selector": "env=test",
},
},
}
projectResult, err := originClient.Projects().Create(project)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
// now get the namespace for that project
namespace, err = kubeClient.Namespaces().Get(projectResult.Name)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if project.Name != namespace.Name {
t.Fatalf("Project name did not match namespace name, project %v, namespace %v", project.Name, namespace.Name)
}
if project.Annotations["openshift.io/display-name"] != namespace.Annotations["openshift.io/display-name"] {
t.Fatalf("Project display name did not match namespace annotation, project %v, namespace %v", project.Annotations["openshift.io/display-name"], namespace.Annotations["openshift.io/display-name"])
}
if project.Annotations["openshift.io/node-selector"] != namespace.Annotations["openshift.io/node-selector"] {
t.Fatalf("Project node selector did not match namespace node selector, project %v, namespace %v", project.Annotations["openshift.io/node-selector"], namespace.Annotations["openshift.io/node-selector"])
}
}
// CreateBuildPod creates the pod to be used for the Custom build
func (bs *CustomBuildStrategy) CreateBuildPod(build *buildapi.Build) (*kapi.Pod, error) {
strategy := build.Spec.Strategy.CustomStrategy
codec := bs.Codec
if len(strategy.BuildAPIVersion) != 0 {
gv, err := unversioned.ParseGroupVersion(strategy.BuildAPIVersion)
if err != nil {
return nil, FatalError(fmt.Sprintf("failed to parse buildAPIVersion specified in custom build strategy (%q): %v", strategy.BuildAPIVersion, err))
}
interfaces, err := latest.InterfacesFor(gv)
if err != nil {
return nil, FatalError(fmt.Sprintf("invalid buildAPIVersion specified in custom build strategy (%q): %v", strategy.BuildAPIVersion, err))
}
codec = interfaces.Codec
}
data, err := codec.Encode(build)
if err != nil {
return nil, fmt.Errorf("failed to encode the build: %v", err)
}
containerEnv := []kapi.EnvVar{{Name: "BUILD", Value: string(data)}}
if build.Spec.Source.Git != nil {
addSourceEnvVars(build.Spec.Source, &containerEnv)
}
if strategy == nil || len(strategy.From.Name) == 0 {
return nil, errors.New("CustomBuildStrategy cannot be executed without image")
}
if len(strategy.Env) > 0 {
containerEnv = append(containerEnv, strategy.Env...)
}
if strategy.ExposeDockerSocket {
glog.V(2).Infof("ExposeDockerSocket is enabled for %s build", build.Name)
containerEnv = append(containerEnv, kapi.EnvVar{Name: "DOCKER_SOCKET", Value: dockerSocketPath})
}
privileged := true
pod := &kapi.Pod{
ObjectMeta: kapi.ObjectMeta{
Name: buildutil.GetBuildPodName(build),
Namespace: build.Namespace,
Labels: getPodLabels(build),
},
Spec: kapi.PodSpec{
ServiceAccountName: build.Spec.ServiceAccount,
Containers: []kapi.Container{
{
Name: "custom-build",
Image: strategy.From.Name,
Env: containerEnv,
// TODO: run unprivileged https://github.com/openshift/origin/issues/662
SecurityContext: &kapi.SecurityContext{
Privileged: &privileged,
},
},
},
RestartPolicy: kapi.RestartPolicyNever,
},
}
if build.Spec.CompletionDeadlineSeconds != nil {
pod.Spec.ActiveDeadlineSeconds = build.Spec.CompletionDeadlineSeconds
}
if err := setupBuildEnv(build, pod); err != nil {
return nil, err
}
if !strategy.ForcePull {
pod.Spec.Containers[0].ImagePullPolicy = kapi.PullIfNotPresent
} else {
glog.V(2).Infof("ForcePull is enabled for %s build", build.Name)
pod.Spec.Containers[0].ImagePullPolicy = kapi.PullAlways
}
pod.Spec.Containers[0].Resources = build.Spec.Resources
if build.Spec.Source.Binary != nil {
pod.Spec.Containers[0].Stdin = true
pod.Spec.Containers[0].StdinOnce = true
}
if strategy.ExposeDockerSocket {
setupDockerSocket(pod)
setupDockerSecrets(pod, build.Spec.Output.PushSecret, strategy.PullSecret, build.Spec.Source.Images)
}
setupSourceSecrets(pod, build.Spec.Source.SourceSecret)
setupSecrets(pod, build.Spec.Source.Secrets)
setupAdditionalSecrets(pod, build.Spec.Strategy.CustomStrategy.Secrets)
return pod, nil
}
func TestOAuthStorage(t *testing.T) {
testutil.DeleteAllEtcdKeys()
interfaces, _ := latest.InterfacesFor(latest.Version)
etcdClient := testutil.NewEtcdClient()
etcdHelper := etcdstorage.NewEtcdStorage(etcdClient, interfaces.Codec, etcdtest.PathPrefix())
accessTokenStorage := accesstokenetcd.NewREST(etcdHelper)
accessTokenRegistry := accesstokenregistry.NewRegistry(accessTokenStorage)
authorizeTokenStorage := authorizetokenetcd.NewREST(etcdHelper)
authorizeTokenRegistry := authorizetokenregistry.NewRegistry(authorizeTokenStorage)
clientStorage := clientetcd.NewREST(etcdHelper)
clientRegistry := clientregistry.NewRegistry(clientStorage)
user := &testUser{UserName: "******", UserUID: "1"}
storage := registrystorage.New(accessTokenRegistry, authorizeTokenRegistry, clientRegistry, user)
oauthServer := osinserver.New(
osinserver.NewDefaultServerConfig(),
storage,
osinserver.AuthorizeHandlerFunc(func(ar *osin.AuthorizeRequest, w http.ResponseWriter) (bool, error) {
ar.UserData = "test"
ar.Authorized = true
return false, nil
}),
osinserver.AccessHandlerFunc(func(ar *osin.AccessRequest, w http.ResponseWriter) error {
ar.UserData = "test"
ar.Authorized = true
ar.GenerateRefresh = false
return nil
}),
osinserver.NewDefaultErrorHandler(),
)
mux := http.NewServeMux()
oauthServer.Install(mux, "")
server := httptest.NewServer(mux)
defer server.Close()
ch := make(chan *osincli.AccessData, 1)
var oaclient *osincli.Client
var authReq *osincli.AuthorizeRequest
assertServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
data, err := authReq.HandleRequest(r)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
tokenReq := oaclient.NewAccessRequest(osincli.AUTHORIZATION_CODE, data)
token, err := tokenReq.GetToken()
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
ch <- token
}))
clientRegistry.CreateClient(kapi.NewContext(), &api.OAuthClient{
ObjectMeta: kapi.ObjectMeta{Name: "test"},
Secret: "secret",
RedirectURIs: []string{assertServer.URL + "/assert"},
})
storedClient, err := storage.GetClient("test")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if storedClient.GetSecret() != "secret" {
t.Fatalf("unexpected stored client: %#v", storedClient)
}
oaclientConfig := &osincli.ClientConfig{
ClientId: "test",
ClientSecret: "secret",
RedirectUrl: assertServer.URL + "/assert",
AuthorizeUrl: server.URL + "/authorize",
TokenUrl: server.URL + "/token",
}
osinclient, err := osincli.NewClient(oaclientConfig)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
oaclient = osinclient // initialize the assert server client as well
authReq = oaclient.NewAuthorizeRequest(osincli.CODE)
config := &oauth2.Config{
ClientID: "test",
ClientSecret: "",
Scopes: []string{"a_scope"},
RedirectURL: assertServer.URL + "/assert",
Endpoint: oauth2.Endpoint{
AuthURL: server.URL + "/authorize",
TokenURL: server.URL + "/token",
},
}
url := config.AuthCodeURL("")
client := http.Client{ /*CheckRedirect: func(req *http.Request, via []*http.Request) error {
t.Logf("redirect (%d): to %s, %#v", len(via), req.URL, req)
return nil
}*/}
resp, err := client.Get(url)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if resp.StatusCode != http.StatusOK {
t.Fatalf("unexpected response: %#v", resp)
}
token := <-ch
if token.AccessToken == "" {
t.Errorf("unexpected access token: %#v", token)
}
actualToken, err := accessTokenRegistry.GetAccessToken(kapi.NewContext(), token.AccessToken)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if actualToken.UserUID != "1" || actualToken.UserName != "test" {
t.Errorf("unexpected stored token: %#v", actualToken)
}
}