func TestFieldSelectorConversions(t *testing.T) {
testutil.CheckFieldLabelConversions(t, "v1", "ClusterPolicy",
// Ensure all currently returned labels are supported
api.ClusterPolicyToSelectableFields(&api.ClusterPolicy{}),
)
testutil.CheckFieldLabelConversions(t, "v1", "ClusterPolicyBinding",
// Ensure all currently returned labels are supported
api.ClusterPolicyBindingToSelectableFields(&api.ClusterPolicyBinding{}),
)
testutil.CheckFieldLabelConversions(t, "v1", "Policy",
// Ensure all currently returned labels are supported
api.PolicyToSelectableFields(&api.Policy{}),
)
testutil.CheckFieldLabelConversions(t, "v1", "PolicyBinding",
// Ensure all currently returned labels are supported
api.PolicyBindingToSelectableFields(&api.PolicyBinding{}),
)
testutil.CheckFieldLabelConversions(t, "v1", "Role",
// Ensure all currently returned labels are supported
api.RoleToSelectableFields(&api.Role{}),
)
testutil.CheckFieldLabelConversions(t, "v1", "RoleBinding",
// Ensure all currently returned labels are supported
api.RoleBindingToSelectableFields(&api.RoleBinding{}),
)
}
// Matcher returns a generic matcher for a given label and field selector.
func Matcher(label labels.Selector, field fields.Selector) generic.Matcher {
return &generic.SelectionPredicate{
Label: label,
Field: field,
GetAttrs: func(obj runtime.Object) (labels.Set, fields.Set, error) {
role, ok := obj.(*authorizationapi.Role)
if !ok {
return nil, nil, fmt.Errorf("not a role")
}
return labels.Set(role.ObjectMeta.Labels), authorizationapi.RoleToSelectableFields(role), nil
},
}
}
func (m *VirtualStorage) List(ctx kapi.Context, label labels.Selector, field fields.Selector) (runtime.Object, error) {
policyList, err := m.PolicyStorage.ListPolicies(ctx, labels.Everything(), fields.Everything())
if err != nil {
return nil, err
}
roleList := &authorizationapi.RoleList{}
for _, policy := range policyList.Items {
for _, role := range policy.Roles {
if label.Matches(labels.Set(role.Labels)) && field.Matches(authorizationapi.RoleToSelectableFields(role)) {
roleList.Items = append(roleList.Items, *role)
}
}
}
return roleList, nil
}
func (m *VirtualStorage) List(ctx kapi.Context, options *kapi.ListOptions) (runtime.Object, error) {
policyList, err := m.PolicyStorage.ListPolicies(ctx, options)
if err != nil {
return nil, err
}
labelSelector, fieldSelector := oapi.ListOptionsToSelectors(options)
roleList := &authorizationapi.RoleList{}
for _, policy := range policyList.Items {
for _, role := range policy.Roles {
if labelSelector.Matches(labels.Set(role.Labels)) &&
fieldSelector.Matches(authorizationapi.RoleToSelectableFields(role)) {
roleList.Items = append(roleList.Items, *role)
}
}
}
return roleList, nil
}
func addConversionFuncs(scheme *runtime.Scheme) {
err := scheme.AddConversionFuncs(
func(in *[]NamedRole, out *map[string]*newer.Role, s conversion.Scope) error {
for _, curr := range *in {
newRole := &newer.Role{}
if err := s.Convert(&curr.Role, newRole, 0); err != nil {
return err
}
(*out)[curr.Name] = newRole
}
return nil
},
func(in *map[string]*newer.Role, out *[]NamedRole, s conversion.Scope) error {
allKeys := make([]string, 0, len(*in))
for key := range *in {
allKeys = append(allKeys, key)
}
sort.Strings(allKeys)
for _, key := range allKeys {
newRole := (*in)[key]
oldRole := &Role{}
if err := s.Convert(newRole, oldRole, 0); err != nil {
return err
}
namedRole := NamedRole{key, *oldRole}
*out = append(*out, namedRole)
}
return nil
},
func(in *[]NamedRoleBinding, out *map[string]*newer.RoleBinding, s conversion.Scope) error {
for _, curr := range *in {
newRoleBinding := &newer.RoleBinding{}
if err := s.Convert(&curr.RoleBinding, newRoleBinding, 0); err != nil {
return err
}
(*out)[curr.Name] = newRoleBinding
}
return nil
},
func(in *map[string]*newer.RoleBinding, out *[]NamedRoleBinding, s conversion.Scope) error {
allKeys := make([]string, 0, len(*in))
for key := range *in {
allKeys = append(allKeys, key)
}
sort.Strings(allKeys)
for _, key := range allKeys {
newRoleBinding := (*in)[key]
oldRoleBinding := &RoleBinding{}
if err := s.Convert(newRoleBinding, oldRoleBinding, 0); err != nil {
return err
}
namedRoleBinding := NamedRoleBinding{key, *oldRoleBinding}
*out = append(*out, namedRoleBinding)
}
return nil
},
func(in *[]NamedClusterRole, out *map[string]*newer.ClusterRole, s conversion.Scope) error {
for _, curr := range *in {
newRole := &newer.ClusterRole{}
if err := s.Convert(&curr.Role, newRole, 0); err != nil {
return err
}
(*out)[curr.Name] = newRole
}
return nil
},
func(in *map[string]*newer.ClusterRole, out *[]NamedClusterRole, s conversion.Scope) error {
allKeys := make([]string, 0, len(*in))
for key := range *in {
allKeys = append(allKeys, key)
}
sort.Strings(allKeys)
for _, key := range allKeys {
newRole := (*in)[key]
oldRole := &ClusterRole{}
if err := s.Convert(newRole, oldRole, 0); err != nil {
return err
}
namedRole := NamedClusterRole{key, *oldRole}
*out = append(*out, namedRole)
}
return nil
},
func(in *[]NamedClusterRoleBinding, out *map[string]*newer.ClusterRoleBinding, s conversion.Scope) error {
for _, curr := range *in {
newRoleBinding := &newer.ClusterRoleBinding{}
if err := s.Convert(&curr.RoleBinding, newRoleBinding, 0); err != nil {
return err
}
(*out)[curr.Name] = newRoleBinding
}
return nil
},
func(in *map[string]*newer.ClusterRoleBinding, out *[]NamedClusterRoleBinding, s conversion.Scope) error {
allKeys := make([]string, 0, len(*in))
for key := range *in {
allKeys = append(allKeys, key)
}
sort.Strings(allKeys)
for _, key := range allKeys {
newRoleBinding := (*in)[key]
oldRoleBinding := &ClusterRoleBinding{}
if err := s.Convert(newRoleBinding, oldRoleBinding, 0); err != nil {
return err
}
namedRoleBinding := NamedClusterRoleBinding{key, *oldRoleBinding}
*out = append(*out, namedRoleBinding)
}
return nil
},
convert_v1_SubjectAccessReview_To_api_SubjectAccessReview,
convert_api_SubjectAccessReview_To_v1_SubjectAccessReview,
convert_v1_LocalSubjectAccessReview_To_api_LocalSubjectAccessReview,
convert_api_LocalSubjectAccessReview_To_v1_LocalSubjectAccessReview,
convert_v1_ResourceAccessReview_To_api_ResourceAccessReview,
convert_api_ResourceAccessReview_To_v1_ResourceAccessReview,
convert_v1_LocalResourceAccessReview_To_api_LocalResourceAccessReview,
convert_api_LocalResourceAccessReview_To_v1_LocalResourceAccessReview,
convert_v1_ResourceAccessReviewResponse_To_api_ResourceAccessReviewResponse,
convert_api_ResourceAccessReviewResponse_To_v1_ResourceAccessReviewResponse,
convert_v1_PolicyRule_To_api_PolicyRule,
convert_api_PolicyRule_To_v1_PolicyRule,
convert_v1_Policy_To_api_Policy,
convert_api_Policy_To_v1_Policy,
convert_v1_RoleBinding_To_api_RoleBinding,
convert_api_RoleBinding_To_v1_RoleBinding,
convert_v1_PolicyBinding_To_api_PolicyBinding,
convert_api_PolicyBinding_To_v1_PolicyBinding,
convert_v1_ClusterPolicy_To_api_ClusterPolicy,
convert_api_ClusterPolicy_To_v1_ClusterPolicy,
convert_v1_ClusterRoleBinding_To_api_ClusterRoleBinding,
convert_api_ClusterRoleBinding_To_v1_ClusterRoleBinding,
convert_v1_ClusterPolicyBinding_To_api_ClusterPolicyBinding,
convert_api_ClusterPolicyBinding_To_v1_ClusterPolicyBinding,
)
if err != nil {
// If one of the conversion functions is malformed, detect it immediately.
panic(err)
}
if err := scheme.AddFieldLabelConversionFunc("v1", "ClusterPolicy",
oapi.GetFieldLabelConversionFunc(newer.ClusterPolicyToSelectableFields(&newer.ClusterPolicy{}), nil),
); err != nil {
panic(err)
}
if err := scheme.AddFieldLabelConversionFunc("v1", "ClusterPolicyBinding",
oapi.GetFieldLabelConversionFunc(newer.ClusterPolicyBindingToSelectableFields(&newer.ClusterPolicyBinding{}), nil),
); err != nil {
panic(err)
}
if err := scheme.AddFieldLabelConversionFunc("v1", "Policy",
oapi.GetFieldLabelConversionFunc(newer.PolicyToSelectableFields(&newer.Policy{}), nil),
); err != nil {
panic(err)
}
if err := scheme.AddFieldLabelConversionFunc("v1", "PolicyBinding",
oapi.GetFieldLabelConversionFunc(newer.PolicyBindingToSelectableFields(&newer.PolicyBinding{}), nil),
); err != nil {
panic(err)
}
if err := scheme.AddFieldLabelConversionFunc("v1", "Role",
oapi.GetFieldLabelConversionFunc(newer.RoleToSelectableFields(&newer.Role{}), nil),
); err != nil {
panic(err)
}
if err := scheme.AddFieldLabelConversionFunc("v1", "RoleBinding",
oapi.GetFieldLabelConversionFunc(newer.RoleBindingToSelectableFields(&newer.RoleBinding{}), nil),
); err != nil {
panic(err)
}
}
func addConversionFuncs(scheme *runtime.Scheme) error {
err := scheme.AddConversionFuncs(
Convert_v1_SubjectAccessReview_To_api_SubjectAccessReview,
Convert_api_SubjectAccessReview_To_v1_SubjectAccessReview,
Convert_v1_LocalSubjectAccessReview_To_api_LocalSubjectAccessReview,
Convert_api_LocalSubjectAccessReview_To_v1_LocalSubjectAccessReview,
Convert_v1_ResourceAccessReview_To_api_ResourceAccessReview,
Convert_api_ResourceAccessReview_To_v1_ResourceAccessReview,
Convert_v1_LocalResourceAccessReview_To_api_LocalResourceAccessReview,
Convert_api_LocalResourceAccessReview_To_v1_LocalResourceAccessReview,
Convert_v1_ResourceAccessReviewResponse_To_api_ResourceAccessReviewResponse,
Convert_api_ResourceAccessReviewResponse_To_v1_ResourceAccessReviewResponse,
Convert_v1_PolicyRule_To_api_PolicyRule,
Convert_api_PolicyRule_To_v1_PolicyRule,
Convert_v1_Policy_To_api_Policy,
Convert_api_Policy_To_v1_Policy,
Convert_v1_RoleBinding_To_api_RoleBinding,
Convert_api_RoleBinding_To_v1_RoleBinding,
Convert_v1_PolicyBinding_To_api_PolicyBinding,
Convert_api_PolicyBinding_To_v1_PolicyBinding,
Convert_v1_ClusterPolicy_To_api_ClusterPolicy,
Convert_api_ClusterPolicy_To_v1_ClusterPolicy,
Convert_v1_ClusterRoleBinding_To_api_ClusterRoleBinding,
Convert_api_ClusterRoleBinding_To_v1_ClusterRoleBinding,
Convert_v1_ClusterPolicyBinding_To_api_ClusterPolicyBinding,
Convert_api_ClusterPolicyBinding_To_v1_ClusterPolicyBinding,
)
if err != nil {
// If one of the conversion functions is malformed, detect it immediately.
return err
}
if err := scheme.AddFieldLabelConversionFunc("v1", "ClusterPolicy",
oapi.GetFieldLabelConversionFunc(newer.ClusterPolicyToSelectableFields(&newer.ClusterPolicy{}), nil),
); err != nil {
return err
}
if err := scheme.AddFieldLabelConversionFunc("v1", "ClusterPolicyBinding",
oapi.GetFieldLabelConversionFunc(newer.ClusterPolicyBindingToSelectableFields(&newer.ClusterPolicyBinding{}), nil),
); err != nil {
return err
}
if err := scheme.AddFieldLabelConversionFunc("v1", "Policy",
oapi.GetFieldLabelConversionFunc(newer.PolicyToSelectableFields(&newer.Policy{}), nil),
); err != nil {
return err
}
if err := scheme.AddFieldLabelConversionFunc("v1", "PolicyBinding",
oapi.GetFieldLabelConversionFunc(newer.PolicyBindingToSelectableFields(&newer.PolicyBinding{}), nil),
); err != nil {
return err
}
if err := scheme.AddFieldLabelConversionFunc("v1", "Role",
oapi.GetFieldLabelConversionFunc(newer.RoleToSelectableFields(&newer.Role{}), nil),
); err != nil {
return err
}
if err := scheme.AddFieldLabelConversionFunc("v1", "RoleBinding",
oapi.GetFieldLabelConversionFunc(newer.RoleBindingToSelectableFields(&newer.RoleBinding{}), nil),
); err != nil {
return err
}
return nil
}