// Admit admits resources into cluster that do not violate any defined LimitRange in the namespace
func (l *limitRanger) Admit(a admission.Attributes) (err error) {
obj := a.GetObject()
resource := a.GetResource()
name := "Unknown"
if obj != nil {
name, _ = meta.NewAccessor().Name(obj)
if len(name) == 0 {
name, _ = meta.NewAccessor().GenerateName(obj)
}
}
key := &api.LimitRange{
ObjectMeta: api.ObjectMeta{
Namespace: a.GetNamespace(),
Name: "",
},
}
items, err := l.indexer.Index("namespace", key)
if err != nil {
return admission.NewForbidden(a, fmt.Errorf("Unable to %s %s at this time because there was an error enforcing limit ranges", a.GetOperation(), resource))
}
if len(items) == 0 {
return nil
}
// ensure it meets each prescribed min/max
for i := range items {
limitRange := items[i].(*api.LimitRange)
err = l.limitFunc(limitRange, a.GetResource(), a.GetObject())
if err != nil {
return admission.NewForbidden(a, err)
}
}
return nil
}
func newExternalScheme() (*runtime.Scheme, meta.RESTMapper, runtime.Codec) {
scheme := runtime.NewScheme()
scheme.AddKnownTypeWithName("", "Type", &internalType{})
scheme.AddKnownTypeWithName("unlikelyversion", "Type", &externalType{})
//This tests that kubectl will not confuse the external scheme with the internal scheme, even when they accidentally have versions of the same name.
scheme.AddKnownTypeWithName(testapi.Version(), "Type", &ExternalType2{})
codec := runtime.CodecFor(scheme, "unlikelyversion")
validVersion := testapi.Version()
mapper := meta.NewDefaultRESTMapper([]string{"unlikelyversion", validVersion}, func(version string) (*meta.VersionInterfaces, bool) {
return &meta.VersionInterfaces{
Codec: runtime.CodecFor(scheme, version),
ObjectConvertor: scheme,
MetadataAccessor: meta.NewAccessor(),
}, (version == validVersion || version == "unlikelyversion")
})
for _, version := range []string{"unlikelyversion", validVersion} {
for kind := range scheme.KnownTypes(version) {
mixedCase := false
scope := meta.RESTScopeNamespace
mapper.Add(scope, kind, version, mixedCase)
}
}
return scheme, mapper, codec
}
func describerMap(c *client.Client, kclient kclient.Interface, host string) map[string]kctl.Describer {
m := map[string]kctl.Describer{
"Build": &BuildDescriber{c, kclient},
"BuildConfig": &BuildConfigDescriber{c, host},
"BuildLog": &BuildLogDescriber{c},
"DeploymentConfig": NewDeploymentConfigDescriber(c, kclient),
"Identity": &IdentityDescriber{c},
"Image": &ImageDescriber{c},
"ImageStream": &ImageStreamDescriber{c},
"ImageStreamTag": &ImageStreamTagDescriber{c},
"ImageStreamImage": &ImageStreamImageDescriber{c},
"Route": &RouteDescriber{c},
"Project": &ProjectDescriber{c, kclient},
"Template": &TemplateDescriber{c, meta.NewAccessor(), kapi.Scheme, nil},
"Policy": &PolicyDescriber{c},
"PolicyBinding": &PolicyBindingDescriber{c},
"RoleBinding": &RoleBindingDescriber{c},
"Role": &RoleDescriber{c},
"ClusterPolicy": &ClusterPolicyDescriber{c},
"ClusterPolicyBinding": &ClusterPolicyBindingDescriber{c},
"ClusterRoleBinding": &ClusterRoleBindingDescriber{c},
"ClusterRole": &ClusterRoleDescriber{c},
"User": &UserDescriber{c},
"UserIdentityMapping": &UserIdentityMappingDescriber{c},
}
return m
}
func (e *exists) Admit(a admission.Attributes) (err error) {
defaultVersion, kind, err := latest.RESTMapper.VersionAndKindForResource(a.GetResource())
if err != nil {
return err
}
mapping, err := latest.RESTMapper.RESTMapping(kind, defaultVersion)
if err != nil {
return err
}
if mapping.Scope.Name() != meta.RESTScopeNameNamespace {
return nil
}
namespace := &api.Namespace{
ObjectMeta: api.ObjectMeta{
Name: a.GetNamespace(),
Namespace: "",
},
Status: api.NamespaceStatus{},
}
_, exists, err := e.store.Get(namespace)
if err != nil {
return err
}
if exists {
return nil
}
obj := a.GetObject()
name := "Unknown"
if obj != nil {
name, _ = meta.NewAccessor().Name(obj)
}
return apierrors.NewForbidden(kind, name, fmt.Errorf("Namespace %s does not exist", a.GetNamespace()))
}
func newExternalScheme() (*runtime.Scheme, meta.RESTMapper, runtime.Codec) {
scheme := runtime.NewScheme()
scheme.AddKnownTypeWithName("", "Type", &internalType{})
scheme.AddKnownTypeWithName("unlikelyversion", "Type", &externalType{})
codec := runtime.CodecFor(scheme, "unlikelyversion")
mapper := meta.NewDefaultRESTMapper([]string{"unlikelyversion"}, func(version string) (*meta.VersionInterfaces, bool) {
return &meta.VersionInterfaces{
Codec: codec,
ObjectConvertor: scheme,
MetadataAccessor: meta.NewAccessor(),
}, (version == "unlikelyversion")
})
mapper.Add(scheme, false, "unlikelyversion")
return scheme, mapper, codec
}
func newExternalScheme() (*runtime.Scheme, meta.RESTMapper, runtime.Codec) {
scheme := runtime.NewScheme()
scheme.AddKnownTypeWithName("", "Type", &internalType{})
scheme.AddKnownTypeWithName("unlikelyversion", "Type", &externalType{})
codec := runtime.CodecFor(scheme, "unlikelyversion")
mapper := meta.NewDefaultRESTMapper([]string{"unlikelyversion"}, func(version string) (*meta.VersionInterfaces, bool) {
return &meta.VersionInterfaces{
Codec: codec,
ObjectConvertor: scheme,
MetadataAccessor: meta.NewAccessor(),
}, (version == "unlikelyversion")
})
for _, version := range []string{"unlikelyversion"} {
for kind := range scheme.KnownTypes(version) {
mixedCase := false
scope := meta.RESTScopeNamespace
mapper.Add(scope, kind, version, mixedCase)
}
}
return scheme, mapper, codec
}
// NewFactory creates a factory with the default Kubernetes resources defined
// if optionalClientConfig is nil, then flags will be bound to a new clientcmd.ClientConfig.
// if optionalClientConfig is not nil, then this factory will make use of it.
func NewFactory(optionalClientConfig clientcmd.ClientConfig) *Factory {
mapper := kubectl.ShortcutExpander{latest.RESTMapper}
flags := pflag.NewFlagSet("", pflag.ContinueOnError)
flags.SetNormalizeFunc(util.WarnWordSepNormalizeFunc) // Warn for "_" flags
generators := map[string]kubectl.Generator{
"run/v1": kubectl.BasicReplicationController{},
"service/v1": kubectl.ServiceGenerator{},
}
clientConfig := optionalClientConfig
if optionalClientConfig == nil {
clientConfig = DefaultClientConfig(flags)
}
clients := NewClientCache(clientConfig)
return &Factory{
clients: clients,
flags: flags,
generators: generators,
Object: func() (meta.RESTMapper, runtime.ObjectTyper) {
cfg, err := clientConfig.ClientConfig()
CheckErr(err)
cmdApiVersion := cfg.Version
return kubectl.OutputVersionMapper{mapper, cmdApiVersion}, api.Scheme
},
Client: func() (*client.Client, error) {
return clients.ClientForVersion("")
},
ClientConfig: func() (*client.Config, error) {
return clients.ClientConfigForVersion("")
},
RESTClient: func(mapping *meta.RESTMapping) (resource.RESTClient, error) {
client, err := clients.ClientForVersion(mapping.APIVersion)
if err != nil {
return nil, err
}
return client.RESTClient, nil
},
Describer: func(mapping *meta.RESTMapping) (kubectl.Describer, error) {
client, err := clients.ClientForVersion(mapping.APIVersion)
if err != nil {
return nil, err
}
describer, ok := kubectl.DescriberFor(mapping.Kind, client)
if !ok {
return nil, fmt.Errorf("no description has been implemented for %q", mapping.Kind)
}
return describer, nil
},
Printer: func(mapping *meta.RESTMapping, noHeaders, withNamespace bool, wide bool, columnLabels []string) (kubectl.ResourcePrinter, error) {
return kubectl.NewHumanReadablePrinter(noHeaders, withNamespace, wide, columnLabels), nil
},
PodSelectorForObject: func(object runtime.Object) (string, error) {
// TODO: replace with a swagger schema based approach (identify pod selector via schema introspection)
switch t := object.(type) {
case *api.ReplicationController:
return kubectl.MakeLabels(t.Spec.Selector), nil
case *api.Pod:
if len(t.Labels) == 0 {
return "", fmt.Errorf("the pod has no labels and cannot be exposed")
}
return kubectl.MakeLabels(t.Labels), nil
case *api.Service:
if t.Spec.Selector == nil {
return "", fmt.Errorf("the service has no pod selector set")
}
return kubectl.MakeLabels(t.Spec.Selector), nil
default:
kind, err := meta.NewAccessor().Kind(object)
if err != nil {
return "", err
}
return "", fmt.Errorf("it is not possible to get a pod selector from %s", kind)
}
},
PortsForObject: func(object runtime.Object) ([]string, error) {
// TODO: replace with a swagger schema based approach (identify pod selector via schema introspection)
switch t := object.(type) {
case *api.ReplicationController:
return getPorts(t.Spec.Template.Spec), nil
case *api.Pod:
return getPorts(t.Spec), nil
default:
kind, err := meta.NewAccessor().Kind(object)
if err != nil {
return nil, err
}
return nil, fmt.Errorf("it is not possible to get ports from %s", kind)
}
},
LabelsForObject: func(object runtime.Object) (map[string]string, error) {
return meta.NewAccessor().Labels(object)
},
Scaler: func(mapping *meta.RESTMapping) (kubectl.Scaler, error) {
client, err := clients.ClientForVersion(mapping.APIVersion)
if err != nil {
return nil, err
}
return kubectl.ScalerFor(mapping.Kind, kubectl.NewScalerClient(client))
},
Reaper: func(mapping *meta.RESTMapping) (kubectl.Reaper, error) {
client, err := clients.ClientForVersion(mapping.APIVersion)
if err != nil {
return nil, err
}
return kubectl.ReaperFor(mapping.Kind, client)
},
Validator: func() (validation.Schema, error) {
if flags.Lookup("validate").Value.String() == "true" {
client, err := clients.ClientForVersion("")
if err != nil {
return nil, err
}
return &clientSwaggerSchema{client, api.Scheme}, nil
}
return validation.NullSchema{}, nil
},
DefaultNamespace: func() (string, error) {
return clientConfig.Namespace()
},
Generator: func(name string) (kubectl.Generator, bool) {
generator, ok := generators[name]
return generator, ok
},
}
}
// Admit enforces that a namespace must exist in order to associate content with it.
// Admit enforces that a namespace that is terminating cannot accept new content being associated with it.
func (e *lifecycle) Admit(a admission.Attributes) (err error) {
if len(a.GetNamespace()) == 0 {
return nil
}
defaultVersion, kind, err := latest.RESTMapper.VersionAndKindForResource(a.GetResource())
if err != nil {
glog.V(4).Infof("Ignoring life-cycle enforcement for resource %v; no associated default version and kind could be found.", a.GetResource())
return nil
}
mapping, err := latest.RESTMapper.RESTMapping(kind, defaultVersion)
if err != nil {
return admission.NewForbidden(a, err)
}
if mapping.Scope.Name() != meta.RESTScopeNameNamespace {
return nil
}
// we want to allow someone to delete something in case it was phantom created somehow
if a.GetOperation() == "DELETE" {
return nil
}
name := "Unknown"
obj := a.GetObject()
if obj != nil {
name, _ = meta.NewAccessor().Name(obj)
}
projects, err := cache.GetProjectCache()
if err != nil {
return admission.NewForbidden(a, err)
}
namespace, err := projects.GetNamespaceObject(a.GetNamespace())
if err != nil {
return admission.NewForbidden(a, err)
}
if a.GetOperation() != "CREATE" {
return nil
}
if namespace.Status.Phase == kapi.NamespaceTerminating && !e.creatableResources.Has(strings.ToLower(a.GetResource())) {
return apierrors.NewForbidden(kind, name, fmt.Errorf("Namespace %s is terminating", a.GetNamespace()))
}
// in case of concurrency issues, we will retry this logic
numRetries := 10
interval := time.Duration(rand.Int63n(90)+int64(10)) * time.Millisecond
for retry := 1; retry <= numRetries; retry++ {
// associate this namespace with openshift
_, err = projectutil.Associate(e.client, namespace)
if err == nil {
break
}
// we have exhausted all reasonable efforts to retry so give up now
if retry == numRetries {
return admission.NewForbidden(a, err)
}
// get the latest namespace for the next pass in case of resource version updates
time.Sleep(interval)
// it's possible the namespace actually was deleted, so just forbid if this occurs
namespace, err = e.client.Namespaces().Get(a.GetNamespace())
if err != nil {
return admission.NewForbidden(a, err)
}
}
return nil
}
const OldestVersion = "v1beta1"
// Versions is the list of versions that are recognized in code. The order provided
// may be assumed to be least feature rich to most feature rich, and clients may
// choose to prefer the latter items in the list over the former items when presented
// with a set of versions to choose.
var Versions = []string{"v1beta1", "v1beta2"}
// Codec is the default codec for serializing output that should use
// the latest supported version. Use this Codec when writing to
// disk, a data store that is not dynamically versioned, or in tests.
// This codec can decode any object that Kubernetes is aware of.
var Codec = v1beta1.Codec
// accessor is the shared static metadata accessor for the API.
var accessor = meta.NewAccessor()
// ResourceVersioner describes a default versioner that can handle all types
// of versioning.
// TODO: when versioning changes, make this part of each API definition.
var ResourceVersioner = runtime.ResourceVersioner(accessor)
// SelfLinker can set or get the SelfLink field of all API types.
// TODO: when versioning changes, make this part of each API definition.
// TODO(lavalamp): Combine SelfLinker & ResourceVersioner interfaces, force all uses
// to go through the InterfacesFor method below.
var SelfLinker = runtime.SelfLinker(accessor)
// RESTMapper provides the default mapping between REST paths and the objects declared in api.Scheme and all known
// Kubernetes versions.
var RESTMapper meta.RESTMapper
// RunProject contains all the necessary functionality for the OpenShift cli process command
func RunProcess(f *clientcmd.Factory, out io.Writer, cmd *cobra.Command, args []string) error {
storedTemplate := ""
if len(args) > 0 {
storedTemplate = args[0]
}
filename := kcmdutil.GetFlagString(cmd, "filename")
if len(storedTemplate) == 0 && len(filename) == 0 {
return kcmdutil.UsageError(cmd, "Must pass a filename or name of stored template")
}
namespace, err := f.DefaultNamespace()
if err != nil {
return err
}
mapper, typer := f.Object()
client, _, err := f.Clients()
if err != nil {
return err
}
var (
objects []runtime.Object
infos []*resource.Info
mapping *meta.RESTMapping
)
version, kind, err := mapper.VersionAndKindForResource("template")
if mapping, err = mapper.RESTMapping(kind, version); err != nil {
return err
}
// When storedTemplate is not empty, then we fetch the template from the
// server, otherwise we require to set the `-f` parameter.
if len(storedTemplate) > 0 {
templateObj, err := client.Templates(namespace).Get(storedTemplate)
if err != nil {
if errors.IsNotFound(err) {
return fmt.Errorf("template %q could not be found", storedTemplate)
}
return err
}
templateObj.CreationTimestamp = util.Now()
infos = append(infos, &resource.Info{Object: templateObj})
} else {
infos, err = resource.NewBuilder(mapper, typer, f.ClientMapperForCommand()).
NamespaceParam(namespace).RequireNamespace().
FilenameParam(filename).
Do().
Infos()
if err != nil {
return err
}
}
outputFormat := kcmdutil.GetFlagString(cmd, "output")
for i := range infos {
obj, ok := infos[i].Object.(*api.Template)
if !ok {
sourceName := filename
if len(storedTemplate) > 0 {
sourceName = namespace + "/" + storedTemplate
}
fmt.Fprintf(cmd.Out(), "unable to parse %q, not a valid Template but %s\n", sourceName, reflect.TypeOf(infos[i].Object))
continue
}
// If 'parameters' flag is set it does not do processing but only print
// the template parameters to console for inspection.
// If multiple templates are passed, this will print combined output for all
// templates.
if kcmdutil.GetFlagBool(cmd, "parameters") {
if len(infos) > 1 {
fmt.Fprintf(out, "\n%s:\n", obj.Name)
}
if err := describe.PrintTemplateParameters(obj.Parameters, out); err != nil {
fmt.Fprintf(cmd.Out(), "error printing parameters for %q: %v\n", obj.Name, err)
}
continue
}
if label := kcmdutil.GetFlagString(cmd, "labels"); len(label) > 0 {
lbl, err := kubectl.ParseLabels(label)
if err != nil {
fmt.Fprintf(cmd.Out(), "error parsing labels: %v\n", err)
continue
}
if obj.ObjectLabels == nil {
obj.ObjectLabels = make(map[string]string)
}
for key, value := range lbl {
obj.ObjectLabels[key] = value
}
}
// Override the values for the current template parameters
// when user specify the --value
if cmd.Flag("value").Changed {
injectUserVars(cmd, obj)
}
resultObj, err := client.TemplateConfigs(namespace).Create(obj)
if err != nil {
fmt.Fprintf(cmd.Out(), "error processing the template %q: %v\n", obj.Name, err)
continue
}
if outputFormat == "describe" {
if s, err := (&describe.TemplateDescriber{
MetadataAccessor: meta.NewAccessor(),
ObjectTyper: kapi.Scheme,
ObjectDescriber: nil,
}).DescribeTemplate(resultObj); err != nil {
fmt.Fprintf(cmd.Out(), "error describing %q: %v\n", obj.Name, err)
} else {
fmt.Fprintf(out, s)
}
continue
}
objects = append(objects, resultObj.Objects...)
}
// Do not print the processed templates when asked to only show parameters or
// describe.
if kcmdutil.GetFlagBool(cmd, "parameters") || outputFormat == "describe" {
return nil
}
p, _, err := kubectl.GetPrinter(outputFormat, "")
if err != nil {
return err
}
p = kubectl.NewVersionedPrinter(p, kapi.Scheme, kcmdutil.OutputVersion(cmd, mapping.APIVersion))
// use generic output
if kcmdutil.GetFlagBool(cmd, "raw") {
for i := range objects {
p.PrintObj(objects[i], out)
}
return nil
}
return p.PrintObj(&kapi.List{
ListMeta: kapi.ListMeta{},
Items: objects,
}, out)
}
// NewFactory creates an object that holds common methods across all OpenShift commands
func NewFactory(clientConfig kclientcmd.ClientConfig) *Factory {
mapper := ShortcutExpander{kubectl.ShortcutExpander{latest.RESTMapper}}
clients := &clientCache{
clients: make(map[string]*client.Client),
loader: clientConfig,
}
generators := map[string]kubectl.Generator{
"route/v1": routegen.RouteGenerator{},
}
w := &Factory{
Factory: cmdutil.NewFactory(clientConfig),
OpenShiftClientConfig: clientConfig,
clients: clients,
}
w.Object = func() (meta.RESTMapper, runtime.ObjectTyper) {
if cfg, err := clientConfig.ClientConfig(); err == nil {
return kubectl.OutputVersionMapper{mapper, cfg.Version}, api.Scheme
}
return mapper, api.Scheme
}
kRESTClient := w.Factory.RESTClient
w.RESTClient = func(mapping *meta.RESTMapping) (resource.RESTClient, error) {
if latest.OriginKind(mapping.Kind, mapping.APIVersion) {
client, err := clients.ClientForVersion(mapping.APIVersion)
if err != nil {
return nil, err
}
return client.RESTClient, nil
}
return kRESTClient(mapping)
}
// Save original Describer function
kDescriberFunc := w.Factory.Describer
w.Describer = func(mapping *meta.RESTMapping) (kubectl.Describer, error) {
if latest.OriginKind(mapping.Kind, mapping.APIVersion) {
oClient, kClient, err := w.Clients()
if err != nil {
return nil, fmt.Errorf("unable to create client %s: %v", mapping.Kind, err)
}
cfg, err := clients.ClientConfigForVersion(mapping.APIVersion)
if err != nil {
return nil, fmt.Errorf("unable to load a client %s: %v", mapping.Kind, err)
}
describer, ok := describe.DescriberFor(mapping.Kind, oClient, kClient, cfg.Host)
if !ok {
return nil, fmt.Errorf("no description has been implemented for %q", mapping.Kind)
}
return describer, nil
}
return kDescriberFunc(mapping)
}
w.Scaler = func(mapping *meta.RESTMapping) (kubectl.Scaler, error) {
oc, kc, err := w.Clients()
if err != nil {
return nil, err
}
return deploy.ScalerFor(mapping.Kind, oc, kc)
}
w.Reaper = func(mapping *meta.RESTMapping) (kubectl.Reaper, error) {
oc, kc, err := w.Clients()
if err != nil {
return nil, err
}
return deployreaper.ReaperFor(mapping.Kind, oc, kc)
}
kGeneratorFunc := w.Factory.Generator
w.Generator = func(name string) (kubectl.Generator, bool) {
if generator, ok := generators[name]; ok {
return generator, true
}
return kGeneratorFunc(name)
}
w.PodSelectorForObject = func(object runtime.Object) (string, error) {
switch t := object.(type) {
case *deployapi.DeploymentConfig:
return kubectl.MakeLabels(t.Template.ControllerTemplate.Selector), nil
case *api.ReplicationController:
return kubectl.MakeLabels(t.Spec.Selector), nil
case *api.Pod:
if len(t.Labels) == 0 {
return "", fmt.Errorf("the pod has no labels and cannot be exposed")
}
return kubectl.MakeLabels(t.Labels), nil
case *api.Service:
if t.Spec.Selector == nil {
return "", fmt.Errorf("the service has no pod selector set")
}
return kubectl.MakeLabels(t.Spec.Selector), nil
default:
kind, err := meta.NewAccessor().Kind(object)
if err != nil {
return "", err
}
return "", fmt.Errorf("it is not possible to get a pod selector from %s", kind)
}
}
w.PortsForObject = func(object runtime.Object) ([]string, error) {
switch t := object.(type) {
case *deployapi.DeploymentConfig:
return getPorts(t.Template.ControllerTemplate.Template.Spec), nil
case *api.ReplicationController:
return getPorts(t.Spec.Template.Spec), nil
case *api.Pod:
return getPorts(t.Spec), nil
default:
kind, err := meta.NewAccessor().Kind(object)
if err != nil {
return nil, err
}
return nil, fmt.Errorf("it is not possible to get ports from %s", kind)
}
}
w.Printer = func(mapping *meta.RESTMapping, noHeaders, withNamespace bool) (kubectl.ResourcePrinter, error) {
return describe.NewHumanReadablePrinter(noHeaders, withNamespace), nil
}
return w
}
type fakeClientGetSet struct {
get func(key string, sort, recursive bool) (*etcd.Response, error)
set func(key, value string, ttl uint64) (*etcd.Response, error)
}
type TestResource struct {
api.TypeMeta `json:",inline" yaml:",inline"`
api.ObjectMeta `json:"metadata" yaml:"metadata"`
Value int `json:"value" yaml:"value,omitempty"`
}
func (*TestResource) IsAnAPIObject() {}
var scheme *runtime.Scheme
var codec runtime.Codec
var versioner = RuntimeVersionAdapter{meta.NewAccessor()}
func init() {
scheme = runtime.NewScheme()
scheme.AddKnownTypes("", &TestResource{})
scheme.AddKnownTypes("v1beta1", &TestResource{})
codec = runtime.CodecFor(scheme, "v1beta1")
}
func TestIsEtcdNotFound(t *testing.T) {
try := func(err error, isNotFound bool) {
if IsEtcdNotFound(err) != isNotFound {
t.Errorf("Expected %#v to return %v, but it did not", err, isNotFound)
}
}
try(EtcdErrorNotFound, true)