Skip to content

Commit

Permalink
Merge pull request kubernetes-sigs#5277 from lzhecheng/cp-3756-1.26
Browse files Browse the repository at this point in the history
chore: upgrade credentialprovider-api-version to v1
  • Loading branch information
k8s-ci-robot authored Jan 11, 2024
2 parents d4bb23f + 06384cb commit 1c4c956
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 32 deletions.
20 changes: 10 additions & 10 deletions cmd/acr-credential-provider/plugin.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/serializer"
"k8s.io/apimachinery/pkg/runtime/serializer/json"
"k8s.io/kubelet/pkg/apis/credentialprovider/install"
"k8s.io/kubelet/pkg/apis/credentialprovider/v1alpha1"
v1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1"

"sigs.k8s.io/cloud-provider-azure/pkg/credentialprovider"
)
Expand All @@ -55,7 +55,7 @@ func NewCredentialProvider(plugin credentialprovider.CredentialProvider) *ExecPl
}

// Run executes the credential provider plugin. Required information for the plugin request (in
// the form of v1alpha1.CredentialProviderRequest) is provided via stdin from the kubelet.
// the form of v1.CredentialProviderRequest) is provided via stdin from the kubelet.
// The CredentialProviderResponse, containing the username/password required for pulling
// the provided image, will be sent back to the kubelet via stdout.
func (e *ExecPlugin) Run(ctx context.Context) error {
Expand All @@ -73,7 +73,7 @@ func (e *ExecPlugin) runPlugin(ctx context.Context, r io.Reader, w io.Writer, ar
return err
}

if gvk.GroupVersion() != v1alpha1.SchemeGroupVersion {
if gvk.GroupVersion() != v1.SchemeGroupVersion {
return fmt.Errorf("group version %s is not supported", gvk.GroupVersion())
}

Expand Down Expand Up @@ -109,8 +109,8 @@ func (e *ExecPlugin) runPlugin(ctx context.Context, r io.Reader, w io.Writer, ar
return nil
}

func decodeRequest(data []byte) (*v1alpha1.CredentialProviderRequest, error) {
obj, gvk, err := codecs.UniversalDecoder(v1alpha1.SchemeGroupVersion).Decode(data, nil, nil)
func decodeRequest(data []byte) (*v1.CredentialProviderRequest, error) {
obj, gvk, err := codecs.UniversalDecoder(v1.SchemeGroupVersion).Decode(data, nil, nil)
if err != nil {
return nil, err
}
Expand All @@ -119,26 +119,26 @@ func decodeRequest(data []byte) (*v1alpha1.CredentialProviderRequest, error) {
return nil, fmt.Errorf("kind was %q, expected CredentialProviderRequest", gvk.Kind)
}

if gvk.Group != v1alpha1.GroupName {
return nil, fmt.Errorf("group was %q, expected %s", gvk.Group, v1alpha1.GroupName)
if gvk.Group != v1.GroupName {
return nil, fmt.Errorf("group was %q, expected %s", gvk.Group, v1.GroupName)
}

request, ok := obj.(*v1alpha1.CredentialProviderRequest)
request, ok := obj.(*v1.CredentialProviderRequest)
if !ok {
return nil, fmt.Errorf("unable to convert %T to *CredentialProviderRequest", obj)
}

return request, nil
}

func encodeResponse(response *v1alpha1.CredentialProviderResponse) ([]byte, error) {
func encodeResponse(response *v1.CredentialProviderResponse) ([]byte, error) {
mediaType := "application/json"
info, ok := runtime.SerializerInfoForMediaType(codecs.SupportedMediaTypes(), mediaType)
if !ok {
return nil, fmt.Errorf("unsupported media type %q", mediaType)
}

encoder := codecs.EncoderForVersion(info.Serializer, v1alpha1.SchemeGroupVersion)
encoder := codecs.EncoderForVersion(info.Serializer, v1.SchemeGroupVersion)
data, err := runtime.Encode(encoder, response)
if err != nil {
return nil, fmt.Errorf("failed to encode response: %w", err)
Expand Down
20 changes: 10 additions & 10 deletions cmd/acr-credential-provider/plugin_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,17 +24,17 @@ import (
"time"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/kubelet/pkg/apis/credentialprovider/v1alpha1"
v1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1"
)

type fakePlugin struct {
}

func (f *fakePlugin) GetCredentials(ctx context.Context, image string, args []string) (*v1alpha1.CredentialProviderResponse, error) {
return &v1alpha1.CredentialProviderResponse{
CacheKeyType: v1alpha1.RegistryPluginCacheKeyType,
func (f *fakePlugin) GetCredentials(ctx context.Context, image string, args []string) (*v1.CredentialProviderResponse, error) {
return &v1.CredentialProviderResponse{
CacheKeyType: v1.RegistryPluginCacheKeyType,
CacheDuration: &metav1.Duration{Duration: 10 * time.Minute},
Auth: map[string]v1alpha1.AuthConfig{
Auth: map[string]v1.AuthConfig{
"*.registry.io": {
Username: "user",
Password: "password",
Expand All @@ -52,26 +52,26 @@ func Test_runPlugin(t *testing.T) {
}{
{
name: "successful test case",
in: bytes.NewBufferString(`{"kind":"CredentialProviderRequest","apiVersion":"credentialprovider.kubelet.k8s.io/v1alpha1","image":"test.registry.io/foobar"}`),
expectedOut: []byte(`{"kind":"CredentialProviderResponse","apiVersion":"credentialprovider.kubelet.k8s.io/v1alpha1","cacheKeyType":"Registry","cacheDuration":"10m0s","auth":{"*.registry.io":{"username":"user","password":"password"}}}
in: bytes.NewBufferString(`{"kind":"CredentialProviderRequest","apiVersion":"credentialprovider.kubelet.k8s.io/v1","image":"test.registry.io/foobar"}`),
expectedOut: []byte(`{"kind":"CredentialProviderResponse","apiVersion":"credentialprovider.kubelet.k8s.io/v1","cacheKeyType":"Registry","cacheDuration":"10m0s","auth":{"*.registry.io":{"username":"user","password":"password"}}}
`),
expectErr: false,
},
{
name: "invalid kind",
in: bytes.NewBufferString(`{"kind":"CredentialProviderFoo","apiVersion":"credentialprovider.kubelet.k8s.io/v1alpha1","image":"test.registry.io/foobar"}`),
in: bytes.NewBufferString(`{"kind":"CredentialProviderFoo","apiVersion":"credentialprovider.kubelet.k8s.io/v1","image":"test.registry.io/foobar"}`),
expectedOut: nil,
expectErr: true,
},
{
name: "invalid apiVersion",
in: bytes.NewBufferString(`{"kind":"CredentialProviderRequest","apiVersion":"foo.k8s.io/v1alpha1","image":"test.registry.io/foobar"}`),
in: bytes.NewBufferString(`{"kind":"CredentialProviderRequest","apiVersion":"foo.k8s.io/v1","image":"test.registry.io/foobar"}`),
expectedOut: nil,
expectErr: true,
},
{
name: "empty image",
in: bytes.NewBufferString(`{"kind":"CredentialProviderRequest","apiVersion":"credentialprovider.kubelet.k8s.io/v1alpha1","image":""}`),
in: bytes.NewBufferString(`{"kind":"CredentialProviderRequest","apiVersion":"credentialprovider.kubelet.k8s.io/v1","image":""}`),
expectedOut: nil,
expectErr: true,
},
Expand Down
24 changes: 12 additions & 12 deletions pkg/credentialprovider/azure_credentials.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ import (
"github.com/Azure/go-autorest/autorest/azure"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/klog/v2"
"k8s.io/kubelet/pkg/apis/credentialprovider/v1alpha1"
v1 "k8s.io/kubelet/pkg/apis/credentialprovider/v1"
)

// Refer: https://github.com/kubernetes/kubernetes/blob/master/pkg/credentialprovider/azure/azure_credentials.go
Expand All @@ -50,7 +50,7 @@ var (
// CredentialProvider is an interface implemented by the kubelet credential provider plugin to fetch
// the username/password based on the provided image name.
type CredentialProvider interface {
GetCredentials(ctx context.Context, image string, args []string) (response *v1alpha1.CredentialProviderResponse, err error)
GetCredentials(ctx context.Context, image string, args []string) (response *v1.CredentialProviderResponse, err error)
}

// acrProvider implements the credential provider interface for Azure Container Registry.
Expand Down Expand Up @@ -93,21 +93,21 @@ func newAcrProviderFromConfigReader(configReader io.Reader) (*acrProvider, error
}, nil
}

func (a *acrProvider) GetCredentials(ctx context.Context, image string, args []string) (*v1alpha1.CredentialProviderResponse, error) {
func (a *acrProvider) GetCredentials(ctx context.Context, image string, args []string) (*v1.CredentialProviderResponse, error) {
loginServer := a.parseACRLoginServerFromImage(image)
if loginServer == "" {
klog.V(2).Infof("image(%s) is not from ACR, return empty authentication", image)
return &v1alpha1.CredentialProviderResponse{
CacheKeyType: v1alpha1.RegistryPluginCacheKeyType,
return &v1.CredentialProviderResponse{
CacheKeyType: v1.RegistryPluginCacheKeyType,
CacheDuration: &metav1.Duration{Duration: 0},
Auth: map[string]v1alpha1.AuthConfig{},
Auth: map[string]v1.AuthConfig{},
}, nil
}

response := &v1alpha1.CredentialProviderResponse{
CacheKeyType: v1alpha1.RegistryPluginCacheKeyType,
response := &v1.CredentialProviderResponse{
CacheKeyType: v1.RegistryPluginCacheKeyType,
CacheDuration: &metav1.Duration{Duration: defaultCacheTTL},
Auth: map[string]v1alpha1.AuthConfig{
Auth: map[string]v1.AuthConfig{
// empty username and password for anonymous ACR access
"*.azurecr.*": {
Username: "",
Expand All @@ -123,14 +123,14 @@ func (a *acrProvider) GetCredentials(ctx context.Context, image string, args []s
return nil, err
}

response.Auth[loginServer] = v1alpha1.AuthConfig{
response.Auth[loginServer] = v1.AuthConfig{
Username: username,
Password: password,
}
} else {
// Add our entry for each of the supported container registry URLs
for _, url := range containerRegistryUrls {
cred := v1alpha1.AuthConfig{
cred := v1.AuthConfig{
Username: a.config.AADClientID,
Password: a.config.AADClientSecret,
}
Expand All @@ -150,7 +150,7 @@ func (a *acrProvider) GetCredentials(ctx context.Context, image string, args []s
}

if !hasBeenAdded {
cred := v1alpha1.AuthConfig{
cred := v1.AuthConfig{
Username: a.config.AADClientID,
Password: a.config.AADClientSecret,
}
Expand Down

0 comments on commit 1c4c956

Please sign in to comment.