weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

add openapi definitions to acme API server

Browse Source 
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
This commit is contained in:
Tim Ramlot 2023-08-23 14:12:51 +02:00
parent 013b65f691
commit 9d2d1cd6ef
No known key found for this signature in database
GPG Key ID: 47428728E0C2878D
9 changed files with 4183 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
hack/k8s-codegen.sh
View File

@ -26,6 +26,7 @@ informergen=$4
listergen=$5
defaultergen=$6
conversiongen=$7
openapigen=$8
# If the envvar "VERIFY_ONLY" is set, we only check if everything's up to date
# and don't actually generate anything
@ -136,6 +137,25 @@ mkcp() {
# Export mkcp for use in sub-shells
export -f mkcp
gen-openapi-acme() {
clean pkg/acme/webhook/openapi '*.go'
echo "+++ ${VERB} ACME openapi..." >&2
mkdir -p hack/openapi_reports
"$openapigen" \
${VERIFY_FLAGS} \
--go-header-file "hack/boilerplate-go.txt" \
--report-filename "hack/openapi_reports/acme.txt" \
--input-dirs "k8s.io/apimachinery/pkg/version" \
--input-dirs "k8s.io/apimachinery/pkg/runtime" \
--input-dirs "k8s.io/apimachinery/pkg/apis/meta/v1" \
--input-dirs "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" \
--input-dirs "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1" \
--trim-path-prefix "github.com/cert-manager/cert-manager" \
--output-package "github.com/cert-manager/cert-manager/pkg/acme/webhook/openapi" \
--output-base ./ \
-O zz_generated.openapi
}
gen-deepcopy() {
clean pkg/apis 'zz_generated.deepcopy.go'
clean pkg/acme/webhook/apis 'zz_generated.deepcopy.go'
@ -237,6 +257,7 @@ gen-conversions() {
--output-base ./
}
gen-openapi-acme
gen-deepcopy
gen-clientsets
gen-listers

70
hack/openapi_reports/acme.txt Normal file
View File

@ -0,0 +1,70 @@
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,ConversionRequest,Objects
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,ConversionResponse,ConvertedObjects
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,CustomResourceDefinitionNames,Categories
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,CustomResourceDefinitionNames,ShortNames
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,CustomResourceDefinitionSpec,Versions
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,CustomResourceDefinitionStatus,StoredVersions
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,CustomResourceDefinitionVersion,AdditionalPrinterColumns
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSON,Raw
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,AllOf
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,AnyOf
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Enum
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,OneOf
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Required
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XListMapKeys
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrArray,JSONSchemas
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrStringArray,Property
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,WebhookClientConfig,CABundle
API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,WebhookConversion,ConversionReviewVersions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroup,ServerAddressByClientCIDRs
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroup,Versions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroupList,Groups
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIResource,Categories
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIResource,ShortNames
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIResourceList,APIResources
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIVersions,ServerAddressByClientCIDRs
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIVersions,Versions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ApplyOptions,DryRun
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,CreateOptions,DryRun
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,DeleteOptions,DryRun
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,FieldsV1,Raw
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,LabelSelector,MatchExpressions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,LabelSelectorRequirement,Values
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ObjectMeta,Finalizers
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ObjectMeta,ManagedFields
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ObjectMeta,OwnerReferences
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,PatchOptions,DryRun
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,RootPaths,Paths
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,StatusDetails,Causes
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,Table,ColumnDefinitions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,Table,Rows
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,TableRow,Cells
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,TableRow,Conditions
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,UpdateOptions,DryRun
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,RawExtension,Raw
API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,Unknown,Raw
API rule violation: names_match,github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1,ChallengeResponse,Result
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Ref
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Schema
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XEmbeddedResource
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XIntOrString
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XListMapKeys
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XListType
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XMapType
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XPreserveUnknownFields
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XValidations
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrArray,JSONSchemas
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrArray,Schema
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrBool,Allows
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrBool,Schema
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrStringArray,Property
API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrStringArray,Schema
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,APIResourceList,APIResources
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,Duration,Duration
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,InternalEvent,Object
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,InternalEvent,Type
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,MicroTime,Time
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,StatusCause,Type
API rule violation: names_match,k8s.io/apimachinery/pkg/apis/meta/v1,Time,Time
API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,ContentEncoding
API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,ContentType

6
make/ci.mk
View File

@ -89,7 +89,8 @@ verify-codegen: | k8s-codegen-tools $(NEEDS_GO)
./$(BINDIR)/tools/informer-gen \
./$(BINDIR)/tools/lister-gen \
./$(BINDIR)/tools/defaulter-gen \
./$(BINDIR)/tools/conversion-gen
./$(BINDIR)/tools/conversion-gen \
./$(BINDIR)/tools/openapi-gen
.PHONY: update-codegen
update-codegen: | k8s-codegen-tools $(NEEDS_GO)
@ -100,7 +101,8 @@ update-codegen: | k8s-codegen-tools $(NEEDS_GO)
./$(BINDIR)/tools/informer-gen \
./$(BINDIR)/tools/lister-gen \
./$(BINDIR)/tools/defaulter-gen \
./$(BINDIR)/tools/conversion-gen
./$(BINDIR)/tools/conversion-gen \
./$(BINDIR)/tools/openapi-gen
.PHONY: update-all
## Update CRDs, code generation and licenses to the latest versions.

2
make/tools.mk
View File

@ -375,7 +375,7 @@ $(BINDIR)/downloaded/tools/ko@$(KO_VERSION)_%: | $(BINDIR)/downloaded/tools
# k8s codegen tools #
#####################
K8S_CODEGEN_TOOLS := client-gen conversion-gen deepcopy-gen defaulter-gen informer-gen lister-gen
K8S_CODEGEN_TOOLS := client-gen conversion-gen deepcopy-gen defaulter-gen informer-gen lister-gen openapi-gen
K8S_CODEGEN_TOOLS_PATHS := $(K8S_CODEGEN_TOOLS:%=$(BINDIR)/tools/%)
K8S_CODEGEN_TOOLS_DOWNLOADS := $(K8S_CODEGEN_TOOLS:%=$(BINDIR)/downloaded/tools/%@$(K8S_CODEGEN_VERSION))

1
pkg/acme/webhook/apis/acme/v1alpha1/doc.go
View File

@ -16,6 +16,7 @@ limitations under the License.
// +k8s:deepcopy-gen=package,register
// +k8s:defaulter-gen=TypeMeta
// +k8s:openapi-gen=true
// Package v1alpha1 is the v1alpha1 version of the API.
// +groupName=webhook.acme.cert-manager.io

38
pkg/acme/webhook/apiserver/apiserver.go
View File

@ -25,12 +25,14 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/runtime/serializer"
"k8s.io/apimachinery/pkg/version"
"k8s.io/apiserver/pkg/endpoints/openapi"
"k8s.io/apiserver/pkg/registry/rest"
genericapiserver "k8s.io/apiserver/pkg/server"
restclient "k8s.io/client-go/rest"
"github.com/cert-manager/cert-manager/pkg/acme/webhook"
whapi "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1"
cmopenapi "github.com/cert-manager/cert-manager/pkg/acme/webhook/openapi"
"github.com/cert-manager/cert-manager/pkg/acme/webhook/registry/challengepayload"
)
@ -54,20 +56,12 @@ func init() {
&metav1.APIGroupList{},
&metav1.APIGroup{},
&metav1.APIResourceList{},
&metav1.ListOptions{},
&metav1.GetOptions{},
&metav1.PatchOptions{},
&metav1.DeleteOptions{},
&metav1.CreateOptions{},
&metav1.UpdateOptions{},
)
}
type Config struct {
GenericConfig *genericapiserver.RecommendedConfig
ExtraConfig ExtraConfig
restConfig *restclient.Config
}
type ExtraConfig struct {
@ -101,7 +95,7 @@ func (c *Config) Complete() CompletedConfig {
completedCfg := completedConfig{
c.GenericConfig.Complete(),
&c.ExtraConfig,
c.restConfig,
c.GenericConfig.ClientConfig,
}
completedCfg.GenericConfig.Version = &version.Info{
@ -109,6 +103,9 @@ func (c *Config) Complete() CompletedConfig {
Minor: "1",
}
completedCfg.GenericConfig.OpenAPIConfig = genericapiserver.DefaultOpenAPIConfig(cmopenapi.GetOpenAPIDefinitions, openapi.NewDefinitionNamer(Scheme))
completedCfg.GenericConfig.OpenAPIV3Config = genericapiserver.DefaultOpenAPIV3Config(cmopenapi.GetOpenAPIDefinitions, openapi.NewDefinitionNamer(Scheme))
return CompletedConfig{&completedCfg}
}
@ -126,42 +123,35 @@ func (c completedConfig) New() (*ChallengeServer, error) {
GenericAPIServer: genericServer,
}
if c.restConfig == nil {
c.restConfig, err = restclient.InClusterConfig()
if err != nil {
return nil, err
}
}
// TODO we're going to need a later k8s.io/apiserver so that we can get discovery to list a different group version for
// our endpoint which we'll use to back some custom storage which will consume the AdmissionReview type and give back the correct response
apiGroupInfo := genericapiserver.APIGroupInfo{
VersionedResourcesStorageMap: map[string]map[string]rest.Storage{},
// TODO unhardcode this. It was hardcoded before, but we need to re-evaluate
OptionsExternalVersion: &schema.GroupVersion{Version: "v1alpha1"},
// TODO unhardcode this. It was hardcoded before, but we need to re-evaluate
OptionsExternalVersion: &schema.GroupVersion{Version: "v1"},
Scheme: Scheme,
ParameterCodec: metav1.ParameterCodec,
NegotiatedSerializer: Codecs,
}
for _, solver := range solversByName(c.ExtraConfig.Solvers...) {
challengeHandler := challengepayload.NewREST(solver)
v1alpha1storage, ok := apiGroupInfo.VersionedResourcesStorageMap["v1alpha1"]
if !ok {
v1alpha1storage = map[string]rest.Storage{}
}
gvr := metav1.GroupVersionResource{
Group: c.ExtraConfig.SolverGroup,
Version: "v1alpha1",
Resource: solver.Name(),
}
challengeHandler := challengepayload.NewREST(solver)
apiGroupInfo.PrioritizedVersions = appendUniqueGroupVersion(apiGroupInfo.PrioritizedVersions, schema.GroupVersion{
Group: gvr.Group,
Version: gvr.Version,
})
v1alpha1storage, ok := apiGroupInfo.VersionedResourcesStorageMap[gvr.Version]
if !ok {
v1alpha1storage = map[string]rest.Storage{}
}
v1alpha1storage[gvr.Resource] = challengeHandler
apiGroupInfo.VersionedResourcesStorageMap[gvr.Version] = v1alpha1storage
}

2
pkg/acme/webhook/apiserver/apiserver_test.go
View File

@ -75,7 +75,6 @@ func TestNewChallengeServer(t *testing.T) {
noOpSolver{name: "solver-1"},
},
},
restConfig: &rest.Config{},
},
expErr: false,
},
@ -89,7 +88,6 @@ func TestNewChallengeServer(t *testing.T) {
noOpSolver{name: "solver-2"},
},
},
restConfig: &rest.Config{},
},
expErr: false,
},

4
pkg/acme/webhook/cmd/server/start.go
View File

@ -104,6 +104,10 @@ func (o WebhookServerOptions) Validate(args []string) error {
return err
}
if errs := o.RecommendedOptions.Validate(); len(errs) > 0 {
return fmt.Errorf("error validating recommended options: %v", errs)
}
return nil
}

4068
pkg/acme/webhook/openapi/zz_generated.openapi.go Normal file
View File

File diff suppressed because it is too large Load Diff