Skip to content

Commit

Permalink
Merge pull request #70138 from liggitt/optional-ca-bundle
Browse files Browse the repository at this point in the history 
Correct optional/omitempty indicator on webhook cabundle
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot committed Oct 23, 2018
2 parents 101d26c + fbd5597 commit 1fe288e
Show file tree
Hide file tree
Showing 19 changed files with 69 additions and 54 deletions.
11 changes: 4 additions & 7 deletions api/openapi-spec/swagger.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 1 addition & 5 deletions api/swagger-spec/admissionregistration.k8s.io_v1beta1.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 1 addition & 5 deletions api/swagger-spec/auditregistration.k8s.io_v1alpha1.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions docs/api-reference/admissionregistration.k8s.io/v1beta1/definitions.html
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions docs/api-reference/auditregistration.k8s.io/v1alpha1/definitions.html
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions pkg/apis/admissionregistration/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -328,9 +328,9 @@ type WebhookClientConfig struct {
// +optional
Service *ServiceReference

// `caBundle` is a PEM encoded CA bundle which will be used to validate
// the webhook's server certificate.
// Required.
// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
CABundle []byte
}

Expand Down
5 changes: 2 additions & 3 deletions pkg/apis/auditregistration/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,9 +173,8 @@ type WebhookClientConfig struct {
// +optional
Service *ServiceReference

// `caBundle` is a PEM encoded CA bundle which will be used to validate
// the webhook's server certificate.
// defaults to the apiservers CA bundle for the endpoint type
// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
CABundle []byte
}
Expand Down
6 changes: 3 additions & 3 deletions staging/src/k8s.io/api/admissionregistration/v1beta1/generated.proto
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 5 additions & 5 deletions staging/src/k8s.io/api/admissionregistration/v1beta1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,12 +282,12 @@ type WebhookClientConfig struct {
// Port 443 will be used if it is open, otherwise it is an error.
//
// +optional
Service *ServiceReference `json:"service" protobuf:"bytes,1,opt,name=service"`
Service *ServiceReference `json:"service,omitempty" protobuf:"bytes,1,opt,name=service"`

// `caBundle` is a PEM encoded CA bundle which will be used to validate
// the webhook's server certificate.
// Required.
CABundle []byte `json:"caBundle" protobuf:"bytes,2,opt,name=caBundle"`
// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
CABundle []byte `json:"caBundle,omitempty" protobuf:"bytes,2,opt,name=caBundle"`
}

// ServiceReference holds a reference to Service.legacy.k8s.io
Expand Down
2 changes: 1 addition & 1 deletion staging/src/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 2 additions & 3 deletions staging/src/k8s.io/api/auditregistration/v1alpha1/generated.proto
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 4 additions & 5 deletions staging/src/k8s.io/api/auditregistration/v1alpha1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,13 +169,12 @@ type WebhookClientConfig struct {
// Port 443 will be used if it is open, otherwise it is an error.
//
// +optional
Service *ServiceReference `json:"service" protobuf:"bytes,2,opt,name=service"`
Service *ServiceReference `json:"service,omitempty" protobuf:"bytes,2,opt,name=service"`

// `caBundle` is a PEM encoded CA bundle which will be used to validate
// the webhook's server certificate.
// defaults to the apiservers CA bundle for the endpoint type
// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
CABundle []byte `json:"caBundle" protobuf:"bytes,3,opt,name=caBundle"`
CABundle []byte `json:"caBundle,omitempty" protobuf:"bytes,3,opt,name=caBundle"`
}

// ServiceReference holds a reference to Service.legacy.k8s.io
Expand Down
2 changes: 1 addition & 1 deletion staging/src/k8s.io/api/auditregistration/v1alpha1/types_swagger_doc_generated.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

38 changes: 31 additions & 7 deletions staging/src/k8s.io/client-go/transport/transport_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,20 +93,32 @@ stR0Yiw0buV6DL/moUO0HIM9Bjh96HJp+LxiIS6UCdIhMPp5HoQa

func TestNew(t *testing.T) {
testCases := map[string]struct {
Config *Config
Err bool
TLS bool
TLSCert bool
TLSErr bool
Default bool
Config *Config
Err bool
TLS bool
TLSCert bool
TLSErr bool
Default bool
Insecure bool
DefaultRoots bool
}{
"default transport": {
Default: true,
Config: &Config{},
},

"insecure": {
TLS: true,
Insecure: true,
DefaultRoots: true,
Config: &Config{TLS: TLSConfig{
Insecure: true,
}},
},

"server name": {
TLS: true,
TLS: true,
DefaultRoots: true,
Config: &Config{TLS: TLSConfig{
ServerName: "foo",
}},
Expand Down Expand Up @@ -266,6 +278,18 @@ func TestNew(t *testing.T) {
return
}

switch {
case testCase.DefaultRoots && transport.TLSClientConfig.RootCAs != nil:
t.Fatalf("got %#v, expected nil root CAs", transport.TLSClientConfig.RootCAs)
case !testCase.DefaultRoots && transport.TLSClientConfig.RootCAs == nil:
t.Fatalf("got %#v, expected non-nil root CAs", transport.TLSClientConfig.RootCAs)
}

switch {
case testCase.Insecure != transport.TLSClientConfig.InsecureSkipVerify:
t.Fatalf("got %#v, expected %#v", transport.TLSClientConfig.InsecureSkipVerify, testCase.Insecure)
}

switch {
case testCase.TLSCert && transport.TLSClientConfig.GetClientCertificate == nil:
t.Fatalf("got %#v, expected TLSClientConfig.GetClientCertificate", transport.TLSClientConfig)
Expand Down
1 change: 1 addition & 0 deletions staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ type APIServiceSpec struct {
// This is strongly discouraged. You should use the CABundle instead.
InsecureSkipTLSVerify bool
// CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
CABundle []byte

Expand Down
1 change: 1 addition & 0 deletions staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/generated.proto
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ type APIServiceSpec struct {
// This is strongly discouraged. You should use the CABundle instead.
InsecureSkipTLSVerify bool `json:"insecureSkipTLSVerify,omitempty" protobuf:"varint,4,opt,name=insecureSkipTLSVerify"`
// CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
CABundle []byte `json:"caBundle,omitempty" protobuf:"bytes,5,opt,name=caBundle"`

Expand Down
1 change: 1 addition & 0 deletions staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/generated.proto
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ type APIServiceSpec struct {
// This is strongly discouraged. You should use the CABundle instead.
InsecureSkipTLSVerify bool `json:"insecureSkipTLSVerify,omitempty" protobuf:"varint,4,opt,name=insecureSkipTLSVerify"`
// CABundle is a PEM encoded CA bundle which will be used to validate an API server's serving certificate.
// If unspecified, system trust roots on the apiserver are used.
// +optional
CABundle []byte `json:"caBundle,omitempty" protobuf:"bytes,5,opt,name=caBundle"`

Expand Down

0 comments on commit 1fe288e

Please sign in to comment.