efe1fa89fe
Yes, this is a huge commit.
The middleware allows you to customize the API groups of all of the
*.pinniped.dev API groups.
Some notes about other small things in this commit:
- We removed the internal/client package in favor of pkg/conciergeclient. The
two packages do basically the same thing. I don't think we use the former
anymore.
- We re-enabled cluster-scoped owner assertions in the integration tests.
This code was added in internal/ownerref. See a0546942 for when this
assertion was removed.
- Note: the middlware code is in charge of restoring the GV of a request object,
so we should never need to write mutations that do that.
- We updated the supervisor secret generation to no longer manually set an owner
reference to the deployment since the middleware code now does this. I think we
still need some way to make an initial event for the secret generator
controller, which involves knowing the namespace and the name of the generated
secret, so I still wired the deployment through. We could use a namespace/name
tuple here, but I was lazy.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Co-authored-by: Ryan Richard <richardry@vmware.com>
71 lines
2.0 KiB
Go
71 lines
2.0 KiB
Go
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package kubeclient
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"net/url"
|
|
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
restclient "k8s.io/client-go/rest"
|
|
|
|
"go.pinniped.dev/internal/plog"
|
|
)
|
|
|
|
// defaultServerUrlFor was copied from k8s.io/client-go/rest/url_utils.go.
|
|
//nolint: golint
|
|
func defaultServerUrlFor(config *restclient.Config) (*url.URL, string, error) {
|
|
hasCA := len(config.CAFile) != 0 || len(config.CAData) != 0
|
|
hasCert := len(config.CertFile) != 0 || len(config.CertData) != 0
|
|
defaultTLS := hasCA || hasCert || config.Insecure
|
|
host := config.Host
|
|
if host == "" {
|
|
host = "localhost"
|
|
}
|
|
|
|
if config.GroupVersion != nil {
|
|
return restclient.DefaultServerURL(host, config.APIPath, *config.GroupVersion, defaultTLS)
|
|
}
|
|
return restclient.DefaultServerURL(host, config.APIPath, schema.GroupVersion{}, defaultTLS)
|
|
}
|
|
|
|
// truncateBody was copied from k8s.io/client-go/rest/request.go
|
|
// ...except i changed klog invocations to analogous plog invocations
|
|
//
|
|
// truncateBody decides if the body should be truncated, based on the glog Verbosity.
|
|
func truncateBody(body string) string {
|
|
max := 0
|
|
switch {
|
|
case plog.Enabled(plog.LevelAll):
|
|
return body
|
|
case plog.Enabled(plog.LevelTrace):
|
|
max = 10240
|
|
case plog.Enabled(plog.LevelDebug):
|
|
max = 1024
|
|
}
|
|
|
|
if len(body) <= max {
|
|
return body
|
|
}
|
|
|
|
return body[:max] + fmt.Sprintf(" [truncated %d chars]", len(body)-max)
|
|
}
|
|
|
|
// glogBody logs a body output that could be either JSON or protobuf. It explicitly guards against
|
|
// allocating a new string for the body output unless necessary. Uses a simple heuristic to determine
|
|
// whether the body is printable.
|
|
func glogBody(prefix string, body []byte) {
|
|
if plog.Enabled(plog.LevelDebug) {
|
|
if bytes.IndexFunc(body, func(r rune) bool {
|
|
return r < 0x0a
|
|
}) != -1 {
|
|
plog.Debug(prefix, "body", truncateBody(hex.Dump(body)))
|
|
} else {
|
|
plog.Debug(prefix, "body", truncateBody(string(body)))
|
|
}
|
|
}
|
|
}
|