diff options
Diffstat (limited to 'vendor/k8s.io/apiserver')
| -rw-r--r-- | vendor/k8s.io/apiserver/LICENSE | 202 | ||||
| -rw-r--r-- | vendor/k8s.io/apiserver/README.md | 30 | ||||
| -rw-r--r-- | vendor/k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go | 68 | ||||
| -rw-r--r-- | vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go | 73 | ||||
| -rw-r--r-- | vendor/k8s.io/apiserver/pkg/authentication/user/doc.go | 19 | ||||
| -rw-r--r-- | vendor/k8s.io/apiserver/pkg/authentication/user/user.go | 83 | ||||
| -rw-r--r-- | vendor/k8s.io/apiserver/pkg/features/kube_features.go | 81 | ||||
| -rw-r--r-- | vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go | 308 |
8 files changed, 0 insertions, 864 deletions
diff --git a/vendor/k8s.io/apiserver/LICENSE b/vendor/k8s.io/apiserver/LICENSE deleted file mode 100644 index d64569567..000000000 --- a/vendor/k8s.io/apiserver/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/k8s.io/apiserver/README.md b/vendor/k8s.io/apiserver/README.md deleted file mode 100644 index 130ba87de..000000000 --- a/vendor/k8s.io/apiserver/README.md +++ /dev/null @@ -1,30 +0,0 @@ -# apiserver - -Generic library for building a Kubernetes aggregated API server. - - -## Purpose - -This library contains code to create Kubernetes aggregation server complete with delegated authentication and authorization, -`kubectl` compatible discovery information, optional admission chain, and versioned types. It's first consumers are -`k8s.io/kubernetes`, `k8s.io/kube-aggregator`, and `github.com/kubernetes-incubator/service-catalog`. - - -## Compatibility - -There are *NO compatibility guarantees* for this repository, yet. It is in direct support of Kubernetes, so branches -will track Kubernetes and be compatible with that repo. As we more cleanly separate the layers, we will review the -compatibility guarantee. We have a goal to make this easier to use in 2017. - - -## Where does it come from? - -`apiserver` is synced from https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver. -Code changes are made in that location, merged into `k8s.io/kubernetes` and later synced here. - - -## Things you should *NOT* do - - 1. Directly modify any files under `pkg` in this repo. Those are driven from `k8s.io/kubernetes/staging/src/k8s.io/apiserver`. - 2. Expect compatibility. This repo is changing quickly in direct support of - Kubernetes and the API isn't yet stable enough for API guarantees. diff --git a/vendor/k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go b/vendor/k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go deleted file mode 100644 index fd3d0383e..000000000 --- a/vendor/k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package authenticator - -import ( - "net/http" - - "k8s.io/apiserver/pkg/authentication/user" -) - -// Token checks a string value against a backing authentication store and returns -// information about the current user and true if successful, false if not successful, -// or an error if the token could not be checked. -type Token interface { - AuthenticateToken(token string) (user.Info, bool, error) -} - -// Request attempts to extract authentication information from a request and returns -// information about the current user and true if successful, false if not successful, -// or an error if the request could not be checked. -type Request interface { - AuthenticateRequest(req *http.Request) (user.Info, bool, error) -} - -// Password checks a username and password against a backing authentication store and -// returns information about the user and true if successful, false if not successful, -// or an error if the username and password could not be checked -type Password interface { - AuthenticatePassword(user, password string) (user.Info, bool, error) -} - -// TokenFunc is a function that implements the Token interface. -type TokenFunc func(token string) (user.Info, bool, error) - -// AuthenticateToken implements authenticator.Token. -func (f TokenFunc) AuthenticateToken(token string) (user.Info, bool, error) { - return f(token) -} - -// RequestFunc is a function that implements the Request interface. -type RequestFunc func(req *http.Request) (user.Info, bool, error) - -// AuthenticateRequest implements authenticator.Request. -func (f RequestFunc) AuthenticateRequest(req *http.Request) (user.Info, bool, error) { - return f(req) -} - -// PasswordFunc is a function that implements the Password interface. -type PasswordFunc func(user, password string) (user.Info, bool, error) - -// AuthenticatePassword implements authenticator.Password. -func (f PasswordFunc) AuthenticatePassword(user, password string) (user.Info, bool, error) { - return f(user, password) -} diff --git a/vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go b/vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go deleted file mode 100644 index 1b7bbc139..000000000 --- a/vendor/k8s.io/apiserver/pkg/authentication/serviceaccount/util.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package serviceaccount - -import ( - "fmt" - "strings" - - apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" -) - -const ( - ServiceAccountUsernamePrefix = "system:serviceaccount:" - ServiceAccountUsernameSeparator = ":" - ServiceAccountGroupPrefix = "system:serviceaccounts:" - AllServiceAccountsGroup = "system:serviceaccounts" -) - -// MakeUsername generates a username from the given namespace and ServiceAccount name. -// The resulting username can be passed to SplitUsername to extract the original namespace and ServiceAccount name. -func MakeUsername(namespace, name string) string { - return ServiceAccountUsernamePrefix + namespace + ServiceAccountUsernameSeparator + name -} - -var invalidUsernameErr = fmt.Errorf("Username must be in the form %s", MakeUsername("namespace", "name")) - -// SplitUsername returns the namespace and ServiceAccount name embedded in the given username, -// or an error if the username is not a valid name produced by MakeUsername -func SplitUsername(username string) (string, string, error) { - if !strings.HasPrefix(username, ServiceAccountUsernamePrefix) { - return "", "", invalidUsernameErr - } - trimmed := strings.TrimPrefix(username, ServiceAccountUsernamePrefix) - parts := strings.Split(trimmed, ServiceAccountUsernameSeparator) - if len(parts) != 2 { - return "", "", invalidUsernameErr - } - namespace, name := parts[0], parts[1] - if len(apimachineryvalidation.ValidateNamespaceName(namespace, false)) != 0 { - return "", "", invalidUsernameErr - } - if len(apimachineryvalidation.ValidateServiceAccountName(name, false)) != 0 { - return "", "", invalidUsernameErr - } - return namespace, name, nil -} - -// MakeGroupNames generates service account group names for the given namespace -func MakeGroupNames(namespace string) []string { - return []string{ - AllServiceAccountsGroup, - MakeNamespaceGroupName(namespace), - } -} - -// MakeNamespaceGroupName returns the name of the group all service accounts in the namespace are included in -func MakeNamespaceGroupName(namespace string) string { - return ServiceAccountGroupPrefix + namespace -} diff --git a/vendor/k8s.io/apiserver/pkg/authentication/user/doc.go b/vendor/k8s.io/apiserver/pkg/authentication/user/doc.go deleted file mode 100644 index 570c51ae9..000000000 --- a/vendor/k8s.io/apiserver/pkg/authentication/user/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package user contains utilities for dealing with simple user exchange in the auth -// packages. The user.Info interface defines an interface for exchanging that info. -package user diff --git a/vendor/k8s.io/apiserver/pkg/authentication/user/user.go b/vendor/k8s.io/apiserver/pkg/authentication/user/user.go deleted file mode 100644 index f02dc39ec..000000000 --- a/vendor/k8s.io/apiserver/pkg/authentication/user/user.go +++ /dev/null @@ -1,83 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package user - -// Info describes a user that has been authenticated to the system. -type Info interface { - // GetName returns the name that uniquely identifies this user among all - // other active users. - GetName() string - // GetUID returns a unique value for a particular user that will change - // if the user is removed from the system and another user is added with - // the same name. - GetUID() string - // GetGroups returns the names of the groups the user is a member of - GetGroups() []string - - // GetExtra can contain any additional information that the authenticator - // thought was interesting. One example would be scopes on a token. - // Keys in this map should be namespaced to the authenticator or - // authenticator/authorizer pair making use of them. - // For instance: "example.org/foo" instead of "foo" - // This is a map[string][]string because it needs to be serializeable into - // a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization - // delegation flows - // In order to faithfully round-trip through an impersonation flow, these keys - // MUST be lowercase. - GetExtra() map[string][]string -} - -// DefaultInfo provides a simple user information exchange object -// for components that implement the UserInfo interface. -type DefaultInfo struct { - Name string - UID string - Groups []string - Extra map[string][]string -} - -func (i *DefaultInfo) GetName() string { - return i.Name -} - -func (i *DefaultInfo) GetUID() string { - return i.UID -} - -func (i *DefaultInfo) GetGroups() []string { - return i.Groups -} - -func (i *DefaultInfo) GetExtra() map[string][]string { - return i.Extra -} - -// well-known user and group names -const ( - SystemPrivilegedGroup = "system:masters" - NodesGroup = "system:nodes" - AllUnauthenticated = "system:unauthenticated" - AllAuthenticated = "system:authenticated" - - Anonymous = "system:anonymous" - APIServerUser = "system:apiserver" - - // core kubernetes process identities - KubeProxy = "system:kube-proxy" - KubeControllerManager = "system:kube-controller-manager" - KubeScheduler = "system:kube-scheduler" -) diff --git a/vendor/k8s.io/apiserver/pkg/features/kube_features.go b/vendor/k8s.io/apiserver/pkg/features/kube_features.go deleted file mode 100644 index 57bab8b00..000000000 --- a/vendor/k8s.io/apiserver/pkg/features/kube_features.go +++ /dev/null @@ -1,81 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package features - -import ( - utilfeature "k8s.io/apiserver/pkg/util/feature" -) - -const ( - // Every feature gate should add method here following this template: - // - // // owner: @username - // // alpha: v1.4 - // MyFeature() bool - - // owner: @tallclair - // alpha: v1.5 - // - // StreamingProxyRedirects controls whether the apiserver should intercept (and follow) - // redirects from the backend (Kubelet) for streaming requests (exec/attach/port-forward). - StreamingProxyRedirects utilfeature.Feature = "StreamingProxyRedirects" - - // owner: @tallclair - // alpha: v1.7 - // beta: v1.8 - // - // AdvancedAuditing enables a much more general API auditing pipeline, which includes support for - // pluggable output backends and an audit policy specifying how different requests should be - // audited. - AdvancedAuditing utilfeature.Feature = "AdvancedAuditing" - - // owner: @ilackams - // alpha: v1.7 - // - // Enables compression of REST responses (GET and LIST only) - APIResponseCompression utilfeature.Feature = "APIResponseCompression" - - // owner: @smarterclayton - // alpha: v1.7 - // - // Allow asynchronous coordination of object creation. - // Auto-enabled by the Initializers admission plugin. - Initializers utilfeature.Feature = "Initializers" - - // owner: @smarterclayton - // alpha: v1.8 - // beta: v1.9 - // - // Allow API clients to retrieve resource lists in chunks rather than - // all at once. - APIListChunking utilfeature.Feature = "APIListChunking" -) - -func init() { - utilfeature.DefaultFeatureGate.Add(defaultKubernetesFeatureGates) -} - -// defaultKubernetesFeatureGates consists of all known Kubernetes-specific feature keys. -// To add a new feature, define a key for it above and add it here. The features will be -// available throughout Kubernetes binaries. -var defaultKubernetesFeatureGates = map[utilfeature.Feature]utilfeature.FeatureSpec{ - StreamingProxyRedirects: {Default: true, PreRelease: utilfeature.Beta}, - AdvancedAuditing: {Default: true, PreRelease: utilfeature.Beta}, - APIResponseCompression: {Default: false, PreRelease: utilfeature.Alpha}, - Initializers: {Default: false, PreRelease: utilfeature.Alpha}, - APIListChunking: {Default: true, PreRelease: utilfeature.Beta}, -} diff --git a/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go b/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go deleted file mode 100644 index 306877124..000000000 --- a/vendor/k8s.io/apiserver/pkg/util/feature/feature_gate.go +++ /dev/null @@ -1,308 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package feature - -import ( - "fmt" - "sort" - "strconv" - "strings" - "sync" - "sync/atomic" - - "github.com/golang/glog" - "github.com/spf13/pflag" -) - -type Feature string - -const ( - flagName = "feature-gates" - - // allAlphaGate is a global toggle for alpha features. Per-feature key - // values override the default set by allAlphaGate. Examples: - // AllAlpha=false,NewFeature=true will result in newFeature=true - // AllAlpha=true,NewFeature=false will result in newFeature=false - allAlphaGate Feature = "AllAlpha" -) - -var ( - // The generic features. - defaultFeatures = map[Feature]FeatureSpec{ - allAlphaGate: {Default: false, PreRelease: Alpha}, - } - - // Special handling for a few gates. - specialFeatures = map[Feature]func(known map[Feature]FeatureSpec, enabled map[Feature]bool, val bool){ - allAlphaGate: setUnsetAlphaGates, - } - - // DefaultFeatureGate is a shared global FeatureGate. - DefaultFeatureGate FeatureGate = NewFeatureGate() -) - -type FeatureSpec struct { - Default bool - PreRelease prerelease -} - -type prerelease string - -const ( - // Values for PreRelease. - Alpha = prerelease("ALPHA") - Beta = prerelease("BETA") - GA = prerelease("") - - // Deprecated - Deprecated = prerelease("DEPRECATED") -) - -// FeatureGate parses and stores flag gates for known features from -// a string like feature1=true,feature2=false,... -type FeatureGate interface { - // AddFlag adds a flag for setting global feature gates to the specified FlagSet. - AddFlag(fs *pflag.FlagSet) - // Set parses and stores flag gates for known features - // from a string like feature1=true,feature2=false,... - Set(value string) error - // SetFromMap stores flag gates for known features from a map[string]bool or returns an error - SetFromMap(m map[string]bool) error - // Enabled returns true if the key is enabled. - Enabled(key Feature) bool - // Add adds features to the featureGate. - Add(features map[Feature]FeatureSpec) error - // KnownFeatures returns a slice of strings describing the FeatureGate's known features. - KnownFeatures() []string -} - -// featureGate implements FeatureGate as well as pflag.Value for flag parsing. -type featureGate struct { - special map[Feature]func(map[Feature]FeatureSpec, map[Feature]bool, bool) - - // lock guards writes to known, enabled, and reads/writes of closed - lock sync.Mutex - // known holds a map[Feature]FeatureSpec - known *atomic.Value - // enabled holds a map[Feature]bool - enabled *atomic.Value - // closed is set to true when AddFlag is called, and prevents subsequent calls to Add - closed bool -} - -func setUnsetAlphaGates(known map[Feature]FeatureSpec, enabled map[Feature]bool, val bool) { - for k, v := range known { - if v.PreRelease == Alpha { - if _, found := enabled[k]; !found { - enabled[k] = val - } - } - } -} - -// Set, String, and Type implement pflag.Value -var _ pflag.Value = &featureGate{} - -func NewFeatureGate() *featureGate { - known := map[Feature]FeatureSpec{} - for k, v := range defaultFeatures { - known[k] = v - } - - knownValue := &atomic.Value{} - knownValue.Store(known) - - enabled := map[Feature]bool{} - enabledValue := &atomic.Value{} - enabledValue.Store(enabled) - - f := &featureGate{ - known: knownValue, - special: specialFeatures, - enabled: enabledValue, - } - return f -} - -// Set parses a string of the form "key1=value1,key2=value2,..." into a -// map[string]bool of known keys or returns an error. -func (f *featureGate) Set(value string) error { - f.lock.Lock() - defer f.lock.Unlock() - - // Copy existing state - known := map[Feature]FeatureSpec{} - for k, v := range f.known.Load().(map[Feature]FeatureSpec) { - known[k] = v - } - enabled := map[Feature]bool{} - for k, v := range f.enabled.Load().(map[Feature]bool) { - enabled[k] = v - } - - for _, s := range strings.Split(value, ",") { - if len(s) == 0 { - continue - } - arr := strings.SplitN(s, "=", 2) - k := Feature(strings.TrimSpace(arr[0])) - featureSpec, ok := known[k] - if !ok { - return fmt.Errorf("unrecognized key: %s", k) - } - if len(arr) != 2 { - return fmt.Errorf("missing bool value for %s", k) - } - v := strings.TrimSpace(arr[1]) - boolValue, err := strconv.ParseBool(v) - if err != nil { - return fmt.Errorf("invalid value of %s: %s, err: %v", k, v, err) - } - enabled[k] = boolValue - if boolValue && featureSpec.PreRelease == Deprecated { - glog.Warningf("enabling deprecated feature gate %s", k) - } - - // Handle "special" features like "all alpha gates" - if fn, found := f.special[k]; found { - fn(known, enabled, boolValue) - } - } - - // Persist changes - f.known.Store(known) - f.enabled.Store(enabled) - - glog.Infof("feature gates: %v", enabled) - return nil -} - -// SetFromMap stores flag gates for known features from a map[string]bool or returns an error -func (f *featureGate) SetFromMap(m map[string]bool) error { - f.lock.Lock() - defer f.lock.Unlock() - - // Copy existing state - known := map[Feature]FeatureSpec{} - for k, v := range f.known.Load().(map[Feature]FeatureSpec) { - known[k] = v - } - enabled := map[Feature]bool{} - for k, v := range f.enabled.Load().(map[Feature]bool) { - enabled[k] = v - } - - for k, v := range m { - k := Feature(k) - _, ok := known[k] - if !ok { - return fmt.Errorf("unrecognized key: %s", k) - } - enabled[k] = v - // Handle "special" features like "all alpha gates" - if fn, found := f.special[k]; found { - fn(known, enabled, v) - } - } - - // Persist changes - f.known.Store(known) - f.enabled.Store(enabled) - - glog.Infof("feature gates: %v", f.enabled) - return nil -} - -// String returns a string containing all enabled feature gates, formatted as "key1=value1,key2=value2,...". -func (f *featureGate) String() string { - pairs := []string{} - for k, v := range f.enabled.Load().(map[Feature]bool) { - pairs = append(pairs, fmt.Sprintf("%s=%t", k, v)) - } - sort.Strings(pairs) - return strings.Join(pairs, ",") -} - -func (f *featureGate) Type() string { - return "mapStringBool" -} - -// Add adds features to the featureGate. -func (f *featureGate) Add(features map[Feature]FeatureSpec) error { - f.lock.Lock() - defer f.lock.Unlock() - - if f.closed { - return fmt.Errorf("cannot add a feature gate after adding it to the flag set") - } - - // Copy existing state - known := map[Feature]FeatureSpec{} - for k, v := range f.known.Load().(map[Feature]FeatureSpec) { - known[k] = v - } - - for name, spec := range features { - if existingSpec, found := known[name]; found { - if existingSpec == spec { - continue - } - return fmt.Errorf("feature gate %q with different spec already exists: %v", name, existingSpec) - } - - known[name] = spec - } - - // Persist updated state - f.known.Store(known) - - return nil -} - -// Enabled returns true if the key is enabled. -func (f *featureGate) Enabled(key Feature) bool { - if v, ok := f.enabled.Load().(map[Feature]bool)[key]; ok { - return v - } - return f.known.Load().(map[Feature]FeatureSpec)[key].Default -} - -// AddFlag adds a flag for setting global feature gates to the specified FlagSet. -func (f *featureGate) AddFlag(fs *pflag.FlagSet) { - f.lock.Lock() - f.closed = true - f.lock.Unlock() - - known := f.KnownFeatures() - fs.Var(f, flagName, ""+ - "A set of key=value pairs that describe feature gates for alpha/experimental features. "+ - "Options are:\n"+strings.Join(known, "\n")) -} - -// KnownFeatures returns a slice of strings describing the FeatureGate's known features. -func (f *featureGate) KnownFeatures() []string { - var known []string - for k, v := range f.known.Load().(map[Feature]FeatureSpec) { - pre := "" - if v.PreRelease != GA { - pre = fmt.Sprintf("%s - ", v.PreRelease) - } - known = append(known, fmt.Sprintf("%s=true|false (%sdefault=%t)", k, pre, v.Default)) - } - sort.Strings(known) - return known -} |