From d54414add4e4df1b5a7b166f155cdcca512d4ee2 Mon Sep 17 00:00:00 2001 From: Noel Georgi Date: Thu, 12 Dec 2024 19:40:32 +0530 Subject: [PATCH] fix: authorization config gen We were appending to existing slice, fix by using a variable. Signed-off-by: Noel Georgi --- .../pkg/controllers/k8s/control_plane.go | 15 ++++--- .../pkg/controllers/k8s/control_plane_test.go | 45 ++++++++++--------- 2 files changed, 35 insertions(+), 25 deletions(-) diff --git a/internal/app/machined/pkg/controllers/k8s/control_plane.go b/internal/app/machined/pkg/controllers/k8s/control_plane.go index dc8f6de71..595788ab1 100644 --- a/internal/app/machined/pkg/controllers/k8s/control_plane.go +++ b/internal/app/machined/pkg/controllers/k8s/control_plane.go @@ -7,6 +7,7 @@ package k8s import ( "context" "fmt" + "slices" "strconv" "strings" @@ -127,20 +128,24 @@ func NewControlPlaneAuthorizationController() *ControlPlaneAuthorizationControll return nil } + var authorizers []k8s.AuthorizationAuthorizersSpec + for _, authorizer := range cfgProvider.Cluster().APIServer().AuthorizationConfig() { // skip Node and RBAC authorizers as we add them by default later on. if authorizer.Type() == "Node" || authorizer.Type() == "RBAC" { continue } - res.TypedSpec().Config = append(res.TypedSpec().Config, k8s.AuthorizationAuthorizersSpec{ - Type: authorizer.Type(), - Name: authorizer.Name(), - Webhook: authorizer.Webhook(), + authorizers = slices.Concat(authorizers, []k8s.AuthorizationAuthorizersSpec{ + { + Type: authorizer.Type(), + Name: authorizer.Name(), + Webhook: authorizer.Webhook(), + }, }) } - res.TypedSpec().Config = append(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, res.TypedSpec().Config...) + res.TypedSpec().Config = slices.Concat(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, authorizers) return nil }, diff --git a/internal/app/machined/pkg/controllers/k8s/control_plane_test.go b/internal/app/machined/pkg/controllers/k8s/control_plane_test.go index 98a95a0b8..0d9a11b23 100644 --- a/internal/app/machined/pkg/controllers/k8s/control_plane_test.go +++ b/internal/app/machined/pkg/controllers/k8s/control_plane_test.go @@ -6,6 +6,7 @@ package k8s_test import ( "net/url" + "slices" "strings" "testing" "time" @@ -208,16 +209,18 @@ func (suite *K8sControlPlaneSuite) TestReconcileAdditionalAuthorizationConfigAut suite.setupMachine(cfg) - expectedAuthorizers := append(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, k8s.AuthorizationAuthorizersSpec{ //nolint:gocritic - Type: "Webhook", - Name: "webhook", - Webhook: map[string]any{ - "timeout": "3s", - "subjectAccessReviewVersion": "v1", - "matchConditionSubjectAccessReviewVersion": "v1", - "failurePolicy": "NoOpinion", - "connectionInfo": map[string]any{ - "type": "InClusterConfig", + expectedAuthorizers := slices.Concat(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, []k8s.AuthorizationAuthorizersSpec{ + { + Type: "Webhook", + Name: "webhook", + Webhook: map[string]any{ + "timeout": "3s", + "subjectAccessReviewVersion": "v1", + "matchConditionSubjectAccessReviewVersion": "v1", + "failurePolicy": "NoOpinion", + "connectionInfo": map[string]any{ + "type": "InClusterConfig", + }, }, }, }) @@ -280,16 +283,18 @@ func (suite *K8sControlPlaneSuite) TestReconcileAdditionalAuthorizationConfigAut suite.setupMachine(cfg) - expectedAuthorizers := append(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, k8s.AuthorizationAuthorizersSpec{ //nolint:gocritic - Type: "Webhook", - Name: "webhook", - Webhook: map[string]any{ - "timeout": "3s", - "subjectAccessReviewVersion": "v1", - "matchConditionSubjectAccessReviewVersion": "v1", - "failurePolicy": "NoOpinion", - "connectionInfo": map[string]any{ - "type": "InClusterConfig", + expectedAuthorizers := slices.Concat(v1alpha1.APIServerDefaultAuthorizationConfigAuthorizers, []k8s.AuthorizationAuthorizersSpec{ + { + Type: "Webhook", + Name: "webhook", + Webhook: map[string]any{ + "timeout": "3s", + "subjectAccessReviewVersion": "v1", + "matchConditionSubjectAccessReviewVersion": "v1", + "failurePolicy": "NoOpinion", + "connectionInfo": map[string]any{ + "type": "InClusterConfig", + }, }, }, })