|
5 | 5 | - [Verification Tests](#verification-tests) |
6 | 6 | - [Overview](#overview) |
7 | 7 | - [Note](#note) |
8 | | - - [`verify-govet-levee`](#verify-govet-leve) |
| 8 | + - [verify-govet-levee](#verify-govet-leve) |
| 9 | + - [verify-api-groups](#verify-api-groups) |
9 | 10 |
|
10 | 11 | ## Overview |
11 | 12 |
|
@@ -81,3 +82,26 @@ In order of decreasing preference: |
81 | 82 |
|
82 | 83 | Analysis configuration can be found at [kubernetes/kubernetes/hack/testdata/levee/levee-config.yaml](https://github.com/kubernetes/kubernetes/blob/master/hack/testdata/levee/levee-config.yaml). |
83 | 84 | Contact SIG-Security with any additional questions. |
| 85 | + |
| 86 | +### `verify-api-groups` |
| 87 | + |
| 88 | +This verification script validates the different api-groups by reading |
| 89 | +the respective `register.go` file. Every register file must contain a |
| 90 | +GroupName. Another check which is performed when this script runs is |
| 91 | +to ensure that all types have client code generated for them, except |
| 92 | +types that belong to groups not served from the API server (defined in |
| 93 | +this script via the bash array `groups_without_codegen`). |
| 94 | + |
| 95 | +Next, the script compares the `GroupName`s against |
| 96 | +`import_known_versions` to ensure the import packages will get |
| 97 | +installed. We list out packages which are required without |
| 98 | +installation along with importing `known_version`. Then we do a search |
| 99 | +for packages that reqiure installation on the basis of |
| 100 | +`packages_without_installation`. We verify if file is a |
| 101 | +`known_version_file` or not only if an `expected_install_package` is |
| 102 | +present in it. |
| 103 | + |
| 104 | +Finally the script checks that all external group versions |
| 105 | +(e.g. `foobar/v1`) are defined in `hack/lib/init.sh` in either the |
| 106 | +`KUBE_AVAILABLE_GROUP_VERSIONS` or `KUBE_NONSERVER_GROUP_VERSIONS` |
| 107 | +bash variables. |
0 commit comments