Skip to content

Commit 6d33537

Browse files
liggittliggitt
committed
Add configmap->node destination edges to the node authorizer index
1 parent acd97b4 commit 6d33537

File tree

2 files changed

+12
-5
lines changed

2 files changed

+12
-5
lines changed

plugin/pkg/auth/authorizer/node/graph.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -451,7 +451,9 @@ func (g *Graph) SetNodeConfigMap(nodeName, configMapName, configMapNamespace str
451451
if len(configMapName) > 0 && len(configMapNamespace) > 0 {
452452
configmapVertex := g.getOrCreateVertex_locked(configMapVertexType, configMapNamespace, configMapName)
453453
nodeVertex := g.getOrCreateVertex_locked(nodeVertexType, "", nodeName)
454-
g.graph.SetEdge(newDestinationEdge(configmapVertex, nodeVertex, nodeVertex))
454+
e := newDestinationEdge(configmapVertex, nodeVertex, nodeVertex)
455+
g.graph.SetEdge(e)
456+
g.addEdgeToDestinationIndex_locked(e)
455457
}
456458

457459
}

plugin/pkg/auth/authorizer/node/graph_test.go

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -348,20 +348,22 @@ func TestIndex(t *testing.T) {
348348
g.SetNodeConfigMap("node1", "cm1", "ns")
349349
g.SetNodeConfigMap("node2", "cm1", "ns")
350350
g.SetNodeConfigMap("node3", "cm1", "ns")
351+
g.SetNodeConfigMap("node4", "cm1", "ns")
351352
expectGraph(map[string][]string{
352353
"node:node1": {},
353354
"node:node2": {},
354355
"node:node3": {},
356+
"node:node4": {},
355357
"pod:ns/pod2": {"node:node2"},
356358
"pod:ns/pod3": {"node:node3"},
357359
"pod:ns/pod4": {"node:node1"},
358-
"configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
360+
"configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "node:node4", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
359361
"configmap:ns/cm2": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
360362
"configmap:ns/cm3": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
361363
"serviceAccount:ns/sa1": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
362364
})
363365
expectIndex(map[string][]string{
364-
"configmap:ns/cm1": {"node:node1", "node:node2", "node:node3"},
366+
"configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "node:node4"},
365367
"configmap:ns/cm2": {"node:node1", "node:node2", "node:node3"},
366368
"configmap:ns/cm3": {"node:node1", "node:node2", "node:node3"},
367369
"serviceAccount:ns/sa1": {"node:node1", "node:node2", "node:node3"},
@@ -373,27 +375,30 @@ func TestIndex(t *testing.T) {
373375
"node:node1": {},
374376
"node:node2": {},
375377
"node:node3": {},
378+
"node:node4": {},
376379
"pod:ns/pod2": {"node:node2"},
377380
"pod:ns/pod3": {"node:node3"},
378381
"pod:ns/pod4": {"node:node1"},
379-
"configmap:ns/cm1": {"node:node2", "node:node3", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
382+
"configmap:ns/cm1": {"node:node2", "node:node3", "node:node4", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
380383
"configmap:ns/cm2": {"node:node1", "pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
381384
"configmap:ns/cm3": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
382385
"serviceAccount:ns/sa1": {"pod:ns/pod2", "pod:ns/pod3", "pod:ns/pod4"},
383386
})
384387
expectIndex(map[string][]string{
385-
"configmap:ns/cm1": {"node:node1", "node:node2", "node:node3"},
388+
"configmap:ns/cm1": {"node:node1", "node:node2", "node:node3", "node:node4"},
386389
"configmap:ns/cm2": {"node:node1", "node:node2", "node:node3"},
387390
"configmap:ns/cm3": {"node:node1", "node:node2", "node:node3"},
388391
"serviceAccount:ns/sa1": {"node:node1", "node:node2", "node:node3"},
389392
})
390393

391394
// Remove node->configmap reference
392395
g.SetNodeConfigMap("node1", "", "")
396+
g.SetNodeConfigMap("node4", "", "")
393397
expectGraph(map[string][]string{
394398
"node:node1": {},
395399
"node:node2": {},
396400
"node:node3": {},
401+
"node:node4": {},
397402
"pod:ns/pod2": {"node:node2"},
398403
"pod:ns/pod3": {"node:node3"},
399404
"pod:ns/pod4": {"node:node1"},

0 commit comments

Comments
 (0)