Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Duplicate v1beta1 AuthenticationConfiguration to v1 #131752

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
Loading
from
Open

Duplicate v1beta1 AuthenticationConfiguration to v1 #131752

wants to merge 2 commits into from
+1,057 −62

Conversation

aramase
Copy link
Member

@aramase aramase commented May 13, 2025

What type of PR is this?

/kind feature
/kind api-change

What this PR does / why we need it:

Adds apiserver.config.k8s.io/v1 AuthenticationConfiguration types

part of kubernetes/enhancements#3331

Special notes for your reviewer:

Does this PR introduce a user-facing change?

kube-apiserver: the AuthenticationConfiguration type accepted in `--authentication-config` files has been promoted to `apiserver.config.k8s.io/v1`.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[KEP]: https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3331-structured-authentication-configuration

/sig auth
/triage accepted
/priority important-soon

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/feature Categorizes issue or PR as related to a new feature. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API sig/auth Categorizes an issue or PR as relevant to SIG Auth. labels May 13, 2025
@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels May 13, 2025
@aramase
Copy link
Member Author

aramase commented May 13, 2025

/assign enj liggitt

@k8s-ci-robot k8s-ci-robot added area/apiserver area/test sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/testing Categorizes an issue or PR as relevant to SIG Testing. labels May 13, 2025
@aramase aramase moved this to In Review in SIG Auth May 13, 2025
@aramase aramase mentioned this pull request May 13, 2025
Open
49 tasks
@k8s-triage-robot
Copy link

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

aramase added 2 commits May 13, 2025 15:48
@aramase
Duplicate v1beta1 AuthenticationConfiguration to v1
15d4d39 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
@aramase
Update tests to use v1 for AuthenticationConfiguration
2aa6627 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
@aramase aramase force-pushed the aramase/f/kep_3331_v1_api branch from 33995d7 to 2aa6627 Compare May 13, 2025 22:50
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: aramase
Once this PR has been reviewed and has the lgtm label, please ask for approval from liggitt. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@liggitt liggitt added this to the v1.34 milestone May 14, 2025
@liggitt liggitt moved this to In progress in API Reviews May 14, 2025
dims
dims reviewed May 15, 2025
View reviewed changes
test/integration/apiserver/oidc/oidc_test.go
@@ -152,7 +152,7 @@ func runTests(t *testing.T, useAuthenticationConfig bool) {

if useAuthenticationConfig {
authenticationConfig := fmt.Sprintf(`
apiVersion: apiserver.config.k8s.io/v1beta1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to keep some testing for older versions too? looks like when we added v1beta1, we still had v1alpha1 as well? (eye-balling the rest of the changes in this file)

dims
dims reviewed May 15, 2025
View reviewed changes
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1/types.go

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// AuthenticationConfiguration provides versioned configuration for authentication.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the order of the structs in staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1beta1/types.go and this file ( staging/src/k8s.io/apiserver/pkg/apis/apiserver/types.go ) is now different. so it gets harder to compare over time. Do we want to keep the order the same so a diff would be clearer?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can confirm that is is a cut-n-paste for v1beta1 for sure :)

dims
dims reviewed May 15, 2025
View reviewed changes
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1/types.go
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// AuthenticationConfiguration provides versioned configuration for authentication.
type AuthenticationConfiguration struct {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the code in v1beta1 was added in:

I do not see any version specific manual defaults or conversions. Will take one more pass in a bit

dims
dims reviewed May 15, 2025
View reviewed changes
staging/src/k8s.io/apiserver/pkg/apis/apiserver/v1/types.go
// Valid types for AudienceMatchPolicyType
const (
// MatchAny means the "aud" claim in the presented JWT must match at least one of the entries in the "audiences" field.
AudienceMatchPolicyMatchAny AudienceMatchPolicyType = "MatchAny"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at uses of this const in various files - https://cs.k8s.io/?q=AudienceMatchPolicyMatchAny&i=nope&literal=nope&files=&excludeFiles=&repos=kubernetes/kubernetes

is this for end user use only? (since we don't use it internally)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dims dims dims left review comments

@derekwaynecarr derekwaynecarr Awaiting requested review from derekwaynecarr

@jpbetz jpbetz Awaiting requested review from jpbetz

Assignees

@liggitt liggitt

@enj enj

Labels
area/apiserver area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
API Reviews
Status: In progress
SIG Auth
Status: In Review
Milestone
v1.34
Development

Successfully merging this pull request may close these issues.
6 participants
@aramase @k8s-triage-robot @k8s-ci-robot @dims @liggitt @enj
Morty Proxy This is a proxified and sanitized view of the page, visit original site.