Refactor

.dockerignore

@@ -1,3 +1,4 @@
+./.certs
 ./.dapper
 ./.cache
 ./dist

.gitignore

@@ -1,5 +1,6 @@
 /.dapper
 /.cache
+/certs
 /bin
 /dist
 *.swp

Dockerfile

@@ -1,8 +1,10 @@
+# syntax = docker/dockerfile:experimental
 FROM golang:1.12.7 as build
 COPY go.mod  go.sum main.go /src/
 COPY vendor /src/vendor/
 COPY pkg /src/pkg/
-RUN cd /src && \
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    cd /src && \
     CGO_ENABLED=0 go build -ldflags "-extldflags -static -s" -o /steve -mod=vendor
 
 FROM alpine

Riofile

@@ -0,0 +1,4 @@
+services:
+  steve:
+    ports:
+    - 80:8080

go.mod

@@ -4,7 +4,6 @@ go 1.13
 
 replace (
 	github.com/rancher/dynamiclistener => ../dynamiclistener
-	github.com/rancher/wrangler => ../wrangler
 	k8s.io/client-go => k8s.io/client-go v0.17.2
 )
 
@@ -14,17 +13,17 @@ require (
 	github.com/gorilla/websocket v1.4.0
 	github.com/pkg/errors v0.8.1
 	github.com/rancher/dynamiclistener v0.2.1-0.20191204183509-ab900b52683c
-	github.com/rancher/wrangler v0.4.0
+	github.com/rancher/wrangler v0.4.1-0.20200131051624-f65ef17f3764
 	github.com/rancher/wrangler-api v0.4.1
 	github.com/sirupsen/logrus v1.4.2
 	github.com/urfave/cli v1.22.2
-	github.com/urfave/cli/v2 v2.1.1 // indirect
-	golang.org/x/sync v0.0.0-20190423024810-112230192c58
+	github.com/urfave/cli/v2 v2.1.1
 	k8s.io/api v0.17.2
 	k8s.io/apiextensions-apiserver v0.17.2
 	k8s.io/apimachinery v0.17.2
 	k8s.io/apiserver v0.17.2
 	k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible
+	k8s.io/klog v1.0.0
 	k8s.io/kube-aggregator v0.17.2
 	k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a
 )

main.go

@@ -2,75 +2,39 @@ package main
 
 import (
 	"context"
-	"flag"
 	"os"
 
-	"github.com/rancher/steve/pkg/server"
+	"github.com/rancher/steve/pkg/debug"
+	stevecli "github.com/rancher/steve/pkg/server/cli"
 	"github.com/rancher/steve/pkg/version"
 	"github.com/rancher/wrangler/pkg/signals"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
-	"k8s.io/klog"
 )
 
 var (
-	config server.Config
+	config      stevecli.Config
+	debugconfig debug.Config
 )
 
 func main() {
 	app := cli.NewApp()
 	app.Name = "steve"
 	app.Version = version.FriendlyVersion()
 	app.Usage = ""
-	app.Flags = []cli.Flag{
-		cli.BoolFlag{
-			Name:        "authentication",
-			Destination: &config.Authentication,
-		},
-		cli.StringFlag{
-			Name:        "webhook-kubeconfig",
-			EnvVar:      "WEBHOOK_KUBECONFIG",
-			Value:       "webhook-kubeconfig.yaml",
-			Destination: &config.WebhookKubeconfig,
-		},
-		cli.StringFlag{
-			Name:        "kubeconfig",
-			EnvVar:      "KUBECONFIG",
-			Value:       "",
-			Destination: &config.Kubeconfig,
-		},
-		cli.StringFlag{
-			Name:        "listen-address",
-			EnvVar:      "LISTEN_ADDRESS",
-			Value:       ":8080",
-			Destination: &config.ListenAddress,
-		},
-		cli.BoolFlag{Name: "debug"},
-	}
+	app.Flags = append(
+		stevecli.Flags(&config),
+		debug.Flags(&debugconfig)...)
 	app.Action = run
 
 	if err := app.Run(os.Args); err != nil {
 		logrus.Fatal(err)
 	}
 }
 
-func run(c *cli.Context) error {
-	logging := flag.NewFlagSet("", flag.PanicOnError)
-	klog.InitFlags(logging)
-	if c.Bool("debug") {
-		logrus.SetLevel(logrus.DebugLevel)
-		if err := logging.Parse([]string{
-			"-v=7",
-		}); err != nil {
-			return err
-		}
-	} else {
-		if err := logging.Parse([]string{
-			"-v=0",
-		}); err != nil {
-			return err
-		}
-	}
+func run(_ *cli.Context) error {
 	ctx := signals.SetupSignalHandler(context.Background())
-	return server.Run(ctx, config)
+	debugconfig.MustSetupDebug()
+	s := config.MustServerConfig().MustServer()
+	return s.ListenAndServe(ctx, nil)
 }

pkg/accesscontrol/access_control.go

@@ -3,19 +3,19 @@ package accesscontrol
 import (
 	"fmt"
 
-	"github.com/rancher/norman/pkg/authorization"
-	"github.com/rancher/norman/pkg/types"
+	"github.com/rancher/steve/pkg/schemaserver/server"
+	"github.com/rancher/steve/pkg/schemaserver/types"
 )
 
 type AccessControl struct {
-	authorization.AllAccess
+	server.AllAccess
 }
 
 func NewAccessControl() *AccessControl {
 	return &AccessControl{}
 }
 
-func (a *AccessControl) CanWatch(apiOp *types.APIRequest, schema *types.Schema) error {
+func (a *AccessControl) CanWatch(apiOp *types.APIRequest, schema *types.APISchema) error {
 	access := GetAccessListMap(schema)
 	if !access.Grants("watch", "*", "*") {
 		return fmt.Errorf("watch not allowed")

pkg/accesscontrol/access_set.go

@@ -2,15 +2,15 @@ package accesscontrol
 
 import (
 	"github.com/rancher/steve/pkg/attributes"
-	"github.com/rancher/norman/pkg/types"
+	"github.com/rancher/steve/pkg/schemaserver/types"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
 type AccessSet struct {
-	set map[key]ResourceAccess
+	set map[key]resourceAccessSet
 }
 
-type ResourceAccess map[Access]bool
+type resourceAccessSet map[Access]bool
 
 type key struct {
 	verb string
@@ -23,7 +23,7 @@ func (a *AccessSet) Merge(right *AccessSet) {
 		if !ok {
 			m = map[Access]bool{}
 			if a.set == nil {
-				a.set = map[key]ResourceAccess{}
+				a.set = map[key]resourceAccessSet{}
 			}
 			a.set[k] = m
 		}
@@ -34,14 +34,7 @@ func (a *AccessSet) Merge(right *AccessSet) {
 	}
 }
 
-func (a AccessSet) ResourceAccessFor(verb string, gr schema.GroupResource) ResourceAccess {
-	return a.set[key{
-		verb: verb,
-		gr:   gr,
-	}]
-}
-
-func (a AccessSet) AccessListFor(verb string, gr schema.GroupResource) (result []Access) {
+func (a AccessSet) AccessListFor(verb string, gr schema.GroupResource) (result AccessList) {
 	for _, v := range []string{all, verb} {
 		for _, g := range []string{all, gr.Group} {
 			for _, r := range []string{all, gr.Resource} {
@@ -63,7 +56,7 @@ func (a AccessSet) AccessListFor(verb string, gr schema.GroupResource) (result [
 
 func (a *AccessSet) Add(verb string, gr schema.GroupResource, access Access) {
 	if a.set == nil {
-		a.set = map[key]ResourceAccess{}
+		a.set = map[key]resourceAccessSet{}
 	}
 
 	k := key{verb: verb, gr: gr}
@@ -76,38 +69,13 @@ func (a *AccessSet) Add(verb string, gr schema.GroupResource, access Access) {
 	}
 }
 
-func (l ResourceAccess) None() bool {
-	return len(l) == 0
-}
-
-func (l ResourceAccess) All() bool {
-	return l[Access{
-		Namespace:    all,
-		ResourceName: all,
-	}]
-}
-
-func (l ResourceAccess) AllForNamespace(namespace string) bool {
-	return l[Access{
-		Namespace:    namespace,
-		ResourceName: all,
-	}]
-}
-
-func (l ResourceAccess) HasAccess(namespace, name string) bool {
-	return l[Access{
-		Namespace:    namespace,
-		ResourceName: name,
-	}]
-}
-
-type AccessListMap map[string]AccessList
+type AccessListByVerb map[string]AccessList
 
-func (a AccessListMap) Grants(verb, namespace, name string) bool {
+func (a AccessListByVerb) Grants(verb, namespace, name string) bool {
 	return a[verb].Grants(namespace, name)
 }
 
-func (a AccessListMap) AnyVerb(verb ...string) bool {
+func (a AccessListByVerb) AnyVerb(verb ...string) bool {
 	for _, v := range verb {
 		if len(a[v]) > 0 {
 			return true
@@ -145,10 +113,10 @@ func (a Access) nameOK(name string) bool {
 	return a.ResourceName == all || a.ResourceName == name
 }
 
-func GetAccessListMap(s *types.Schema) AccessListMap {
+func GetAccessListMap(s *types.APISchema) AccessListByVerb {
 	if s == nil {
 		return nil
 	}
-	v, _ := attributes.Access(s).(AccessListMap)
+	v, _ := attributes.Access(s).(AccessListByVerb)
 	return v
 }