chore: removed old api group

The old rancher API group was marked for removal for the next release Signed-off-by: Bruno Bressi <[email protected]>
caas-team · Jan 21, 2025 · e5bc3e1 · e5bc3e1
1 parent 726a7c5
commit e5bc3e1
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 35 deletions.
diff --git a/pkg/agent/http_api_context.go b/pkg/agent/http_api_context.go
@@ -66,7 +66,7 @@ func (c *apiContext) responseJSON(data interface{}) (err error) {
 		}
 	})
 
-	return
+	return err
 }
 
 func (c *apiContext) responseProto(data proto.Message) (err error) {
@@ -92,7 +92,7 @@ func (c *apiContext) responseProto(data proto.Message) (err error) {
 		}
 	})
 
-	return
+	return err
 }
 
 func (c *apiContext) responseMetrics(data *promgo.MetricFamily) (err error) {
@@ -112,7 +112,7 @@ func (c *apiContext) responseMetrics(data *promgo.MetricFamily) (err error) {
 		}
 	})
 
-	return
+	return err
 }
 
 func (c *apiContext) proxyWith(request *http.Request) error {

diff --git a/pkg/agent/http_hijack.go b/pkg/agent/http_hijack.go
@@ -330,7 +330,7 @@ func hijackRead(apiCtx *apiContext) error {
 		size := len(rawQueries)
 
 		results := make([]*prompb.QueryResult, 0, size)
-		for i := 0; i < size; i++ {
+		for range size {
 			results = append(results, &prompb.QueryResult{})
 		}
 

diff --git a/pkg/agent/http_test.go b/pkg/agent/http_test.go
@@ -16,6 +16,7 @@ import (
 	"time"
 	"unsafe"
 
+	"github.com/juju/errors"
 	"github.com/prometheus/prometheus/promql/promqltest"
 
 	"github.com/caas-team/prometheus-auth/pkg/agent/test"
@@ -551,7 +552,7 @@ func (v ScenarioValidator) validateProtoBody(t *testing.T, res *httptest.Respons
 }
 
 func (v ScenarioValidator) validateJSONBody(t *testing.T, res *httptest.ResponseRecorder) {
-	if got, want := string(res.Body.Bytes()), jsonResponseBody(v.Scenario.RespBody); got != want {
+	if got, want := res.Body.String(), jsonResponseBody(v.Scenario.RespBody); got != want {
 		t.Errorf("[%s] [%s] token %q scenario %q: got body\n%s\n, want\n%s\n", v.Type, v.Method, v.Token, v.Name, got, want)
 	}
 }
@@ -641,7 +642,7 @@ type fakeTokenAuth struct {
 func (f *fakeTokenAuth) Authenticate(token string) (authentication.UserInfo, error) {
 	userInfo, ok := f.token2UserInfo[token]
 	if !ok {
-		return userInfo, fmt.Errorf("user is not authenticated")
+		return userInfo, errors.New("user is not authenticated")
 	}
 	return userInfo, nil
 }

diff --git a/pkg/kube/namespaces.go b/pkg/kube/namespaces.go
@@ -131,37 +131,16 @@ func (n *namespaces) validate(token string) (string, error) {
 		return "", errors.Annotatef(err, "failed to review token")
 	}
 
+	if !reviewResult.Status.Allowed || reviewResult.Status.Denied {
+		return "", fmt.Errorf("token is not allowed to access namespace %q", claimNamespace)
+	}
+
 	if reviewResult.Status.Allowed {
 		n.reviewResultTTLCache.Add(token, struct{}{}, 5*time.Minute)
 		return claimNamespace, nil
 	}
 
-	// DEPRECATED: this is to ensure backward compatibility with old monitoring.cattle.io group
-	// it'll be removed in the next release.
-	sar = &authorization.SubjectAccessReview{
-		Spec: authorization.SubjectAccessReviewSpec{
-			ResourceAttributes: &authorization.ResourceAttributes{
-				Namespace: claimNamespace,
-				Verb:      "view",
-				Group:     "monitoring.cattle.io",
-				Resource:  "prometheus",
-			},
-			User: sarUser,
-		},
-	}
-
-	reviewResult, err = n.subjectAccessReviewsClient.Create(context.TODO(), sar, meta.CreateOptions{})
-	if err != nil {
-		return "", errors.Annotatef(err, "failed to review token")
-	}
-	// if this also doesn't validate, return the error
-	// move after error check after removing the second subject access review
-	if !reviewResult.Status.Allowed || reviewResult.Status.Denied {
-		return "", fmt.Errorf("token is not allowed to access namespace %q", claimNamespace)
-	}
-
-	log.Warnf("namespace %q is still using the deprecated monitoring.cattle.io group", claimNamespace)
-	n.reviewResultTTLCache.Add(token, struct{}{}, 5*time.Minute)
+	log.Debugf("token is not allowed to access namespace %q, denied: %s", claimNamespace, reviewResult.Status.Reason)
 
 	return claimNamespace, nil
 }

diff --git a/pkg/prom/matcher.go b/pkg/prom/matcher.go
@@ -1,7 +1,7 @@
 package prom
 
 import (
-	"fmt"
+	"errors"
 
 	promlb "github.com/prometheus/prometheus/model/labels"
 	"github.com/prometheus/prometheus/prompb"
@@ -86,7 +86,7 @@ func toLabelMatchers(matchers []*promlb.Matcher) ([]*prompb.LabelMatcher, error)
 		case promlb.MatchNotRegexp:
 			mType = prompb.LabelMatcher_NRE
 		default:
-			return nil, fmt.Errorf("invalid matcher type")
+			return nil, errors.New("invalid matcher type")
 		}
 		pbMatchers = append(pbMatchers, &prompb.LabelMatcher{
 			Type:  mType,
@@ -111,7 +111,7 @@ func fromLabelMatchers(matchers []*prompb.LabelMatcher) ([]*promlb.Matcher, erro
 		case prompb.LabelMatcher_NRE:
 			mtype = promlb.MatchNotRegexp
 		default:
-			return nil, fmt.Errorf("invalid matcher type")
+			return nil, errors.New("invalid matcher type")
 		}
 		matcher, err := promlb.NewMatcher(mtype, matcher.Name, matcher.Value)
 		if err != nil {