diff --git a/staging/src/k8s.io/apiserver/pkg/storage/selection_predicate.go b/staging/src/k8s.io/apiserver/pkg/storage/selection_predicate.go index 8d0191fecac51..3520c1749b266 100644 --- a/staging/src/k8s.io/apiserver/pkg/storage/selection_predicate.go +++ b/staging/src/k8s.io/apiserver/pkg/storage/selection_predicate.go @@ -17,9 +17,8 @@ limitations under the License. package storage import ( - "strings" + "context" - "golang.org/x/net/context" "k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/labels" @@ -150,45 +149,15 @@ func (s *SelectionPredicate) Empty() bool { // of objects that return for a given index, a pair (, ) // wil be returned. func (s *SelectionPredicate) MatcherIndex(ctx context.Context) []MatchValue { - re, _ := request.RequestInfoFrom(ctx) - if re == nil || !re.IsResourceRequest || re.Subresource != "" || !whitelistResource(re.Resource) { - return s.matcherIndex(nil) - } - - var metaNamespaceSelector fields.Selector - // case1: list with namespace in url. i.e. /api/v1/namespaces/default/pods or /api/v1/namespaces/default/pods?fieldSelector=metadata.namespace=kube-system - if re.Namespace != "" { - if value, found := s.Field.RequiresExactMatch("metadata.namespace"); !found || value != re.Namespace { - metaNamespaceSelector = fields.OneTermEqualSelector("metadata.namespace", re.Namespace) - } - } - // case2: list all pods with namespace in query params. i.e. /api/v1/pods?fieldSelector=metadata.namespace=default - return s.matcherIndex(metaNamespaceSelector) -} - -// whitelistResource only allows pod to pass that represents only listing pods will enable namespace indexer -func whitelistResource(resource string) bool { - return strings.EqualFold(resource, "pods") -} - -func (s *SelectionPredicate) matcherIndex(metaNamespaceSelector fields.Selector) []MatchValue { var result []MatchValue for _, field := range s.IndexFields { - var ( - val string - found bool - ) - if metaNamespaceSelector != nil { - val, found = metaNamespaceSelector.RequiresExactMatch(field) - // skip if found metadata.namespace - if found { - result = append(result, MatchValue{IndexName: FieldIndex(field), Value: val}) - continue - } - } - if value, ok := s.Field.RequiresExactMatch(field); ok { result = append(result, MatchValue{IndexName: FieldIndex(field), Value: value}) + } else if field == "metadata.namespace" { + // list pods in the namespace. i.e. /api/v1/namespaces/default/pods + if namespace, isNamespaceScope := isNamespaceScopedRequest(ctx); isNamespaceScope { + result = append(result, MatchValue{IndexName: FieldIndex(field), Value: namespace}) + } } } for _, label := range s.IndexLabels { @@ -199,6 +168,14 @@ func (s *SelectionPredicate) matcherIndex(metaNamespaceSelector fields.Selector) return result } +func isNamespaceScopedRequest(ctx context.Context) (string, bool) { + re, _ := request.RequestInfoFrom(ctx) + if re == nil { + return "", false + } + return re.Namespace, re.Namespace != "" +} + // LabelIndex add prefix for label index. func LabelIndex(label string) string { return "l:" + label