Add flagz implementation and enablement in apiserver

Kubernetes-commit: da8dc433e9b5fb29f3cc91f79ed15f366addefd1

Author: richabanker

zpages/features/kube_features.go

@@ -22,6 +22,10 @@ import (
 )
 
 const (
+	// owner: @richabanker
+	// kep: https://kep.k8s.io/4828
+	ComponentFlagz featuregate.Feature = "ComponentFlagz"
+
 	// owner: @richabanker
 	// kep: https://kep.k8s.io/4827
 	// alpha: v1.32
@@ -33,6 +37,9 @@ const (
 
 func featureGates() map[featuregate.Feature]featuregate.VersionedSpecs {
 	return map[featuregate.Feature]featuregate.VersionedSpecs{
+		ComponentFlagz: {
+			{Version: version.MustParse("1.32"), Default: false, PreRelease: featuregate.Alpha},
+		},
 		ComponentStatusz: {
 			{Version: version.MustParse("1.32"), Default: false, PreRelease: featuregate.Alpha},
 		},

zpages/flagz/flagreader.go

@@ -0,0 +1,52 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flagz
+
+import (
+	"github.com/spf13/pflag"
+	cliflag "k8s.io/component-base/cli/flag"
+)
+
+type Reader interface {
+	GetFlagz() map[string]string
+}
+
+// NamedFlagSetsGetter implements Reader for cliflag.NamedFlagSets
+type NamedFlagSetsReader struct {
+	FlagSets cliflag.NamedFlagSets
+}
+
+func (n NamedFlagSetsReader) GetFlagz() map[string]string {
+	return convertNamedFlagSetToFlags(&n.FlagSets)
+}
+
+func convertNamedFlagSetToFlags(flagSets *cliflag.NamedFlagSets) map[string]string {
+	flags := make(map[string]string)
+	for _, fs := range flagSets.FlagSets {
+		fs.VisitAll(func(flag *pflag.Flag) {
+			if flag.Value != nil {
+				value := flag.Value.String()
+				if set, ok := flag.Annotations["classified"]; ok && len(set) > 0 {
+					value = "CLASSIFIED"
+				}
+				flags[flag.Name] = value
+			}
+		})
+	}
+
+	return flags
+}

zpages/flagz/flagreader_test.go

@@ -0,0 +1,95 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flagz
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/spf13/pflag"
+
+	"k8s.io/component-base/cli/flag"
+)
+
+func TestConvertNamedFlagSetToFlags(t *testing.T) {
+	tests := []struct {
+		name     string
+		flagSets *flag.NamedFlagSets
+		want     map[string]string
+	}{
+		{
+			name: "basic flags",
+			flagSets: &flag.NamedFlagSets{
+				FlagSets: map[string]*pflag.FlagSet{
+					"test": flagSet(t, map[string]flagValue{
+						"flag1": {value: "value1", sensitive: false},
+						"flag2": {value: "value2", sensitive: false},
+					}),
+				},
+			},
+			want: map[string]string{
+				"flag1": "value1",
+				"flag2": "value2",
+			},
+		},
+		{
+			name: "classified flags",
+			flagSets: &flag.NamedFlagSets{
+				FlagSets: map[string]*pflag.FlagSet{
+					"test": flagSet(t, map[string]flagValue{
+						"secret1": {value: "value1", sensitive: true},
+						"flag2":   {value: "value2", sensitive: false},
+					}),
+				},
+			},
+			want: map[string]string{
+				"flag2":   "value2",
+				"secret1": "CLASSIFIED",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := convertNamedFlagSetToFlags(tt.flagSets)
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("ConvertNamedFlagSetToFlags() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+type flagValue struct {
+	value     string
+	sensitive bool
+}
+
+func flagSet(t *testing.T, flags map[string]flagValue) *pflag.FlagSet {
+	fs := pflag.NewFlagSet("test-set", pflag.ContinueOnError)
+	for flagName, flagVal := range flags {
+		flagValue := ""
+		fs.StringVar(&flagValue, flagName, flagVal.value, "test-usage")
+		if flagVal.sensitive {
+			err := fs.SetAnnotation(flagName, "classified", []string{"true"})
+			if err != nil {
+				t.Fatalf("unexpected error when setting flag annotation: %v", err)
+			}
+		}
+	}
+
+	return fs
+}

zpages/flagz/flagz.go

@@ -0,0 +1,126 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package flagz
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"math/rand"
+	"net/http"
+	"sort"
+	"strings"
+	"sync"
+
+	"github.com/munnerz/goautoneg"
+
+	"k8s.io/klog/v2"
+)
+
+const (
+	flagzHeaderFmt = `
+%s flags
+Warning: This endpoint is not meant to be machine parseable, has no formatting compatibility guarantees and is for debugging purposes only.
+
+`
+)
+
+var (
+	flagzSeparators         = []string{":", ": ", "=", " "}
+	errUnsupportedMediaType = fmt.Errorf("media type not acceptable, must be: text/plain")
+)
+
+type registry struct {
+	response bytes.Buffer
+	once     sync.Once
+}
+
+type mux interface {
+	Handle(path string, handler http.Handler)
+}
+
+func Install(m mux, componentName string, flagReader Reader) {
+	var reg registry
+	reg.installHandler(m, componentName, flagReader)
+}
+
+func (reg *registry) installHandler(m mux, componentName string, flagReader Reader) {
+	m.Handle("/flagz", reg.handleFlags(componentName, flagReader))
+}
+
+func (reg *registry) handleFlags(componentName string, flagReader Reader) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		if !acceptableMediaType(r) {
+			http.Error(w, errUnsupportedMediaType.Error(), http.StatusNotAcceptable)
+			return
+		}
+
+		reg.once.Do(func() {
+			fmt.Fprintf(&reg.response, flagzHeaderFmt, componentName)
+			if flagReader == nil {
+				klog.Error("received nil flagReader")
+				return
+			}
+
+			randomIndex := rand.Intn(len(flagzSeparators))
+			separator := flagzSeparators[randomIndex]
+			// Randomize the delimiter for printing to prevent scraping of the response.
+			printSortedFlags(&reg.response, flagReader.GetFlagz(), separator)
+		})
+		w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+		_, err := w.Write(reg.response.Bytes())
+		if err != nil {
+			klog.Errorf("error writing response: %v", err)
+			http.Error(w, "error writing response", http.StatusInternalServerError)
+		}
+	}
+}
+
+func acceptableMediaType(r *http.Request) bool {
+	accepts := goautoneg.ParseAccept(r.Header.Get("Accept"))
+	for _, accept := range accepts {
+		if !mediaTypeMatches(accept) {
+			continue
+		}
+		if len(accept.Params) == 0 {
+			return true
+		}
+		if len(accept.Params) == 1 {
+			if charset, ok := accept.Params["charset"]; ok && strings.EqualFold(charset, "utf-8") {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func mediaTypeMatches(a goautoneg.Accept) bool {
+	return (a.Type == "text" || a.Type == "*") &&
+		(a.SubType == "plain" || a.SubType == "*")
+}
+
+func printSortedFlags(w io.Writer, flags map[string]string, separator string) {
+	var sortedKeys []string
+	for key := range flags {
+		sortedKeys = append(sortedKeys, key)
+	}
+
+	sort.Strings(sortedKeys)
+	for _, key := range sortedKeys {
+		fmt.Fprintf(w, "%s%s%s\n", key, separator, flags[key])
+	}
+}