Rename black-/whitelist to allow/deny-list

docs/cli-arguments.md

@@ -40,8 +40,8 @@ Usage of ./kube-state-metrics:
       --log_file string                             If non-empty, use this log file
       --log_file_max_size uint                      Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
       --logtostderr                                 log to standard error instead of files (default true)
-      --metric-blacklist string                     Comma-separated list of metrics not to be enabled. This list comprises of exact metric names and/or regex patterns. The whitelist and blacklist are mutually exclusive.
-      --metric-whitelist string                     Comma-separated list of metrics to be exposed. This list comprises of exact metric names and/or regex patterns. The whitelist and blacklist are mutually exclusive.
+      --metric-allowlist string                     Comma-separated list of metrics to be exposed. This list comprises of exact metric names and/or regex patterns. The allowlist and denylist are mutually exclusive.
+      --metric-denylist string                      Comma-separated list of metrics not to be enabled. This list comprises of exact metric names and/or regex patterns. The allowlist and denylist are mutually exclusive.
       --namespace string                            Comma-separated list of namespaces to be enabled. Defaults to ""
       --pod string                                  Name of the pod that contains the kube-state-metrics container. When set, it is expected that --pod and --pod-namespace are both set. Most likely this should be passed via the downward API. This is used for auto-detecting sharding. If set, this has preference over statically configured sharding. This is experimental, it may be removed without notice.
       --pod-namespace string                        Name of the namespace of the pod specified by --pod. When set, it is expected that --pod and --pod-namespace are both set. Most likely this should be passed via the downward API. This is used for auto-detecting sharding. If set, this has preference over statically configured sharding. This is experimental, it may be removed without notice.

internal/store/builder.go

@@ -58,7 +58,7 @@ type Builder struct {
 	namespaces       options.NamespaceList
 	ctx              context.Context
 	enabledResources []string
-	whiteBlackList   ksmtypes.WhiteBlackLister
+	allowDenyList    ksmtypes.AllowDenyLister
 	metrics          *watch.ListWatchMetrics
 	shard            int32
 	totalShards      int
@@ -119,10 +119,10 @@ func (b *Builder) WithVPAClient(c vpaclientset.Interface) {
 	b.vpaClient = c
 }
 
-// WithWhiteBlackList configures the white or blacklisted metric to be exposed
+// WithAllowDenyList configures the allow or denylisted metric to be exposed
 // by the store build by the Builder.
-func (b *Builder) WithWhiteBlackList(l ksmtypes.WhiteBlackLister) {
-	b.whiteBlackList = l
+func (b *Builder) WithAllowDenyList(l ksmtypes.AllowDenyLister) {
+	b.allowDenyList = l
 }
 
 // WithGenerateStoreFunc configures a constom generate store function
@@ -137,8 +137,8 @@ func (b *Builder) DefaultGenerateStoreFunc() ksmtypes.BuildStoreFunc {
 
 // Build initializes and registers all enabled stores.
 func (b *Builder) Build() []cache.Store {
-	if b.whiteBlackList == nil {
-		panic("whiteBlackList should not be nil")
+	if b.allowDenyList == nil {
+		panic("allowDenyList should not be nil")
 	}
 
 	stores := []cache.Store{}
@@ -324,7 +324,7 @@ func (b *Builder) buildStore(
 	expectedType interface{},
 	listWatchFunc func(kubeClient clientset.Interface, ns string) cache.ListerWatcher,
 ) cache.Store {
-	filteredMetricFamilies := generator.FilterMetricFamilies(b.whiteBlackList, metricFamilies)
+	filteredMetricFamilies := generator.FilterMetricFamilies(b.allowDenyList, metricFamilies)
 	composedMetricGenFuncs := generator.ComposeMetricGenFuncs(filteredMetricFamilies)
 
 	familyHeaders := generator.ExtractMetricFamilyHeaders(filteredMetricFamilies)

main.go

@@ -36,11 +36,11 @@ import (
 	"k8s.io/klog"
 
 	"k8s.io/kube-state-metrics/internal/store"
+	"k8s.io/kube-state-metrics/pkg/allowdenylist"
 	"k8s.io/kube-state-metrics/pkg/metricshandler"
 	"k8s.io/kube-state-metrics/pkg/options"
 	"k8s.io/kube-state-metrics/pkg/util/proc"
 	"k8s.io/kube-state-metrics/pkg/version"
-	"k8s.io/kube-state-metrics/pkg/whiteblacklist"
 )
 
 const (
@@ -106,13 +106,13 @@ func main() {
 		storeBuilder.WithNamespaces(opts.Namespaces)
 	}
 
-	whiteBlackList, err := whiteblacklist.New(opts.MetricWhitelist, opts.MetricBlacklist)
+	allowDenyList, err := allowdenylist.New(opts.MetricAllowlist, opts.MetricDenylist)
 	if err != nil {
 		klog.Fatal(err)
 	}
 
 	if opts.DisablePodNonGenericResourceMetrics {
-		whiteBlackList.Exclude([]string{
+		allowDenyList.Exclude([]string{
 			"kube_pod_container_resource_requests_cpu_cores",
 			"kube_pod_container_resource_requests_memory_bytes",
 			"kube_pod_container_resource_limits_cpu_cores",
@@ -121,7 +121,7 @@ func main() {
 	}
 
 	if opts.DisableNodeNonGenericResourceMetrics {
-		whiteBlackList.Exclude([]string{
+		allowDenyList.Exclude([]string{
 			"kube_node_status_capacity_cpu_cores",
 			"kube_node_status_capacity_memory_bytes",
 			"kube_node_status_capacity_pods",
@@ -131,14 +131,14 @@ func main() {
 		})
 	}
 
-	err = whiteBlackList.Parse()
+	err = allowDenyList.Parse()
 	if err != nil {
-		klog.Fatalf("error initializing the whiteblack list : %v", err)
+		klog.Fatalf("error initializing the allowdeny list : %v", err)
 	}
 
-	klog.Infof("metric white-blacklisting: %v", whiteBlackList.Status())
+	klog.Infof("metric allow-denylisting: %v", allowDenyList.Status())
 
-	storeBuilder.WithWhiteBlackList(whiteBlackList)
+	storeBuilder.WithAllowDenyList(allowDenyList)
 
 	storeBuilder.WithGenerateStoreFunc(storeBuilder.DefaultGenerateStoreFunc())
 

main_test.go

@@ -28,9 +28,9 @@ import (
 	"time"
 
 	"k8s.io/kube-state-metrics/internal/store"
+	"k8s.io/kube-state-metrics/pkg/allowdenylist"
 	"k8s.io/kube-state-metrics/pkg/metricshandler"
 	"k8s.io/kube-state-metrics/pkg/options"
-	"k8s.io/kube-state-metrics/pkg/whiteblacklist"
 
 	"github.com/prometheus/client_golang/prometheus"
 	v1 "k8s.io/api/core/v1"
@@ -68,11 +68,11 @@ func BenchmarkKubeStateMetrics(b *testing.B) {
 	builder.WithNamespaces(options.DefaultNamespaces)
 	builder.WithGenerateStoreFunc(builder.DefaultGenerateStoreFunc())
 
-	l, err := whiteblacklist.New(map[string]struct{}{}, map[string]struct{}{})
+	l, err := allowdenylist.New(map[string]struct{}{}, map[string]struct{}{})
 	if err != nil {
 		b.Fatal(err)
 	}
-	builder.WithWhiteBlackList(l)
+	builder.WithAllowDenyList(l)
 
 	// This test is not suitable to be compared in terms of time, as it includes
 	// a one second wait. Use for memory allocation comparisons, profiling, ...
@@ -131,11 +131,11 @@ func TestFullScrapeCycle(t *testing.T) {
 	builder.WithNamespaces(options.DefaultNamespaces)
 	builder.WithGenerateStoreFunc(builder.DefaultGenerateStoreFunc())
 
-	l, err := whiteblacklist.New(map[string]struct{}{}, map[string]struct{}{})
+	l, err := allowdenylist.New(map[string]struct{}{}, map[string]struct{}{})
 	if err != nil {
 		t.Fatal(err)
 	}
-	builder.WithWhiteBlackList(l)
+	builder.WithAllowDenyList(l)
 
 	handler := metricshandler.New(&options.Options{}, kubeClient, builder, false)
 	handler.ConfigureSharding(ctx, 0, 1)
@@ -357,7 +357,7 @@ func TestShardingEquivalenceScrapeCycle(t *testing.T) {
 
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
-	l, err := whiteblacklist.New(map[string]struct{}{}, map[string]struct{}{})
+	l, err := allowdenylist.New(map[string]struct{}{}, map[string]struct{}{})
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -368,7 +368,7 @@ func TestShardingEquivalenceScrapeCycle(t *testing.T) {
 	unshardedBuilder.WithEnabledResources(options.DefaultCollectors.AsSlice())
 	unshardedBuilder.WithKubeClient(kubeClient)
 	unshardedBuilder.WithNamespaces(options.DefaultNamespaces)
-	unshardedBuilder.WithWhiteBlackList(l)
+	unshardedBuilder.WithAllowDenyList(l)
 	unshardedBuilder.WithGenerateStoreFunc(unshardedBuilder.DefaultGenerateStoreFunc())
 
 	unshardedHandler := metricshandler.New(&options.Options{}, kubeClient, unshardedBuilder, false)
@@ -380,7 +380,7 @@ func TestShardingEquivalenceScrapeCycle(t *testing.T) {
 	shardedBuilder1.WithEnabledResources(options.DefaultCollectors.AsSlice())
 	shardedBuilder1.WithKubeClient(kubeClient)
 	shardedBuilder1.WithNamespaces(options.DefaultNamespaces)
-	shardedBuilder1.WithWhiteBlackList(l)
+	shardedBuilder1.WithAllowDenyList(l)
 	shardedBuilder1.WithGenerateStoreFunc(shardedBuilder1.DefaultGenerateStoreFunc())
 
 	shardedHandler1 := metricshandler.New(&options.Options{}, kubeClient, shardedBuilder1, false)
@@ -392,7 +392,7 @@ func TestShardingEquivalenceScrapeCycle(t *testing.T) {
 	shardedBuilder2.WithEnabledResources(options.DefaultCollectors.AsSlice())
 	shardedBuilder2.WithKubeClient(kubeClient)
 	shardedBuilder2.WithNamespaces(options.DefaultNamespaces)
-	shardedBuilder2.WithWhiteBlackList(l)
+	shardedBuilder2.WithAllowDenyList(l)
 	shardedBuilder2.WithGenerateStoreFunc(shardedBuilder2.DefaultGenerateStoreFunc())
 
 	shardedHandler2 := metricshandler.New(&options.Options{}, kubeClient, shardedBuilder2, false)

pkg/whiteblacklist/whiteblacklist.go → pkg/allowdenylist/allowdenylist.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package whiteblacklist
+package allowdenylist
 
 import (
 	"regexp"
@@ -23,42 +23,42 @@ import (
 	"github.com/pkg/errors"
 )
 
-// WhiteBlackList encapsulates the logic needed to filter based on a string.
-type WhiteBlackList struct {
+// AllowDenyList encapsulates the logic needed to filter based on a string.
+type AllowDenyList struct {
 	list        map[string]struct{}
 	rList       []*regexp.Regexp
-	isWhiteList bool
+	isAllowList bool
 }
 
-// New constructs a new WhiteBlackList based on a white- and a
-// blacklist. Only one of them can be not empty.
-func New(white, black map[string]struct{}) (*WhiteBlackList, error) {
-	if len(white) != 0 && len(black) != 0 {
+// New constructs a new AllowDenyList based on a allow- and a
+// denylist. Only one of them can be not empty.
+func New(allow, deny map[string]struct{}) (*AllowDenyList, error) {
+	if len(allow) != 0 && len(deny) != 0 {
 		return nil, errors.New(
-			"whitelist and blacklist are both set, they are mutually exclusive, only one of them can be set",
+			"allowlist and denylist are both set, they are mutually exclusive, only one of them can be set",
 		)
 	}
 
 	var list map[string]struct{}
-	var isWhiteList bool
+	var isAllowList bool
 
-	// Default to blacklisting
-	if len(white) != 0 {
-		list = copyList(white)
-		isWhiteList = true
+	// Default to denylisting
+	if len(allow) != 0 {
+		list = copyList(allow)
+		isAllowList = true
 	} else {
-		list = copyList(black)
-		isWhiteList = false
+		list = copyList(deny)
+		isAllowList = false
 	}
 
-	return &WhiteBlackList{
+	return &AllowDenyList{
 		list:        list,
-		isWhiteList: isWhiteList,
+		isAllowList: isAllowList,
 	}, nil
 }
 
-// Parse parses and compiles all of the regexes in the whiteBlackList.
-func (l *WhiteBlackList) Parse() error {
+// Parse parses and compiles all of the regexes in the allowDenyList.
+func (l *AllowDenyList) Parse() error {
 	regexes := make([]*regexp.Regexp, 0, len(l.list))
 	for item := range l.list {
 		r, err := regexp.Compile(item)
@@ -72,8 +72,8 @@ func (l *WhiteBlackList) Parse() error {
 }
 
 // Include includes the given items in the list.
-func (l *WhiteBlackList) Include(items []string) {
-	if l.isWhiteList {
+func (l *AllowDenyList) Include(items []string) {
+	if l.isAllowList {
 		for _, item := range items {
 			l.list[item] = struct{}{}
 		}
@@ -85,8 +85,8 @@ func (l *WhiteBlackList) Include(items []string) {
 }
 
 // Exclude excludes the given items from the list.
-func (l *WhiteBlackList) Exclude(items []string) {
-	if l.isWhiteList {
+func (l *AllowDenyList) Exclude(items []string) {
+	if l.isAllowList {
 		for _, item := range items {
 			delete(l.list, item)
 		}
@@ -98,7 +98,7 @@ func (l *WhiteBlackList) Exclude(items []string) {
 }
 
 // IsIncluded returns if the given item is included.
-func (l *WhiteBlackList) IsIncluded(item string) bool {
+func (l *AllowDenyList) IsIncluded(item string) bool {
 	var matched bool
 	for _, r := range l.rList {
 		matched = r.MatchString(item)
@@ -107,31 +107,31 @@ func (l *WhiteBlackList) IsIncluded(item string) bool {
 		}
 	}
 
-	if l.isWhiteList {
+	if l.isAllowList {
 		return matched
 	}
 
 	return !matched
 }
 
 // IsExcluded returns if the given item is excluded.
-func (l *WhiteBlackList) IsExcluded(item string) bool {
+func (l *AllowDenyList) IsExcluded(item string) bool {
 	return !l.IsIncluded(item)
 }
 
-// Status returns the status of the WhiteBlackList that can e.g. be passed into
+// Status returns the status of the AllowDenyList that can e.g. be passed into
 // a logger.
-func (l *WhiteBlackList) Status() string {
+func (l *AllowDenyList) Status() string {
 	items := make([]string, 0, len(l.list))
 	for key := range l.list {
 		items = append(items, key)
 	}
 
-	if l.isWhiteList {
-		return "whitelisting the following items: " + strings.Join(items, ", ")
+	if l.isAllowList {
+		return "Including the following lists that were on allowlist: " + strings.Join(items, ", ")
 	}
 
-	return "blacklisting the following items: " + strings.Join(items, ", ")
+	return "Excluding the following lists that were on denylist: " + strings.Join(items, ", ")
 }
 
 func copyList(l map[string]struct{}) map[string]struct{} {