diff --git a/cmd/kubelet/app/auth.go b/cmd/kubelet/app/auth.go index bc8e19945bb..d8f0f388ea2 100644 --- a/cmd/kubelet/app/auth.go +++ b/cmd/kubelet/app/auth.go @@ -41,7 +41,7 @@ func buildAuth(nodeName types.NodeName, client clientset.Interface, config compo sarClient authorizationclient.SubjectAccessReviewInterface ) if client != nil && !reflect.ValueOf(client).IsNil() { - tokenClient = client.Authentication().TokenReviews() + tokenClient = client.AuthenticationV1beta1().TokenReviews() sarClient = client.AuthorizationV1beta1().SubjectAccessReviews() } diff --git a/cmd/libs/go2idl/go-to-protobuf/protobuf/cmd.go b/cmd/libs/go2idl/go-to-protobuf/protobuf/cmd.go index bc9753c07f4..c020b4268b8 100644 --- a/cmd/libs/go2idl/go-to-protobuf/protobuf/cmd.go +++ b/cmd/libs/go2idl/go-to-protobuf/protobuf/cmd.go @@ -77,6 +77,7 @@ func New() *Generator { `k8s.io/kubernetes/pkg/apis/batch/v1`, `k8s.io/kubernetes/pkg/apis/batch/v2alpha1`, `k8s.io/kubernetes/pkg/apis/apps/v1beta1`, + `k8s.io/kubernetes/pkg/apis/authentication/v1`, `k8s.io/kubernetes/pkg/apis/authentication/v1beta1`, `k8s.io/kubernetes/pkg/apis/rbac/v1alpha1`, `k8s.io/kubernetes/pkg/apis/rbac/v1beta1`, diff --git a/hack/.linted_packages b/hack/.linted_packages index c75df4cd23f..b5cbb46fece 100644 --- a/hack/.linted_packages +++ b/hack/.linted_packages @@ -120,6 +120,7 @@ pkg/client/informers/informers_generated/storage/v1beta1 pkg/client/listers/apps/internalversion pkg/client/listers/apps/v1beta1 pkg/client/listers/authentication/internalversion +pkg/client/listers/authentication/v1 pkg/client/listers/authentication/v1beta1 pkg/client/listers/authorization/internalversion pkg/client/listers/authorization/v1 diff --git a/hack/lib/init.sh b/hack/lib/init.sh index 2e909995a2a..3e4e1fa9bb8 100644 --- a/hack/lib/init.sh +++ b/hack/lib/init.sh @@ -54,6 +54,7 @@ KUBE_OUTPUT_HOSTBIN="${KUBE_OUTPUT_BINPATH}/$(kube::util::host_platform)" KUBE_AVAILABLE_GROUP_VERSIONS="${KUBE_AVAILABLE_GROUP_VERSIONS:-\ v1 \ apps/v1beta1 \ +authentication.k8s.io/v1 \ authentication.k8s.io/v1beta1 \ authorization.k8s.io/v1 \ authorization.k8s.io/v1beta1 \ diff --git a/hack/make-rules/test-cmd-util.sh b/hack/make-rules/test-cmd-util.sh index 7a5998a697e..2dcaf9414e2 100644 --- a/hack/make-rules/test-cmd-util.sh +++ b/hack/make-rules/test-cmd-util.sh @@ -3240,7 +3240,8 @@ __EOF__ # check webhook token authentication endpoint, kubectl doesn't actually display the returned object so this isn't super useful # but it proves that works - kubectl create -f test/fixtures/pkg/kubectl/cmd/create/tokenreview.json --validate=false + kubectl create -f test/fixtures/pkg/kubectl/cmd/create/tokenreview-v1beta1.json --validate=false + kubectl create -f test/fixtures/pkg/kubectl/cmd/create/tokenreview-v1.json --validate=false fi diff --git a/pkg/apis/authentication/install/install.go b/pkg/apis/authentication/install/install.go index 8b5e444bdf1..2fa00ec6b19 100644 --- a/pkg/apis/authentication/install/install.go +++ b/pkg/apis/authentication/install/install.go @@ -25,6 +25,7 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/authentication" + "k8s.io/kubernetes/pkg/apis/authentication/v1" "k8s.io/kubernetes/pkg/apis/authentication/v1beta1" ) @@ -37,13 +38,14 @@ func Install(groupFactoryRegistry announced.APIGroupFactoryRegistry, registry *r if err := announced.NewGroupMetaFactory( &announced.GroupMetaFactoryArgs{ GroupName: authentication.GroupName, - VersionPreferenceOrder: []string{v1beta1.SchemeGroupVersion.Version}, + VersionPreferenceOrder: []string{v1.SchemeGroupVersion.Version, v1beta1.SchemeGroupVersion.Version}, ImportPrefix: "k8s.io/kubernetes/pkg/apis/authentication", RootScopedKinds: sets.NewString("TokenReview"), AddInternalObjectsToScheme: authentication.AddToScheme, }, announced.VersionToSchemeFunc{ v1beta1.SchemeGroupVersion.Version: v1beta1.AddToScheme, + v1.SchemeGroupVersion.Version: v1.AddToScheme, }, ).Announce(groupFactoryRegistry).RegisterAndEnable(registry, scheme); err != nil { panic(err) diff --git a/pkg/client/clientset_generated/clientset/typed/authentication/v1/fake/fake_tokenreview_expansion.go b/pkg/client/clientset_generated/clientset/typed/authentication/v1/fake/fake_tokenreview_expansion.go new file mode 100644 index 00000000000..e27c53ce137 --- /dev/null +++ b/pkg/client/clientset_generated/clientset/typed/authentication/v1/fake/fake_tokenreview_expansion.go @@ -0,0 +1,27 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package fake + +import ( + core "k8s.io/client-go/testing" + authenticationapi "k8s.io/kubernetes/pkg/apis/authentication/v1" +) + +func (c *FakeTokenReviews) Create(tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error) { + obj, err := c.Fake.Invokes(core.NewRootCreateAction(authenticationapi.SchemeGroupVersion.WithResource("tokenreviews"), tokenReview), &authenticationapi.TokenReview{}) + return obj.(*authenticationapi.TokenReview), err +} diff --git a/pkg/client/clientset_generated/clientset/typed/authentication/v1/generated_expansion.go b/pkg/client/clientset_generated/clientset/typed/authentication/v1/generated_expansion.go index db143ff0c9b..42e76d5e43c 100644 --- a/pkg/client/clientset_generated/clientset/typed/authentication/v1/generated_expansion.go +++ b/pkg/client/clientset_generated/clientset/typed/authentication/v1/generated_expansion.go @@ -15,5 +15,3 @@ limitations under the License. */ package v1 - -type TokenReviewExpansion interface{} diff --git a/pkg/client/clientset_generated/clientset/typed/authentication/v1/tokenreview_expansion.go b/pkg/client/clientset_generated/clientset/typed/authentication/v1/tokenreview_expansion.go new file mode 100644 index 00000000000..012749ec3e2 --- /dev/null +++ b/pkg/client/clientset_generated/clientset/typed/authentication/v1/tokenreview_expansion.go @@ -0,0 +1,35 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + authenticationapi "k8s.io/kubernetes/pkg/apis/authentication/v1" +) + +type TokenReviewExpansion interface { + Create(tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error) +} + +func (c *tokenReviews) Create(tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error) { + result = &authenticationapi.TokenReview{} + err = c.client.Post(). + Resource("tokenreviews"). + Body(tokenReview). + Do(). + Into(result) + return +} diff --git a/pkg/controller/garbagecollector/garbagecollector.go b/pkg/controller/garbagecollector/garbagecollector.go index 7c4250634ef..a94d3e37ff8 100644 --- a/pkg/controller/garbagecollector/garbagecollector.go +++ b/pkg/controller/garbagecollector/garbagecollector.go @@ -533,6 +533,7 @@ var ignoredResources = map[schema.GroupVersionResource]struct{}{ schema.GroupVersionResource{Group: "", Version: "v1", Resource: "componentstatuses"}: {}, schema.GroupVersionResource{Group: "", Version: "v1", Resource: "events"}: {}, schema.GroupVersionResource{Group: "authentication.k8s.io", Version: "v1beta1", Resource: "tokenreviews"}: {}, + schema.GroupVersionResource{Group: "authentication.k8s.io", Version: "v1", Resource: "tokenreviews"}: {}, schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1beta1", Resource: "subjectaccessreviews"}: {}, schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1beta1", Resource: "selfsubjectaccessreviews"}: {}, schema.GroupVersionResource{Group: "authorization.k8s.io", Version: "v1beta1", Resource: "localsubjectaccessreviews"}: {}, diff --git a/pkg/master/master.go b/pkg/master/master.go index 697639ccd55..a5caabe1aee 100644 --- a/pkg/master/master.go +++ b/pkg/master/master.go @@ -35,6 +35,7 @@ import ( "k8s.io/kubernetes/pkg/api" apiv1 "k8s.io/kubernetes/pkg/api/v1" appsapi "k8s.io/kubernetes/pkg/apis/apps/v1beta1" + authenticationv1 "k8s.io/kubernetes/pkg/apis/authentication/v1" authenticationv1beta1 "k8s.io/kubernetes/pkg/apis/authentication/v1beta1" authorizationapiv1 "k8s.io/kubernetes/pkg/apis/authorization/v1" authorizationapiv1beta1 "k8s.io/kubernetes/pkg/apis/authorization/v1beta1" @@ -392,6 +393,7 @@ func DefaultAPIResourceConfigSource() *genericapiserver.ResourceConfig { apiv1.SchemeGroupVersion, extensionsapiv1beta1.SchemeGroupVersion, batchapiv1.SchemeGroupVersion, + authenticationv1.SchemeGroupVersion, authenticationv1beta1.SchemeGroupVersion, autoscalingapiv1.SchemeGroupVersion, appsapi.SchemeGroupVersion, diff --git a/pkg/registry/authentication/rest/storage_authentication.go b/pkg/registry/authentication/rest/storage_authentication.go index c0873fbc6c0..e2c323db023 100644 --- a/pkg/registry/authentication/rest/storage_authentication.go +++ b/pkg/registry/authentication/rest/storage_authentication.go @@ -23,6 +23,7 @@ import ( genericapiserver "k8s.io/apiserver/pkg/server" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/authentication" + authenticationv1 "k8s.io/kubernetes/pkg/apis/authentication/v1" authenticationv1beta1 "k8s.io/kubernetes/pkg/apis/authentication/v1beta1" "k8s.io/kubernetes/pkg/registry/authentication/tokenreview" ) @@ -43,6 +44,10 @@ func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource genericapise apiGroupInfo.VersionedResourcesStorageMap[authenticationv1beta1.SchemeGroupVersion.Version] = p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter) apiGroupInfo.GroupMeta.GroupVersion = authenticationv1beta1.SchemeGroupVersion } + if apiResourceConfigSource.AnyResourcesForVersionEnabled(authenticationv1.SchemeGroupVersion) { + apiGroupInfo.VersionedResourcesStorageMap[authenticationv1.SchemeGroupVersion.Version] = p.v1Storage(apiResourceConfigSource, restOptionsGetter) + apiGroupInfo.GroupMeta.GroupVersion = authenticationv1.SchemeGroupVersion + } return apiGroupInfo, true } @@ -61,6 +66,20 @@ func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource genericapise return storage } +func (p RESTStorageProvider) v1Storage(apiResourceConfigSource genericapiserver.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage { + version := authenticationv1.SchemeGroupVersion + + storage := map[string]rest.Storage{} + if apiResourceConfigSource.AnyResourcesForVersionEnabled(authenticationv1.SchemeGroupVersion) { + if apiResourceConfigSource.ResourceEnabled(version.WithResource("tokenreviews")) { + tokenReviewStorage := tokenreview.NewREST(p.Authenticator) + storage["tokenreviews"] = tokenReviewStorage + } + } + + return storage +} + func (p RESTStorageProvider) GroupName() string { return authentication.GroupName } diff --git a/test/fixtures/pkg/kubectl/cmd/create/tokenreview-v1.json b/test/fixtures/pkg/kubectl/cmd/create/tokenreview-v1.json new file mode 100644 index 00000000000..556d6bed045 --- /dev/null +++ b/test/fixtures/pkg/kubectl/cmd/create/tokenreview-v1.json @@ -0,0 +1,7 @@ +{ + "apiVersion": "authentication.k8s.io/v1", + "kind": "TokenReview", + "spec": { + "token": "test-token" + } +} \ No newline at end of file diff --git a/test/fixtures/pkg/kubectl/cmd/create/tokenreview.json b/test/fixtures/pkg/kubectl/cmd/create/tokenreview-v1beta1.json similarity index 100% rename from test/fixtures/pkg/kubectl/cmd/create/tokenreview.json rename to test/fixtures/pkg/kubectl/cmd/create/tokenreview-v1beta1.json