From 1044aa450045d87c20bf35026adfd3a3e6f42a9a Mon Sep 17 00:00:00 2001 From: Chao Xu Date: Fri, 18 Nov 2016 12:54:08 -0800 Subject: [PATCH] plugin/admission; including resourcequota admission --- plugin/pkg/admission/limitranger/admission.go | 4 +-- .../admission/limitranger/admission_test.go | 2 +- .../namespace/autoprovision/admission.go | 2 +- .../namespace/autoprovision/admission_test.go | 2 +- .../admission/namespace/exists/admission.go | 2 +- .../namespace/exists/admission_test.go | 2 +- .../namespace/lifecycle/admission.go | 2 +- .../namespace/lifecycle/admission_test.go | 2 +- .../admission/podnodeselector/admission.go | 2 +- .../podnodeselector/admission_test.go | 2 +- .../pkg/admission/resourcequota/admission.go | 2 +- .../admission/resourcequota/admission_test.go | 28 ++++++++--------- .../resourcequota/resource_access.go | 13 +++++--- .../security/podsecuritypolicy/admission.go | 17 ++++++---- .../podsecuritypolicy/admission_test.go | 4 +-- .../pkg/admission/serviceaccount/admission.go | 31 ++++++++++++------- .../storageclass/default/admission.go | 13 +++++--- 17 files changed, 77 insertions(+), 53 deletions(-) diff --git a/plugin/pkg/admission/limitranger/admission.go b/plugin/pkg/admission/limitranger/admission.go index 0001fc750f7..0a51d9a7b54 100644 --- a/plugin/pkg/admission/limitranger/admission.go +++ b/plugin/pkg/admission/limitranger/admission.go @@ -68,9 +68,9 @@ type liveLookupEntry struct { } func (l *limitRanger) SetInformerFactory(f informers.SharedInformerFactory) { - limitRangeInformer := f.LimitRanges().Informer() + limitRangeInformer := f.InternalLimitRanges().Informer() l.SetReadyFunc(limitRangeInformer.HasSynced) - l.lister = f.LimitRanges().Lister() + l.lister = f.InternalLimitRanges().Lister() } func (l *limitRanger) Validate() error { diff --git a/plugin/pkg/admission/limitranger/admission_test.go b/plugin/pkg/admission/limitranger/admission_test.go index 693a80c1ba9..e2adf26fb37 100644 --- a/plugin/pkg/admission/limitranger/admission_test.go +++ b/plugin/pkg/admission/limitranger/admission_test.go @@ -588,7 +588,7 @@ func newMockClientForTest(limitRanges []api.LimitRange) *fake.Clientset { // newHandlerForTest returns a handler configured for testing. func newHandlerForTest(c clientset.Interface) (admission.Interface, informers.SharedInformerFactory, error) { - f := informers.NewSharedInformerFactory(c, 5*time.Minute) + f := informers.NewSharedInformerFactory(nil, c, 5*time.Minute) handler, err := NewLimitRanger(c, &DefaultLimitRangerActions{}) if err != nil { return nil, f, err diff --git a/plugin/pkg/admission/namespace/autoprovision/admission.go b/plugin/pkg/admission/namespace/autoprovision/admission.go index f1f3eda1570..67e92560361 100644 --- a/plugin/pkg/admission/namespace/autoprovision/admission.go +++ b/plugin/pkg/admission/namespace/autoprovision/admission.go @@ -88,7 +88,7 @@ func NewProvision(c clientset.Interface) admission.Interface { } func (p *provision) SetInformerFactory(f informers.SharedInformerFactory) { - p.namespaceInformer = f.Namespaces().Informer() + p.namespaceInformer = f.InternalNamespaces().Informer() p.SetReadyFunc(p.namespaceInformer.HasSynced) } diff --git a/plugin/pkg/admission/namespace/autoprovision/admission_test.go b/plugin/pkg/admission/namespace/autoprovision/admission_test.go index 37c502be747..63c1a3115a7 100644 --- a/plugin/pkg/admission/namespace/autoprovision/admission_test.go +++ b/plugin/pkg/admission/namespace/autoprovision/admission_test.go @@ -35,7 +35,7 @@ import ( // newHandlerForTest returns the admission controller configured for testing. func newHandlerForTest(c clientset.Interface) (admission.Interface, informers.SharedInformerFactory, error) { - f := informers.NewSharedInformerFactory(c, 5*time.Minute) + f := informers.NewSharedInformerFactory(nil, c, 5*time.Minute) handler := NewProvision(c) plugins := []admission.Interface{handler} pluginInitializer := admission.NewPluginInitializer(f, nil) diff --git a/plugin/pkg/admission/namespace/exists/admission.go b/plugin/pkg/admission/namespace/exists/admission.go index 292d44f7fc4..41e31c20b59 100644 --- a/plugin/pkg/admission/namespace/exists/admission.go +++ b/plugin/pkg/admission/namespace/exists/admission.go @@ -95,7 +95,7 @@ func NewExists(c clientset.Interface) admission.Interface { } func (e *exists) SetInformerFactory(f informers.SharedInformerFactory) { - e.namespaceInformer = f.Namespaces().Informer() + e.namespaceInformer = f.InternalNamespaces().Informer() e.SetReadyFunc(e.namespaceInformer.HasSynced) } diff --git a/plugin/pkg/admission/namespace/exists/admission_test.go b/plugin/pkg/admission/namespace/exists/admission_test.go index ee2685986ba..f75f690a03b 100644 --- a/plugin/pkg/admission/namespace/exists/admission_test.go +++ b/plugin/pkg/admission/namespace/exists/admission_test.go @@ -34,7 +34,7 @@ import ( // newHandlerForTest returns the admission controller configured for testing. func newHandlerForTest(c clientset.Interface) (admission.Interface, informers.SharedInformerFactory, error) { - f := informers.NewSharedInformerFactory(c, 5*time.Minute) + f := informers.NewSharedInformerFactory(nil, c, 5*time.Minute) handler := NewExists(c) plugins := []admission.Interface{handler} pluginInitializer := admission.NewPluginInitializer(f, nil) diff --git a/plugin/pkg/admission/namespace/lifecycle/admission.go b/plugin/pkg/admission/namespace/lifecycle/admission.go index 98f08100814..2547e36bc72 100644 --- a/plugin/pkg/admission/namespace/lifecycle/admission.go +++ b/plugin/pkg/admission/namespace/lifecycle/admission.go @@ -181,7 +181,7 @@ func newLifecycleWithClock(c clientset.Interface, immortalNamespaces sets.String } func (l *lifecycle) SetInformerFactory(f informers.SharedInformerFactory) { - l.namespaceInformer = f.Namespaces().Informer() + l.namespaceInformer = f.InternalNamespaces().Informer() l.SetReadyFunc(l.namespaceInformer.HasSynced) } diff --git a/plugin/pkg/admission/namespace/lifecycle/admission_test.go b/plugin/pkg/admission/namespace/lifecycle/admission_test.go index 74e7c81c37c..d3f11d0577f 100644 --- a/plugin/pkg/admission/namespace/lifecycle/admission_test.go +++ b/plugin/pkg/admission/namespace/lifecycle/admission_test.go @@ -41,7 +41,7 @@ func newHandlerForTest(c clientset.Interface) (admission.Interface, informers.Sh // newHandlerForTestWithClock returns a configured handler for testing. func newHandlerForTestWithClock(c clientset.Interface, cacheClock clock.Clock) (admission.Interface, informers.SharedInformerFactory, error) { - f := informers.NewSharedInformerFactory(c, 5*time.Minute) + f := informers.NewSharedInformerFactory(nil, c, 5*time.Minute) handler, err := newLifecycleWithClock(c, sets.NewString(api.NamespaceDefault, api.NamespaceSystem), cacheClock) if err != nil { return nil, f, err diff --git a/plugin/pkg/admission/podnodeselector/admission.go b/plugin/pkg/admission/podnodeselector/admission.go index 0201d8f28d4..14be567144b 100644 --- a/plugin/pkg/admission/podnodeselector/admission.go +++ b/plugin/pkg/admission/podnodeselector/admission.go @@ -165,7 +165,7 @@ func NewPodNodeSelector(client clientset.Interface, clusterNodeSelectors map[str } func (p *podNodeSelector) SetInformerFactory(f informers.SharedInformerFactory) { - p.namespaceInformer = f.Namespaces().Informer() + p.namespaceInformer = f.InternalNamespaces().Informer() p.SetReadyFunc(p.namespaceInformer.HasSynced) } diff --git a/plugin/pkg/admission/podnodeselector/admission_test.go b/plugin/pkg/admission/podnodeselector/admission_test.go index dee7fd39533..fa54633b1b4 100644 --- a/plugin/pkg/admission/podnodeselector/admission_test.go +++ b/plugin/pkg/admission/podnodeselector/admission_test.go @@ -178,7 +178,7 @@ func TestHandles(t *testing.T) { // newHandlerForTest returns the admission controller configured for testing. func newHandlerForTest(c clientset.Interface) (*podNodeSelector, informers.SharedInformerFactory, error) { - f := informers.NewSharedInformerFactory(c, 5*time.Minute) + f := informers.NewSharedInformerFactory(nil, c, 5*time.Minute) handler := NewPodNodeSelector(c, nil) plugins := []admission.Interface{handler} pluginInitializer := admission.NewPluginInitializer(f, nil) diff --git a/plugin/pkg/admission/resourcequota/admission.go b/plugin/pkg/admission/resourcequota/admission.go index b5c00b81ba9..d6ebfa44b26 100644 --- a/plugin/pkg/admission/resourcequota/admission.go +++ b/plugin/pkg/admission/resourcequota/admission.go @@ -33,7 +33,7 @@ func init() { func(client clientset.Interface, config io.Reader) (admission.Interface, error) { // NOTE: we do not provide informers to the registry because admission level decisions // does not require us to open watches for all items tracked by quota. - registry := install.NewRegistry(client, nil) + registry := install.NewRegistry(nil, nil) return NewResourceQuota(client, registry, 5, make(chan struct{})) }) } diff --git a/plugin/pkg/admission/resourcequota/admission_test.go b/plugin/pkg/admission/resourcequota/admission_test.go index ed8c415a74c..8bf0024c71e 100644 --- a/plugin/pkg/admission/resourcequota/admission_test.go +++ b/plugin/pkg/admission/resourcequota/admission_test.go @@ -126,7 +126,7 @@ func TestAdmissionIgnoresDelete(t *testing.T) { kubeClient := fake.NewSimpleClientset() stopCh := make(chan struct{}) defer close(stopCh) - handler, err := NewResourceQuota(kubeClient, install.NewRegistry(kubeClient, nil), 5, stopCh) + handler, err := NewResourceQuota(kubeClient, install.NewRegistry(nil, nil), 5, stopCh) if err != nil { t.Errorf("Unexpected error %v", err) } @@ -158,7 +158,7 @@ func TestAdmissionIgnoresSubresources(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), @@ -201,7 +201,7 @@ func TestAdmitBelowQuotaLimit(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), @@ -283,7 +283,7 @@ func TestAdmitHandlesOldObjects(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), @@ -379,7 +379,7 @@ func TestAdmitHandlesCreatingUpdates(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), @@ -472,7 +472,7 @@ func TestAdmitExceedQuotaLimit(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), @@ -515,7 +515,7 @@ func TestAdmitEnforceQuotaConstraints(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), @@ -568,7 +568,7 @@ func TestAdmitPodInNamespaceWithoutQuota(t *testing.T) { quotaAccessor.indexer = indexer quotaAccessor.liveLookupCache = liveLookupCache go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), @@ -633,7 +633,7 @@ func TestAdmitBelowTerminatingQuotaLimit(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), @@ -737,7 +737,7 @@ func TestAdmitBelowBestEffortQuotaLimit(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), @@ -828,7 +828,7 @@ func TestAdmitBestEffortQuotaLimitIgnoresBurstable(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), @@ -945,7 +945,7 @@ func TestAdmissionSetsMissingNamespace(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) evaluator.(*quotaEvaluator).registry = registry handler := "aAdmission{ @@ -990,7 +990,7 @@ func TestAdmitRejectsNegativeUsage(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), @@ -1035,7 +1035,7 @@ func TestAdmitWhenUnrelatedResourceExceedsQuota(t *testing.T) { quotaAccessor, _ := newQuotaAccessor(kubeClient) quotaAccessor.indexer = indexer go quotaAccessor.Run(stopCh) - evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh) + evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh) handler := "aAdmission{ Handler: admission.NewHandler(admission.Create, admission.Update), diff --git a/plugin/pkg/admission/resourcequota/resource_access.go b/plugin/pkg/admission/resourcequota/resource_access.go index 4322f1b8ddf..cff0f7d67af 100644 --- a/plugin/pkg/admission/resourcequota/resource_access.go +++ b/plugin/pkg/admission/resourcequota/resource_access.go @@ -26,6 +26,7 @@ import ( clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset" "k8s.io/kubernetes/pkg/api" + "k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/pkg/client/cache" "k8s.io/kubernetes/pkg/runtime" "k8s.io/kubernetes/pkg/storage/etcd" @@ -73,11 +74,15 @@ func newQuotaAccessor(client clientset.Interface) (*quotaAccessor, error) { return nil, err } lw := &cache.ListWatch{ - ListFunc: func(options api.ListOptions) (runtime.Object, error) { - return client.Core().ResourceQuotas(api.NamespaceAll).List(options) + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + internalOptions := api.ListOptions{} + v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil) + return client.Core().ResourceQuotas(api.NamespaceAll).List(internalOptions) }, - WatchFunc: func(options api.ListOptions) (watch.Interface, error) { - return client.Core().ResourceQuotas(api.NamespaceAll).Watch(options) + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + internalOptions := api.ListOptions{} + v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil) + return client.Core().ResourceQuotas(api.NamespaceAll).Watch(internalOptions) }, } indexer, reflector := cache.NewNamespaceKeyedIndexerAndReflector(lw, &api.ResourceQuota{}, 0) diff --git a/plugin/pkg/admission/security/podsecuritypolicy/admission.go b/plugin/pkg/admission/security/podsecuritypolicy/admission.go index 287d483e6e5..895e0549d72 100644 --- a/plugin/pkg/admission/security/podsecuritypolicy/admission.go +++ b/plugin/pkg/admission/security/podsecuritypolicy/admission.go @@ -26,6 +26,7 @@ import ( "k8s.io/kubernetes/pkg/admission" "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/errors" + "k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/pkg/apis/extensions" "k8s.io/kubernetes/pkg/auth/authorizer" "k8s.io/kubernetes/pkg/auth/user" @@ -91,11 +92,15 @@ func NewPlugin(kclient clientset.Interface, strategyFactory psp.StrategyFactory, store := cache.NewStore(cache.MetaNamespaceKeyFunc) reflector := cache.NewReflector( &cache.ListWatch{ - ListFunc: func(options api.ListOptions) (runtime.Object, error) { - return kclient.Extensions().PodSecurityPolicies().List(options) + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + internalOptions := api.ListOptions{} + v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil) + return kclient.Extensions().PodSecurityPolicies().List(internalOptions) }, - WatchFunc: func(options api.ListOptions) (watch.Interface, error) { - return kclient.Extensions().PodSecurityPolicies().Watch(options) + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + internalOptions := api.ListOptions{} + v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil) + return kclient.Extensions().PodSecurityPolicies().Watch(internalOptions) }, }, &extensions.PodSecurityPolicy{}, @@ -228,7 +233,7 @@ func assignSecurityContext(provider psp.Provider, pod *api.Pod, fldPath *field.P // since that is how the sc provider will eventually apply settings in the runtime. // This results in an SC that is based on the Pod's PSC with the set fields from the container // overriding pod level settings. - containerCopy.SecurityContext = sc.DetermineEffectiveSecurityContext(pod, &containerCopy) + containerCopy.SecurityContext = sc.InternalDetermineEffectiveSecurityContext(pod, &containerCopy) sc, scAnnotations, err := provider.CreateContainerSecurityContext(pod, &containerCopy) if err != nil { @@ -249,7 +254,7 @@ func assignSecurityContext(provider psp.Provider, pod *api.Pod, fldPath *field.P // since that is how the sc provider will eventually apply settings in the runtime. // This results in an SC that is based on the Pod's PSC with the set fields from the container // overriding pod level settings. - containerCopy.SecurityContext = sc.DetermineEffectiveSecurityContext(pod, &containerCopy) + containerCopy.SecurityContext = sc.InternalDetermineEffectiveSecurityContext(pod, &containerCopy) sc, scAnnotations, err := provider.CreateContainerSecurityContext(pod, &containerCopy) if err != nil { diff --git a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go index ce21dcd6ea1..bf3944f39fc 100644 --- a/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go +++ b/plugin/pkg/admission/security/podsecuritypolicy/admission_test.go @@ -751,7 +751,7 @@ func TestAdmitSELinux(t *testing.T) { func TestAdmitAppArmor(t *testing.T) { createPodWithAppArmor := func(profile string) *kapi.Pod { pod := goodPod() - apparmor.SetProfileName(pod, defaultContainerName, profile) + apparmor.SetProfileNameFromPodAnnotations(pod.Annotations, defaultContainerName, profile) return pod } @@ -822,7 +822,7 @@ func TestAdmitAppArmor(t *testing.T) { testPSPAdmit(k, []*extensions.PodSecurityPolicy{v.psp}, v.pod, v.shouldPass, v.psp.Name, t) if v.shouldPass { - assert.Equal(t, v.expectedProfile, apparmor.GetProfileName(v.pod, defaultContainerName), k) + assert.Equal(t, v.expectedProfile, apparmor.GetProfileNameFromPodAnnotations(v.pod.Annotations, defaultContainerName), k) } } } diff --git a/plugin/pkg/admission/serviceaccount/admission.go b/plugin/pkg/admission/serviceaccount/admission.go index 4a71080067c..96b15e86599 100644 --- a/plugin/pkg/admission/serviceaccount/admission.go +++ b/plugin/pkg/admission/serviceaccount/admission.go @@ -29,6 +29,7 @@ import ( "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/errors" "k8s.io/kubernetes/pkg/api/unversioned" + "k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/pkg/client/cache" "k8s.io/kubernetes/pkg/fields" kubelet "k8s.io/kubernetes/pkg/kubelet/types" @@ -91,11 +92,15 @@ type serviceAccount struct { func NewServiceAccount(cl clientset.Interface) *serviceAccount { serviceAccountsIndexer, serviceAccountsReflector := cache.NewNamespaceKeyedIndexerAndReflector( &cache.ListWatch{ - ListFunc: func(options api.ListOptions) (runtime.Object, error) { - return cl.Core().ServiceAccounts(api.NamespaceAll).List(options) + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + internalOptions := api.ListOptions{} + v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil) + return cl.Core().ServiceAccounts(api.NamespaceAll).List(internalOptions) }, - WatchFunc: func(options api.ListOptions) (watch.Interface, error) { - return cl.Core().ServiceAccounts(api.NamespaceAll).Watch(options) + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + internalOptions := api.ListOptions{} + v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil) + return cl.Core().ServiceAccounts(api.NamespaceAll).Watch(internalOptions) }, }, &api.ServiceAccount{}, @@ -105,13 +110,17 @@ func NewServiceAccount(cl clientset.Interface) *serviceAccount { tokenSelector := fields.SelectorFromSet(map[string]string{api.SecretTypeField: string(api.SecretTypeServiceAccountToken)}) secretsIndexer, secretsReflector := cache.NewNamespaceKeyedIndexerAndReflector( &cache.ListWatch{ - ListFunc: func(options api.ListOptions) (runtime.Object, error) { - options.FieldSelector = tokenSelector - return cl.Core().Secrets(api.NamespaceAll).List(options) + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + internalOptions := api.ListOptions{} + v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil) + internalOptions.FieldSelector = tokenSelector + return cl.Core().Secrets(api.NamespaceAll).List(internalOptions) }, - WatchFunc: func(options api.ListOptions) (watch.Interface, error) { - options.FieldSelector = tokenSelector - return cl.Core().Secrets(api.NamespaceAll).Watch(options) + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + internalOptions := api.ListOptions{} + v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil) + internalOptions.FieldSelector = tokenSelector + return cl.Core().Secrets(api.NamespaceAll).Watch(internalOptions) }, }, &api.Secret{}, @@ -304,7 +313,7 @@ func (s *serviceAccount) getServiceAccountTokens(serviceAccount *api.ServiceAcco for _, obj := range index { token := obj.(*api.Secret) - if serviceaccount.IsServiceAccountToken(token, serviceAccount) { + if serviceaccount.InternalIsServiceAccountToken(token, serviceAccount) { tokens = append(tokens, token) } } diff --git a/plugin/pkg/admission/storageclass/default/admission.go b/plugin/pkg/admission/storageclass/default/admission.go index cbd5850f0e4..92d555a03b9 100644 --- a/plugin/pkg/admission/storageclass/default/admission.go +++ b/plugin/pkg/admission/storageclass/default/admission.go @@ -25,6 +25,7 @@ import ( admission "k8s.io/kubernetes/pkg/admission" api "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api/errors" + "k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/pkg/apis/storage" storageutil "k8s.io/kubernetes/pkg/apis/storage/util" "k8s.io/kubernetes/pkg/client/cache" @@ -62,11 +63,15 @@ func newPlugin(kclient clientset.Interface) *claimDefaulterPlugin { store := cache.NewStore(cache.MetaNamespaceKeyFunc) reflector := cache.NewReflector( &cache.ListWatch{ - ListFunc: func(options api.ListOptions) (runtime.Object, error) { - return kclient.Storage().StorageClasses().List(options) + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + internalOptions := api.ListOptions{} + v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil) + return kclient.Storage().StorageClasses().List(internalOptions) }, - WatchFunc: func(options api.ListOptions) (watch.Interface, error) { - return kclient.Storage().StorageClasses().Watch(options) + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + internalOptions := api.ListOptions{} + v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil) + return kclient.Storage().StorageClasses().Watch(internalOptions) }, }, &storage.StorageClass{},