From d3d579f59d7340c9a833ec2110d5adfe1c0677a0 Mon Sep 17 00:00:00 2001
From: nikhiljindal <nikhiljindal@google.com>
Date: Wed, 17 Jun 2015 17:06:12 -0700
Subject: [PATCH] Do not register cross namespace actions with subresources in
 path

---
 api/swagger-spec/v1.json       | 37 ----------------------------------
 api/swagger-spec/v1beta3.json  | 37 ----------------------------------
 pkg/apiserver/api_installer.go | 21 +++++++++++++------
 3 files changed, 15 insertions(+), 80 deletions(-)

diff --git a/api/swagger-spec/v1.json b/api/swagger-spec/v1.json
index 77891e1c05a..9bbda52a313 100644
--- a/api/swagger-spec/v1.json
+++ b/api/swagger-spec/v1.json
@@ -5675,43 +5675,6 @@
       "consumes": [
        "*/*"
       ]
-     },
-     {
-      "type": "v1.Binding",
-      "method": "POST",
-      "summary": "create binding of a Binding",
-      "nickname": "createBindingBinding",
-      "parameters": [
-       {
-        "type": "string",
-        "paramType": "query",
-        "name": "pretty",
-        "description": "If 'true', then the output is pretty printed.",
-        "required": false,
-        "allowMultiple": false
-       },
-       {
-        "type": "v1.Binding",
-        "paramType": "body",
-        "name": "body",
-        "description": "",
-        "required": true,
-        "allowMultiple": false
-       }
-      ],
-      "responseMessages": [
-       {
-        "code": 200,
-        "message": "OK",
-        "responseModel": "v1.Binding"
-       }
-      ],
-      "produces": [
-       "application/json"
-      ],
-      "consumes": [
-       "*/*"
-      ]
      }
     ]
    },
diff --git a/api/swagger-spec/v1beta3.json b/api/swagger-spec/v1beta3.json
index 0c37384efdb..369c5abeef8 100644
--- a/api/swagger-spec/v1beta3.json
+++ b/api/swagger-spec/v1beta3.json
@@ -5675,43 +5675,6 @@
       "consumes": [
        "*/*"
       ]
-     },
-     {
-      "type": "v1beta3.Binding",
-      "method": "POST",
-      "summary": "create binding of a Binding",
-      "nickname": "createBindingBinding",
-      "parameters": [
-       {
-        "type": "string",
-        "paramType": "query",
-        "name": "pretty",
-        "description": "If 'true', then the output is pretty printed.",
-        "required": false,
-        "allowMultiple": false
-       },
-       {
-        "type": "v1beta3.Binding",
-        "paramType": "body",
-        "name": "body",
-        "description": "",
-        "required": true,
-        "allowMultiple": false
-       }
-      ],
-      "responseMessages": [
-       {
-        "code": 200,
-        "message": "OK",
-        "responseModel": "v1beta3.Binding"
-       }
-      ],
-      "produces": [
-       "application/json"
-      ],
-      "consumes": [
-       "*/*"
-      ]
      }
     ]
    },
diff --git a/pkg/apiserver/api_installer.go b/pkg/apiserver/api_installer.go
index 5247180086f..6138f24d3bf 100644
--- a/pkg/apiserver/api_installer.go
+++ b/pkg/apiserver/api_installer.go
@@ -250,6 +250,7 @@ func (a *APIInstaller) registerResourceHandlers(path string, storage rest.Storag
 
 	// Get the list of actions for the given scope.
 	if scope.Name() != meta.RESTScopeNameNamespace {
+		// Handle non-namespace scoped resources like nodes.
 		resourcePath := resource
 		resourceParams := params
 		itemPath := resourcePath + "/{name}"
@@ -263,10 +264,12 @@ func (a *APIInstaller) registerResourceHandlers(path string, storage rest.Storag
 		namer := rootScopeNaming{scope, a.group.Linker, gpath.Join(a.prefix, itemPath)}
 
 		// Handler for standard REST verbs (GET, PUT, POST and DELETE).
+		// Add actions at the resource path: /api/apiVersion/resource
 		actions = appendIf(actions, action{"LIST", resourcePath, resourceParams, namer}, isLister)
 		actions = appendIf(actions, action{"POST", resourcePath, resourceParams, namer}, isCreater)
 		actions = appendIf(actions, action{"WATCHLIST", "watch/" + resourcePath, resourceParams, namer}, allowWatchList)
 
+		// Add actions at the item path: /api/apiVersion/resource/{name}
 		actions = appendIf(actions, action{"GET", itemPath, nameParams, namer}, isGetter)
 		if getSubpath {
 			actions = appendIf(actions, action{"GET", itemPath + "/{path:*}", proxyParams, namer}, isGetter)
@@ -281,8 +284,9 @@ func (a *APIInstaller) registerResourceHandlers(path string, storage rest.Storag
 		actions = appendIf(actions, action{"CONNECT", itemPath + "/{path:*}", proxyParams, namer}, isConnecter && connectSubpath)
 
 	} else {
-		// v1beta3+ format with namespace in path
+		// Handle namespace scoped resources like pods.
 		if scope.ParamPath() {
+			// Handle the case when namespace is part of the path.
 			// Handler for standard REST verbs (GET, PUT, POST and DELETE).
 			namespaceParam := ws.PathParameter(scope.ParamName(), scope.ParamDescription()).DataType("string")
 			namespacedPath := scope.ParamName() + "/{" + scope.ParamName() + "}/" + resource
@@ -300,11 +304,13 @@ func (a *APIInstaller) registerResourceHandlers(path string, storage rest.Storag
 			}
 			namer := scopeNaming{scope, a.group.Linker, gpath.Join(a.prefix, itemPath), false}
 
+			// Add actions at the resource path: /api/apiVersion/namespaces/{namespaces}/resource
 			actions = appendIf(actions, action{"LIST", resourcePath, resourceParams, namer}, isLister)
 			actions = appendIf(actions, action{"POST", resourcePath, resourceParams, namer}, isCreater)
 			// DEPRECATED
 			actions = appendIf(actions, action{"WATCHLIST", "watch/" + resourcePath, resourceParams, namer}, allowWatchList)
 
+			// Add actions at the item path: /api/apiVersion/namespaces/{namespaces}/resource/{name}
 			actions = appendIf(actions, action{"GET", itemPath, nameParams, namer}, isGetter)
 			if getSubpath {
 				actions = appendIf(actions, action{"GET", itemPath + "/{path:*}", proxyParams, namer}, isGetter)
@@ -319,13 +325,16 @@ func (a *APIInstaller) registerResourceHandlers(path string, storage rest.Storag
 			actions = appendIf(actions, action{"CONNECT", itemPath + "/{path:*}", proxyParams, namer}, isConnecter && connectSubpath)
 
 			// list or post across namespace.
+			// For ex: LIST all pods in all namespaces by sending a LIST request at /api/apiVersion/pods.
 			// TODO: more strongly type whether a resource allows these actions on "all namespaces" (bulk delete)
-			namer = scopeNaming{scope, a.group.Linker, gpath.Join(a.prefix, itemPath), true}
-			actions = appendIf(actions, action{"LIST", resource, params, namer}, isLister)
-			actions = appendIf(actions, action{"POST", resource, params, namer}, isCreater)
-			actions = appendIf(actions, action{"WATCHLIST", "watch/" + resource, params, namer}, allowWatchList)
+			if !hasSubresource {
+				namer = scopeNaming{scope, a.group.Linker, gpath.Join(a.prefix, itemPath), true}
+				actions = appendIf(actions, action{"LIST", resource, params, namer}, isLister)
+				actions = appendIf(actions, action{"POST", resource, params, namer}, isCreater)
+				actions = appendIf(actions, action{"WATCHLIST", "watch/" + resource, params, namer}, allowWatchList)
+			}
 		} else {
-			// Namespace as param is no longer supported
+			// Legacy behavior: Namespace as param is no longer supported
 			return fmt.Errorf("namespace as a parameter is no longer supported")
 		}
 	}