From 68a8a25494fef90fcdbfa26209d9934077b77da2 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Thu, 18 Jun 2015 22:35:42 -0400 Subject: [PATCH] Rename pod.spec.serviceAccount -> pod.spec.serviceAccountName for v1 --- api/swagger-spec/v1.json | 2 +- pkg/api/deep_copy_generated.go | 2 +- pkg/api/types.go | 4 ++-- pkg/api/v1/conversion_generated.go | 4 ++-- pkg/api/v1/deep_copy_generated.go | 2 +- pkg/api/v1/types.go | 4 ++-- pkg/api/v1beta3/conversion.go | 4 ++-- pkg/api/validation/validation.go | 6 +++--- pkg/api/validation/validation_test.go | 10 +++++----- .../pkg/admission/serviceaccount/admission.go | 12 ++++++------ .../admission/serviceaccount/admission_test.go | 18 +++++++++--------- 11 files changed, 34 insertions(+), 34 deletions(-) diff --git a/api/swagger-spec/v1.json b/api/swagger-spec/v1.json index 3bd16b6a6c4..1398011cb3e 100644 --- a/api/swagger-spec/v1.json +++ b/api/swagger-spec/v1.json @@ -12160,7 +12160,7 @@ "type": "any", "description": "selector which must match a node's labels for the pod to be scheduled on that node" }, - "serviceAccount": { + "serviceAccountName": { "type": "string", "description": "name of the ServiceAccount to use to run this pod" }, diff --git a/pkg/api/deep_copy_generated.go b/pkg/api/deep_copy_generated.go index 4df7d95fa6c..0bce691a3c1 100644 --- a/pkg/api/deep_copy_generated.go +++ b/pkg/api/deep_copy_generated.go @@ -1377,7 +1377,7 @@ func deepCopy_api_PodSpec(in PodSpec, out *PodSpec, c *conversion.Cloner) error } else { out.NodeSelector = nil } - out.ServiceAccount = in.ServiceAccount + out.ServiceAccountName = in.ServiceAccountName out.NodeName = in.NodeName out.HostNetwork = in.HostNetwork if in.ImagePullSecrets != nil { diff --git a/pkg/api/types.go b/pkg/api/types.go index 84cc2855502..aad515a7b74 100644 --- a/pkg/api/types.go +++ b/pkg/api/types.go @@ -882,9 +882,9 @@ type PodSpec struct { // NodeSelector is a selector which must be true for the pod to fit on a node NodeSelector map[string]string `json:"nodeSelector,omitempty"` - // ServiceAccount is the name of the ServiceAccount to use to run this pod + // ServiceAccountName is the name of the ServiceAccount to use to run this pod // The pod will be allowed to use secrets referenced by the ServiceAccount - ServiceAccount string `json:"serviceAccount"` + ServiceAccountName string `json:"serviceAccountName"` // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, // the scheduler simply schedules this pod onto that node, assuming that it fits resource diff --git a/pkg/api/v1/conversion_generated.go b/pkg/api/v1/conversion_generated.go index 02370bc4ca7..4f7ceb1ea3c 100644 --- a/pkg/api/v1/conversion_generated.go +++ b/pkg/api/v1/conversion_generated.go @@ -1516,7 +1516,7 @@ func convert_api_PodSpec_To_v1_PodSpec(in *api.PodSpec, out *PodSpec, s conversi } else { out.NodeSelector = nil } - out.ServiceAccount = in.ServiceAccount + out.ServiceAccountName = in.ServiceAccountName out.NodeName = in.NodeName out.HostNetwork = in.HostNetwork if in.ImagePullSecrets != nil { @@ -3824,7 +3824,7 @@ func convert_v1_PodSpec_To_api_PodSpec(in *PodSpec, out *api.PodSpec, s conversi } else { out.NodeSelector = nil } - out.ServiceAccount = in.ServiceAccount + out.ServiceAccountName = in.ServiceAccountName out.NodeName = in.NodeName out.HostNetwork = in.HostNetwork if in.ImagePullSecrets != nil { diff --git a/pkg/api/v1/deep_copy_generated.go b/pkg/api/v1/deep_copy_generated.go index 0cb2fdf5091..2366b4c9106 100644 --- a/pkg/api/v1/deep_copy_generated.go +++ b/pkg/api/v1/deep_copy_generated.go @@ -1308,7 +1308,7 @@ func deepCopy_v1_PodSpec(in PodSpec, out *PodSpec, c *conversion.Cloner) error { } else { out.NodeSelector = nil } - out.ServiceAccount = in.ServiceAccount + out.ServiceAccountName = in.ServiceAccountName out.NodeName = in.NodeName out.HostNetwork = in.HostNetwork if in.ImagePullSecrets != nil { diff --git a/pkg/api/v1/types.go b/pkg/api/v1/types.go index ce41ae764d8..cd168e5fc9e 100644 --- a/pkg/api/v1/types.go +++ b/pkg/api/v1/types.go @@ -885,8 +885,8 @@ type PodSpec struct { // NodeSelector is a selector which must be true for the pod to fit on a node NodeSelector map[string]string `json:"nodeSelector,omitempty" description:"selector which must match a node's labels for the pod to be scheduled on that node"` - // ServiceAccount is the name of the ServiceAccount to use to run this pod - ServiceAccount string `json:"serviceAccount,omitempty" description:"name of the ServiceAccount to use to run this pod"` + // ServiceAccountName is the name of the ServiceAccount to use to run this pod + ServiceAccountName string `json:"serviceAccountName,omitempty" description:"name of the ServiceAccount to use to run this pod"` // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, // the scheduler simply schedules this pod onto that node, assuming that it fits resource diff --git a/pkg/api/v1beta3/conversion.go b/pkg/api/v1beta3/conversion.go index f0f779fed0c..7bf02e8b44d 100644 --- a/pkg/api/v1beta3/conversion.go +++ b/pkg/api/v1beta3/conversion.go @@ -490,7 +490,7 @@ func convert_v1beta3_PodSpec_To_api_PodSpec(in *PodSpec, out *api.PodSpec, s con } else { out.NodeSelector = nil } - out.ServiceAccount = in.ServiceAccount + out.ServiceAccountName = in.ServiceAccount out.NodeName = in.Host out.HostNetwork = in.HostNetwork if in.ImagePullSecrets != nil { @@ -552,7 +552,7 @@ func convert_api_PodSpec_To_v1beta3_PodSpec(in *api.PodSpec, out *PodSpec, s con } else { out.NodeSelector = nil } - out.ServiceAccount = in.ServiceAccount + out.ServiceAccount = in.ServiceAccountName out.Host = in.NodeName out.HostNetwork = in.HostNetwork if in.ImagePullSecrets != nil { diff --git a/pkg/api/validation/validation.go b/pkg/api/validation/validation.go index b287747b344..2a5445b75c7 100644 --- a/pkg/api/validation/validation.go +++ b/pkg/api/validation/validation.go @@ -963,9 +963,9 @@ func ValidatePodSpec(spec *api.PodSpec) errs.ValidationErrorList { allErrs = append(allErrs, ValidateLabels(spec.NodeSelector, "nodeSelector")...) allErrs = append(allErrs, validateHostNetwork(spec.HostNetwork, spec.Containers).Prefix("hostNetwork")...) allErrs = append(allErrs, validateImagePullSecrets(spec.ImagePullSecrets).Prefix("imagePullSecrets")...) - if len(spec.ServiceAccount) > 0 { - if ok, msg := ValidateServiceAccountName(spec.ServiceAccount, false); !ok { - allErrs = append(allErrs, errs.NewFieldInvalid("serviceAccount", spec.ServiceAccount, msg)) + if len(spec.ServiceAccountName) > 0 { + if ok, msg := ValidateServiceAccountName(spec.ServiceAccountName, false); !ok { + allErrs = append(allErrs, errs.NewFieldInvalid("serviceAccountName", spec.ServiceAccountName, msg)) } } diff --git a/pkg/api/validation/validation_test.go b/pkg/api/validation/validation_test.go index 72bda67fddf..ea841e5680b 100644 --- a/pkg/api/validation/validation_test.go +++ b/pkg/api/validation/validation_test.go @@ -1052,7 +1052,7 @@ func TestValidatePodSpec(t *testing.T) { NodeName: "foobar", DNSPolicy: api.DNSClusterFirst, ActiveDeadlineSeconds: &activeDeadlineSeconds, - ServiceAccount: "acct", + ServiceAccountName: "acct", }, { // Populate HostNetwork. Containers: []api.Container{ @@ -1094,10 +1094,10 @@ func TestValidatePodSpec(t *testing.T) { Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}}, }, "bad service account name": { - Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}}, - RestartPolicy: api.RestartPolicyAlways, - DNSPolicy: api.DNSClusterFirst, - ServiceAccount: "invalidName", + Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}}, + RestartPolicy: api.RestartPolicyAlways, + DNSPolicy: api.DNSClusterFirst, + ServiceAccountName: "invalidName", }, "bad restart policy": { RestartPolicy: "UnknowPolicy", diff --git a/plugin/pkg/admission/serviceaccount/admission.go b/plugin/pkg/admission/serviceaccount/admission.go index 5e3d486757c..80322a557ea 100644 --- a/plugin/pkg/admission/serviceaccount/admission.go +++ b/plugin/pkg/admission/serviceaccount/admission.go @@ -150,7 +150,7 @@ func (s *serviceAccount) Admit(a admission.Attributes) (err error) { // That makes the kubelet very angry and confused, and it immediately deletes the pod (because the spec doesn't match) // That said, don't allow mirror pods to reference ServiceAccounts or SecretVolumeSources either if _, isMirrorPod := pod.Annotations[kubelet.ConfigMirrorAnnotationKey]; isMirrorPod { - if len(pod.Spec.ServiceAccount) != 0 { + if len(pod.Spec.ServiceAccountName) != 0 { return admission.NewForbidden(a, fmt.Errorf("A mirror pod may not reference service accounts")) } for _, volume := range pod.Spec.Volumes { @@ -162,17 +162,17 @@ func (s *serviceAccount) Admit(a admission.Attributes) (err error) { } // Set the default service account if needed - if len(pod.Spec.ServiceAccount) == 0 { - pod.Spec.ServiceAccount = DefaultServiceAccountName + if len(pod.Spec.ServiceAccountName) == 0 { + pod.Spec.ServiceAccountName = DefaultServiceAccountName } // Ensure the referenced service account exists - serviceAccount, err := s.getServiceAccount(a.GetNamespace(), pod.Spec.ServiceAccount) + serviceAccount, err := s.getServiceAccount(a.GetNamespace(), pod.Spec.ServiceAccountName) if err != nil { - return admission.NewForbidden(a, fmt.Errorf("Error looking up service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccount, err)) + return admission.NewForbidden(a, fmt.Errorf("Error looking up service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccountName, err)) } if serviceAccount == nil { - return admission.NewForbidden(a, fmt.Errorf("Missing service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccount, err)) + return admission.NewForbidden(a, fmt.Errorf("Missing service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccountName, err)) } if s.LimitSecretReferences { diff --git a/plugin/pkg/admission/serviceaccount/admission_test.go b/plugin/pkg/admission/serviceaccount/admission_test.go index 81977a546a9..7c7fa0e4332 100644 --- a/plugin/pkg/admission/serviceaccount/admission_test.go +++ b/plugin/pkg/admission/serviceaccount/admission_test.go @@ -93,7 +93,7 @@ func TestRejectsMirrorPodWithServiceAccount(t *testing.T) { }, }, Spec: api.PodSpec{ - ServiceAccount: "default", + ServiceAccountName: "default", }, } attrs := admission.NewAttributesRecord(pod, "Pod", "myns", string(api.ResourcePods), admission.Create, nil) @@ -143,8 +143,8 @@ func TestAssignsDefaultServiceAccountAndToleratesMissingAPIToken(t *testing.T) { if err != nil { t.Errorf("Unexpected error: %v", err) } - if pod.Spec.ServiceAccount != DefaultServiceAccountName { - t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccount) + if pod.Spec.ServiceAccountName != DefaultServiceAccountName { + t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccountName) } } @@ -167,8 +167,8 @@ func TestFetchesUncachedServiceAccount(t *testing.T) { if err != nil { t.Errorf("Unexpected error: %v", err) } - if pod.Spec.ServiceAccount != DefaultServiceAccountName { - t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccount) + if pod.Spec.ServiceAccountName != DefaultServiceAccountName { + t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccountName) } } @@ -248,8 +248,8 @@ func TestAutomountsAPIToken(t *testing.T) { if err != nil { t.Errorf("Unexpected error: %v", err) } - if pod.Spec.ServiceAccount != DefaultServiceAccountName { - t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccount) + if pod.Spec.ServiceAccountName != DefaultServiceAccountName { + t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccountName) } if len(pod.Spec.Volumes) != 1 { t.Fatalf("Expected 1 volume, got %d", len(pod.Spec.Volumes)) @@ -326,8 +326,8 @@ func TestRespectsExistingMount(t *testing.T) { if err != nil { t.Errorf("Unexpected error: %v", err) } - if pod.Spec.ServiceAccount != DefaultServiceAccountName { - t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccount) + if pod.Spec.ServiceAccountName != DefaultServiceAccountName { + t.Errorf("Expected service account %s assigned, got %s", DefaultServiceAccountName, pod.Spec.ServiceAccountName) } if len(pod.Spec.Volumes) != 0 { t.Fatalf("Expected 0 volumes (shouldn't create a volume for a secret we don't need), got %d", len(pod.Spec.Volumes))