From 161a817812ecf361caaa00716ad5f00f604e48b0 Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Thu, 12 Dec 2024 11:49:15 -0500 Subject: [PATCH] Clean up v1alpha1 serving for authorization API --- .../rest/storage_authentication.go | 16 ---- .../auth/selfsubjectreview_test.go | 88 +++++-------------- 2 files changed, 21 insertions(+), 83 deletions(-) diff --git a/pkg/registry/authentication/rest/storage_authentication.go b/pkg/registry/authentication/rest/storage_authentication.go index f8ce43edb7b..8a1115a355c 100644 --- a/pkg/registry/authentication/rest/storage_authentication.go +++ b/pkg/registry/authentication/rest/storage_authentication.go @@ -18,7 +18,6 @@ package rest import ( authenticationv1 "k8s.io/api/authentication/v1" - authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1" authenticationv1beta1 "k8s.io/api/authentication/v1beta1" "k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/registry/generic" @@ -46,10 +45,6 @@ func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorag // If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities. // TODO refactor the plumbing to provide the information in the APIGroupInfo - if storageMap := p.v1alpha1Storage(apiResourceConfigSource, restOptionsGetter); len(storageMap) > 0 { - apiGroupInfo.VersionedResourcesStorageMap[authenticationv1alpha1.SchemeGroupVersion.Version] = storageMap - } - if storageMap := p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter); len(storageMap) > 0 { apiGroupInfo.VersionedResourcesStorageMap[authenticationv1beta1.SchemeGroupVersion.Version] = storageMap } @@ -77,17 +72,6 @@ func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.API return storage } -func (p RESTStorageProvider) v1alpha1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage { - storage := map[string]rest.Storage{} - - // selfsubjectreviews - if resource := "selfsubjectreviews"; apiResourceConfigSource.ResourceEnabled(authenticationv1alpha1.SchemeGroupVersion.WithResource(resource)) { - selfSRStorage := selfsubjectreview.NewREST() - storage[resource] = selfSRStorage - } - return storage -} - func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage { storage := map[string]rest.Storage{} diff --git a/test/integration/auth/selfsubjectreview_test.go b/test/integration/auth/selfsubjectreview_test.go index c96baf847d3..afe69e6b1b9 100644 --- a/test/integration/auth/selfsubjectreview_test.go +++ b/test/integration/auth/selfsubjectreview_test.go @@ -26,7 +26,6 @@ import ( "testing" authenticationv1 "k8s.io/api/authentication/v1" - authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1" authenticationv1beta1 "k8s.io/api/authentication/v1beta1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apiserver/pkg/authentication/authenticator" @@ -39,7 +38,7 @@ import ( func TestGetsSelfAttributes(t *testing.T) { // KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE allows for APIs pending removal to not block tests - // TODO: Remove this line once authentication v1alpha1 types to be removed in 1.32 are fully removed + // TODO: Remove this line when oldest emulation version is 1.34, along with removal of v1beta1 SelfSubjectReview (unservable by default but still servable via this envvar in 1.33) t.Setenv("KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE", "true") tests := []struct { @@ -98,7 +97,6 @@ func TestGetsSelfAttributes(t *testing.T) { kubeClient, _, tearDownFn := framework.StartTestServer(tCtx, t, framework.TestServerSetup{ ModifyServerRunOptions: func(opts *options.ServerRunOptions) { - opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1alpha1=true") opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1beta1=true") opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1=true") opts.Authorization.Modes = []string{"AlwaysAllow"} @@ -121,85 +119,58 @@ func TestGetsSelfAttributes(t *testing.T) { response = tc.userInfo respMu.Unlock() - res, err := kubeClient.AuthenticationV1alpha1(). - SelfSubjectReviews(). - Create(tCtx, &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{}) - if err != nil { - t.Fatalf("unexpected error: %v", err) - } - - if res == nil { - t.Fatalf("empty response") - } - - if res.Status.UserInfo.Username != tc.expectedName { - t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, res.Status.UserInfo.Username) - } - - if res.Status.UserInfo.UID != tc.expectedUID { - t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, res.Status.UserInfo.UID) - } - - if !reflect.DeepEqual(res.Status.UserInfo.Groups, tc.expectedGroups) { - t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, res.Status.UserInfo.Groups) - } - - if !reflect.DeepEqual(res.Status.UserInfo.Extra, tc.expectedExtra) { - t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, res.Status.UserInfo.Extra) - } - - res2, err := kubeClient.AuthenticationV1beta1(). + resBeta, err := kubeClient.AuthenticationV1beta1(). SelfSubjectReviews(). Create(tCtx, &authenticationv1beta1.SelfSubjectReview{}, metav1.CreateOptions{}) if err != nil { t.Fatalf("unexpected error: %v", err) } - if res2 == nil { + if resBeta == nil { t.Fatalf("empty response") } - if res2.Status.UserInfo.Username != tc.expectedName { - t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, res.Status.UserInfo.Username) + if resBeta.Status.UserInfo.Username != tc.expectedName { + t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, resBeta.Status.UserInfo.Username) } - if res2.Status.UserInfo.UID != tc.expectedUID { - t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, res.Status.UserInfo.UID) + if resBeta.Status.UserInfo.UID != tc.expectedUID { + t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, resBeta.Status.UserInfo.UID) } - if !reflect.DeepEqual(res2.Status.UserInfo.Groups, tc.expectedGroups) { - t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, res.Status.UserInfo.Groups) + if !reflect.DeepEqual(resBeta.Status.UserInfo.Groups, tc.expectedGroups) { + t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, resBeta.Status.UserInfo.Groups) } - if !reflect.DeepEqual(res2.Status.UserInfo.Extra, tc.expectedExtra) { - t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, res.Status.UserInfo.Extra) + if !reflect.DeepEqual(resBeta.Status.UserInfo.Extra, tc.expectedExtra) { + t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, resBeta.Status.UserInfo.Extra) } - res3, err := kubeClient.AuthenticationV1(). + resV1, err := kubeClient.AuthenticationV1(). SelfSubjectReviews(). Create(context.TODO(), &authenticationv1.SelfSubjectReview{}, metav1.CreateOptions{}) if err != nil { t.Fatalf("unexpected error: %v", err) } - if res3 == nil { + if resV1 == nil { t.Fatalf("empty response") } - if res3.Status.UserInfo.Username != tc.expectedName { - t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, res.Status.UserInfo.Username) + if resV1.Status.UserInfo.Username != tc.expectedName { + t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, resV1.Status.UserInfo.Username) } - if res3.Status.UserInfo.UID != tc.expectedUID { - t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, res.Status.UserInfo.UID) + if resV1.Status.UserInfo.UID != tc.expectedUID { + t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, resV1.Status.UserInfo.UID) } - if !reflect.DeepEqual(res3.Status.UserInfo.Groups, tc.expectedGroups) { - t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, res.Status.UserInfo.Groups) + if !reflect.DeepEqual(resV1.Status.UserInfo.Groups, tc.expectedGroups) { + t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, resV1.Status.UserInfo.Groups) } - if !reflect.DeepEqual(res3.Status.UserInfo.Extra, tc.expectedExtra) { - t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, res.Status.UserInfo.Extra) + if !reflect.DeepEqual(resV1.Status.UserInfo.Extra, tc.expectedExtra) { + t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, resV1.Status.UserInfo.Extra) } }) } @@ -212,7 +183,6 @@ func TestGetsSelfAttributesError(t *testing.T) { tCtx := ktesting.Init(t) kubeClient, _, tearDownFn := framework.StartTestServer(tCtx, t, framework.TestServerSetup{ ModifyServerRunOptions: func(opts *options.ServerRunOptions) { - opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1alpha1=true") opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1beta1=true") opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1=true") opts.Authorization.Modes = []string{"AlwaysAllow"} @@ -237,22 +207,6 @@ func TestGetsSelfAttributesError(t *testing.T) { expected := fmt.Errorf("Unauthorized") - { // v1alpha1 - toggle.Store(!toggle.Load().(bool)) - - _, err := kubeClient.AuthenticationV1alpha1(). - SelfSubjectReviews(). - Create(tCtx, &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{}) - if err == nil { - t.Fatalf("expected error: %v, got nil", err) - } - - toggle.Store(!toggle.Load().(bool)) - if expected.Error() != err.Error() { - t.Fatalf("expected error: %v, got %v", expected, err) - } - } - { // v1beta1 toggle.Store(!toggle.Load().(bool))