From 5954f34ade6b56d996ceaa46d403bbf07a164b9b Mon Sep 17 00:00:00 2001 From: Mike Danese Date: Mon, 10 Feb 2020 10:57:24 -0800 Subject: [PATCH] migrate authenticator and authorizer to Create --- .../plugin/pkg/authenticator/token/webhook/BUILD | 1 + .../plugin/pkg/authenticator/token/webhook/webhook.go | 9 +++++---- .../k8s.io/apiserver/plugin/pkg/authorizer/webhook/BUILD | 1 + .../apiserver/plugin/pkg/authorizer/webhook/webhook.go | 9 +++++---- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/BUILD b/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/BUILD index e374e481bd7..dc2839f18d2 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/BUILD +++ b/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/BUILD @@ -36,6 +36,7 @@ go_library( deps = [ "//staging/src/k8s.io/api/authentication/v1:go_default_library", "//staging/src/k8s.io/api/authentication/v1beta1:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library", diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go b/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go index 1912959e5ae..7410d1959ed 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go +++ b/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go @@ -25,6 +25,7 @@ import ( authenticationv1 "k8s.io/api/authentication/v1" authenticationv1beta1 "k8s.io/api/authentication/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apiserver/pkg/authentication/authenticator" @@ -41,7 +42,7 @@ const retryBackoff = 500 * time.Millisecond var _ authenticator.Token = (*WebhookTokenAuthenticator)(nil) type tokenReviewer interface { - CreateContext(ctx context.Context, review *authenticationv1.TokenReview) (*authenticationv1.TokenReview, error) + Create(ctx context.Context, review *authenticationv1.TokenReview, _ metav1.CreateOptions) (*authenticationv1.TokenReview, error) } type WebhookTokenAuthenticator struct { @@ -101,7 +102,7 @@ func (w *WebhookTokenAuthenticator) AuthenticateToken(ctx context.Context, token auds authenticator.Audiences ) webhook.WithExponentialBackoff(ctx, w.initialBackoff, func() error { - result, err = w.tokenReview.CreateContext(ctx, r) + result, err = w.tokenReview.Create(ctx, r, metav1.CreateOptions{}) return err }, webhook.DefaultShouldRetry) if err != nil { @@ -196,7 +197,7 @@ type tokenReviewV1Client struct { w *webhook.GenericWebhook } -func (t *tokenReviewV1Client) CreateContext(ctx context.Context, review *authenticationv1.TokenReview) (*authenticationv1.TokenReview, error) { +func (t *tokenReviewV1Client) Create(ctx context.Context, review *authenticationv1.TokenReview, _ metav1.CreateOptions) (*authenticationv1.TokenReview, error) { result := &authenticationv1.TokenReview{} err := t.w.RestClient.Post().Body(review).Do(ctx).Into(result) return result, err @@ -206,7 +207,7 @@ type tokenReviewV1beta1Client struct { w *webhook.GenericWebhook } -func (t *tokenReviewV1beta1Client) CreateContext(ctx context.Context, review *authenticationv1.TokenReview) (*authenticationv1.TokenReview, error) { +func (t *tokenReviewV1beta1Client) Create(ctx context.Context, review *authenticationv1.TokenReview, _ metav1.CreateOptions) (*authenticationv1.TokenReview, error) { v1beta1Review := &authenticationv1beta1.TokenReview{Spec: v1SpecToV1beta1Spec(&review.Spec)} v1beta1Result := &authenticationv1beta1.TokenReview{} err := t.w.RestClient.Post().Body(v1beta1Review).Do(ctx).Into(v1beta1Result) diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/BUILD b/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/BUILD index 2c15fa97631..b3208931c75 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/BUILD +++ b/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/BUILD @@ -35,6 +35,7 @@ go_library( deps = [ "//staging/src/k8s.io/api/authorization/v1:go_default_library", "//staging/src/k8s.io/api/authorization/v1beta1:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/cache:go_default_library", diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go b/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go index fecf7aab8e8..cc8b5e78bc6 100644 --- a/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go +++ b/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go @@ -27,6 +27,7 @@ import ( authorizationv1 "k8s.io/api/authorization/v1" authorizationv1beta1 "k8s.io/api/authorization/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/cache" @@ -47,7 +48,7 @@ const ( var _ authorizer.Authorizer = (*WebhookAuthorizer)(nil) type subjectAccessReviewer interface { - CreateContext(context.Context, *authorizationv1.SubjectAccessReview) (*authorizationv1.SubjectAccessReview, error) + Create(context.Context, *authorizationv1.SubjectAccessReview, metav1.CreateOptions) (*authorizationv1.SubjectAccessReview, error) } type WebhookAuthorizer struct { @@ -189,7 +190,7 @@ func (w *WebhookAuthorizer) Authorize(ctx context.Context, attr authorizer.Attri err error ) webhook.WithExponentialBackoff(ctx, w.initialBackoff, func() error { - result, err = w.subjectAccessReview.CreateContext(ctx, r) + result, err = w.subjectAccessReview.Create(ctx, r, metav1.CreateOptions{}) return err }, webhook.DefaultShouldRetry) if err != nil { @@ -287,7 +288,7 @@ type subjectAccessReviewV1Client struct { w *webhook.GenericWebhook } -func (t *subjectAccessReviewV1Client) CreateContext(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview) (*authorizationv1.SubjectAccessReview, error) { +func (t *subjectAccessReviewV1Client) Create(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview, _ metav1.CreateOptions) (*authorizationv1.SubjectAccessReview, error) { result := &authorizationv1.SubjectAccessReview{} err := t.w.RestClient.Post().Body(subjectAccessReview).Do(ctx).Into(result) return result, err @@ -297,7 +298,7 @@ type subjectAccessReviewV1beta1Client struct { w *webhook.GenericWebhook } -func (t *subjectAccessReviewV1beta1Client) CreateContext(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview) (*authorizationv1.SubjectAccessReview, error) { +func (t *subjectAccessReviewV1beta1Client) Create(ctx context.Context, subjectAccessReview *authorizationv1.SubjectAccessReview, _ metav1.CreateOptions) (*authorizationv1.SubjectAccessReview, error) { v1beta1Review := &authorizationv1beta1.SubjectAccessReview{Spec: v1SpecToV1beta1Spec(&subjectAccessReview.Spec)} v1beta1Result := &authorizationv1beta1.SubjectAccessReview{} err := t.w.RestClient.Post().Body(v1beta1Review).Do(ctx).Into(v1beta1Result)