Skip to content

Commit 58aafb6

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request kubernetes#129186 from liggitt/cleanup-authorization
Clean up v1alpha1 serving for authentication APIs
2 parents 3fb2a38 + 161a817 commit 58aafb6

File tree

2 files changed

+21
-83
lines changed

2 files changed

+21
-83
lines changed

pkg/registry/authentication/rest/storage_authentication.go

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@ package rest
1818

1919
import (
2020
authenticationv1 "k8s.io/api/authentication/v1"
21-
authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1"
2221
authenticationv1beta1 "k8s.io/api/authentication/v1beta1"
2322
"k8s.io/apiserver/pkg/authentication/authenticator"
2423
"k8s.io/apiserver/pkg/registry/generic"
@@ -46,10 +45,6 @@ func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorag
4645
// If you add a version here, be sure to add an entry in `k8s.io/kubernetes/cmd/kube-apiserver/app/aggregator.go with specific priorities.
4746
// TODO refactor the plumbing to provide the information in the APIGroupInfo
4847

49-
if storageMap := p.v1alpha1Storage(apiResourceConfigSource, restOptionsGetter); len(storageMap) > 0 {
50-
apiGroupInfo.VersionedResourcesStorageMap[authenticationv1alpha1.SchemeGroupVersion.Version] = storageMap
51-
}
52-
5348
if storageMap := p.v1beta1Storage(apiResourceConfigSource, restOptionsGetter); len(storageMap) > 0 {
5449
apiGroupInfo.VersionedResourcesStorageMap[authenticationv1beta1.SchemeGroupVersion.Version] = storageMap
5550
}
@@ -77,17 +72,6 @@ func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.API
7772
return storage
7873
}
7974

80-
func (p RESTStorageProvider) v1alpha1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage {
81-
storage := map[string]rest.Storage{}
82-
83-
// selfsubjectreviews
84-
if resource := "selfsubjectreviews"; apiResourceConfigSource.ResourceEnabled(authenticationv1alpha1.SchemeGroupVersion.WithResource(resource)) {
85-
selfSRStorage := selfsubjectreview.NewREST()
86-
storage[resource] = selfSRStorage
87-
}
88-
return storage
89-
}
90-
9175
func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage {
9276
storage := map[string]rest.Storage{}
9377

test/integration/auth/selfsubjectreview_test.go

Lines changed: 21 additions & 67 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,6 @@ import (
2626
"testing"
2727

2828
authenticationv1 "k8s.io/api/authentication/v1"
29-
authenticationv1alpha1 "k8s.io/api/authentication/v1alpha1"
3029
authenticationv1beta1 "k8s.io/api/authentication/v1beta1"
3130
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
3231
"k8s.io/apiserver/pkg/authentication/authenticator"
@@ -39,7 +38,7 @@ import (
3938

4039
func TestGetsSelfAttributes(t *testing.T) {
4140
// KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE allows for APIs pending removal to not block tests
42-
// TODO: Remove this line once authentication v1alpha1 types to be removed in 1.32 are fully removed
41+
// TODO: Remove this line when oldest emulation version is 1.34, along with removal of v1beta1 SelfSubjectReview (unservable by default but still servable via this envvar in 1.33)
4342
t.Setenv("KUBE_APISERVER_SERVE_REMOVED_APIS_FOR_ONE_RELEASE", "true")
4443

4544
tests := []struct {
@@ -98,7 +97,6 @@ func TestGetsSelfAttributes(t *testing.T) {
9897

9998
kubeClient, _, tearDownFn := framework.StartTestServer(tCtx, t, framework.TestServerSetup{
10099
ModifyServerRunOptions: func(opts *options.ServerRunOptions) {
101-
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1alpha1=true")
102100
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1beta1=true")
103101
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1=true")
104102
opts.Authorization.Modes = []string{"AlwaysAllow"}
@@ -121,85 +119,58 @@ func TestGetsSelfAttributes(t *testing.T) {
121119
response = tc.userInfo
122120
respMu.Unlock()
123121

124-
res, err := kubeClient.AuthenticationV1alpha1().
125-
SelfSubjectReviews().
126-
Create(tCtx, &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{})
127-
if err != nil {
128-
t.Fatalf("unexpected error: %v", err)
129-
}
130-
131-
if res == nil {
132-
t.Fatalf("empty response")
133-
}
134-
135-
if res.Status.UserInfo.Username != tc.expectedName {
136-
t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, res.Status.UserInfo.Username)
137-
}
138-
139-
if res.Status.UserInfo.UID != tc.expectedUID {
140-
t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, res.Status.UserInfo.UID)
141-
}
142-
143-
if !reflect.DeepEqual(res.Status.UserInfo.Groups, tc.expectedGroups) {
144-
t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, res.Status.UserInfo.Groups)
145-
}
146-
147-
if !reflect.DeepEqual(res.Status.UserInfo.Extra, tc.expectedExtra) {
148-
t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, res.Status.UserInfo.Extra)
149-
}
150-
151-
res2, err := kubeClient.AuthenticationV1beta1().
122+
resBeta, err := kubeClient.AuthenticationV1beta1().
152123
SelfSubjectReviews().
153124
Create(tCtx, &authenticationv1beta1.SelfSubjectReview{}, metav1.CreateOptions{})
154125
if err != nil {
155126
t.Fatalf("unexpected error: %v", err)
156127
}
157128

158-
if res2 == nil {
129+
if resBeta == nil {
159130
t.Fatalf("empty response")
160131
}
161132

162-
if res2.Status.UserInfo.Username != tc.expectedName {
163-
t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, res.Status.UserInfo.Username)
133+
if resBeta.Status.UserInfo.Username != tc.expectedName {
134+
t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, resBeta.Status.UserInfo.Username)
164135
}
165136

166-
if res2.Status.UserInfo.UID != tc.expectedUID {
167-
t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, res.Status.UserInfo.UID)
137+
if resBeta.Status.UserInfo.UID != tc.expectedUID {
138+
t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, resBeta.Status.UserInfo.UID)
168139
}
169140

170-
if !reflect.DeepEqual(res2.Status.UserInfo.Groups, tc.expectedGroups) {
171-
t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, res.Status.UserInfo.Groups)
141+
if !reflect.DeepEqual(resBeta.Status.UserInfo.Groups, tc.expectedGroups) {
142+
t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, resBeta.Status.UserInfo.Groups)
172143
}
173144

174-
if !reflect.DeepEqual(res2.Status.UserInfo.Extra, tc.expectedExtra) {
175-
t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, res.Status.UserInfo.Extra)
145+
if !reflect.DeepEqual(resBeta.Status.UserInfo.Extra, tc.expectedExtra) {
146+
t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, resBeta.Status.UserInfo.Extra)
176147
}
177148

178-
res3, err := kubeClient.AuthenticationV1().
149+
resV1, err := kubeClient.AuthenticationV1().
179150
SelfSubjectReviews().
180151
Create(context.TODO(), &authenticationv1.SelfSubjectReview{}, metav1.CreateOptions{})
181152
if err != nil {
182153
t.Fatalf("unexpected error: %v", err)
183154
}
184155

185-
if res3 == nil {
156+
if resV1 == nil {
186157
t.Fatalf("empty response")
187158
}
188159

189-
if res3.Status.UserInfo.Username != tc.expectedName {
190-
t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, res.Status.UserInfo.Username)
160+
if resV1.Status.UserInfo.Username != tc.expectedName {
161+
t.Fatalf("unexpected username: wanted %s, got %s", tc.expectedName, resV1.Status.UserInfo.Username)
191162
}
192163

193-
if res3.Status.UserInfo.UID != tc.expectedUID {
194-
t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, res.Status.UserInfo.UID)
164+
if resV1.Status.UserInfo.UID != tc.expectedUID {
165+
t.Fatalf("unexpected uid: wanted %s, got %s", tc.expectedUID, resV1.Status.UserInfo.UID)
195166
}
196167

197-
if !reflect.DeepEqual(res3.Status.UserInfo.Groups, tc.expectedGroups) {
198-
t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, res.Status.UserInfo.Groups)
168+
if !reflect.DeepEqual(resV1.Status.UserInfo.Groups, tc.expectedGroups) {
169+
t.Fatalf("unexpected groups: wanted %v, got %v", tc.expectedGroups, resV1.Status.UserInfo.Groups)
199170
}
200171

201-
if !reflect.DeepEqual(res3.Status.UserInfo.Extra, tc.expectedExtra) {
202-
t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, res.Status.UserInfo.Extra)
172+
if !reflect.DeepEqual(resV1.Status.UserInfo.Extra, tc.expectedExtra) {
173+
t.Fatalf("unexpected extra: wanted %v, got %v", tc.expectedExtra, resV1.Status.UserInfo.Extra)
203174
}
204175
})
205176
}
@@ -212,7 +183,6 @@ func TestGetsSelfAttributesError(t *testing.T) {
212183
tCtx := ktesting.Init(t)
213184
kubeClient, _, tearDownFn := framework.StartTestServer(tCtx, t, framework.TestServerSetup{
214185
ModifyServerRunOptions: func(opts *options.ServerRunOptions) {
215-
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1alpha1=true")
216186
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1beta1=true")
217187
opts.APIEnablement.RuntimeConfig.Set("authentication.k8s.io/v1=true")
218188
opts.Authorization.Modes = []string{"AlwaysAllow"}
@@ -237,22 +207,6 @@ func TestGetsSelfAttributesError(t *testing.T) {
237207

238208
expected := fmt.Errorf("Unauthorized")
239209

240-
{ // v1alpha1
241-
toggle.Store(!toggle.Load().(bool))
242-
243-
_, err := kubeClient.AuthenticationV1alpha1().
244-
SelfSubjectReviews().
245-
Create(tCtx, &authenticationv1alpha1.SelfSubjectReview{}, metav1.CreateOptions{})
246-
if err == nil {
247-
t.Fatalf("expected error: %v, got nil", err)
248-
}
249-
250-
toggle.Store(!toggle.Load().(bool))
251-
if expected.Error() != err.Error() {
252-
t.Fatalf("expected error: %v, got %v", expected, err)
253-
}
254-
}
255-
256210
{ // v1beta1
257211
toggle.Store(!toggle.Load().(bool))
258212

0 commit comments

Comments
 (0)