Merge pull request kubernetes#87791 from mikedanese/authexp

remove authn/z expansions

Author: k8s-ci-robot

staging/src/k8s.io/api/authentication/v1/types.go

@@ -40,7 +40,7 @@ const (
 
 // +genclient
 // +genclient:nonNamespaced
-// +genclient:noVerbs
+// +genclient:onlyVerbs=create
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // TokenReview attempts to authenticate a token to a known user.

staging/src/k8s.io/api/authentication/v1beta1/types.go

@@ -24,7 +24,7 @@ import (
 
 // +genclient
 // +genclient:nonNamespaced
-// +genclient:noVerbs
+// +genclient:onlyVerbs=create
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // TokenReview attempts to authenticate a token to a known user.

staging/src/k8s.io/api/authorization/v1/types.go

@@ -24,7 +24,7 @@ import (
 
 // +genclient
 // +genclient:nonNamespaced
-// +genclient:noVerbs
+// +genclient:onlyVerbs=create
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // SubjectAccessReview checks whether or not a user or group can perform an action.
@@ -43,7 +43,7 @@ type SubjectAccessReview struct {
 
 // +genclient
 // +genclient:nonNamespaced
-// +genclient:noVerbs
+// +genclient:onlyVerbs=create
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // SelfSubjectAccessReview checks whether or the current user can perform an action.  Not filling in a
@@ -63,7 +63,7 @@ type SelfSubjectAccessReview struct {
 }
 
 // +genclient
-// +genclient:noVerbs
+// +genclient:onlyVerbs=create
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace.
@@ -189,7 +189,7 @@ type SubjectAccessReviewStatus struct {
 
 // +genclient
 // +genclient:nonNamespaced
-// +genclient:noVerbs
+// +genclient:onlyVerbs=create
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace.

staging/src/k8s.io/api/authorization/v1beta1/types.go

@@ -24,7 +24,7 @@ import (
 
 // +genclient
 // +genclient:nonNamespaced
-// +genclient:noVerbs
+// +genclient:onlyVerbs=create
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // SubjectAccessReview checks whether or not a user or group can perform an action.
@@ -43,7 +43,7 @@ type SubjectAccessReview struct {
 
 // +genclient
 // +genclient:nonNamespaced
-// +genclient:noVerbs
+// +genclient:onlyVerbs=create
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // SelfSubjectAccessReview checks whether or the current user can perform an action.  Not filling in a
@@ -63,7 +63,7 @@ type SelfSubjectAccessReview struct {
 }
 
 // +genclient
-// +genclient:noVerbs
+// +genclient:onlyVerbs=create
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace.
@@ -189,7 +189,7 @@ type SubjectAccessReviewStatus struct {
 
 // +genclient
 // +genclient:nonNamespaced
-// +genclient:noVerbs
+// +genclient:onlyVerbs=create
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace.

staging/src/k8s.io/api/core/v1/types.go

@@ -4061,6 +4061,7 @@ type ServiceList struct {
 }
 
 // +genclient
+// +genclient:method=CreateToken,verb=create,subresource=token,input=k8s.io/api/authentication/v1.TokenRequest,result=k8s.io/api/authentication/v1.TokenRequest
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // ServiceAccount binds together:

staging/src/k8s.io/client-go/kubernetes/typed/authentication/v1/fake/BUILD

@@ -17,6 +17,7 @@ go_library(
     importpath = "k8s.io/client-go/kubernetes/typed/authentication/v1/fake",
     deps = [
         "//staging/src/k8s.io/api/authentication/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
         "//staging/src/k8s.io/client-go/kubernetes/typed/authentication/v1:go_default_library",
         "//staging/src/k8s.io/client-go/rest:go_default_library",
         "//staging/src/k8s.io/client-go/testing:go_default_library",

staging/src/k8s.io/client-go/kubernetes/typed/authentication/v1/fake/fake_tokenreview.go

@@ -23,10 +23,6 @@ import (
 	core "k8s.io/client-go/testing"
 )
 
-func (c *FakeTokenReviews) Create(tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error) {
-	return c.CreateContext(context.Background(), tokenReview)
-}
-
 func (c *FakeTokenReviews) CreateContext(ctx context.Context, tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error) {
 	obj, err := c.Fake.Invokes(core.NewRootCreateAction(authenticationapi.SchemeGroupVersion.WithResource("tokenreviews"), tokenReview), &authenticationapi.TokenReview{})
 	return obj.(*authenticationapi.TokenReview), err

staging/src/k8s.io/client-go/kubernetes/typed/authentication/v1/fake/fake_tokenreview_expansion.go

@@ -23,14 +23,9 @@ import (
 )
 
 type TokenReviewExpansion interface {
-	Create(tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error)
 	CreateContext(ctx context.Context, tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error)
 }
 
-func (c *tokenReviews) Create(tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error) {
-	return c.CreateContext(context.Background(), tokenReview)
-}
-
 func (c *tokenReviews) CreateContext(ctx context.Context, tokenReview *authenticationapi.TokenReview) (result *authenticationapi.TokenReview, err error) {
 	result = &authenticationapi.TokenReview{}
 	err = c.client.Post().