From 28b9e26d5f26df8d74a7c6d693628870cc52d667 Mon Sep 17 00:00:00 2001 From: Margo Crawford Date: Fri, 18 Mar 2022 10:16:11 -0700 Subject: [PATCH] Remove v1alpha1 of the execcredential Signed-off-by: Margo Crawford Kubernetes-commit: 5b690b44d08807c6434a421b0041ef685482d337 --- .../clientauthentication/install/install.go | 2 - pkg/apis/clientauthentication/types.go | 14 - .../clientauthentication/v1/conversion.go | 28 -- .../v1alpha1/conversion.go | 27 -- pkg/apis/clientauthentication/v1alpha1/doc.go | 24 -- .../clientauthentication/v1alpha1/register.go | 55 ---- .../clientauthentication/v1alpha1/types.go | 78 ----- .../v1alpha1/zz_generated.conversion.go | 173 ----------- .../v1alpha1/zz_generated.deepcopy.go | 129 -------- .../v1alpha1/zz_generated.defaults.go | 33 -- .../v1beta1/conversion.go | 28 -- plugin/pkg/client/auth/exec/exec.go | 21 +- plugin/pkg/client/auth/exec/exec_test.go | 282 ++---------------- plugin/pkg/client/auth/exec/metrics_test.go | 5 +- tools/auth/exec/exec_test.go | 6 - tools/auth/exec/types_test.go | 5 +- 16 files changed, 39 insertions(+), 871 deletions(-) delete mode 100644 pkg/apis/clientauthentication/v1/conversion.go delete mode 100644 pkg/apis/clientauthentication/v1alpha1/conversion.go delete mode 100644 pkg/apis/clientauthentication/v1alpha1/doc.go delete mode 100644 pkg/apis/clientauthentication/v1alpha1/register.go delete mode 100644 pkg/apis/clientauthentication/v1alpha1/types.go delete mode 100644 pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go delete mode 100644 pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go delete mode 100644 pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go delete mode 100644 pkg/apis/clientauthentication/v1beta1/conversion.go diff --git a/pkg/apis/clientauthentication/install/install.go b/pkg/apis/clientauthentication/install/install.go index 9040bb9a46..ee5c338e38 100644 --- a/pkg/apis/clientauthentication/install/install.go +++ b/pkg/apis/clientauthentication/install/install.go @@ -23,7 +23,6 @@ import ( utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/client-go/pkg/apis/clientauthentication" "k8s.io/client-go/pkg/apis/clientauthentication/v1" - "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1" "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" ) @@ -32,5 +31,4 @@ func Install(scheme *runtime.Scheme) { utilruntime.Must(clientauthentication.AddToScheme(scheme)) utilruntime.Must(v1.AddToScheme(scheme)) utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) } diff --git a/pkg/apis/clientauthentication/types.go b/pkg/apis/clientauthentication/types.go index 8daaa3f8f7..1b6322da51 100644 --- a/pkg/apis/clientauthentication/types.go +++ b/pkg/apis/clientauthentication/types.go @@ -41,11 +41,6 @@ type ExecCredential struct { // ExecCredentialSpec holds request and runtime specific information provided by // the transport. type ExecCredentialSpec struct { - // Response is populated when the transport encounters HTTP status codes, such as 401, - // suggesting previous credentials were invalid. - // +optional - Response *Response - // Interactive is true when the transport detects the command is being called from an // interactive prompt, i.e., when stdin has been passed to this exec plugin. // +optional @@ -75,15 +70,6 @@ type ExecCredentialStatus struct { ClientKeyData string `datapolicy:"secret-key"` } -// Response defines metadata about a failed request, including HTTP status code and -// response headers. -type Response struct { - // Headers holds HTTP headers returned by the server. - Header map[string][]string - // Code is the HTTP status code returned by the server. - Code int32 -} - // Cluster contains information to allow an exec plugin to communicate // with the kubernetes cluster being authenticated to. // diff --git a/pkg/apis/clientauthentication/v1/conversion.go b/pkg/apis/clientauthentication/v1/conversion.go deleted file mode 100644 index 5c5f70d259..0000000000 --- a/pkg/apis/clientauthentication/v1/conversion.go +++ /dev/null @@ -1,28 +0,0 @@ -/* -Copyright 2021 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/client-go/pkg/apis/clientauthentication" -) - -func Convert_clientauthentication_ExecCredentialSpec_To_v1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error { - // This conversion intentionally omits the Response field, which were only - // supported in v1alpha1. - return autoConvert_clientauthentication_ExecCredentialSpec_To_v1_ExecCredentialSpec(in, out, s) -} diff --git a/pkg/apis/clientauthentication/v1alpha1/conversion.go b/pkg/apis/clientauthentication/v1alpha1/conversion.go deleted file mode 100644 index 572e049f81..0000000000 --- a/pkg/apis/clientauthentication/v1alpha1/conversion.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/client-go/pkg/apis/clientauthentication" -) - -func Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error { - // This conversion intentionally omits the Cluster field which is only supported in newer versions. - return autoConvert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in, out, s) -} diff --git a/pkg/apis/clientauthentication/v1alpha1/doc.go b/pkg/apis/clientauthentication/v1alpha1/doc.go deleted file mode 100644 index 19ab776140..0000000000 --- a/pkg/apis/clientauthentication/v1alpha1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/client-go/pkg/apis/clientauthentication -// +k8s:openapi-gen=true -// +k8s:defaulter-gen=TypeMeta - -// +groupName=client.authentication.k8s.io - -package v1alpha1 // import "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1" diff --git a/pkg/apis/clientauthentication/v1alpha1/register.go b/pkg/apis/clientauthentication/v1alpha1/register.go deleted file mode 100644 index 2acd13dead..0000000000 --- a/pkg/apis/clientauthentication/v1alpha1/register.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "client.authentication.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &ExecCredential{}, - ) - metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil -} diff --git a/pkg/apis/clientauthentication/v1alpha1/types.go b/pkg/apis/clientauthentication/v1alpha1/types.go deleted file mode 100644 index 1ff13c4382..0000000000 --- a/pkg/apis/clientauthentication/v1alpha1/types.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ExecCredential is used by exec-based plugins to communicate credentials to -// HTTP transports. -type ExecCredential struct { - metav1.TypeMeta `json:",inline"` - - // Spec holds information passed to the plugin by the transport. This contains - // request and runtime specific information, such as if the session is interactive. - Spec ExecCredentialSpec `json:"spec,omitempty"` - - // Status is filled in by the plugin and holds the credentials that the transport - // should use to contact the API. - // +optional - Status *ExecCredentialStatus `json:"status,omitempty"` -} - -// ExecCredentialSpec holds request and runtime specific information provided by -// the transport. -type ExecCredentialSpec struct { - // Response is populated when the transport encounters HTTP status codes, such as 401, - // suggesting previous credentials were invalid. - // +optional - Response *Response `json:"response,omitempty"` - - // Interactive is true when the transport detects the command is being called from an - // interactive prompt. - // +optional - Interactive bool `json:"interactive,omitempty"` -} - -// ExecCredentialStatus holds credentials for the transport to use. -// -// Token and ClientKeyData are sensitive fields. This data should only be -// transmitted in-memory between client and exec plugin process. Exec plugin -// itself should at least be protected via file permissions. -type ExecCredentialStatus struct { - // ExpirationTimestamp indicates a time when the provided credentials expire. - // +optional - ExpirationTimestamp *metav1.Time `json:"expirationTimestamp,omitempty"` - // Token is a bearer token used by the client for request authentication. - Token string `json:"token,omitempty" datapolicy:"token"` - // PEM-encoded client TLS certificates (including intermediates, if any). - ClientCertificateData string `json:"clientCertificateData,omitempty"` - // PEM-encoded private key for the above certificate. - ClientKeyData string `json:"clientKeyData,omitempty" datapolicy:"security-key"` -} - -// Response defines metadata about a failed request, including HTTP status code and -// response headers. -type Response struct { - // Header holds HTTP headers returned by the server. - Header map[string][]string `json:"header,omitempty"` - // Code is the HTTP status code returned by the server. - Code int32 `json:"code,omitempty"` -} diff --git a/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go b/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index fc59decef5..0000000000 --- a/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,173 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*ExecCredential)(nil), (*clientauthentication.ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(a.(*ExecCredential), b.(*clientauthentication.ExecCredential), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredential)(nil), (*ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(a.(*clientauthentication.ExecCredential), b.(*ExecCredential), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ExecCredentialSpec)(nil), (*clientauthentication.ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(a.(*ExecCredentialSpec), b.(*clientauthentication.ExecCredentialSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ExecCredentialStatus)(nil), (*clientauthentication.ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(a.(*ExecCredentialStatus), b.(*clientauthentication.ExecCredentialStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialStatus)(nil), (*ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(a.(*clientauthentication.ExecCredentialStatus), b.(*ExecCredentialStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*Response)(nil), (*clientauthentication.Response)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Response_To_clientauthentication_Response(a.(*Response), b.(*clientauthentication.Response), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*clientauthentication.Response)(nil), (*Response)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_Response_To_v1alpha1_Response(a.(*clientauthentication.Response), b.(*Response), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error { - if err := Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - out.Status = (*clientauthentication.ExecCredentialStatus)(unsafe.Pointer(in.Status)) - return nil -} - -// Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential is an autogenerated conversion function. -func Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error { - return autoConvert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in, out, s) -} - -func autoConvert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error { - if err := Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - out.Status = (*ExecCredentialStatus)(unsafe.Pointer(in.Status)) - return nil -} - -// Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential is an autogenerated conversion function. -func Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error { - return autoConvert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in, out, s) -} - -func autoConvert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error { - out.Response = (*clientauthentication.Response)(unsafe.Pointer(in.Response)) - out.Interactive = in.Interactive - return nil -} - -// Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec is an autogenerated conversion function. -func Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in, out, s) -} - -func autoConvert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error { - out.Response = (*Response)(unsafe.Pointer(in.Response)) - out.Interactive = in.Interactive - // WARNING: in.Cluster requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error { - out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp)) - out.Token = in.Token - out.ClientCertificateData = in.ClientCertificateData - out.ClientKeyData = in.ClientKeyData - return nil -} - -// Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus is an autogenerated conversion function. -func Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in, out, s) -} - -func autoConvert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error { - out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp)) - out.Token = in.Token - out.ClientCertificateData = in.ClientCertificateData - out.ClientKeyData = in.ClientKeyData - return nil -} - -// Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus is an autogenerated conversion function. -func Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error { - return autoConvert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in, out, s) -} - -func autoConvert_v1alpha1_Response_To_clientauthentication_Response(in *Response, out *clientauthentication.Response, s conversion.Scope) error { - out.Header = *(*map[string][]string)(unsafe.Pointer(&in.Header)) - out.Code = in.Code - return nil -} - -// Convert_v1alpha1_Response_To_clientauthentication_Response is an autogenerated conversion function. -func Convert_v1alpha1_Response_To_clientauthentication_Response(in *Response, out *clientauthentication.Response, s conversion.Scope) error { - return autoConvert_v1alpha1_Response_To_clientauthentication_Response(in, out, s) -} - -func autoConvert_clientauthentication_Response_To_v1alpha1_Response(in *clientauthentication.Response, out *Response, s conversion.Scope) error { - out.Header = *(*map[string][]string)(unsafe.Pointer(&in.Header)) - out.Code = in.Code - return nil -} - -// Convert_clientauthentication_Response_To_v1alpha1_Response is an autogenerated conversion function. -func Convert_clientauthentication_Response_To_v1alpha1_Response(in *clientauthentication.Response, out *Response, s conversion.Scope) error { - return autoConvert_clientauthentication_Response_To_v1alpha1_Response(in, out, s) -} diff --git a/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index ce614c0b87..0000000000 --- a/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,129 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredential) DeepCopyInto(out *ExecCredential) { - *out = *in - out.TypeMeta = in.TypeMeta - in.Spec.DeepCopyInto(&out.Spec) - if in.Status != nil { - in, out := &in.Status, &out.Status - *out = new(ExecCredentialStatus) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredential. -func (in *ExecCredential) DeepCopy() *ExecCredential { - if in == nil { - return nil - } - out := new(ExecCredential) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ExecCredential) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) { - *out = *in - if in.Response != nil { - in, out := &in.Response, &out.Response - *out = new(Response) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialSpec. -func (in *ExecCredentialSpec) DeepCopy() *ExecCredentialSpec { - if in == nil { - return nil - } - out := new(ExecCredentialSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredentialStatus) DeepCopyInto(out *ExecCredentialStatus) { - *out = *in - if in.ExpirationTimestamp != nil { - in, out := &in.ExpirationTimestamp, &out.ExpirationTimestamp - *out = (*in).DeepCopy() - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialStatus. -func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus { - if in == nil { - return nil - } - out := new(ExecCredentialStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Response) DeepCopyInto(out *Response) { - *out = *in - if in.Header != nil { - in, out := &in.Header, &out.Header - *out = make(map[string][]string, len(*in)) - for key, val := range *in { - var outVal []string - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = make([]string, len(*in)) - copy(*out, *in) - } - (*out)[key] = outVal - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response. -func (in *Response) DeepCopy() *Response { - if in == nil { - return nil - } - out := new(Response) - in.DeepCopyInto(out) - return out -} diff --git a/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go b/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index 5070cb91b9..0000000000 --- a/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/pkg/apis/clientauthentication/v1beta1/conversion.go b/pkg/apis/clientauthentication/v1beta1/conversion.go deleted file mode 100644 index 6741114dd8..0000000000 --- a/pkg/apis/clientauthentication/v1beta1/conversion.go +++ /dev/null @@ -1,28 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "k8s.io/apimachinery/pkg/conversion" - "k8s.io/client-go/pkg/apis/clientauthentication" -) - -func Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error { - // This conversion intentionally omits the Response field, which were only - // supported in v1alpha1. - return autoConvert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in, out, s) -} diff --git a/plugin/pkg/client/auth/exec/exec.go b/plugin/pkg/client/auth/exec/exec.go index 9747d50746..d37dfbf732 100644 --- a/plugin/pkg/client/auth/exec/exec.go +++ b/plugin/pkg/client/auth/exec/exec.go @@ -42,7 +42,6 @@ import ( "k8s.io/client-go/pkg/apis/clientauthentication" "k8s.io/client-go/pkg/apis/clientauthentication/install" clientauthenticationv1 "k8s.io/client-go/pkg/apis/clientauthentication/v1" - clientauthenticationv1alpha1 "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1" clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" "k8s.io/client-go/tools/clientcmd/api" "k8s.io/client-go/tools/metrics" @@ -73,9 +72,8 @@ var ( globalCache = newCache() // The list of API versions we accept. apiVersions = map[string]schema.GroupVersion{ - clientauthenticationv1alpha1.SchemeGroupVersion.String(): clientauthenticationv1alpha1.SchemeGroupVersion, - clientauthenticationv1beta1.SchemeGroupVersion.String(): clientauthenticationv1beta1.SchemeGroupVersion, - clientauthenticationv1.SchemeGroupVersion.String(): clientauthenticationv1.SchemeGroupVersion, + clientauthenticationv1beta1.SchemeGroupVersion.String(): clientauthenticationv1beta1.SchemeGroupVersion, + clientauthenticationv1.SchemeGroupVersion.String(): clientauthenticationv1.SchemeGroupVersion, } ) @@ -348,11 +346,7 @@ func (r *roundTripper) RoundTrip(req *http.Request) (*http.Response, error) { return nil, err } if res.StatusCode == http.StatusUnauthorized { - resp := &clientauthentication.Response{ - Header: res.Header, - Code: int32(res.StatusCode), - } - if err := r.a.maybeRefreshCreds(creds, resp); err != nil { + if err := r.a.maybeRefreshCreds(creds); err != nil { klog.Errorf("refreshing credentials: %v", err) } } @@ -382,7 +376,7 @@ func (a *Authenticator) getCreds() (*credentials, error) { return a.cachedCreds, nil } - if err := a.refreshCredsLocked(nil); err != nil { + if err := a.refreshCredsLocked(); err != nil { return nil, err } @@ -391,7 +385,7 @@ func (a *Authenticator) getCreds() (*credentials, error) { // maybeRefreshCreds executes the plugin to force a rotation of the // credentials, unless they were rotated already. -func (a *Authenticator) maybeRefreshCreds(creds *credentials, r *clientauthentication.Response) error { +func (a *Authenticator) maybeRefreshCreds(creds *credentials) error { a.mu.Lock() defer a.mu.Unlock() @@ -402,12 +396,12 @@ func (a *Authenticator) maybeRefreshCreds(creds *credentials, r *clientauthentic return nil } - return a.refreshCredsLocked(r) + return a.refreshCredsLocked() } // refreshCredsLocked executes the plugin and reads the credentials from // stdout. It must be called while holding the Authenticator's mutex. -func (a *Authenticator) refreshCredsLocked(r *clientauthentication.Response) error { +func (a *Authenticator) refreshCredsLocked() error { interactive, err := a.interactiveFunc() if err != nil { return fmt.Errorf("exec plugin cannot support interactive mode: %w", err) @@ -415,7 +409,6 @@ func (a *Authenticator) refreshCredsLocked(r *clientauthentication.Response) err cred := &clientauthentication.ExecCredential{ Spec: clientauthentication.ExecCredentialSpec{ - Response: r, Interactive: interactive, }, } diff --git a/plugin/pkg/client/auth/exec/exec_test.go b/plugin/pkg/client/auth/exec/exec_test.go index b1fa9f4d91..1f4097ec16 100644 --- a/plugin/pkg/client/auth/exec/exec_test.go +++ b/plugin/pkg/client/auth/exec/exec_test.go @@ -115,7 +115,7 @@ func TestCacheKey(t *testing.T) { {Name: "5", Value: "6"}, {Name: "7", Value: "8"}, }, - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", ProvideClusterInfo: true, } c1c := &clientauthentication.Cluster{ @@ -141,7 +141,7 @@ func TestCacheKey(t *testing.T) { {Name: "5", Value: "6"}, {Name: "7", Value: "8"}, }, - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", ProvideClusterInfo: true, } c2c := &clientauthentication.Cluster{ @@ -166,7 +166,7 @@ func TestCacheKey(t *testing.T) { {Name: "3", Value: "4"}, {Name: "5", Value: "6"}, }, - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", } c3c := &clientauthentication.Cluster{ Server: "foo", @@ -190,7 +190,7 @@ func TestCacheKey(t *testing.T) { {Name: "3", Value: "4"}, {Name: "5", Value: "6"}, }, - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", } c4c := &clientauthentication.Cluster{ Server: "foo", @@ -215,7 +215,7 @@ func TestCacheKey(t *testing.T) { {Name: "3", Value: "4"}, {Name: "5", Value: "6"}, }, - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", ProvideClusterInfo: true, } c5c := &clientauthentication.Cluster{ @@ -241,7 +241,7 @@ func TestCacheKey(t *testing.T) { {Name: "3", Value: "4"}, {Name: "5", Value: "6"}, }, - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1betaa1", } // c7 should be the same as c6, except c7 has stdin marked as unavailable @@ -252,7 +252,7 @@ func TestCacheKey(t *testing.T) { {Name: "3", Value: "4"}, {Name: "5", Value: "6"}, }, - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", StdinUnavailable: true, } @@ -313,7 +313,6 @@ func TestRefreshCreds(t *testing.T) { cluster *clientauthentication.Cluster output string isTerminal bool - response *clientauthentication.Response wantInput string wantCreds credentials wantExpiry time.Time @@ -321,173 +320,21 @@ func TestRefreshCreds(t *testing.T) { wantErrSubstr string }{ { - name: "basic-request", + name: "beta-with-TLS-credentials", config: api.ExecConfig{ - APIVersion: "client.authentication.k8s.io/v1alpha1", - InteractiveMode: api.IfAvailableExecInteractiveMode, - }, - wantInput: `{ - "kind":"ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", - "spec": {} - }`, - output: `{ - "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", - "status": { - "token": "foo-bar" - } - }`, - wantCreds: credentials{token: "foo-bar"}, - }, - { - name: "interactive", - config: api.ExecConfig{ - APIVersion: "client.authentication.k8s.io/v1alpha1", - InteractiveMode: api.IfAvailableExecInteractiveMode, - }, - isTerminal: true, - wantInput: `{ - "kind":"ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", - "spec": { - "interactive": true - } - }`, - output: `{ - "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", - "status": { - "token": "foo-bar" - } - }`, - wantCreds: credentials{token: "foo-bar"}, - }, - { - name: "response", - config: api.ExecConfig{ - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", InteractiveMode: api.IfAvailableExecInteractiveMode, }, - response: &clientauthentication.Response{ - Header: map[string][]string{ - "WWW-Authenticate": {`Basic realm="Access to the staging site", charset="UTF-8"`}, - }, - Code: 401, - }, wantInput: `{ "kind":"ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", + "apiVersion":"client.authentication.k8s.io/v1beta1", "spec": { - "response": { - "header": { - "WWW-Authenticate": [ - "Basic realm=\"Access to the staging site\", charset=\"UTF-8\"" - ] - }, - "code": 401 - } - } - }`, - output: `{ - "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", - "status": { - "token": "foo-bar" - } - }`, - wantCreds: credentials{token: "foo-bar"}, - }, - { - name: "expiry", - config: api.ExecConfig{ - APIVersion: "client.authentication.k8s.io/v1alpha1", - InteractiveMode: api.IfAvailableExecInteractiveMode, - }, - wantInput: `{ - "kind":"ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", - "spec": {} - }`, - output: `{ - "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", - "status": { - "token": "foo-bar", - "expirationTimestamp": "2006-01-02T15:04:05Z" - } - }`, - wantExpiry: time.Date(2006, 01, 02, 15, 04, 05, 0, time.UTC), - wantCreds: credentials{token: "foo-bar"}, - }, - { - name: "no-group-version", - config: api.ExecConfig{ - APIVersion: "client.authentication.k8s.io/v1alpha1", - InteractiveMode: api.IfAvailableExecInteractiveMode, - }, - wantInput: `{ - "kind":"ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", - "spec": {} - }`, - output: `{ - "kind": "ExecCredential", - "status": { - "token": "foo-bar" + "interactive": false } }`, - wantErr: true, - }, - { - name: "no-status", - config: api.ExecConfig{ - APIVersion: "client.authentication.k8s.io/v1alpha1", - InteractiveMode: api.IfAvailableExecInteractiveMode, - }, - wantInput: `{ - "kind":"ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", - "spec": {} - }`, - output: `{ - "kind": "ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1" - }`, - wantErr: true, - }, - { - name: "no-creds", - config: api.ExecConfig{ - APIVersion: "client.authentication.k8s.io/v1alpha1", - InteractiveMode: api.IfAvailableExecInteractiveMode, - }, - wantInput: `{ - "kind":"ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", - "spec": {} - }`, - output: `{ - "kind": "ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", - "status": {} - }`, - wantErr: true, - }, - { - name: "TLS credentials", - config: api.ExecConfig{ - APIVersion: "client.authentication.k8s.io/v1alpha1", - InteractiveMode: api.IfAvailableExecInteractiveMode, - }, - wantInput: `{ - "kind":"ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", - "spec": {} - }`, output: fmt.Sprintf(`{ "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", + "apiVersion": "client.authentication.k8s.io/v1beta1", "status": { "clientKeyData": %q, "clientCertificateData": %q @@ -496,19 +343,14 @@ func TestRefreshCreds(t *testing.T) { wantCreds: credentials{cert: validCert}, }, { - name: "bad TLS credentials", + name: "beta-with-bad-TLS-credentials", config: api.ExecConfig{ - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", InteractiveMode: api.IfAvailableExecInteractiveMode, }, - wantInput: `{ - "kind":"ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", - "spec": {} - }`, output: `{ "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", + "apiVersion": "client.authentication.k8s.io/v1beta1", "status": { "clientKeyData": "foo", "clientCertificateData": "bar" @@ -517,19 +359,14 @@ func TestRefreshCreds(t *testing.T) { wantErr: true, }, { - name: "cert but no key", + name: "beta-cert-but-no-key", config: api.ExecConfig{ - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", InteractiveMode: api.IfAvailableExecInteractiveMode, }, - wantInput: `{ - "kind":"ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", - "spec": {} - }`, output: fmt.Sprintf(`{ "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", + "apiVersion": "client.authentication.k8s.io/v1beta1", "status": { "clientCertificateData": %q } @@ -834,55 +671,6 @@ func TestRefreshCreds(t *testing.T) { wantErr: true, wantErrSubstr: "73", }, - { - name: "alpha-with-cluster-is-ignored", - config: api.ExecConfig{ - APIVersion: "client.authentication.k8s.io/v1alpha1", - InteractiveMode: api.IfAvailableExecInteractiveMode, - }, - cluster: &clientauthentication.Cluster{ - Server: "foo", - TLSServerName: "bar", - CertificateAuthorityData: []byte("baz"), - Config: &runtime.Unknown{ - TypeMeta: runtime.TypeMeta{ - APIVersion: "", - Kind: "", - }, - Raw: []byte(`{"apiVersion":"group/v1","kind":"PluginConfig","spec":{"audience":"panda"}}`), - ContentEncoding: "", - ContentType: "application/json", - }, - }, - response: &clientauthentication.Response{ - Header: map[string][]string{ - "WWW-Authenticate": {`Basic realm="Access to the staging site", charset="UTF-8"`}, - }, - Code: 401, - }, - wantInput: `{ - "kind":"ExecCredential", - "apiVersion":"client.authentication.k8s.io/v1alpha1", - "spec": { - "response": { - "header": { - "WWW-Authenticate": [ - "Basic realm=\"Access to the staging site\", charset=\"UTF-8\"" - ] - }, - "code": 401 - } - } - }`, - output: `{ - "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", - "status": { - "token": "foo-bar" - } - }`, - wantCreds: credentials{token: "foo-bar"}, - }, { name: "beta-with-cluster-and-provide-cluster-info-is-serialized", config: api.ExecConfig{ @@ -904,12 +692,6 @@ func TestRefreshCreds(t *testing.T) { ContentType: "application/json", }, }, - response: &clientauthentication.Response{ - Header: map[string][]string{ - "WWW-Authenticate": {`Basic realm="Access to the staging site", charset="UTF-8"`}, - }, - Code: 401, - }, wantInput: `{ "kind":"ExecCredential", "apiVersion":"client.authentication.k8s.io/v1beta1", @@ -958,12 +740,6 @@ func TestRefreshCreds(t *testing.T) { ContentType: "application/json", }, }, - response: &clientauthentication.Response{ - Header: map[string][]string{ - "WWW-Authenticate": {`Basic realm="Access to the staging site", charset="UTF-8"`}, - }, - Code: 401, - }, wantInput: `{ "kind":"ExecCredential", "apiVersion":"client.authentication.k8s.io/v1beta1", @@ -1037,7 +813,7 @@ func TestRefreshCreds(t *testing.T) { a.stderr = stderr a.environ = func() []string { return nil } - if err := a.refreshCredsLocked(test.response); err != nil { + if err := a.refreshCredsLocked(); err != nil { if !test.wantErr { t.Errorf("get token %v", err) } else if !strings.Contains(err.Error(), test.wantErrSubstr) { @@ -1103,7 +879,7 @@ func TestRoundTripper(t *testing.T) { c := api.ExecConfig{ Command: "./testdata/test-plugin.sh", - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", InteractiveMode: api.IfAvailableExecInteractiveMode, } a, err := newAuthenticator(newCache(), func(_ int) bool { return false }, &c, nil) @@ -1136,7 +912,7 @@ func TestRoundTripper(t *testing.T) { setOutput(`{ "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", + "apiVersion": "client.authentication.k8s.io/v1beta1", "status": { "token": "token1" } @@ -1146,7 +922,7 @@ func TestRoundTripper(t *testing.T) { setOutput(`{ "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", + "apiVersion": "client.authentication.k8s.io/v1beta1", "status": { "token": "token2" } @@ -1162,7 +938,7 @@ func TestRoundTripper(t *testing.T) { setOutput(`{ "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", + "apiVersion": "client.authentication.k8s.io/v1beta1", "status": { "token": "token3", "expirationTimestamp": "` + now().Add(time.Hour).Format(time.RFC3339Nano) + `" @@ -1177,7 +953,7 @@ func TestRoundTripper(t *testing.T) { n = n.Add(time.Hour * 2) setOutput(`{ "kind": "ExecCredential", - "apiVersion": "client.authentication.k8s.io/v1alpha1", + "apiVersion": "client.authentication.k8s.io/v1beta1", "status": { "token": "token4", "expirationTimestamp": "` + now().Add(time.Hour).Format(time.RFC3339Nano) + `" @@ -1218,7 +994,7 @@ func TestAuthorizationHeaderPresentCancelsExecAction(t *testing.T) { t.Run(test.name, func(t *testing.T) { a, err := newAuthenticator(newCache(), func(_ int) bool { return false }, &api.ExecConfig{ Command: "./testdata/test-plugin.sh", - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", }, nil) if err != nil { t.Fatal(err) @@ -1260,7 +1036,7 @@ func TestTLSCredentials(t *testing.T) { a, err := newAuthenticator(newCache(), func(_ int) bool { return false }, &api.ExecConfig{ Command: "./testdata/test-plugin.sh", - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", InteractiveMode: api.IfAvailableExecInteractiveMode, }, nil) if err != nil { @@ -1350,7 +1126,7 @@ func TestConcurrentUpdateTransportConfig(t *testing.T) { c := api.ExecConfig{ Command: "./testdata/test-plugin.sh", - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", } a, err := newAuthenticator(newCache(), func(_ int) bool { return false }, &c, nil) if err != nil { @@ -1416,7 +1192,7 @@ func TestInstallHintRateLimit(t *testing.T) { t.Run(test.name, func(t *testing.T) { c := api.ExecConfig{ Command: "does not exist", - APIVersion: "client.authentication.k8s.io/v1alpha1", + APIVersion: "client.authentication.k8s.io/v1beta1", InstallHint: "some install hint", InteractiveMode: api.IfAvailableExecInteractiveMode, } @@ -1433,7 +1209,7 @@ func TestInstallHintRateLimit(t *testing.T) { count := 0 for i := 0; i < test.calls; i++ { - err := a.refreshCredsLocked(&clientauthentication.Response{}) + err := a.refreshCredsLocked() if strings.Contains(err.Error(), c.InstallHint) { count++ } diff --git a/plugin/pkg/client/auth/exec/metrics_test.go b/plugin/pkg/client/auth/exec/metrics_test.go index 4488df5997..61360abdb7 100644 --- a/plugin/pkg/client/auth/exec/metrics_test.go +++ b/plugin/pkg/client/auth/exec/metrics_test.go @@ -23,7 +23,6 @@ import ( "time" "github.com/google/go-cmp/cmp" - "k8s.io/client-go/pkg/apis/clientauthentication" "k8s.io/client-go/tools/clientcmd/api" "k8s.io/client-go/tools/metrics" ) @@ -153,7 +152,7 @@ func TestCallsMetric(t *testing.T) { // Run refresh creds twice so that our test validates that the metrics are set correctly twice // in a row with the same authenticator. refreshCreds := func() { - if err := a.refreshCredsLocked(&clientauthentication.Response{}); (err == nil) != (exitCode == 0) { + if err := a.refreshCredsLocked(); (err == nil) != (exitCode == 0) { if err != nil { t.Fatalf("wanted no error, but got %q", err.Error()) } else { @@ -183,7 +182,7 @@ func TestCallsMetric(t *testing.T) { t.Fatal(err) } a.stderr = io.Discard - if err := a.refreshCredsLocked(&clientauthentication.Response{}); err == nil { + if err := a.refreshCredsLocked(); err == nil { t.Fatal("expected the authenticator to fail because the plugin does not exist") } wantCallsMetrics = append(wantCallsMetrics, mockCallsMetric{exitCode: 1, errorType: "plugin_not_found_error"}) diff --git a/tools/auth/exec/exec_test.go b/tools/auth/exec/exec_test.go index e1a37f7029..871474675b 100644 --- a/tools/auth/exec/exec_test.go +++ b/tools/auth/exec/exec_test.go @@ -25,7 +25,6 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" clientauthenticationv1 "k8s.io/client-go/pkg/apis/clientauthentication/v1" - clientauthenticationv1alpha1 "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1" clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" "k8s.io/client-go/rest" ) @@ -243,11 +242,6 @@ func TestLoadExecCredential(t *testing.T) { data: marshal(t, clientauthenticationv1beta1.SchemeGroupVersion, &clientauthenticationv1beta1.ExecCredential{}), wantErrorPrefix: "ExecCredential does not contain cluster information", }, - { - name: "v1alpha1", - data: marshal(t, clientauthenticationv1alpha1.SchemeGroupVersion, &clientauthenticationv1alpha1.ExecCredential{}), - wantErrorPrefix: "ExecCredential does not contain cluster information", - }, { name: "invalid object kind", data: marshal(t, metav1.SchemeGroupVersion, &metav1.Status{}), diff --git a/tools/auth/exec/types_test.go b/tools/auth/exec/types_test.go index 3e1938cae7..4e33b67c85 100644 --- a/tools/auth/exec/types_test.go +++ b/tools/auth/exec/types_test.go @@ -24,7 +24,6 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/sets" clientauthenticationv1 "k8s.io/client-go/pkg/apis/clientauthentication/v1" - clientauthenticationv1alpha1 "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1" clientauthenticationv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" clientcmdv1 "k8s.io/client-go/tools/clientcmd/api/v1" ) @@ -139,15 +138,13 @@ func testClientAuthenticationClusterTypesAreSynced(t *testing.T, cluster interfa } // TestAllClusterTypesAreSynced is a TODO so that we remember to write a test similar to -// TestV1beta1ClusterTypesAreSynced for any future ExecCredential version. It should start failing +// TestClientAuthenticationClusterTypesAreSynced for any future ExecCredential version. It should start failing // when someone adds support for any other ExecCredential type to this package. func TestAllClusterTypesAreSynced(t *testing.T) { versionsThatDontNeedTests := sets.NewString( // The internal Cluster type should only be used...internally...and therefore doesn't // necessarily need to be synced with clientcmdv1. runtime.APIVersionInternal, - // V1alpha1 does not contain a Cluster type. - clientauthenticationv1alpha1.SchemeGroupVersion.Version, // We have a test for v1beta1 above. clientauthenticationv1beta1.SchemeGroupVersion.Version, // We have a test for v1 above.