minor updates

Signed-off-by: Bryce Palmer <[email protected]>

Author: everettraven

openshift-kube-apiserver/admission/authorization/apis/restrictusers/v1alpha1/types.go

@@ -16,6 +16,7 @@ type RestrictSubjectBindingsAdmissionConfig struct {
 	// of the OpenShift oauth-apiserver based on observed configuration.
 	//
 	// Allowed values are Desired and NotDesired.
+    // Defaults to Desired.
 	//
 	// When set to Desired, the authorization.openshift.io/RestrictSubjectBindings
 	// admission plugin will be configured with the expectation that the OpenShift

openshift-kube-apiserver/admission/authorization/restrictusers/restrictusers.go

@@ -23,7 +23,7 @@ import (
 	userinformer "github.com/openshift/client-go/user/informers/externalversions"
 	"github.com/openshift/library-go/pkg/apiserver/admission/admissionrestconfig"
 	"github.com/openshift/library-go/pkg/config/helpers"
-	"k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/apis/restrictusers/v1alpha1"
+	restrictusersv1alpha1 "k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/apis/restrictusers/v1alpha1"
 	"k8s.io/kubernetes/openshift-kube-apiserver/admission/authorization/restrictusers/usercache"
 )
 
@@ -39,30 +39,30 @@ func pluginForConfig(config io.Reader) (admission.Interface, error) {
 		return nil, err
 	}
 
-	if cfg != nil && cfg.OpenShiftOAuthDesiredState == v1alpha1.OpenShiftOAuthStateNotDesired {
+	if cfg != nil && cfg.OpenShiftOAuthDesiredState == restrictusersv1alpha1.OpenShiftOAuthStateNotDesired {
 		klog.Infof("Admission plugin %q configured to expect the OpenShift oauth-apiserver as not being available. This is effectively the same as disabling the plugin, so it will be disabled.", RestrictSubjectBindingsPluginName)
 		return nil, nil
 	}
 
 	return NewRestrictUsersAdmission()
 }
 
-func readConfig(reader io.Reader) (*v1alpha1.RestrictSubjectBindingsAdmissionConfig, error) {
-	obj, err := helpers.ReadYAMLToInternal(reader, v1alpha1.Install)
+func readConfig(reader io.Reader) (*restrictusersv1alpha1.RestrictSubjectBindingsAdmissionConfig, error) {
+	obj, err := helpers.ReadYAMLToInternal(reader, restrictusersv1alpha1.Install)
 	if err != nil {
 		return nil, err
 	}
 	if obj == nil {
 		return nil, nil
 	}
-	config, ok := obj.(*v1alpha1.RestrictSubjectBindingsAdmissionConfig)
+	config, ok := obj.(*restrictusersv1alpha1.RestrictSubjectBindingsAdmissionConfig)
 	if !ok {
 		return nil, fmt.Errorf("unexpected config object: %#v", obj)
 	}
 
 	// validate config
 	switch config.OpenShiftOAuthDesiredState {
-	case v1alpha1.OpenShiftOAuthStateDesired, v1alpha1.OpenShiftOAuthStateNotDesired:
+	case restrictusersv1alpha1.OpenShiftOAuthStateDesired, restrictusersv1alpha1.OpenShiftOAuthStateNotDesired:
 		// valid, do nothing
 	default:
 		return nil, fmt.Errorf("config is invalid, openshiftOAuthDesiredState must be one of Desired,NotDesired but was %s", config.OpenShiftOAuthDesiredState)
@@ -97,12 +97,7 @@ var (
 
 // NewRestrictUsersAdmission configures an admission plugin that enforces
 // restrictions on adding role bindings in a project.
-func NewRestrictUsersAdmission() (admission.Interface, error) {
-	return &restrictUsersAdmission{
-		Handler: admission.NewHandler(admission.Create, admission.Update),
-	}, nil
-}
-
+func NewRestrictUsersAdmission() (admission.Interface, error)
 func (q *restrictUsersAdmission) SetExternalKubeClientSet(c kubernetes.Interface) {
 	q.kubeClient = c
 }