Merge pull request #17092 from jim-minter/trello140-tsb-templatev1

Automatic merge from submit-queue.

tsb: use external clients

https://trello.com/c/LclZtOcc/1382-5-switch-template-service-broker-to-use-external-clients

Author: openshift-merge-robot

Diff for: hack/import-restrictions.json

@@ -272,17 +272,18 @@
     "allowedImportPackages": [
       "vendor/github.com/golang/glog",
       "vendor/k8s.io/kubernetes/pkg/api",
+      "vendor/k8s.io/kubernetes/pkg/api/v1",
       "vendor/k8s.io/kubernetes/pkg/api/install",
-      "vendor/k8s.io/kubernetes/pkg/apis/authorization",
-      "vendor/k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset",
+      "vendor/k8s.io/kubernetes/pkg/apis/authorization/v1",
+      "vendor/k8s.io/kubernetes/pkg/client/clientset_generated/clientset",
+      "vendor/k8s.io/kubernetes/pkg/client/clientset_generated/clientset/typed/authorization/v1",
       "vendor/github.com/emicklei/go-restful",
       "vendor/github.com/lestrrat/go-jsschema",
       "vendor/k8s.io/kubernetes/pkg/controller",
       "vendor/k8s.io/kubernetes/pkg/kubectl/cmd/util",
       "github.com/openshift/origin/pkg/api",
       "github.com/openshift/origin/pkg/template/apis/template",
       "github.com/openshift/origin/pkg/template/apis/template/v1",
-      "github.com/openshift/origin/pkg/authorization/util",
       "github.com/openshift/origin/pkg/template/apis/template/validation",
       "github.com/openshift/origin/pkg/route/apis/route"
     ]

Diff for: pkg/template/generated/listers/template/v1/template_expansion.go

@@ -2,26 +2,27 @@ package v1
 
 import (
 	templateapi "github.com/openshift/origin/pkg/template/apis/template"
+	templateapiv1 "github.com/openshift/origin/pkg/template/apis/template/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 )
 
 // TemplateListerExpansion allows custom methods to be added to
 // TemplateLister.
 type TemplateListerExpansion interface {
-	GetByUID(uid string) (*templateapi.Template, error)
+	GetByUID(uid string) (*templateapiv1.Template, error)
 }
 
 // TemplateNamespaceListerExpansion allows custom methods to be added to
 // TemplateNamespaceLister.
 type TemplateNamespaceListerExpansion interface{}
 
-func (s templateLister) GetByUID(uid string) (*templateapi.Template, error) {
+func (s templateLister) GetByUID(uid string) (*templateapiv1.Template, error) {
 	templates, err := s.indexer.ByIndex(templateapi.TemplateUIDIndex, uid)
 	if err != nil {
 		return nil, err
 	}
 	if len(templates) == 0 {
 		return nil, errors.NewNotFound(templateapi.Resource("template"), uid)
 	}
-	return templates[0].(*templateapi.Template), nil
+	return templates[0].(*templateapiv1.Template), nil
 }

Diff for: pkg/templateservicebroker/openservicebroker/server/apiserver.go

@@ -17,8 +17,9 @@ import (
 	"k8s.io/kubernetes/pkg/controller"
 
 	templateapi "github.com/openshift/origin/pkg/template/apis/template"
-	templateinformer "github.com/openshift/origin/pkg/template/generated/informers/internalversion"
-	templateinternalclientset "github.com/openshift/origin/pkg/template/generated/internalclientset"
+	templateapiv1 "github.com/openshift/origin/pkg/template/apis/template/v1"
+	templateclientset "github.com/openshift/origin/pkg/template/generated/clientset"
+	templateinformer "github.com/openshift/origin/pkg/template/generated/informers/externalversions"
 	templateservicebroker "github.com/openshift/origin/pkg/templateservicebroker/servicebroker"
 )
 
@@ -93,20 +94,20 @@ func (c completedTemplateServiceBrokerConfig) New(delegationTarget genericapiser
 	if err != nil {
 		return nil, err
 	}
-	templateClient, err := templateinternalclientset.NewForConfig(clientConfig)
+	templateClient, err := templateclientset.NewForConfig(clientConfig)
 	if err != nil {
 		return nil, err
 	}
 	templateInformers := templateinformer.NewSharedInformerFactory(templateClient, 5*time.Minute)
-	templateInformers.Template().InternalVersion().Templates().Informer().AddIndexers(cache.Indexers{
+	templateInformers.Template().V1().Templates().Informer().AddIndexers(cache.Indexers{
 		templateapi.TemplateUIDIndex: func(obj interface{}) ([]string, error) {
-			return []string{string(obj.(*templateapi.Template).UID)}, nil
+			return []string{string(obj.(*templateapiv1.Template).UID)}, nil
 		},
 	})
 
 	broker, err := templateservicebroker.NewBroker(
 		clientConfig,
-		templateInformers.Template().InternalVersion().Templates(),
+		templateInformers.Template().V1().Templates(),
 		c.TemplateNamespaces,
 	)
 	if err != nil {
@@ -115,7 +116,7 @@ func (c completedTemplateServiceBrokerConfig) New(delegationTarget genericapiser
 
 	if err := s.GenericAPIServer.AddPostStartHook("template-service-broker-synctemplates", func(context genericapiserver.PostStartHookContext) error {
 		templateInformers.Start(context.StopCh)
-		if !controller.WaitForCacheSync("tsb", context.StopCh, templateInformers.Template().InternalVersion().Templates().Informer().HasSynced) {
+		if !controller.WaitForCacheSync("tsb", context.StopCh, templateInformers.Template().V1().Templates().Informer().HasSynced) {
 			return fmt.Errorf("unable to sync caches")
 		}
 		return nil

Diff for: pkg/templateservicebroker/servicebroker/bind.go

@@ -19,13 +19,13 @@ import (
 	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/client-go/util/jsonpath"
 	kapi "k8s.io/kubernetes/pkg/api"
-	"k8s.io/kubernetes/pkg/apis/authorization"
+	authorizationv1 "k8s.io/kubernetes/pkg/apis/authorization/v1"
 
-	"github.com/openshift/origin/pkg/authorization/util"
 	"github.com/openshift/origin/pkg/config/cmd"
 	routeapi "github.com/openshift/origin/pkg/route/apis/route"
 	templateapi "github.com/openshift/origin/pkg/template/apis/template"
 	"github.com/openshift/origin/pkg/templateservicebroker/openservicebroker/api"
+	"github.com/openshift/origin/pkg/templateservicebroker/util"
 )
 
 func evaluateJSONPathExpression(obj interface{}, annotation, expression string, base64encode bool) (string, error) {
@@ -158,7 +158,7 @@ func (b *Broker) Bind(u user.Info, instanceID, bindingID string, breq *api.BindR
 
 	// end users are not expected to have access to BrokerTemplateInstance
 	// objects; SAR on the TemplateInstance instead.
-	if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorization.ResourceAttributes{
+	if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorizationv1.ResourceAttributes{
 		Namespace: namespace,
 		Verb:      "get",
 		Group:     templateapi.GroupName,
@@ -200,7 +200,7 @@ func (b *Broker) Bind(u user.Info, instanceID, bindingID string, breq *api.BindR
 			return api.InternalServerError(err)
 		}
 
-		if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorization.ResourceAttributes{
+		if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorizationv1.ResourceAttributes{
 			Namespace: object.Ref.Namespace,
 			Verb:      "get",
 			Group:     object.Ref.GroupVersionKind().Group,
@@ -249,7 +249,7 @@ func (b *Broker) Bind(u user.Info, instanceID, bindingID string, breq *api.BindR
 	if status == http.StatusCreated { // binding not found; create it
 		// end users are not expected to have access to BrokerTemplateInstance
 		// objects; SAR on the TemplateInstance instead.
-		if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorization.ResourceAttributes{
+		if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorizationv1.ResourceAttributes{
 			Namespace: namespace,
 			Verb:      "update",
 			Group:     templateapi.GroupName,

Diff for: pkg/templateservicebroker/servicebroker/catalog.go

@@ -11,6 +11,7 @@ import (
 
 	oapi "github.com/openshift/origin/pkg/api"
 	templateapi "github.com/openshift/origin/pkg/template/apis/template"
+	templateapiv1 "github.com/openshift/origin/pkg/template/apis/template/v1"
 	"github.com/openshift/origin/pkg/templateservicebroker/openservicebroker/api"
 )
 
@@ -31,7 +32,7 @@ var annotationMap = map[string]string{
 
 // serviceFromTemplate populates an open service broker service response from
 // an OpenShift template.
-func serviceFromTemplate(template *templateapi.Template) *api.Service {
+func serviceFromTemplate(template *templateapiv1.Template) *api.Service {
 	metadata := make(map[string]interface{})
 	for srcname, dstname := range annotationMap {
 		if value, ok := template.Annotations[srcname]; ok {

Diff for: pkg/templateservicebroker/servicebroker/catalog_test.go

@@ -9,11 +9,12 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	templateapi "github.com/openshift/origin/pkg/template/apis/template"
+	templateapiv1 "github.com/openshift/origin/pkg/template/apis/template/v1"
 	"github.com/openshift/origin/pkg/templateservicebroker/openservicebroker/api"
 )
 
 func TestServiceFromTemplate(t *testing.T) {
-	template := &templateapi.Template{
+	template := &templateapiv1.Template{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "name",
 			UID:  "ee33151d-a34d-442d-a0ca-6353b73a58fd",
@@ -28,7 +29,7 @@ func TestServiceFromTemplate(t *testing.T) {
 				"openshift.io/support-url":           "supportURL",
 			},
 		},
-		Parameters: []templateapi.Parameter{
+		Parameters: []templateapiv1.Parameter{
 			{
 				Name:     "param1",
 				Required: true,

Diff for: pkg/templateservicebroker/servicebroker/deprovision.go

@@ -8,11 +8,11 @@ import (
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apiserver/pkg/authentication/user"
-	"k8s.io/kubernetes/pkg/apis/authorization"
+	authorizationv1 "k8s.io/kubernetes/pkg/apis/authorization/v1"
 
-	"github.com/openshift/origin/pkg/authorization/util"
 	templateapi "github.com/openshift/origin/pkg/template/apis/template"
 	"github.com/openshift/origin/pkg/templateservicebroker/openservicebroker/api"
+	"github.com/openshift/origin/pkg/templateservicebroker/util"
 )
 
 // Deprovision is the reverse of Provision.  We clean up the TemplateInstance,
@@ -35,7 +35,7 @@ func (b *Broker) Deprovision(u user.Info, instanceID string) *api.Response {
 	// end users are not expected to have access to BrokerTemplateInstance
 	// objects; SAR on the TemplateInstance instead.
 
-	if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorization.ResourceAttributes{
+	if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorizationv1.ResourceAttributes{
 		Namespace: namespace,
 		Verb:      "get",
 		Group:     templateapi.GroupName,
@@ -45,7 +45,7 @@ func (b *Broker) Deprovision(u user.Info, instanceID string) *api.Response {
 		return api.Forbidden(err)
 	}
 
-	if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorization.ResourceAttributes{
+	if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorizationv1.ResourceAttributes{
 		Namespace: namespace,
 		Verb:      "delete",
 		Group:     templateapi.GroupName,

Diff for: pkg/templateservicebroker/servicebroker/lastoperation.go

@@ -9,12 +9,13 @@ import (
 	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apiserver/pkg/authentication/user"
-	kapi "k8s.io/kubernetes/pkg/api"
-	"k8s.io/kubernetes/pkg/apis/authorization"
+	kapiv1 "k8s.io/kubernetes/pkg/api/v1"
+	authorizationv1 "k8s.io/kubernetes/pkg/apis/authorization/v1"
 
-	"github.com/openshift/origin/pkg/authorization/util"
 	templateapi "github.com/openshift/origin/pkg/template/apis/template"
+	templateapiv1 "github.com/openshift/origin/pkg/template/apis/template/v1"
 	"github.com/openshift/origin/pkg/templateservicebroker/openservicebroker/api"
+	"github.com/openshift/origin/pkg/templateservicebroker/util"
 )
 
 // LastOperation returns the status of an asynchronous operation.  Currently
@@ -45,7 +46,7 @@ func (b *Broker) lastOperationProvisioning(u user.Info, instanceID string) *api.
 
 	namespace := brokerTemplateInstance.Spec.TemplateInstance.Namespace
 
-	if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorization.ResourceAttributes{
+	if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorizationv1.ResourceAttributes{
 		Namespace: namespace,
 		Verb:      "get",
 		Group:     templateapi.GroupName,
@@ -63,11 +64,11 @@ func (b *Broker) lastOperationProvisioning(u user.Info, instanceID string) *api.
 	state := api.LastOperationStateInProgress
 	var description string
 	for _, condition := range templateInstance.Status.Conditions {
-		if condition.Type == templateapi.TemplateInstanceReady && condition.Status == kapi.ConditionTrue {
+		if condition.Type == templateapiv1.TemplateInstanceReady && condition.Status == kapiv1.ConditionTrue {
 			state = api.LastOperationStateSucceeded
 			break
 		}
-		if condition.Type == templateapi.TemplateInstanceInstantiateFailure && condition.Status == kapi.ConditionTrue {
+		if condition.Type == templateapiv1.TemplateInstanceInstantiateFailure && condition.Status == kapiv1.ConditionTrue {
 			state = api.LastOperationStateFailed
 			description = condition.Message
 			break
@@ -90,7 +91,7 @@ func (b *Broker) lastOperationDeprovisioning(u user.Info, instanceID string) *ap
 
 	namespace := brokerTemplateInstance.Spec.TemplateInstance.Namespace
 
-	if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorization.ResourceAttributes{
+	if err := util.Authorize(b.kc.Authorization().SubjectAccessReviews(), u, &authorizationv1.ResourceAttributes{
 		Namespace: namespace,
 		Verb:      "get",
 		Group:     templateapi.GroupName,