switch to external user client

Author: deads2k

pkg/auth/userregistry/identitymapper/interfaces.go

@@ -1,7 +1,7 @@
 package identitymapper
 
 import (
-	userapi "github.com/openshift/origin/pkg/user/apis/user"
+	userapi "github.com/openshift/origin/pkg/user/apis/user/v1"
 )
 
 type UserToGroupMapper interface {

pkg/authorization/admission/restrictusers/groupcache_test.go

@@ -1,7 +1,7 @@
 package restrictusers
 
 import (
-	userapi "github.com/openshift/origin/pkg/user/apis/user"
+	userapi "github.com/openshift/origin/pkg/user/apis/user/v1"
 )
 
 type fakeGroupCache struct {

pkg/authorization/admission/restrictusers/restrictusers.go

@@ -17,10 +17,10 @@ import (
 	authorizationclient "github.com/openshift/origin/pkg/authorization/generated/clientset"
 	authorizationtypedclient "github.com/openshift/origin/pkg/authorization/generated/clientset/typed/authorization/v1"
 	oadmission "github.com/openshift/origin/pkg/cmd/server/admission"
-	userapi "github.com/openshift/origin/pkg/user/apis/user"
+	userapi "github.com/openshift/origin/pkg/user/apis/user/v1"
 	usercache "github.com/openshift/origin/pkg/user/cache"
-	userinformer "github.com/openshift/origin/pkg/user/generated/informers/internalversion"
-	userclient "github.com/openshift/origin/pkg/user/generated/internalclientset"
+	userclient "github.com/openshift/origin/pkg/user/generated/clientset"
+	userinformer "github.com/openshift/origin/pkg/user/generated/informers/externalversions"
 )
 
 func Register(plugins *admission.Plugins) {
@@ -72,7 +72,7 @@ func (q *restrictUsersAdmission) SetOpenshiftInternalUserClient(userClient userc
 }
 
 func (q *restrictUsersAdmission) SetUserInformer(userInformers userinformer.SharedInformerFactory) {
-	q.groupCache = usercache.NewGroupCache(userInformers.User().InternalVersion().Groups())
+	q.groupCache = usercache.NewGroupCache(userInformers.User().V1().Groups())
 }
 
 // subjectsDelta returns the relative complement of elementsToIgnore in

pkg/authorization/admission/restrictusers/restrictusers_test.go

@@ -18,8 +18,8 @@ import (
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization/v1"
 	fakeauthorizationclient "github.com/openshift/origin/pkg/authorization/generated/clientset/fake"
 	oadmission "github.com/openshift/origin/pkg/cmd/server/admission"
-	userapi "github.com/openshift/origin/pkg/user/apis/user"
-	fakeuserclient "github.com/openshift/origin/pkg/user/generated/internalclientset/fake"
+	userapi "github.com/openshift/origin/pkg/user/apis/user/v1"
+	fakeuserclient "github.com/openshift/origin/pkg/user/generated/clientset/fake"
 )
 
 func TestAdmission(t *testing.T) {

pkg/authorization/admission/restrictusers/subjectchecker.go

@@ -10,8 +10,8 @@ import (
 	kclientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
 
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization/v1"
-	userapi "github.com/openshift/origin/pkg/user/apis/user"
-	userclient "github.com/openshift/origin/pkg/user/generated/internalclientset/typed/user/internalversion"
+	userapi "github.com/openshift/origin/pkg/user/apis/user/v1"
+	userclient "github.com/openshift/origin/pkg/user/generated/clientset/typed/user/v1"
 )
 
 // SubjectChecker determines whether rolebindings on a subject (user, group, or
@@ -47,7 +47,7 @@ func (checkers UnionSubjectChecker) Allowed(subject rbac.Subject, ctx *RoleBindi
 // RoleBindingRestrictionContext holds context that is used when determining
 // whether a RoleBindingRestriction allows rolebindings on a particular subject.
 type RoleBindingRestrictionContext struct {
-	userClient userclient.UserInterface
+	userClient userclient.UserV1Interface
 	kclient    kclientset.Interface
 
 	// groupCache maps user name to groups.
@@ -66,7 +66,7 @@ type RoleBindingRestrictionContext struct {
 
 // NewRoleBindingRestrictionContext returns a new RoleBindingRestrictionContext
 // object.
-func NewRoleBindingRestrictionContext(ns string, kc kclientset.Interface, userClient userclient.UserInterface, groupCache GroupCache) (*RoleBindingRestrictionContext, error) {
+func NewRoleBindingRestrictionContext(ns string, kc kclientset.Interface, userClient userclient.UserV1Interface, groupCache GroupCache) (*RoleBindingRestrictionContext, error) {
 	return &RoleBindingRestrictionContext{
 		namespace:       ns,
 		kclient:         kc,

pkg/authorization/admission/restrictusers/subjectchecker_test.go

@@ -11,8 +11,8 @@ import (
 	"k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/fake"
 
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization/v1"
-	userapi "github.com/openshift/origin/pkg/user/apis/user"
-	fakeuserclient "github.com/openshift/origin/pkg/user/generated/internalclientset/fake"
+	userapi "github.com/openshift/origin/pkg/user/apis/user/v1"
+	fakeuserclient "github.com/openshift/origin/pkg/user/generated/clientset/fake"
 )
 
 func mustNewSubjectChecker(t *testing.T, spec *authorizationapi.RoleBindingRestrictionSpec) SubjectChecker {

pkg/cmd/server/admission/init.go

@@ -19,8 +19,8 @@ import (
 	quotaclient "github.com/openshift/origin/pkg/quota/generated/internalclientset"
 	securityinformer "github.com/openshift/origin/pkg/security/generated/informers/internalversion"
 	templateclient "github.com/openshift/origin/pkg/template/generated/internalclientset"
-	userinformer "github.com/openshift/origin/pkg/user/generated/informers/internalversion"
-	userclient "github.com/openshift/origin/pkg/user/generated/internalclientset"
+	userclient "github.com/openshift/origin/pkg/user/generated/clientset"
+	userinformer "github.com/openshift/origin/pkg/user/generated/informers/externalversions"
 )
 
 type PluginInitializer struct {

pkg/cmd/server/admission/types.go

@@ -17,8 +17,8 @@ import (
 	quotaclient "github.com/openshift/origin/pkg/quota/generated/internalclientset"
 	securityinformer "github.com/openshift/origin/pkg/security/generated/informers/internalversion"
 	templateclient "github.com/openshift/origin/pkg/template/generated/internalclientset"
-	userinformer "github.com/openshift/origin/pkg/user/generated/informers/internalversion"
-	userclient "github.com/openshift/origin/pkg/user/generated/internalclientset"
+	userclient "github.com/openshift/origin/pkg/user/generated/clientset"
+	userinformer "github.com/openshift/origin/pkg/user/generated/informers/externalversions"
 )
 
 type WantsOpenshiftInternalAuthorizationClient interface {

pkg/cmd/server/origin/admission/plugin_initializer.go

@@ -22,8 +22,8 @@ import (
 	securityinformer "github.com/openshift/origin/pkg/security/generated/informers/internalversion"
 	"github.com/openshift/origin/pkg/service"
 	templateclient "github.com/openshift/origin/pkg/template/generated/internalclientset"
-	userinformer "github.com/openshift/origin/pkg/user/generated/informers/internalversion"
-	userclient "github.com/openshift/origin/pkg/user/generated/internalclientset"
+	userclient "github.com/openshift/origin/pkg/user/generated/clientset"
+	userinformer "github.com/openshift/origin/pkg/user/generated/informers/externalversions"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"

pkg/cmd/server/origin/authenticator.go

@@ -63,7 +63,7 @@ func NewAuthenticator(
 		serviceAccountTokenGetter,
 		userClient.Users(),
 		apiClientCAs,
-		usercache.NewGroupCache(informers.GetUserInformers().User().InternalVersion().Groups()),
+		usercache.NewGroupCache(informers.GetUserInformers().User().V1().Groups()),
 	)
 }
 

pkg/cmd/server/origin/master_config.go

@@ -37,7 +37,7 @@ import (
 	projectcache "github.com/openshift/origin/pkg/project/cache"
 	"github.com/openshift/origin/pkg/quota/controller/clusterquotamapping"
 	quotainformer "github.com/openshift/origin/pkg/quota/generated/informers/internalversion"
-	userinformer "github.com/openshift/origin/pkg/user/generated/informers/internalversion"
+	userinformer "github.com/openshift/origin/pkg/user/generated/informers/externalversions"
 
 	securityinformer "github.com/openshift/origin/pkg/security/generated/informers/internalversion"
 	"github.com/openshift/origin/pkg/service"
@@ -91,7 +91,6 @@ type MasterConfig struct {
 	AuthorizationInformers authorizationinformer.SharedInformerFactory
 	QuotaInformers         quotainformer.SharedInformerFactory
 	SecurityInformers      securityinformer.SharedInformerFactory
-	UserInformers          userinformer.SharedInformerFactory
 }
 
 type InformerAccess interface {
@@ -203,7 +202,6 @@ func BuildMasterConfig(
 		AuthorizationInformers: informers.GetAuthorizationInformers(),
 		QuotaInformers:         informers.GetQuotaInformers(),
 		SecurityInformers:      informers.GetSecurityInformers(),
-		UserInformers:          informers.GetUserInformers(),
 	}
 
 	// ensure that the limit range informer will be started

pkg/cmd/server/start/informers.go

@@ -28,8 +28,8 @@ import (
 	securityclient "github.com/openshift/origin/pkg/security/generated/internalclientset"
 	templateinformer "github.com/openshift/origin/pkg/template/generated/informers/internalversion"
 	templateclient "github.com/openshift/origin/pkg/template/generated/internalclientset"
-	userinformer "github.com/openshift/origin/pkg/user/generated/informers/internalversion"
-	userclient "github.com/openshift/origin/pkg/user/generated/internalclientset"
+	userclient "github.com/openshift/origin/pkg/user/generated/clientset"
+	userinformer "github.com/openshift/origin/pkg/user/generated/informers/externalversions"
 )
 
 // informers is a convenient way for us to keep track of the informers, but

pkg/cmd/server/start/start_master.go

@@ -507,7 +507,7 @@ func (m *Master) Start() error {
 		}
 		// the API server runs a reverse index on users to groups which requires an index on the group informer
 		// this activates the lister/watcher, so we want to do it only in this path
-		err = informers.userInformers.User().InternalVersion().Groups().Informer().AddIndexers(cache.Indexers{
+		err = informers.userInformers.User().V1().Groups().Informer().AddIndexers(cache.Indexers{
 			usercache.ByUserIndexName: usercache.ByUserIndexKeys,
 		})
 		if err != nil {

pkg/project/admission/requestlimit/admission.go

@@ -19,8 +19,8 @@ import (
 	projectapi "github.com/openshift/origin/pkg/project/apis/project"
 	projectcache "github.com/openshift/origin/pkg/project/cache"
 	uservalidation "github.com/openshift/origin/pkg/user/apis/user/validation"
-	userclient "github.com/openshift/origin/pkg/user/generated/internalclientset"
-	usertypedclient "github.com/openshift/origin/pkg/user/generated/internalclientset/typed/user/internalversion"
+	userclient "github.com/openshift/origin/pkg/user/generated/clientset"
+	usertypedclient "github.com/openshift/origin/pkg/user/generated/clientset/typed/user/v1"
 )
 
 // allowedTerminatingProjects is the number of projects that are owned by a user, are in terminating state,

pkg/project/admission/requestlimit/admission_test.go

@@ -18,8 +18,8 @@ import (
 	requestlimitapi "github.com/openshift/origin/pkg/project/admission/requestlimit/api"
 	projectapi "github.com/openshift/origin/pkg/project/apis/project"
 	projectcache "github.com/openshift/origin/pkg/project/cache"
-	userapi "github.com/openshift/origin/pkg/user/apis/user"
-	fakeuserclient "github.com/openshift/origin/pkg/user/generated/internalclientset/fake"
+	userapi "github.com/openshift/origin/pkg/user/apis/user/v1"
+	fakeuserclient "github.com/openshift/origin/pkg/user/generated/clientset/fake"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 
 	// install all APIs

pkg/user/cache/groups.go

@@ -5,8 +5,8 @@ import (
 
 	"k8s.io/client-go/tools/cache"
 
-	userapi "github.com/openshift/origin/pkg/user/apis/user"
-	userinformer "github.com/openshift/origin/pkg/user/generated/informers/internalversion/user/internalversion"
+	userapi "github.com/openshift/origin/pkg/user/apis/user/v1"
+	userinformer "github.com/openshift/origin/pkg/user/generated/informers/externalversions/user/v1"
 )
 
 // GroupCache is a skin on an indexer to provide the reverse index from user to groups.