Merge pull request #15714 from liggitt/root-scope-sar-3.6.1

Automatic merge from submit-queue Mark subjectaccessreview/resourceaccessreview as root-scoped pick of #15704
openshift · Aug 28, 2017 · 07ac16f · 07ac16f
2 parents 277d472 + 00be8ba
commit 07ac16f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 119 deletions.
diff --git a/api/swagger-spec/openshift-openapi-spec.json b/api/swagger-spec/openshift-openapi-spec.json
@@ -22627,64 +22627,6 @@
      }
     ]
    },
-   "/apis/authorization.openshift.io/v1/namespaces/{namespace}/resourceaccessreviews": {
-    "post": {
-     "description": "create a ResourceAccessReview",
-     "consumes": [
-      "*/*"
-     ],
-     "produces": [
-      "application/json",
-      "application/yaml",
-      "application/vnd.kubernetes.protobuf"
-     ],
-     "schemes": [
-      "https"
-     ],
-     "tags": [
-      "authorizationOpenshiftIo_v1"
-     ],
-     "operationId": "createAuthorizationOpenshiftIoV1NamespacedResourceAccessReview",
-     "parameters": [
-      {
-       "name": "body",
-       "in": "body",
-       "required": true,
-       "schema": {
-        "$ref": "#/definitions/com.github.openshift.origin.pkg.authorization.apis.authorization.v1.ResourceAccessReview"
-       }
-      }
-     ],
-     "responses": {
-      "200": {
-       "description": "OK",
-       "schema": {
-        "$ref": "#/definitions/com.github.openshift.origin.pkg.authorization.apis.authorization.v1.ResourceAccessReview"
-       }
-      },
-      "401": {
-       "description": "Unauthorized"
-      }
-     }
-    },
-    "parameters": [
-     {
-      "uniqueItems": true,
-      "type": "string",
-      "description": "object name and auth scope, such as for teams and projects",
-      "name": "namespace",
-      "in": "path",
-      "required": true
-     },
-     {
-      "uniqueItems": true,
-      "type": "string",
-      "description": "If 'true', then the output is pretty printed.",
-      "name": "pretty",
-      "in": "query"
-     }
-    ]
-   },
    "/apis/authorization.openshift.io/v1/namespaces/{namespace}/rolebindingrestrictions": {
     "get": {
      "description": "list or watch objects of kind RoleBindingRestriction",
@@ -23791,64 +23733,6 @@
      }
     ]
    },
-   "/apis/authorization.openshift.io/v1/namespaces/{namespace}/subjectaccessreviews": {
-    "post": {
-     "description": "create a SubjectAccessReview",
-     "consumes": [
-      "*/*"
-     ],
-     "produces": [
-      "application/json",
-      "application/yaml",
-      "application/vnd.kubernetes.protobuf"
-     ],
-     "schemes": [
-      "https"
-     ],
-     "tags": [
-      "authorizationOpenshiftIo_v1"
-     ],
-     "operationId": "createAuthorizationOpenshiftIoV1NamespacedSubjectAccessReview",
-     "parameters": [
-      {
-       "name": "body",
-       "in": "body",
-       "required": true,
-       "schema": {
-        "$ref": "#/definitions/com.github.openshift.origin.pkg.authorization.apis.authorization.v1.SubjectAccessReview"
-       }
-      }
-     ],
-     "responses": {
-      "200": {
-       "description": "OK",
-       "schema": {
-        "$ref": "#/definitions/com.github.openshift.origin.pkg.authorization.apis.authorization.v1.SubjectAccessReview"
-       }
-      },
-      "401": {
-       "description": "Unauthorized"
-      }
-     }
-    },
-    "parameters": [
-     {
-      "uniqueItems": true,
-      "type": "string",
-      "description": "object name and auth scope, such as for teams and projects",
-      "name": "namespace",
-      "in": "path",
-      "required": true
-     },
-     {
-      "uniqueItems": true,
-      "type": "string",
-      "description": "If 'true', then the output is pretty printed.",
-      "name": "pretty",
-      "in": "query"
-     }
-    ]
-   },
    "/apis/authorization.openshift.io/v1/namespaces/{namespace}/subjectrulesreviews": {
     "post": {
      "description": "create a SubjectRulesReview",
@@ -24160,7 +24044,7 @@
      "tags": [
       "authorizationOpenshiftIo_v1"
      ],
-     "operationId": "createAuthorizationOpenshiftIoV1ResourceAccessReviewForAllNamespaces",
+     "operationId": "createAuthorizationOpenshiftIoV1ResourceAccessReview",
      "parameters": [
       {
        "name": "body",
@@ -24614,7 +24498,7 @@
      "tags": [
       "authorizationOpenshiftIo_v1"
      ],
-     "operationId": "createAuthorizationOpenshiftIoV1SubjectAccessReviewForAllNamespaces",
+     "operationId": "createAuthorizationOpenshiftIoV1SubjectAccessReview",
      "parameters": [
       {
        "name": "body",

diff --git a/pkg/authorization/apis/authorization/install/apigroup.go b/pkg/authorization/apis/authorization/install/apigroup.go
@@ -23,7 +23,7 @@ func Install(groupFactoryRegistry announced.APIGroupFactoryRegistry, registry *r
 			VersionPreferenceOrder:     []string{authorizationapiv1.SchemeGroupVersion.Version},
 			ImportPrefix:               importPrefix,
 			AddInternalObjectsToScheme: authorizationapi.AddToScheme,
-			RootScopedKinds:            sets.NewString("ClusterRole", "ClusterRoleBinding", "ClusterPolicy", "ClusterPolicyBinding"),
+			RootScopedKinds:            sets.NewString("ClusterRole", "ClusterRoleBinding", "ClusterPolicy", "ClusterPolicyBinding", "SubjectAccessReview", "ResourceAccessReview"),
 		},
 		announced.VersionToSchemeFunc{
 			authorizationapiv1.SchemeGroupVersion.Version: authorizationapiv1.AddToScheme,