Promote SubjectAccessReview to v1 #40709
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
This change is |
k8s-github-robot
added
kind/api-change
liggitt
added
release-note
| cmdArgs += fmt.Sprintf("--%s=%s ", f.Name, f.Value) | ||
| }) | ||
| return fmt.Sprintf("\n// This file was automatically generated by informer-gen with arguments: %s\n\n", cmdArgs) | ||
| return fmt.Sprintf("\n// This file was automatically generated by informer-gen\n\n") |
| AddInternalObjectsToScheme: authorization.AddToScheme, | ||
| }, | ||
| announced.VersionToSchemeFunc{ | ||
| v1.SchemeGroupVersion.Version: v1.AddToScheme, |
There was a problem hiding this comment.
need to fix up the version preference order above.
|
Is there a simple way for you to confirm that the preference order is correct in discovery? |
|
minor (but important) comment. lgtm otherwise. |
liggitt
force-pushed
the
v1-sar
branch
3 times, most recently
from
e7b5b11 to
752978f
Compare
|
@k8s-bot bazel test this |
k8s-github-robot
assigned
bgrant0607 and
smarterclayton and unassigned
timothysc and
bgrant0607
liggitt
force-pushed
the
v1-sar
branch
6 times, most recently
from
db5b393 to
40ef8f7
Compare
|
@mikedanese, any clue what the issue is causing this bazel error: |
|
@kubernetes/api-approvers for approval |
|
I'm ok with this being promoted - it fits the requirements, we've had it baked for a long time, and we are testing and using it regularly. @erictune can you weigh in whether you concur? |
|
/lgtm |
|
@erictune: you can't LGTM a PR unless you are an assignee. In response to this comment:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@cjcullen FYI. subjectaccessreview going GA. looked good to me. now would be good time to comment if you had issues with it. |
|
No worries about it from me... |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/approve |
k8s-github-robot
added
the
approved
Use specific v1beta1 Authorization client Add client expansions
|
regenerated conflicting pb files |
liggitt
added
approved
|
[APPROVALNOTIFIER] This PR is NOT APPROVED The following people have approved this PR: liggitt Needs approval from an approver in each of these OWNERS Files:
We suggest the following people: |
|
@k8s-bot gce etcd3 e2e test this |
|
@liggitt: The following test(s) failed:
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Automatic merge from submit-queue (batch tested with PRs 40971, 41027, 40709, 40903, 39369) |
Automatic merge from submit-queue (batch tested with PRs 41112, 41201, 41058, 40650, 40926) Promote TokenReview to v1 Peer to #40709 We have multiple features that depend on this API: - [webhook authentication](https://kubernetes.io/docs/admin/authentication/#webhook-token-authentication) - [kubelet delegated authentication](https://kubernetes.io/docs/admin/kubelet-authentication-authorization/#kubelet-authentication) - add-on API server delegated authentication The API has been in use since 1.3 in beta status (v1beta1) with negligible changes: - Added a status field for reporting errors evaluating the token This PR promotes the existing v1beta1 API to v1 with no changes Because the API does not persist data (it is a query/response-style API), there are no data migration concerns. This positions us to promote the features that depend on this API to stable in 1.7 cc @kubernetes/sig-auth-api-reviews @kubernetes/sig-auth-misc ```release-note The authentication.k8s.io API group was promoted to v1 ```
12 participants
We have multiple features that depend on this API:
SubjectAccessReview
The API has been in use since 1.3 in beta status (v1beta1) with negligible changes:
This PR promotes the existing v1beta1 API to v1, with the only change being the typo fix to the groups field. (fixes #32709)
Because the API does not persist data (it is a query/response-style API), there are no data migration concerns.
This positions us to promote the features that depend on this API to stable in 1.7
cc @kubernetes/sig-auth-api-reviews @kubernetes/sig-auth-misc