LIGGITT: add scoper to rest storage

pkg/authorization/registry/clusterrole/proxy.go

@@ -28,6 +28,7 @@ var _ rest.Lister = &REST{}
 var _ rest.Getter = &REST{}
 var _ rest.CreaterUpdater = &REST{}
 var _ rest.GracefulDeleter = &REST{}
+var _ rest.Scoper = &REST{}
 
 func NewREST(client restclient.Interface) utilregistry.NoWatchStorage {
 	return utilregistry.WrapNoWatchStorageError(&REST{
@@ -43,6 +44,10 @@ func (s *REST) NewList() runtime.Object {
 	return &authorizationapi.ClusterRoleList{}
 }
 
+func (s *REST) NamespaceScoped() bool {
+	return false
+}
+
 func (s *REST) List(ctx context.Context, options *metainternal.ListOptions) (runtime.Object, error) {
 	client, err := s.getImpersonatingClient(ctx)
 	if err != nil {

pkg/authorization/registry/clusterrolebinding/proxy.go

@@ -28,6 +28,7 @@ var _ rest.Lister = &REST{}
 var _ rest.Getter = &REST{}
 var _ rest.CreaterUpdater = &REST{}
 var _ rest.GracefulDeleter = &REST{}
+var _ rest.Scoper = &REST{}
 
 func NewREST(client restclient.Interface) utilregistry.NoWatchStorage {
 	return utilregistry.WrapNoWatchStorageError(&REST{
@@ -43,6 +44,10 @@ func (s *REST) NewList() runtime.Object {
 	return &authorizationapi.ClusterRoleBindingList{}
 }
 
+func (s *REST) NamespaceScoped() bool {
+	return false
+}
+
 func (s *REST) List(ctx context.Context, options *metainternal.ListOptions) (runtime.Object, error) {
 	client, err := s.getImpersonatingClient(ctx)
 	if err != nil {

pkg/authorization/registry/localresourceaccessreview/rest.go

@@ -21,6 +21,7 @@ type REST struct {
 }
 
 var _ rest.Creater = &REST{}
+var _ rest.Scoper = &REST{}
 
 func NewREST(clusterRARRegistry resourceaccessreview.Registry) *REST {
 	return &REST{clusterRARRegistry}
@@ -30,6 +31,10 @@ func (r *REST) New() runtime.Object {
 	return &authorizationapi.LocalResourceAccessReview{}
 }
 
+func (s *REST) NamespaceScoped() bool {
+	return true
+}
+
 // Create transforms a LocalRAR into an ClusterRAR that is requesting a namespace.  That collapses the code paths.
 // LocalResourceAccessReview exists to allow clean expression of policy.
 func (r *REST) Create(ctx context.Context, obj runtime.Object, _ rest.ValidateObjectFunc, _ bool) (runtime.Object, error) {

pkg/authorization/registry/localsubjectaccessreview/rest.go

@@ -21,6 +21,7 @@ type REST struct {
 }
 
 var _ rest.Creater = &REST{}
+var _ rest.Scoper = &REST{}
 
 func NewREST(clusterSARRegistry subjectaccessreview.Registry) *REST {
 	return &REST{clusterSARRegistry}
@@ -30,6 +31,10 @@ func (r *REST) New() runtime.Object {
 	return &authorizationapi.LocalSubjectAccessReview{}
 }
 
+func (s *REST) NamespaceScoped() bool {
+	return true
+}
+
 // Create transforms a LocalSAR into an ClusterSAR that is requesting a namespace.  That collapses the code paths.
 // LocalSubjectAccessReview exists to allow clean expression of policy.
 func (r *REST) Create(ctx context.Context, obj runtime.Object, _ rest.ValidateObjectFunc, _ bool) (runtime.Object, error) {

pkg/authorization/registry/resourceaccessreview/rest.go

@@ -27,6 +27,7 @@ type REST struct {
 }
 
 var _ rest.Creater = &REST{}
+var _ rest.Scoper = &REST{}
 
 // NewREST creates a new REST for policies.
 func NewREST(authorizer kauthorizer.Authorizer, subjectLocator rbac.SubjectLocator) *REST {
@@ -38,6 +39,10 @@ func (r *REST) New() runtime.Object {
 	return &authorizationapi.ResourceAccessReview{}
 }
 
+func (s *REST) NamespaceScoped() bool {
+	return false
+}
+
 // Create registers a given new ResourceAccessReview instance to r.registry.
 func (r *REST) Create(ctx context.Context, obj runtime.Object, _ rest.ValidateObjectFunc, _ bool) (runtime.Object, error) {
 	resourceAccessReview, ok := obj.(*authorizationapi.ResourceAccessReview)

pkg/authorization/registry/role/proxy.go

@@ -30,6 +30,7 @@ var _ rest.Lister = &REST{}
 var _ rest.Getter = &REST{}
 var _ rest.CreaterUpdater = &REST{}
 var _ rest.GracefulDeleter = &REST{}
+var _ rest.Scoper = &REST{}
 
 func NewREST(client restclient.Interface) utilregistry.NoWatchStorage {
 	return utilregistry.WrapNoWatchStorageError(&REST{
@@ -45,6 +46,10 @@ func (s *REST) NewList() runtime.Object {
 	return &authorizationapi.RoleList{}
 }
 
+func (s *REST) NamespaceScoped() bool {
+	return true
+}
+
 func (s *REST) List(ctx context.Context, options *metainternal.ListOptions) (runtime.Object, error) {
 	client, err := s.getImpersonatingClient(ctx)
 	if err != nil {

pkg/authorization/registry/rolebinding/proxy.go

@@ -30,6 +30,7 @@ var _ rest.Lister = &REST{}
 var _ rest.Getter = &REST{}
 var _ rest.CreaterUpdater = &REST{}
 var _ rest.GracefulDeleter = &REST{}
+var _ rest.Scoper = &REST{}
 
 func NewREST(client restclient.Interface) utilregistry.NoWatchStorage {
 	return utilregistry.WrapNoWatchStorageError(&REST{
@@ -45,6 +46,10 @@ func (s *REST) NewList() runtime.Object {
 	return &authorizationapi.RoleBindingList{}
 }
 
+func (s *REST) NamespaceScoped() bool {
+	return true
+}
+
 func (s *REST) List(ctx context.Context, options *metainternal.ListOptions) (runtime.Object, error) {
 	client, err := s.getImpersonatingClient(ctx)
 	if err != nil {

pkg/authorization/registry/selfsubjectrulesreview/storage.go

@@ -24,6 +24,7 @@ type REST struct {
 }
 
 var _ rest.Creater = &REST{}
+var _ rest.Scoper = &REST{}
 
 func NewREST(ruleResolver rbacregistryvalidation.AuthorizationRuleResolver, clusterRoleGetter rbaclisters.ClusterRoleLister) *REST {
 	return &REST{ruleResolver: ruleResolver, clusterRoleGetter: clusterRoleGetter}
@@ -33,6 +34,10 @@ func (r *REST) New() runtime.Object {
 	return &authorizationapi.SelfSubjectRulesReview{}
 }
 
+func (s *REST) NamespaceScoped() bool {
+	return true
+}
+
 // Create registers a given new ResourceAccessReview instance to r.registry.
 func (r *REST) Create(ctx context.Context, obj runtime.Object, _ rest.ValidateObjectFunc, _ bool) (runtime.Object, error) {
 	rulesReview, ok := obj.(*authorizationapi.SelfSubjectRulesReview)

pkg/authorization/registry/subjectaccessreview/rest.go

@@ -24,6 +24,7 @@ type REST struct {
 }
 
 var _ rest.Creater = &REST{}
+var _ rest.Scoper = &REST{}
 
 // NewREST creates a new REST for policies.
 func NewREST(authorizer kauthorizer.Authorizer) *REST {
@@ -35,6 +36,10 @@ func (r *REST) New() runtime.Object {
 	return &authorizationapi.SubjectAccessReview{}
 }
 
+func (s *REST) NamespaceScoped() bool {
+	return false
+}
+
 // Create registers a given new ResourceAccessReview instance to r.registry.
 func (r *REST) Create(ctx context.Context, obj runtime.Object, _ rest.ValidateObjectFunc, _ bool) (runtime.Object, error) {
 	subjectAccessReview, ok := obj.(*authorizationapi.SubjectAccessReview)

pkg/authorization/registry/subjectrulesreview/storage.go

@@ -27,6 +27,7 @@ type REST struct {
 }
 
 var _ rest.Creater = &REST{}
+var _ rest.Scoper = &REST{}
 
 func NewREST(ruleResolver rbacregistryvalidation.AuthorizationRuleResolver, clusterRoleGetter rbaclisters.ClusterRoleLister) *REST {
 	return &REST{ruleResolver: ruleResolver, clusterRoleGetter: clusterRoleGetter}
@@ -36,6 +37,10 @@ func (r *REST) New() runtime.Object {
 	return &authorizationapi.SubjectRulesReview{}
 }
 
+func (s *REST) NamespaceScoped() bool {
+	return true
+}
+
 // Create registers a given new ResourceAccessReview instance to r.registry.
 func (r *REST) Create(ctx context.Context, obj runtime.Object, _ rest.ValidateObjectFunc, _ bool) (runtime.Object, error) {
 	rulesReview, ok := obj.(*authorizationapi.SubjectRulesReview)