updates for finding groupified first

pkg/oc/cli/describe/describer.go

@@ -127,7 +127,7 @@ func describerMap(clientConfig *rest.Config, kclient kclientset.Interface, host
 		authorizationapi.Kind("ClusterRole"):            &ClusterRoleDescriber{oauthorizationClient},
 		authorizationapi.Kind("RoleBindingRestriction"): &RoleBindingRestrictionDescriber{oauthorizationClient},
 		oauthapi.Kind("OAuthAccessToken"):               &OAuthAccessTokenDescriber{oauthClient},
-		authorizationapi.Kind("Identity"):               &IdentityDescriber{userClient},
+		userapi.Kind("Identity"):                        &IdentityDescriber{userClient},
 		userapi.Kind("User"):                            &UserDescriber{userClient},
 		userapi.Kind("Group"):                           &GroupDescriber{userClient},
 		userapi.Kind("UserIdentityMapping"):             &UserIdentityMappingDescriber{userClient},

test/cmd/admin.sh

@@ -120,7 +120,7 @@ os::test::junit::declare_suite_start "cmd/admin/groups"
 os::cmd::expect_success_and_text 'oc adm groups new shortoutputgroup -o name' 'groups/shortoutputgroup'
 os::cmd::expect_failure_and_text 'oc adm groups new shortoutputgroup' 'groups.user.openshift.io "shortoutputgroup" already exists'
 os::cmd::expect_failure_and_text 'oc adm groups new errorgroup -o blah' 'error: output format "blah" not recognized'
-os::cmd::expect_failure_and_text 'oc get groups/errorgroup' 'groups "errorgroup" not found'
+os::cmd::expect_failure_and_text 'oc get groups/errorgroup' 'groups.user.openshift.io "errorgroup" not found'
 os::cmd::expect_success_and_text 'oc adm groups new group1 foo bar' 'group1.*foo, bar'
 os::cmd::expect_success_and_text 'oc get groups/group1 --no-headers' 'foo, bar'
 os::cmd::expect_success 'oc adm groups add-users group1 baz'

test/cmd/authentication.sh

@@ -53,14 +53,14 @@ listprojecttoken="$(oc process -f "${OS_ROOT}/test/testdata/authentication/scope
 # this token doesn't have rights to see any projects even though it can hit the list endpoint, so an empty list is correct
 # we'll add another scope that allows listing all known projects even if this token has no other powers in them.
 os::cmd::expect_success_and_not_text "oc get projects --token='${listprojecttoken}'" "${project}"
-os::cmd::expect_failure_and_text "oc get user/~ --token='${listprojecttoken}'" 'prevent this action; User "scoped-user" cannot get users at the cluster scope'
+os::cmd::expect_failure_and_text "oc get user/~ --token='${listprojecttoken}'" 'prevent this action; User "scoped-user" cannot get users.user.openshift.io at the cluster scope'
 os::cmd::expect_failure_and_text "oc get pods --token='${listprojecttoken}' -n '${project}'" "prevent this action; User \"scoped-user\" cannot list pods in project \"${project}\""
 
 listprojecttoken="$(oc process -f "${OS_ROOT}/test/testdata/authentication/scoped-token-template.yaml" TOKEN_PREFIX=listallprojects SCOPE=user:list-projects USER_NAME="${username}" USER_UID="${useruid}" | oc create -f - -o name | awk -F/ '{print $2}')"
 os::cmd::expect_success_and_text "oc get projects --token='${listprojecttoken}'" "${project}"
 
 adminnonescalatingpowerstoken="$(oc process -f "${OS_ROOT}/test/testdata/authentication/scoped-token-template.yaml" TOKEN_PREFIX=admin SCOPE=role:admin:* USER_NAME="${username}" USER_UID="${useruid}" | oc create -f - -o name | awk -F/ '{print $2}')"
-os::cmd::expect_failure_and_text "oc get user/~ --token='${adminnonescalatingpowerstoken}'" 'prevent this action; User "scoped-user" cannot get users at the cluster scope'
+os::cmd::expect_failure_and_text "oc get user/~ --token='${adminnonescalatingpowerstoken}'" 'prevent this action; User "scoped-user" cannot get users.user.openshift.io at the cluster scope'
 os::cmd::expect_failure_and_text "oc get secrets --token='${adminnonescalatingpowerstoken}' -n '${project}'" "prevent this action; User \"scoped-user\" cannot list secrets in project \"${project}\""
 os::cmd::expect_success_and_text "oc get 'projects/${project}' --token='${adminnonescalatingpowerstoken}' -n '${project}'" "${project}"