Merge pull request #16516 from deads2k/client-06-cmd-snips

Automatic merge from submit-queue

remove legacy client usage

Cleans up a bunch of different legacy client usage.

pkg/apps/client/v1/scale.go

@@ -0,0 +1,56 @@
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	extensionsv1beta1 "k8s.io/kubernetes/pkg/apis/extensions/v1beta1"
+	kextensionsclient "k8s.io/kubernetes/pkg/client/clientset_generated/clientset/typed/extensions/v1beta1"
+
+	appstypedclient "github.com/openshift/origin/pkg/apps/generated/clientset/typed/apps/v1"
+)
+
+type delegatingScaleInterface struct {
+	dcs    appstypedclient.DeploymentConfigInterface
+	scales kextensionsclient.ScaleInterface
+}
+
+type delegatingScaleNamespacer struct {
+	dcNS    appstypedclient.DeploymentConfigsGetter
+	scaleNS kextensionsclient.ScalesGetter
+}
+
+func (c *delegatingScaleNamespacer) Scales(namespace string) kextensionsclient.ScaleInterface {
+	return &delegatingScaleInterface{
+		dcs:    c.dcNS.DeploymentConfigs(namespace),
+		scales: c.scaleNS.Scales(namespace),
+	}
+}
+
+func NewDelegatingScaleNamespacer(dcNamespacer appstypedclient.DeploymentConfigsGetter, sNamespacer kextensionsclient.ScalesGetter) kextensionsclient.ScalesGetter {
+	return &delegatingScaleNamespacer{
+		dcNS:    dcNamespacer,
+		scaleNS: sNamespacer,
+	}
+}
+
+// Get takes the reference to scale subresource and returns the subresource or error, if one occurs.
+func (c *delegatingScaleInterface) Get(kind string, name string) (result *extensionsv1beta1.Scale, err error) {
+	switch {
+	case kind == "DeploymentConfig":
+		return c.dcs.GetScale(name, metav1.GetOptions{})
+		// TODO: This is borked because the interface for Get is broken. Kind is insufficient.
+	default:
+		return c.scales.Get(kind, name)
+	}
+}
+
+// Update takes a scale subresource object, updates the stored version to match it, and
+// returns the subresource or error, if one occurs.
+func (c *delegatingScaleInterface) Update(kind string, scale *extensionsv1beta1.Scale) (result *extensionsv1beta1.Scale, err error) {
+	switch {
+	case kind == "DeploymentConfig":
+		return c.dcs.UpdateScale(scale.Name, scale)
+		// TODO: This is borked because the interface for Update is broken. Kind is insufficient.
+	default:
+		return c.scales.Update(kind, scale)
+	}
+}

pkg/cmd/server/api/helpers.go

@@ -20,7 +20,6 @@ import (
 	kclientsetinternal "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
 	kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
 
-	"github.com/openshift/origin/pkg/client"
 	cmdutil "github.com/openshift/origin/pkg/cmd/util"
 )
 
@@ -379,30 +378,6 @@ func GetExternalKubeClient(kubeConfigFile string, overrides *ClientConnectionOve
 	return clientset, kubeConfig, nil
 }
 
-// TODO: clients should be copied and instantiated from a common client config, tweaked, then
-// given to individual controllers and other infrastructure components. Overrides are optional
-// and may alter the default configuration.
-func GetOpenShiftClient(kubeConfigFile string, overrides *ClientConnectionOverrides) (*client.Client, *restclient.Config, error) {
-	loadingRules := &clientcmd.ClientConfigLoadingRules{}
-	loadingRules.ExplicitPath = kubeConfigFile
-	loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{})
-
-	kubeConfig, err := loader.ClientConfig()
-	if err != nil {
-		return nil, nil, err
-	}
-
-	applyClientConnectionOverrides(overrides, kubeConfig)
-
-	kubeConfig.WrapTransport = DefaultClientTransport
-	openshiftClient, err := client.New(kubeConfig)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return openshiftClient, kubeConfig, nil
-}
-
 // applyClientConnectionOverrides updates a kubeConfig with the overrides from the config.
 func applyClientConnectionOverrides(overrides *ClientConnectionOverrides, kubeConfig *restclient.Config) {
 	if overrides == nil {
@@ -455,31 +430,6 @@ func GetNamedCertificateMap(namedCertificates []NamedCertificate) (map[string]*t
 	return namedCerts, nil
 }
 
-// GetClientCertCAPool returns a cert pool containing all client CAs that could be presented (union of API and OAuth)
-func GetClientCertCAPool(options MasterConfig) (*x509.CertPool, error) {
-	roots := x509.NewCertPool()
-
-	// Add CAs for OAuth
-	certs, err := GetOAuthClientCertCAs(options)
-	if err != nil {
-		return nil, err
-	}
-	for _, root := range certs {
-		roots.AddCert(root)
-	}
-
-	// Add CAs for API
-	certs, err = getAPIClientCertCAs(options)
-	if err != nil {
-		return nil, err
-	}
-	for _, root := range certs {
-		roots.AddCert(root)
-	}
-
-	return roots, nil
-}
-
 func GetOAuthClientCertCAs(options MasterConfig) ([]*x509.Certificate, error) {
 	allCerts := []*x509.Certificate{}
 
@@ -504,22 +454,6 @@ func GetOAuthClientCertCAs(options MasterConfig) ([]*x509.Certificate, error) {
 	return allCerts, nil
 }
 
-func GetRequestHeaderClientCertCAs(options MasterConfig) ([]*x509.Certificate, error) {
-	if options.AuthConfig.RequestHeader == nil {
-		return nil, nil
-	}
-
-	certs, err := cmdutil.CertificatesFromFile(options.AuthConfig.RequestHeader.ClientCA)
-	if err != nil {
-		return nil, fmt.Errorf("Error reading %s: %s", options.AuthConfig.RequestHeader.ClientCA, err)
-	}
-	return certs, nil
-}
-
-func getAPIClientCertCAs(options MasterConfig) ([]*x509.Certificate, error) {
-	return cmdutil.CertificatesFromFile(options.ServingInfo.ClientCA)
-}
-
 func GetKubeletClientConfig(options MasterConfig) *kubeletclient.KubeletClientConfig {
 	config := &kubeletclient.KubeletClientConfig{
 		Port: options.KubeletClientInfo.Port,
@@ -595,11 +529,6 @@ func IsOAuthIdentityProvider(provider IdentityProvider) bool {
 	return false
 }
 
-func HasOpenShiftAPILevel(config MasterConfig, apiLevel string) bool {
-	apiLevelSet := sets.NewString(config.APILevels...)
-	return apiLevelSet.Has(apiLevel)
-}
-
 const kubeAPIEnablementFlag = "runtime-config"
 
 // GetKubeAPIServerFlagAPIEnablement parses the available flag at the groupVersion level

pkg/cmd/server/origin/controller/autoscaling.go

@@ -1,13 +1,14 @@
 package controller
 
 import (
+	clientgoclientset "k8s.io/client-go/kubernetes"
+	kubeclientset "k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
 	hpacontroller "k8s.io/kubernetes/pkg/controller/podautoscaler"
 	hpametrics "k8s.io/kubernetes/pkg/controller/podautoscaler/metrics"
 
-	osclient "github.com/openshift/origin/pkg/client"
+	appsv1client "github.com/openshift/origin/pkg/apps/client/v1"
+	appstypedclient "github.com/openshift/origin/pkg/apps/generated/clientset/typed/apps/v1"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
-	clientgoclientset "k8s.io/client-go/kubernetes"
-	kubeclientset "k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
 )
 
 // NB: this is funky -- it's actually a Kubernetes controller, but we run it as an OpenShift controller in order
@@ -26,13 +27,10 @@ func (c *HorizontalPodAutoscalerControllerConfig) RunController(originCtx Contro
 	if err != nil {
 		return false, err
 	}
-
-	// use the Kubernetes config so that the service account is in the same name namespace for both clients
-	hpaOriginClient, err := osclient.New(hpaClientConfig)
+	appsClient, err := appstypedclient.NewForConfig(hpaClientConfig)
 	if err != nil {
 		return false, err
 	}
-
 	hpaEventsClient, err := clientgoclientset.NewForConfig(hpaClientConfig)
 	if err != nil {
 		return false, err
@@ -47,7 +45,7 @@ func (c *HorizontalPodAutoscalerControllerConfig) RunController(originCtx Contro
 	)
 	replicaCalc := hpacontroller.NewReplicaCalculator(metricsClient, hpaClient.Core())
 
-	delegatingScalesGetter := osclient.NewDelegatingScaleNamespacer(hpaOriginClient, hpaClient.ExtensionsV1beta1())
+	delegatingScalesGetter := appsv1client.NewDelegatingScaleNamespacer(appsClient, hpaClient.ExtensionsV1beta1())
 
 	go hpacontroller.NewHorizontalController(
 		hpaEventsClient.Core(),

pkg/cmd/server/origin/controller/interfaces.go

@@ -14,7 +14,6 @@ import (
 	authorizationinformer "github.com/openshift/origin/pkg/authorization/generated/informers/internalversion"
 	buildinformer "github.com/openshift/origin/pkg/build/generated/informers/internalversion"
 	buildclientinternal "github.com/openshift/origin/pkg/build/generated/internalclientset"
-	osclient "github.com/openshift/origin/pkg/client"
 	imageinformer "github.com/openshift/origin/pkg/image/generated/informers/internalversion"
 	imageclientinternal "github.com/openshift/origin/pkg/image/generated/internalclientset"
 	networkclientinternal "github.com/openshift/origin/pkg/network/generated/internalclientset"
@@ -55,10 +54,6 @@ type ControllerClientBuilder interface {
 	KubeInternalClient(name string) (kclientsetinternal.Interface, error)
 	KubeInternalClientOrDie(name string) kclientsetinternal.Interface
 
-	// Legacy OpenShift client (pkg/client)
-	DeprecatedOpenshiftClient(name string) (osclient.Interface, error)
-	DeprecatedOpenshiftClientOrDie(name string) osclient.Interface
-
 	OpenshiftInternalAppsClient(name string) (appsclientinternal.Interface, error)
 	OpenshiftInternalAppsClientOrDie(name string) appsclientinternal.Interface
 
@@ -104,22 +99,6 @@ func (b OpenshiftControllerClientBuilder) KubeInternalClientOrDie(name string) k
 	return client
 }
 
-func (b OpenshiftControllerClientBuilder) DeprecatedOpenshiftClient(name string) (osclient.Interface, error) {
-	clientConfig, err := b.Config(name)
-	if err != nil {
-		return nil, err
-	}
-	return osclient.New(clientConfig)
-}
-
-func (b OpenshiftControllerClientBuilder) DeprecatedOpenshiftClientOrDie(name string) osclient.Interface {
-	client, err := b.DeprecatedOpenshiftClient(name)
-	if err != nil {
-		glog.Fatal(err)
-	}
-	return client
-}
-
 // OpenshiftInternalTemplateClient provides a REST client for the template API.
 // If the client cannot be created because of configuration error, this function
 // will return an error.

pkg/cmd/server/origin/controller/unidling.go

@@ -3,8 +3,9 @@ package controller
 import (
 	"time"
 
+	appsv1client "github.com/openshift/origin/pkg/apps/client/v1"
+	appstypedclient "github.com/openshift/origin/pkg/apps/generated/clientset/typed/apps/v1"
 	deployclient "github.com/openshift/origin/pkg/apps/generated/internalclientset/typed/apps/internalversion"
-	osclient "github.com/openshift/origin/pkg/client"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
 	unidlingcontroller "github.com/openshift/origin/pkg/unidling/controller"
 )
@@ -14,10 +15,15 @@ type UnidlingControllerConfig struct {
 }
 
 func (c *UnidlingControllerConfig) RunController(ctx ControllerContext) (bool, error) {
-	scaleNamespacer := osclient.NewDelegatingScaleNamespacer(
-		ctx.ClientBuilder.DeprecatedOpenshiftClientOrDie(bootstrappolicy.InfraUnidlingControllerServiceAccountName),
-		ctx.ClientBuilder.ClientOrDie(bootstrappolicy.InfraUnidlingControllerServiceAccountName).Extensions(),
-	)
+	clientConfig := ctx.ClientBuilder.ConfigOrDie(bootstrappolicy.InfraUnidlingControllerServiceAccountName)
+	appsClient, err := appstypedclient.NewForConfig(clientConfig)
+	if err != nil {
+		return false, err
+	}
+
+	scaleNamespacer := appsv1client.NewDelegatingScaleNamespacer(appsClient,
+		ctx.ClientBuilder.ClientOrDie(bootstrappolicy.InfraUnidlingControllerServiceAccountName).ExtensionsV1beta1())
+
 	coreClient := ctx.ClientBuilder.KubeInternalClientOrDie(bootstrappolicy.InfraUnidlingControllerServiceAccountName).Core()
 	controller := unidlingcontroller.NewUnidlingController(
 		scaleNamespacer,

pkg/cmd/server/origin/ensure.go

@@ -1,24 +1,11 @@
 package origin
 
 import (
-	"github.com/golang/glog"
-
-	kapierror "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	genericapiserver "k8s.io/apiserver/pkg/server"
-	kapi "k8s.io/kubernetes/pkg/api"
 )
 
 // ensureOpenShiftSharedResourcesNamespace is called as part of global policy initialization to ensure shared namespace exists
 func (c *MasterConfig) ensureOpenShiftSharedResourcesNamespace(context genericapiserver.PostStartHookContext) error {
-	if _, err := c.PrivilegedLoopbackKubernetesClientsetInternal.Core().Namespaces().Get(c.Options.PolicyConfig.OpenShiftSharedResourcesNamespace, metav1.GetOptions{}); kapierror.IsNotFound(err) {
-		namespace, createErr := c.PrivilegedLoopbackKubernetesClientsetInternal.Core().Namespaces().Create(&kapi.Namespace{ObjectMeta: metav1.ObjectMeta{Name: c.Options.PolicyConfig.OpenShiftSharedResourcesNamespace}})
-		if createErr != nil {
-			glog.Errorf("Error creating namespace: %v due to %v\n", c.Options.PolicyConfig.OpenShiftSharedResourcesNamespace, createErr)
-			return nil
-		}
-
-		EnsureNamespaceServiceAccountRoleBindings(c.PrivilegedLoopbackKubernetesClientsetInternal, c.PrivilegedLoopbackOpenShiftClient, namespace)
-	}
+	ensureNamespaceServiceAccountRoleBindings(context, c.Options.PolicyConfig.OpenShiftSharedResourcesNamespace)
 	return nil
 }

pkg/cmd/server/origin/master.go

@@ -59,7 +59,6 @@ func (c *MasterConfig) newOpenshiftAPIConfig(kubeAPIServerConfig apiserver.Confi
 		KubeInternalInformers:              c.InternalKubeInformers,
 		QuotaInformers:                     c.QuotaInformers,
 		SecurityInformers:                  c.SecurityInformers,
-		DeprecatedOpenshiftClient:          c.PrivilegedLoopbackOpenShiftClient,
 		RuleResolver:                       c.RuleResolver,
 		SubjectLocator:                     c.SubjectLocator,
 		LimitVerifier:                      c.LimitVerifier,
@@ -339,9 +338,8 @@ func (c *MasterConfig) withOAuthRedirection(handler, oauthServerHandler http.Han
 
 // RouteAllocator returns a route allocation controller.
 func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController {
-	_, kclient := c.RouteAllocatorClients()
 	factory := routeallocationcontroller.RouteAllocationControllerFactory{
-		KubeClient: kclient,
+		KubeClient: c.PrivilegedLoopbackKubernetesClientsetInternal,
 	}
 
 	plugin, err := routeplugin.NewSimpleAllocationPlugin(c.Options.RoutingConfig.Subdomain)

pkg/cmd/server/origin/master_config.go

@@ -71,7 +71,6 @@ import (
 	authorizationinformer "github.com/openshift/origin/pkg/authorization/generated/informers/internalversion"
 	authorizationclient "github.com/openshift/origin/pkg/authorization/generated/internalclientset"
 	buildclient "github.com/openshift/origin/pkg/build/generated/internalclientset"
-	osclient "github.com/openshift/origin/pkg/client"
 	oadmission "github.com/openshift/origin/pkg/cmd/server/admission"
 	configapi "github.com/openshift/origin/pkg/cmd/server/api"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
@@ -154,11 +153,6 @@ type MasterConfig struct {
 	// different access control to a system component, create a separate client/config specifically for
 	// that component.
 	PrivilegedLoopbackKubernetesClientsetExternal kclientsetexternal.Interface
-	// PrivilegedLoopbackOpenShiftClient is the client used to call OpenShift APIs from system components,
-	// built from PrivilegedLoopbackClientConfig. It should only be accessed via the *TestingClient() helper methods.
-	// To apply different access control to a system component, create a separate client/config specifically
-	// for that component.
-	PrivilegedLoopbackOpenShiftClient *osclient.Client
 
 	AuditBackend audit.Backend
 
@@ -194,11 +188,7 @@ func BuildMasterConfig(options configapi.MasterConfig, informers InformerAccess)
 	if err != nil {
 		return nil, err
 	}
-	privilegedLoopbackKubeClientsetExternal, _, err := configapi.GetExternalKubeClient(options.MasterClients.OpenShiftLoopbackKubeConfig, options.MasterClients.OpenShiftLoopbackClientConnectionOverrides)
-	if err != nil {
-		return nil, err
-	}
-	privilegedLoopbackOpenShiftClient, privilegedLoopbackClientConfig, err := configapi.GetOpenShiftClient(options.MasterClients.OpenShiftLoopbackKubeConfig, options.MasterClients.OpenShiftLoopbackClientConnectionOverrides)
+	privilegedLoopbackKubeClientsetExternal, privilegedLoopbackClientConfig, err := configapi.GetExternalKubeClient(options.MasterClients.OpenShiftLoopbackKubeConfig, options.MasterClients.OpenShiftLoopbackClientConnectionOverrides)
 	if err != nil {
 		return nil, err
 	}
@@ -371,7 +361,6 @@ func BuildMasterConfig(options configapi.MasterConfig, informers InformerAccess)
 		KubeletClientConfig: kubeletClientConfig,
 
 		PrivilegedLoopbackClientConfig:                *privilegedLoopbackClientConfig,
-		PrivilegedLoopbackOpenShiftClient:             privilegedLoopbackOpenShiftClient,
 		PrivilegedLoopbackKubernetesClientsetInternal: privilegedLoopbackKubeClientsetInternal,
 		PrivilegedLoopbackKubernetesClientsetExternal: privilegedLoopbackKubeClientsetExternal,
 
@@ -853,18 +842,6 @@ func (c *MasterConfig) KubeClientsetExternal() kclientsetexternal.Interface {
 	return c.PrivilegedLoopbackKubernetesClientsetExternal
 }
 
-// ServiceAccountRoleBindingClient returns the client object used to bind roles to service accounts
-// It must have the following capabilities:
-//  get, list, update, create policyBindings and clusterPolicyBindings in all namespaces
-func (c *MasterConfig) ServiceAccountRoleBindingClient() *osclient.Client {
-	return c.PrivilegedLoopbackOpenShiftClient
-}
-
-// RouteAllocatorClients returns the route allocator client objects
-func (c *MasterConfig) RouteAllocatorClients() (*osclient.Client, kclientsetinternal.Interface) {
-	return c.PrivilegedLoopbackOpenShiftClient, c.PrivilegedLoopbackKubernetesClientsetInternal
-}
-
 // WebConsoleEnabled says whether web ui is not a disabled feature and asset service is configured.
 func (c *MasterConfig) WebConsoleEnabled() bool {
 	return c.Options.AssetConfig != nil && !c.Options.DisabledFeatures.Has(configapi.FeatureWebConsole)