From 00be8bad79c73888b90f5b06e90330c80f588e08 Mon Sep 17 00:00:00 2001
From: Jordan Liggitt <jliggitt@redhat.com>
Date: Wed, 9 Aug 2017 11:45:53 -0400
Subject: [PATCH] Mark subjectaccessreview/resourceaccessreview as root-scoped

---
 api/swagger-spec/openshift-openapi-spec.json  | 120 +-----------------
 .../apis/authorization/install/apigroup.go    |   2 +-
 2 files changed, 3 insertions(+), 119 deletions(-)

diff --git a/api/swagger-spec/openshift-openapi-spec.json b/api/swagger-spec/openshift-openapi-spec.json
index 99d71402e803..c00e069a0eb1 100644
--- a/api/swagger-spec/openshift-openapi-spec.json
+++ b/api/swagger-spec/openshift-openapi-spec.json
@@ -22627,64 +22627,6 @@
      }
     ]
    },
-   "/apis/authorization.openshift.io/v1/namespaces/{namespace}/resourceaccessreviews": {
-    "post": {
-     "description": "create a ResourceAccessReview",
-     "consumes": [
-      "*/*"
-     ],
-     "produces": [
-      "application/json",
-      "application/yaml",
-      "application/vnd.kubernetes.protobuf"
-     ],
-     "schemes": [
-      "https"
-     ],
-     "tags": [
-      "authorizationOpenshiftIo_v1"
-     ],
-     "operationId": "createAuthorizationOpenshiftIoV1NamespacedResourceAccessReview",
-     "parameters": [
-      {
-       "name": "body",
-       "in": "body",
-       "required": true,
-       "schema": {
-        "$ref": "#/definitions/com.github.openshift.origin.pkg.authorization.apis.authorization.v1.ResourceAccessReview"
-       }
-      }
-     ],
-     "responses": {
-      "200": {
-       "description": "OK",
-       "schema": {
-        "$ref": "#/definitions/com.github.openshift.origin.pkg.authorization.apis.authorization.v1.ResourceAccessReview"
-       }
-      },
-      "401": {
-       "description": "Unauthorized"
-      }
-     }
-    },
-    "parameters": [
-     {
-      "uniqueItems": true,
-      "type": "string",
-      "description": "object name and auth scope, such as for teams and projects",
-      "name": "namespace",
-      "in": "path",
-      "required": true
-     },
-     {
-      "uniqueItems": true,
-      "type": "string",
-      "description": "If 'true', then the output is pretty printed.",
-      "name": "pretty",
-      "in": "query"
-     }
-    ]
-   },
    "/apis/authorization.openshift.io/v1/namespaces/{namespace}/rolebindingrestrictions": {
     "get": {
      "description": "list or watch objects of kind RoleBindingRestriction",
@@ -23791,64 +23733,6 @@
      }
     ]
    },
-   "/apis/authorization.openshift.io/v1/namespaces/{namespace}/subjectaccessreviews": {
-    "post": {
-     "description": "create a SubjectAccessReview",
-     "consumes": [
-      "*/*"
-     ],
-     "produces": [
-      "application/json",
-      "application/yaml",
-      "application/vnd.kubernetes.protobuf"
-     ],
-     "schemes": [
-      "https"
-     ],
-     "tags": [
-      "authorizationOpenshiftIo_v1"
-     ],
-     "operationId": "createAuthorizationOpenshiftIoV1NamespacedSubjectAccessReview",
-     "parameters": [
-      {
-       "name": "body",
-       "in": "body",
-       "required": true,
-       "schema": {
-        "$ref": "#/definitions/com.github.openshift.origin.pkg.authorization.apis.authorization.v1.SubjectAccessReview"
-       }
-      }
-     ],
-     "responses": {
-      "200": {
-       "description": "OK",
-       "schema": {
-        "$ref": "#/definitions/com.github.openshift.origin.pkg.authorization.apis.authorization.v1.SubjectAccessReview"
-       }
-      },
-      "401": {
-       "description": "Unauthorized"
-      }
-     }
-    },
-    "parameters": [
-     {
-      "uniqueItems": true,
-      "type": "string",
-      "description": "object name and auth scope, such as for teams and projects",
-      "name": "namespace",
-      "in": "path",
-      "required": true
-     },
-     {
-      "uniqueItems": true,
-      "type": "string",
-      "description": "If 'true', then the output is pretty printed.",
-      "name": "pretty",
-      "in": "query"
-     }
-    ]
-   },
    "/apis/authorization.openshift.io/v1/namespaces/{namespace}/subjectrulesreviews": {
     "post": {
      "description": "create a SubjectRulesReview",
@@ -24160,7 +24044,7 @@
      "tags": [
       "authorizationOpenshiftIo_v1"
      ],
-     "operationId": "createAuthorizationOpenshiftIoV1ResourceAccessReviewForAllNamespaces",
+     "operationId": "createAuthorizationOpenshiftIoV1ResourceAccessReview",
      "parameters": [
       {
        "name": "body",
@@ -24614,7 +24498,7 @@
      "tags": [
       "authorizationOpenshiftIo_v1"
      ],
-     "operationId": "createAuthorizationOpenshiftIoV1SubjectAccessReviewForAllNamespaces",
+     "operationId": "createAuthorizationOpenshiftIoV1SubjectAccessReview",
      "parameters": [
       {
        "name": "body",
diff --git a/pkg/authorization/apis/authorization/install/apigroup.go b/pkg/authorization/apis/authorization/install/apigroup.go
index 70c59c4220cb..603245bde52b 100644
--- a/pkg/authorization/apis/authorization/install/apigroup.go
+++ b/pkg/authorization/apis/authorization/install/apigroup.go
@@ -23,7 +23,7 @@ func Install(groupFactoryRegistry announced.APIGroupFactoryRegistry, registry *r
 			VersionPreferenceOrder:     []string{authorizationapiv1.SchemeGroupVersion.Version},
 			ImportPrefix:               importPrefix,
 			AddInternalObjectsToScheme: authorizationapi.AddToScheme,
-			RootScopedKinds:            sets.NewString("ClusterRole", "ClusterRoleBinding", "ClusterPolicy", "ClusterPolicyBinding"),
+			RootScopedKinds:            sets.NewString("ClusterRole", "ClusterRoleBinding", "ClusterPolicy", "ClusterPolicyBinding", "SubjectAccessReview", "ResourceAccessReview"),
 		},
 		announced.VersionToSchemeFunc{
 			authorizationapiv1.SchemeGroupVersion.Version: authorizationapiv1.AddToScheme,