UPSTREAM: <carry>: filter out CustomResourceQuota paths from OpenAPI

UPSTREAM: <carry>: filter out RBR and SCC paths from OpenAPI UPSTREAM: <carry>: filter out RBR and SCC paths from OpenAPI Revise as per openshift/kubernetes-apiserver#12 OpenShift-Rebase-Source: 26005f1
openshift · Jun 9, 2023 · 0cd0466 · 0cd0466
1 parent 8c7275f
commit 0cd0466
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/staging/src/k8s.io/apiserver/pkg/server/routes/openapi.go b/staging/src/k8s.io/apiserver/pkg/server/routes/openapi.go
@@ -17,6 +17,8 @@ limitations under the License.
 package routes
 
 import (
+	"strings"
+
 	restful "github.com/emicklei/go-restful/v3"
 	"k8s.io/klog/v2"
 
@@ -37,10 +39,35 @@ type OpenAPI struct {
 
 // Install adds the SwaggerUI webservice to the given mux.
 func (oa OpenAPI) InstallV2(c *restful.Container, mux *mux.PathRecorderMux) (*handler.OpenAPIService, *spec.Swagger) {
+	// we shadow ClustResourceQuotas, RoleBindingRestrictions, and SecurityContextContstraints
+	// with a CRD. This loop removes all CRQ,RBR, SCC paths
+	// from the OpenAPI spec such that they don't conflict with the CRD
+	// apiextensions-apiserver spec during merging.
+	oa.Config.IgnorePrefixes = append(oa.Config.IgnorePrefixes,
+		"/apis/quota.openshift.io/v1/clusterresourcequotas",
+		"/apis/security.openshift.io/v1/securitycontextconstraints",
+		"/apis/authorization.openshift.io/v1/rolebindingrestrictions",
+		"/apis/authorization.openshift.io/v1/namespaces/{namespace}/rolebindingrestrictions",
+		"/apis/authorization.openshift.io/v1/watch/namespaces/{namespace}/rolebindingrestrictions",
+		"/apis/authorization.openshift.io/v1/watch/rolebindingrestrictions")
+
 	spec, err := builder2.BuildOpenAPISpecFromRoutes(restfuladapter.AdaptWebServices(c.RegisteredWebServices()), oa.Config)
 	if err != nil {
 		klog.Fatalf("Failed to build open api spec for root: %v", err)
 	}
+
+	// we shadow ClustResourceQuotas, RoleBindingRestrictions, and SecurityContextContstraints
+	// with a CRD. This loop removes all CRQ,RBR, SCC paths
+	// from the OpenAPI spec such that they don't conflict with the CRD
+	// apiextensions-apiserver spec during merging.
+	for pth := range spec.Paths.Paths {
+		if strings.HasPrefix(pth, "/apis/quota.openshift.io/v1/clusterresourcequotas") ||
+			strings.Contains(pth, "rolebindingrestrictions") ||
+			strings.HasPrefix(pth, "/apis/security.openshift.io/v1/securitycontextconstraints") {
+			delete(spec.Paths.Paths, pth)
+		}
+	}
+
 	spec.Definitions = handler.PruneDefaults(spec.Definitions)
 	openAPIVersionedService := handler.NewOpenAPIService(spec)
 	openAPIVersionedService.RegisterOpenAPIVersionedService("/openapi/v2", mux)