Move test/e2e use to v1 APIs

test/e2e/framework/auth/helpers.go

@@ -23,13 +23,13 @@ import (
 
 	"github.com/onsi/ginkgo"
 	"github.com/pkg/errors"
-	authorizationv1beta1 "k8s.io/api/authorization/v1beta1"
-	rbacv1beta1 "k8s.io/api/rbac/v1beta1"
+	authorizationv1 "k8s.io/api/authorization/v1"
+	rbacv1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/wait"
-	v1beta1authorization "k8s.io/client-go/kubernetes/typed/authorization/v1beta1"
-	v1beta1rbac "k8s.io/client-go/kubernetes/typed/rbac/v1beta1"
+	v1authorization "k8s.io/client-go/kubernetes/typed/authorization/v1"
+	v1rbac "k8s.io/client-go/kubernetes/typed/rbac/v1"
 )
 
 const (
@@ -38,23 +38,23 @@ const (
 )
 
 type bindingsGetter interface {
-	v1beta1rbac.RoleBindingsGetter
-	v1beta1rbac.ClusterRoleBindingsGetter
-	v1beta1rbac.ClusterRolesGetter
+	v1rbac.RoleBindingsGetter
+	v1rbac.ClusterRoleBindingsGetter
+	v1rbac.ClusterRolesGetter
 }
 
 // WaitForAuthorizationUpdate checks if the given user can perform the named verb and action.
 // If policyCachePollTimeout is reached without the expected condition matching, an error is returned
-func WaitForAuthorizationUpdate(c v1beta1authorization.SubjectAccessReviewsGetter, user, namespace, verb string, resource schema.GroupResource, allowed bool) error {
+func WaitForAuthorizationUpdate(c v1authorization.SubjectAccessReviewsGetter, user, namespace, verb string, resource schema.GroupResource, allowed bool) error {
 	return WaitForNamedAuthorizationUpdate(c, user, namespace, verb, "", resource, allowed)
 }
 
 // WaitForNamedAuthorizationUpdate checks if the given user can perform the named verb and action on the named resource.
 // If policyCachePollTimeout is reached without the expected condition matching, an error is returned
-func WaitForNamedAuthorizationUpdate(c v1beta1authorization.SubjectAccessReviewsGetter, user, namespace, verb, resourceName string, resource schema.GroupResource, allowed bool) error {
-	review := &authorizationv1beta1.SubjectAccessReview{
-		Spec: authorizationv1beta1.SubjectAccessReviewSpec{
-			ResourceAttributes: &authorizationv1beta1.ResourceAttributes{
+func WaitForNamedAuthorizationUpdate(c v1authorization.SubjectAccessReviewsGetter, user, namespace, verb, resourceName string, resource schema.GroupResource, allowed bool) error {
+	review := &authorizationv1.SubjectAccessReview{
+		Spec: authorizationv1.SubjectAccessReviewSpec{
+			ResourceAttributes: &authorizationv1.ResourceAttributes{
 				Group:     resource.Group,
 				Verb:      verb,
 				Resource:  resource.Resource,
@@ -80,17 +80,17 @@ func WaitForNamedAuthorizationUpdate(c v1beta1authorization.SubjectAccessReviews
 
 // BindClusterRole binds the cluster role at the cluster scope. If RBAC is not enabled, nil
 // is returned with no action.
-func BindClusterRole(c bindingsGetter, clusterRole, ns string, subjects ...rbacv1beta1.Subject) error {
+func BindClusterRole(c bindingsGetter, clusterRole, ns string, subjects ...rbacv1.Subject) error {
 	if !IsRBACEnabled(c) {
 		return nil
 	}
 
 	// Since the namespace names are unique, we can leave this lying around so we don't have to race any caches
-	_, err := c.ClusterRoleBindings().Create(&rbacv1beta1.ClusterRoleBinding{
+	_, err := c.ClusterRoleBindings().Create(&rbacv1.ClusterRoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: ns + "--" + clusterRole,
 		},
-		RoleRef: rbacv1beta1.RoleRef{
+		RoleRef: rbacv1.RoleRef{
 			APIGroup: "rbac.authorization.k8s.io",
 			Kind:     "ClusterRole",
 			Name:     clusterRole,
@@ -107,27 +107,27 @@ func BindClusterRole(c bindingsGetter, clusterRole, ns string, subjects ...rbacv
 
 // BindClusterRoleInNamespace binds the cluster role at the namespace scope. If RBAC is not enabled, nil
 // is returned with no action.
-func BindClusterRoleInNamespace(c bindingsGetter, clusterRole, ns string, subjects ...rbacv1beta1.Subject) error {
+func BindClusterRoleInNamespace(c bindingsGetter, clusterRole, ns string, subjects ...rbacv1.Subject) error {
 	return bindInNamespace(c, "ClusterRole", clusterRole, ns, subjects...)
 }
 
 // BindRoleInNamespace binds the role at the namespace scope. If RBAC is not enabled, nil
 // is returned with no action.
-func BindRoleInNamespace(c bindingsGetter, role, ns string, subjects ...rbacv1beta1.Subject) error {
+func BindRoleInNamespace(c bindingsGetter, role, ns string, subjects ...rbacv1.Subject) error {
 	return bindInNamespace(c, "Role", role, ns, subjects...)
 }
 
-func bindInNamespace(c bindingsGetter, roleType, role, ns string, subjects ...rbacv1beta1.Subject) error {
+func bindInNamespace(c bindingsGetter, roleType, role, ns string, subjects ...rbacv1.Subject) error {
 	if !IsRBACEnabled(c) {
 		return nil
 	}
 
 	// Since the namespace names are unique, we can leave this lying around so we don't have to race any caches
-	_, err := c.RoleBindings(ns).Create(&rbacv1beta1.RoleBinding{
+	_, err := c.RoleBindings(ns).Create(&rbacv1.RoleBinding{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: ns + "--" + role,
 		},
-		RoleRef: rbacv1beta1.RoleRef{
+		RoleRef: rbacv1.RoleRef{
 			APIGroup: "rbac.authorization.k8s.io",
 			Kind:     roleType,
 			Name:     role,
@@ -148,7 +148,7 @@ var (
 )
 
 // IsRBACEnabled returns true if RBAC is enabled. Otherwise false.
-func IsRBACEnabled(crGetter v1beta1rbac.ClusterRolesGetter) bool {
+func IsRBACEnabled(crGetter v1rbac.ClusterRolesGetter) bool {
 	isRBACEnabledOnce.Do(func() {
 		crs, err := crGetter.ClusterRoles().List(metav1.ListOptions{})
 		if err != nil {