after-bump fixes

Author: stlaz

http.go

@@ -82,7 +82,7 @@ func (s *Server) ServeHTTPS() {
 	if err != nil {
 		log.Fatalf("FATAL: loading tls config (%s, %s) failed - %s", s.Opts.TLSCertFile, s.Opts.TLSKeyFile, err)
 	}
-	go servingCertProvider.Run(1, context.TODO().Done())
+	go servingCertProvider.Run(context.Background(), 1)
 
 	config.GetCertificate = func(_ *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		// this disregards information from ClientHello but we're not doing SNI anyway

providers/openshift/authentication.go

@@ -12,6 +12,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/authenticatorfactory"
 	"k8s.io/apiserver/pkg/authentication/request/headerrequest"
 	"k8s.io/apiserver/pkg/server/dynamiccertificates"
+	serveroptions "k8s.io/apiserver/pkg/server/options"
 	authenticationclient "k8s.io/client-go/kubernetes/typed/authentication/v1"
 )
 
@@ -156,6 +157,7 @@ func (s *DelegatingAuthenticationOptions) ToAuthenticationConfig() (authenticato
 	ret := authenticatorfactory.DelegatingAuthenticatorConfig{
 		Anonymous:                          true,
 		TokenAccessReviewClient:            tokenClient,
+		WebhookRetryBackoff:                serveroptions.DefaultAuthWebhookRetryBackoff(),
 		CacheTTL:                           s.CacheTTL,
 		ClientCertificateCAContentProvider: clientCAProvider,
 		RequestHeaderConfig:                requestHeaderConfig,
@@ -188,7 +190,7 @@ func deserializeStrings(in string) ([]string, error) {
 	return ret, nil
 }
 
-func (s *DelegatingAuthenticationOptions) newTokenAccessReview() (authenticationclient.TokenReviewInterface, error) {
+func (s *DelegatingAuthenticationOptions) newTokenAccessReview() (authenticationclient.AuthenticationV1Interface, error) {
 	clientConfig, err := GetClientConfig(s.RemoteKubeConfigFile)
 	if err != nil {
 		return nil, err
@@ -198,5 +200,5 @@ func (s *DelegatingAuthenticationOptions) newTokenAccessReview() (authentication
 		return nil, err
 	}
 
-	return client.TokenReviews(), nil
+	return client, nil
 }

providers/openshift/authorization.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"k8s.io/apiserver/pkg/authorization/authorizerfactory"
+	serveroptions "k8s.io/apiserver/pkg/server/options"
 	authorizationclient "k8s.io/client-go/kubernetes/typed/authorization/v1"
 )
 
@@ -62,11 +63,12 @@ func (s *DelegatingAuthorizationOptions) ToAuthorizationConfig() (authorizerfact
 		SubjectAccessReviewClient: sarClient,
 		AllowCacheTTL:             s.AllowCacheTTL,
 		DenyCacheTTL:              s.DenyCacheTTL,
+		WebhookRetryBackoff:       serveroptions.DefaultAuthWebhookRetryBackoff(),
 	}
 	return ret, nil
 }
 
-func (s *DelegatingAuthorizationOptions) newSubjectAccessReview() (authorizationclient.SubjectAccessReviewInterface, error) {
+func (s *DelegatingAuthorizationOptions) newSubjectAccessReview() (authorizationclient.AuthorizationV1Interface, error) {
 	clientConfig, err := GetClientConfig(s.RemoteKubeConfigFile)
 	if err != nil {
 		return nil, err
@@ -77,5 +79,5 @@ func (s *DelegatingAuthorizationOptions) newSubjectAccessReview() (authorization
 		return nil, err
 	}
 
-	return client.SubjectAccessReviews(), nil
+	return client, nil
 }

providers/openshift/provider.go

@@ -364,7 +364,7 @@ func (p *OpenShiftProvider) Complete(data *providers.ProviderData, reviewURL *ur
 		// check whether we have access to perform authentication review
 		if authenticator.TokenAccessReviewClient != nil {
 			wait.PollImmediate(2*time.Second, 10*time.Second, func() (bool, error) {
-				_, err := authenticator.TokenAccessReviewClient.Create(context.TODO(),
+				_, err := authenticator.TokenAccessReviewClient.TokenReviews().Create(context.TODO(),
 					&authenticationv1.TokenReview{
 						Spec: authenticationv1.TokenReviewSpec{
 							Token: "TEST",
@@ -386,7 +386,7 @@ func (p *OpenShiftProvider) Complete(data *providers.ProviderData, reviewURL *ur
 		// check whether we have access to perform authentication review
 		if authorizer.SubjectAccessReviewClient != nil {
 			wait.PollImmediate(2*time.Second, 10*time.Second, func() (bool, error) {
-				_, err := authorizer.SubjectAccessReviewClient.Create(context.TODO(),
+				_, err := authorizer.SubjectAccessReviewClient.SubjectAccessReviews().Create(context.TODO(),
 					&authorizationv1.SubjectAccessReview{
 						Spec: authorizationv1.SubjectAccessReviewSpec{
 							User: "TEST",