diff --git a/pkg/endpoints/filters/BUILD b/pkg/endpoints/filters/BUILD index 6e730cbd5..5c1d996cf 100644 --- a/pkg/endpoints/filters/BUILD +++ b/pkg/endpoints/filters/BUILD @@ -54,7 +54,8 @@ go_library( "//vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters:go_default_library", "//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library", "//vendor/k8s.io/apiserver/pkg/server/httplog:go_default_library", - "//vendor/k8s.io/client-go/pkg/api:go_default_library", + "//vendor/k8s.io/client-go/pkg/api/v1:go_default_library", "//vendor/k8s.io/client-go/pkg/apis/authentication:go_default_library", + "//vendor/k8s.io/client-go/pkg/apis/authentication/v1:go_default_library", ], ) diff --git a/pkg/endpoints/filters/impersonation.go b/pkg/endpoints/filters/impersonation.go index befda96ee..16a00c434 100644 --- a/pkg/endpoints/filters/impersonation.go +++ b/pkg/endpoints/filters/impersonation.go @@ -30,8 +30,8 @@ import ( "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/server/httplog" - "k8s.io/client-go/pkg/api" - authenticationapi "k8s.io/client-go/pkg/apis/authentication" + "k8s.io/client-go/pkg/api/v1" + authenticationv1 "k8s.io/client-go/pkg/apis/authentication/v1" ) // WithImpersonation is a filter that will inspect and check requests that attempt to change the user.Info for their requests @@ -61,7 +61,7 @@ func WithImpersonation(handler http.Handler, requestContextMapper request.Reques // if groups are not specified, then we need to look them up differently depending on the type of user // if they are specified, then they are the authority (including the inclusion of system:authenticated/system:unauthenticated groups) - groupsSpecified := len(req.Header[authenticationapi.ImpersonateGroupHeader]) > 0 + groupsSpecified := len(req.Header[authenticationv1.ImpersonateGroupHeader]) > 0 // make sure we're allowed to impersonate each thing we're requesting. While we're iterating through, start building username // and group information @@ -79,7 +79,7 @@ func WithImpersonation(handler http.Handler, requestContextMapper request.Reques } switch impersonationRequest.GetObjectKind().GroupVersionKind().GroupKind() { - case api.Kind("ServiceAccount"): + case v1.SchemeGroupVersion.WithKind("ServiceAccount").GroupKind(): actingAsAttributes.Resource = "serviceaccounts" username = serviceaccount.MakeUsername(impersonationRequest.Namespace, impersonationRequest.Name) if !groupsSpecified { @@ -87,15 +87,15 @@ func WithImpersonation(handler http.Handler, requestContextMapper request.Reques groups = serviceaccount.MakeGroupNames(impersonationRequest.Namespace, impersonationRequest.Name) } - case api.Kind("User"): + case v1.SchemeGroupVersion.WithKind("User").GroupKind(): actingAsAttributes.Resource = "users" username = impersonationRequest.Name - case api.Kind("Group"): + case v1.SchemeGroupVersion.WithKind("Group").GroupKind(): actingAsAttributes.Resource = "groups" groups = append(groups, impersonationRequest.Name) - case authenticationapi.Kind("UserExtra"): + case authenticationv1.SchemeGroupVersion.WithKind("UserExtra").GroupKind(): extraKey := impersonationRequest.FieldPath extraValue := impersonationRequest.Name actingAsAttributes.Resource = "userextras" @@ -143,10 +143,10 @@ func WithImpersonation(handler http.Handler, requestContextMapper request.Reques httplog.LogOf(req, w).Addf("%v is acting as %v", oldUser, newUser) // clear all the impersonation headers from the request - req.Header.Del(authenticationapi.ImpersonateUserHeader) - req.Header.Del(authenticationapi.ImpersonateGroupHeader) + req.Header.Del(authenticationv1.ImpersonateUserHeader) + req.Header.Del(authenticationv1.ImpersonateGroupHeader) for headerName := range req.Header { - if strings.HasPrefix(headerName, authenticationapi.ImpersonateUserExtraHeaderPrefix) { + if strings.HasPrefix(headerName, authenticationv1.ImpersonateUserExtraHeaderPrefix) { req.Header.Del(headerName) } } @@ -158,42 +158,42 @@ func WithImpersonation(handler http.Handler, requestContextMapper request.Reques // buildImpersonationRequests returns a list of objectreferences that represent the different things we're requesting to impersonate. // Also includes a map[string][]string representing user.Info.Extra // Each request must be authorized against the current user before switching contexts. -func buildImpersonationRequests(headers http.Header) ([]api.ObjectReference, error) { - impersonationRequests := []api.ObjectReference{} +func buildImpersonationRequests(headers http.Header) ([]v1.ObjectReference, error) { + impersonationRequests := []v1.ObjectReference{} - requestedUser := headers.Get(authenticationapi.ImpersonateUserHeader) + requestedUser := headers.Get(authenticationv1.ImpersonateUserHeader) hasUser := len(requestedUser) > 0 if hasUser { if namespace, name, err := serviceaccount.SplitUsername(requestedUser); err == nil { - impersonationRequests = append(impersonationRequests, api.ObjectReference{Kind: "ServiceAccount", Namespace: namespace, Name: name}) + impersonationRequests = append(impersonationRequests, v1.ObjectReference{Kind: "ServiceAccount", Namespace: namespace, Name: name}) } else { - impersonationRequests = append(impersonationRequests, api.ObjectReference{Kind: "User", Name: requestedUser}) + impersonationRequests = append(impersonationRequests, v1.ObjectReference{Kind: "User", Name: requestedUser}) } } hasGroups := false - for _, group := range headers[authenticationapi.ImpersonateGroupHeader] { + for _, group := range headers[authenticationv1.ImpersonateGroupHeader] { hasGroups = true - impersonationRequests = append(impersonationRequests, api.ObjectReference{Kind: "Group", Name: group}) + impersonationRequests = append(impersonationRequests, v1.ObjectReference{Kind: "Group", Name: group}) } hasUserExtra := false for headerName, values := range headers { - if !strings.HasPrefix(headerName, authenticationapi.ImpersonateUserExtraHeaderPrefix) { + if !strings.HasPrefix(headerName, authenticationv1.ImpersonateUserExtraHeaderPrefix) { continue } hasUserExtra = true - extraKey := strings.ToLower(headerName[len(authenticationapi.ImpersonateUserExtraHeaderPrefix):]) + extraKey := strings.ToLower(headerName[len(authenticationv1.ImpersonateUserExtraHeaderPrefix):]) // make a separate request for each extra value they're trying to set for _, value := range values { impersonationRequests = append(impersonationRequests, - api.ObjectReference{ + v1.ObjectReference{ Kind: "UserExtra", // we only parse out a group above, but the parsing will fail if there isn't SOME version // using the internal version will help us fail if anyone starts using it - APIVersion: authenticationapi.SchemeGroupVersion.String(), + APIVersion: authenticationv1.SchemeGroupVersion.String(), Name: value, // ObjectReference doesn't have a subresource field. FieldPath is close and available, so we'll use that // TODO fight the good fight for ObjectReference to refer to resources and subresources diff --git a/pkg/registry/generic/rest/BUILD b/pkg/registry/generic/rest/BUILD index 7c09d0234..127acb2f1 100644 --- a/pkg/registry/generic/rest/BUILD +++ b/pkg/registry/generic/rest/BUILD @@ -28,7 +28,7 @@ go_test( "//vendor/k8s.io/apiserver/pkg/features:go_default_library", "//vendor/k8s.io/apiserver/pkg/util/feature:go_default_library", "//vendor/k8s.io/apiserver/pkg/util/proxy:go_default_library", - "//vendor/k8s.io/client-go/pkg/api:go_default_library", + "//vendor/k8s.io/client-go/pkg/api/v1:go_default_library", ], ) diff --git a/pkg/registry/generic/rest/response_checker_test.go b/pkg/registry/generic/rest/response_checker_test.go index dde44ec9a..73460536e 100644 --- a/pkg/registry/generic/rest/response_checker_test.go +++ b/pkg/registry/generic/rest/response_checker_test.go @@ -26,11 +26,11 @@ import ( "testing" "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/client-go/pkg/api" + "k8s.io/client-go/pkg/api/v1" ) func TestGenericHttpResponseChecker(t *testing.T) { - responseChecker := NewGenericHttpResponseChecker(api.Resource("pods"), "foo") + responseChecker := NewGenericHttpResponseChecker(v1.Resource("pods"), "foo") tests := []struct { resp *http.Response expectError bool @@ -79,7 +79,7 @@ func TestGenericHttpResponseChecker(t *testing.T) { } func TestGenericHttpResponseCheckerLimitReader(t *testing.T) { - responseChecker := NewGenericHttpResponseChecker(api.Resource("pods"), "foo") + responseChecker := NewGenericHttpResponseChecker(v1.Resource("pods"), "foo") excessedString := strings.Repeat("a", (maxReadLength + 10000)) resp := &http.Response{ Body: ioutil.NopCloser(bytes.NewBufferString(excessedString)), diff --git a/pkg/storage/BUILD b/pkg/storage/BUILD index 2df6d4696..09a6e52d6 100644 --- a/pkg/storage/BUILD +++ b/pkg/storage/BUILD @@ -30,7 +30,8 @@ go_test( "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library", "//vendor/k8s.io/apimachinery/pkg/watch:go_default_library", - "//vendor/k8s.io/client-go/pkg/api:go_default_library", + "//vendor/k8s.io/client-go/kubernetes/scheme:go_default_library", + "//vendor/k8s.io/client-go/pkg/api/v1:go_default_library", "//vendor/k8s.io/client-go/tools/cache:go_default_library", "//vendor/k8s.io/client-go/util/clock:go_default_library", ], diff --git a/pkg/storage/cacher_whitebox_test.go b/pkg/storage/cacher_whitebox_test.go index 33fe54255..e6680c8c6 100644 --- a/pkg/storage/cacher_whitebox_test.go +++ b/pkg/storage/cacher_whitebox_test.go @@ -24,7 +24,8 @@ import ( "k8s.io/apimachinery/pkg/fields" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/client-go/pkg/api" + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/pkg/api/v1" ) // verifies the cacheWatcher.process goroutine is properly cleaned up even if @@ -39,12 +40,12 @@ func TestCacheWatcherCleanupNotBlockedByResult(t *testing.T) { count++ } initEvents := []*watchCacheEvent{ - {Object: &api.Pod{}}, - {Object: &api.Pod{}}, + {Object: &v1.Pod{}}, + {Object: &v1.Pod{}}, } // set the size of the buffer of w.result to 0, so that the writes to // w.result is blocked. - w := newCacheWatcher(api.Scheme, 0, 0, initEvents, filter, forget) + w := newCacheWatcher(scheme.Scheme, 0, 0, initEvents, filter, forget) w.Stop() if err := wait.PollImmediate(1*time.Second, 5*time.Second, func() (bool, error) { lock.RLock() diff --git a/pkg/storage/watch_cache_test.go b/pkg/storage/watch_cache_test.go index 4a82cf1e5..4f8502d89 100644 --- a/pkg/storage/watch_cache_test.go +++ b/pkg/storage/watch_cache_test.go @@ -30,13 +30,13 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/watch" - "k8s.io/client-go/pkg/api" + "k8s.io/client-go/pkg/api/v1" "k8s.io/client-go/tools/cache" "k8s.io/client-go/util/clock" ) -func makeTestPod(name string, resourceVersion uint64) *api.Pod { - return &api.Pod{ +func makeTestPod(name string, resourceVersion uint64) *v1.Pod { + return &v1.Pod{ ObjectMeta: metav1.ObjectMeta{ Namespace: "ns", Name: name, @@ -99,7 +99,7 @@ func TestWatchCacheBasic(t *testing.T) { { podNames := sets.String{} for _, item := range store.List() { - podNames.Insert(item.(*storeElement).Object.(*api.Pod).ObjectMeta.Name) + podNames.Insert(item.(*storeElement).Object.(*v1.Pod).ObjectMeta.Name) } if !podNames.HasAll("pod1", "pod2", "pod3") { t.Errorf("missing pods, found %v", podNames) @@ -117,7 +117,7 @@ func TestWatchCacheBasic(t *testing.T) { { podNames := sets.String{} for _, item := range store.List() { - podNames.Insert(item.(*storeElement).Object.(*api.Pod).ObjectMeta.Name) + podNames.Insert(item.(*storeElement).Object.(*v1.Pod).ObjectMeta.Name) } if !podNames.HasAll("pod4", "pod5") { t.Errorf("missing pods, found %v", podNames) @@ -349,10 +349,10 @@ func TestReflectorForWatchCache(t *testing.T) { return fw, nil }, ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - return &api.PodList{ListMeta: metav1.ListMeta{ResourceVersion: "10"}}, nil + return &v1.PodList{ListMeta: metav1.ListMeta{ResourceVersion: "10"}}, nil }, } - r := cache.NewReflector(lw, &api.Pod{}, store, 0) + r := cache.NewReflector(lw, &v1.Pod{}, store, 0) r.ListAndWatch(wait.NeverStop) { diff --git a/pkg/util/webhook/BUILD b/pkg/util/webhook/BUILD index 4a9f48209..6a08b208f 100644 --- a/pkg/util/webhook/BUILD +++ b/pkg/util/webhook/BUILD @@ -34,8 +34,9 @@ go_test( tags = ["automanaged"], deps = [ "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/apimachinery/registered:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", - "//vendor/k8s.io/client-go/pkg/api:go_default_library", + "//vendor/k8s.io/client-go/kubernetes/scheme:go_default_library", "//vendor/k8s.io/client-go/rest:go_default_library", "//vendor/k8s.io/client-go/tools/clientcmd/api/v1:go_default_library", ], diff --git a/pkg/util/webhook/webhook_test.go b/pkg/util/webhook/webhook_test.go index 232389c06..d3eb05936 100644 --- a/pkg/util/webhook/webhook_test.go +++ b/pkg/util/webhook/webhook_test.go @@ -32,8 +32,9 @@ import ( "time" apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/apimachinery/registered" "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/client-go/pkg/api" + "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd/api/v1" ) @@ -73,7 +74,8 @@ var ( func TestDisabledGroupVersion(t *testing.T) { gv := schema.GroupVersion{Group: "webhook.util.k8s.io", Version: "v1"} gvs := []schema.GroupVersion{gv} - _, err := NewGenericWebhook(api.Registry, api.Codecs, "/some/path", gvs, retryBackoff) + registry := registered.NewOrDie(gv.String()) + _, err := NewGenericWebhook(registry, scheme.Codecs, "/some/path", gvs, retryBackoff) if err == nil { t.Errorf("expected an error") @@ -270,7 +272,7 @@ func TestKubeConfigFile(t *testing.T) { if err == nil { defer os.Remove(kubeConfigFile) - _, err = NewGenericWebhook(api.Registry, api.Codecs, kubeConfigFile, groupVersions, retryBackoff) + _, err = NewGenericWebhook(registered.NewOrDie(""), scheme.Codecs, kubeConfigFile, groupVersions, retryBackoff) } return err @@ -293,7 +295,7 @@ func TestKubeConfigFile(t *testing.T) { // TestMissingKubeConfigFile ensures that a kube config path to a missing file is handled properly func TestMissingKubeConfigFile(t *testing.T) { kubeConfigPath := "/some/missing/path" - _, err := NewGenericWebhook(api.Registry, api.Codecs, kubeConfigPath, groupVersions, retryBackoff) + _, err := NewGenericWebhook(registered.NewOrDie(""), scheme.Codecs, kubeConfigPath, groupVersions, retryBackoff) if err == nil { t.Errorf("creating the webhook should had failed") @@ -405,7 +407,7 @@ func TestTLSConfig(t *testing.T) { defer os.Remove(configFile) - wh, err := NewGenericWebhook(api.Registry, api.Codecs, configFile, groupVersions, retryBackoff) + wh, err := NewGenericWebhook(registered.NewOrDie(""), scheme.Codecs, configFile, groupVersions, retryBackoff) if err == nil { err = wh.RestClient.Get().Do().Error() @@ -497,7 +499,7 @@ func TestWithExponentialBackoff(t *testing.T) { defer os.Remove(configFile) - wh, err := NewGenericWebhook(api.Registry, api.Codecs, configFile, groupVersions, retryBackoff) + wh, err := NewGenericWebhook(registered.NewOrDie(""), scheme.Codecs, configFile, groupVersions, retryBackoff) if err != nil { t.Fatalf("failed to create the webhook: %v", err) diff --git a/plugin/pkg/authenticator/token/webhook/BUILD b/plugin/pkg/authenticator/token/webhook/BUILD index 448976f57..58435dd57 100644 --- a/plugin/pkg/authenticator/token/webhook/BUILD +++ b/plugin/pkg/authenticator/token/webhook/BUILD @@ -29,14 +29,14 @@ go_library( srcs = ["webhook.go"], tags = ["automanaged"], deps = [ + "//vendor/k8s.io/apimachinery/pkg/apimachinery/registered:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//vendor/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library", "//vendor/k8s.io/apiserver/pkg/authentication/user:go_default_library", "//vendor/k8s.io/apiserver/pkg/util/cache:go_default_library", "//vendor/k8s.io/apiserver/pkg/util/webhook:go_default_library", + "//vendor/k8s.io/client-go/kubernetes/scheme:go_default_library", "//vendor/k8s.io/client-go/kubernetes/typed/authentication/v1beta1:go_default_library", - "//vendor/k8s.io/client-go/pkg/api:go_default_library", - "//vendor/k8s.io/client-go/pkg/apis/authentication/install:go_default_library", "//vendor/k8s.io/client-go/pkg/apis/authentication/v1beta1:go_default_library", ], ) diff --git a/plugin/pkg/authenticator/token/webhook/webhook.go b/plugin/pkg/authenticator/token/webhook/webhook.go index 06d65cc42..e7d493479 100644 --- a/plugin/pkg/authenticator/token/webhook/webhook.go +++ b/plugin/pkg/authenticator/token/webhook/webhook.go @@ -18,18 +18,18 @@ limitations under the License. package webhook import ( + "fmt" "time" + "k8s.io/apimachinery/pkg/apimachinery/registered" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/util/cache" "k8s.io/apiserver/pkg/util/webhook" + "k8s.io/client-go/kubernetes/scheme" authenticationclient "k8s.io/client-go/kubernetes/typed/authentication/v1beta1" - "k8s.io/client-go/pkg/api" authentication "k8s.io/client-go/pkg/apis/authentication/v1beta1" - - _ "k8s.io/client-go/pkg/apis/authentication/install" ) var ( @@ -109,11 +109,24 @@ func (w *WebhookTokenAuthenticator) AuthenticateToken(token string) (user.Info, }, true, nil } +// NOTE: client-go doesn't provide a registry. client-go does registers the +// authentication/v1beta1. We construct a registry that acknowledges +// authentication/v1beta1 as an enabled version to pass a check enforced in +// NewGenericWebhook. +var registry = registered.NewOrDie("") + +func init() { + registry.RegisterVersions(groupVersions) + if err := registry.EnableVersions(groupVersions...); err != nil { + panic(fmt.Sprintf("failed to enable version %v", groupVersions)) + } +} + // tokenReviewInterfaceFromKubeconfig builds a client from the specified kubeconfig file, // and returns a TokenReviewInterface that uses that client. Note that the client submits TokenReview // requests to the exact path specified in the kubeconfig file, so arbitrary non-API servers can be targeted. func tokenReviewInterfaceFromKubeconfig(kubeConfigFile string) (authenticationclient.TokenReviewInterface, error) { - gw, err := webhook.NewGenericWebhook(api.Registry, api.Codecs, kubeConfigFile, groupVersions, 0) + gw, err := webhook.NewGenericWebhook(registry, scheme.Codecs, kubeConfigFile, groupVersions, 0) if err != nil { return nil, err } diff --git a/plugin/pkg/authorizer/webhook/BUILD b/plugin/pkg/authorizer/webhook/BUILD index 1e8ca0353..b38a3dcbb 100644 --- a/plugin/pkg/authorizer/webhook/BUILD +++ b/plugin/pkg/authorizer/webhook/BUILD @@ -32,12 +32,13 @@ go_library( tags = ["automanaged"], deps = [ "//vendor/github.com/golang/glog:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/apimachinery/registered:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//vendor/k8s.io/apiserver/pkg/authorization/authorizer:go_default_library", "//vendor/k8s.io/apiserver/pkg/util/cache:go_default_library", "//vendor/k8s.io/apiserver/pkg/util/webhook:go_default_library", + "//vendor/k8s.io/client-go/kubernetes/scheme:go_default_library", "//vendor/k8s.io/client-go/kubernetes/typed/authorization/v1beta1:go_default_library", - "//vendor/k8s.io/client-go/pkg/api:go_default_library", "//vendor/k8s.io/client-go/pkg/apis/authorization/install:go_default_library", "//vendor/k8s.io/client-go/pkg/apis/authorization/v1beta1:go_default_library", ], diff --git a/plugin/pkg/authorizer/webhook/webhook.go b/plugin/pkg/authorizer/webhook/webhook.go index 22efd5767..ca4916aea 100644 --- a/plugin/pkg/authorizer/webhook/webhook.go +++ b/plugin/pkg/authorizer/webhook/webhook.go @@ -19,16 +19,18 @@ package webhook import ( "encoding/json" + "fmt" "time" "github.com/golang/glog" + "k8s.io/apimachinery/pkg/apimachinery/registered" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/apiserver/pkg/util/cache" "k8s.io/apiserver/pkg/util/webhook" + "k8s.io/client-go/kubernetes/scheme" authorizationclient "k8s.io/client-go/kubernetes/typed/authorization/v1beta1" - "k8s.io/client-go/pkg/api" authorization "k8s.io/client-go/pkg/apis/authorization/v1beta1" _ "k8s.io/client-go/pkg/apis/authorization/install" @@ -207,11 +209,24 @@ func convertToSARExtra(extra map[string][]string) map[string]authorization.Extra return ret } +// NOTE: client-go doesn't provide a registry. client-go does registers the +// authorization/v1beta1. We construct a registry that acknowledges +// authorization/v1beta1 as an enabled version to pass a check enforced in +// NewGenericWebhook. +var registry = registered.NewOrDie("") + +func init() { + registry.RegisterVersions(groupVersions) + if err := registry.EnableVersions(groupVersions...); err != nil { + panic(fmt.Sprintf("failed to enable version %v", groupVersions)) + } +} + // subjectAccessReviewInterfaceFromKubeconfig builds a client from the specified kubeconfig file, // and returns a SubjectAccessReviewInterface that uses that client. Note that the client submits SubjectAccessReview // requests to the exact path specified in the kubeconfig file, so arbitrary non-API servers can be targeted. func subjectAccessReviewInterfaceFromKubeconfig(kubeConfigFile string) (authorizationclient.SubjectAccessReviewInterface, error) { - gw, err := webhook.NewGenericWebhook(api.Registry, api.Codecs, kubeConfigFile, groupVersions, 0) + gw, err := webhook.NewGenericWebhook(registry, scheme.Codecs, kubeConfigFile, groupVersions, 0) if err != nil { return nil, err }