Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix potential unexpected object mutation that can lead to data races
**What this PR does / why we need it**:
In #51526 I introduced an optimization - do a deep copy instead of to and from JSON roundtrip to convert anything that implements `runtime.Unstructured`. I just discovered that the method that is used there `UnstructuredContent()` in both `Unstructured` and `UnstructuredList` may mutate the original object.
2008750398/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go (L87-L92)7c10cbc642/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured_list.go (L58-L75)
This is problematic because previously (before #51526) there was no mutation and because this is unexpected and may lead to data races - it is bad behaviour to mutate original object when you just want a copy of it.
This PR fixes the issue.
Without the fix the tests I've added are failing because when comparison is done original object is not the same:
```
converter_test.go:154: Object changed, diff:
object.Object[items]:
a: []interface {}{}
b: <nil>
converter_test.go:154: Object changed, diff:
object.Object[items]:
a: []interface {}{map[string]interface {}{"kind":"Pod"}}
b: <nil>
```
However the underlying issue is not fixed here - `UnstructuredContent()` is brittle and dangerous. Method name does not imply that it mutates data when you call it. And godoc does not mention that either:
509df603b1/staging/src/k8s.io/apimachinery/pkg/runtime/interfaces.go (L233-L249)
Something needs to be done about it IMO.
Also `UnstructuredContent()` implementation in `UnstructuredList` does not implement the behaviour required by godoc in `runtime.Unstructured`.
**Release note**:
```release-note
NONE
```
/kind bug
/sig api-machinery
/assign @sttts
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Allow constructing spdy executor from existing transports
If you already have an existing transport, it is not always possible to reconstruct a client config from it.
Allow constructing a spdy executor, given a connection/upgrade transport
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 55963, 55790, 55670, 55931). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
admission/webhook: move webhook initializer into plugin
Follow-up of https://github.com/kubernetes/kubernetes/pull/55132.
Non-generic plugin intitializers should go into the admission plugin itself. No need leak that into the generic apiserver. Keeping them contained in the webhook package makes it easier (it was already possible) for extension apiservers to provide one, but we don't need to leak it into the generic plugin initializer.
Delays the error until the first call and then preserves it for others.
More closely matches the intent of the Object() calls. Loaders are now
lazy and don't need to return errors directly.
Sets the stage for collapsing unstructured and structured builders
together.
Automatic merge from submit-queue (batch tested with PRs 55757, 55741, 55817, 55834, 51530). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Refactor iSCSI PV spec to use SecretReference
**What this PR does / why we need it**:
Use SecretReference in iSCSI PV spec
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes https://github.com/kubernetes-incubator/external-storage/issues/321
**Special notes for your reviewer**:
@liggitt
**Release note**:
```release-note
iSCSI Persistent Volume Sources can now reference CHAP Secrets in namespaces other than the namespace of the bound Persistent Volume Claim
```
Automatic merge from submit-queue (batch tested with PRs 55757, 55741, 55817, 55834, 51530). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clarify ExternalNames are hostnames
Updates the documentation for ExternalName to clarify
that they adhere RFC-1123 hostname and are not DNS names.
Fixes#52266
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 55841, 55948, 55945). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
conversion-gen: check for nil pkg in getManualConversionFunctions
**What this PR does / why we need it**:
Following https://github.com/kubernetes/kubernetes/pull/54394, this PR performs a check in getManualConversionFunctions for packages that are not found and prints a warning instead of panicking.
This should improve the UX of conversion-gen, and is also a narrower change than that proposed in #54394, so hopefully can be cherry picked into the release-1.8 etc. branches.
This would allow users to use conversion-gen via the generate-internal-groups.sh script without having to make a second call that 'blanks out' `--extra-peer-dirs`.
/cc @sttts
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54837, 55970, 55912, 55898, 52977). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix protobuf generation for empty struct
Currently, we are not able to generate protobuf for empty structs. This PR fixes proto generation for empty structs. (Example: `type Foo struct{}`)
Needed for https://github.com/kubernetes/kubernetes/pull/55168.
**Release note**:
```release-note
NONE
```
/assign @sttts
Automatic merge from submit-queue (batch tested with PRs 50457, 55558, 53483, 55731, 52842). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
VolumeMode and VolumeDevice api
**What this PR does / why we need it:**
Adds volumeType api to PV and PVC for local block support based on this proposal (https://github.com/kubernetes/community/pull/805) and this feature issue: https://github.com/kubernetes/features/issues/351
**Special notes for your reviewer:**
There are other PR changes coming, this just simply creates the api fields
#53385 - binding logic changes dependent on this change
**Release note:**
NONE
Notes will be added in subsequents PR with the volume plugin changes, CRI, etc...
cc @msau42 @liggitt @jsafrane @mtanino @saad-ali @erinboyd
Automatic merge from submit-queue (batch tested with PRs 55642, 55897, 55835, 55496, 55313). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Table printers and server generation should always copy ListMeta
Tables should be a mapping from lists, so if the incoming object has these add them to the table. Paging over server side tables was broken without this. Add tests on the generic creater and on the resttest compatibility.
@deads2k
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Move unstructured conversion into pkg/runtime
Scheme conversion should support unstructured conversion natively to
allow going from unstructured to typed and back. It is not a higher
level responsibility to do that conversion because the scheme is the
only one who knows what types it supports.
@liggitt @kubernetes/sig-cli-api-reviews I am going to make Scheme support unstructured in ConvertToVersion and Convert, which means resource.Builder and the CLI can get simpler for all existing use cases where versioned and unstructured need to coexist.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Adding mutating webhook admission plugin
Ref #https://github.com/kubernetes/features/issues/492
I made a change to the API to plumb the `Patch` into the response. I'll rebase onto the actual API once https://github.com/kubernetes/kubernetes/pull/55829 is merged.
We should update the release notes to point to the user docs when we have any.
```release-note
Added mutation supports to admission webhooks.
```
TODO:
- [ ] update test image to v6 after #55829 is merged
- [ ] rename the GenericAdmissionWebhook to ValidatingAdmissionWebhook
- [ ] reduce json marshal/unmarshal roundtrip: https://github.com/kubernetes/kubernetes/pull/54892#discussion_r151336838
- [ ] move the matching function to a common package that validating and mutating webhooks can both import.
- [ ] handle namespace GET failure gracefully for fail open webhook?
AdmissionResponse allows mutating webhook to send apiserver a json patch
to mutate the object.
This reflects the imperative nature of AdmissionReview. It adds
AdmissionRequest and AdmissionResponse in place of status/spec.
The AdmissionResponse the allows the mutating webhook
to send back a json path with the mutated version of the requested
object.
Fixed the integration test to clean up properly.
Switched test image to 1.8v5 to reflect API changes.
Make sure to cache test framework client for cleaup test code.
Switched to pointer for patch type.
Factored in @liggitt's feedback.
Factored in @lavalamp's feedback.
The first call to Set will clear the map before adding entries;
subsequent calls will simply append to the map.
This makes it possible to override default values with a command-line
option rather than appending to defaults,
while still allowing the distribution of key-value pairs across
multiple flag invocations.
For example: `--flag "a:hello" --flag "b:again" --flag "b:beautiful"
--flag "c:world"` results in `{"a": ["hello"], "b": ["again",
"beautiful"], "c": ["world"]}`
Tables should be a mapping from lists, so if the incoming object has
these add them to the table. Allows paging over server side tables.
Add tests on the generic creater and on the resttest compatibility.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Lift embedded structure out of eviction-related KubeletConfiguration fields
- Changes the following KubeletConfiguration fields from `string` to
`map[string]string`:
- `EvictionHard`
- `EvictionSoft`
- `EvictionSoftGracePeriod`
- `EvictionMinimumReclaim`
- Adds flag parsing shims to maintain Kubelet's public flags API, while
enabling structured input in the file API.
- Also removes `kubeletconfig.ConfigurationMap`, which was an ad-hoc flag
parsing shim living in the kubeletconfig API group, and replaces it
with the `MapStringString` shim introduced in this PR. Flag parsing
shims belong in a common place, not in the kubeletconfig API.
I manually audited these to ensure that this wouldn't cause errors
parsing the command line for syntax that would have previously been
error free (`kubeletconfig.ConfigurationMap` was unique in that it
allowed keys to be provided on the CLI without values. I believe this was
done in `flags.ConfigurationMap` to facilitate the `--node-labels` flag,
which rightfully accepts value-free keys, and that this shim was then
just copied to `kubeletconfig`). Fortunately, the affected fields
(`ExperimentalQOSReserved`, `SystemReserved`, and `KubeReserved`) expect
non-empty strings in the values of the map, and as a result passing the
empty string is already an error. Thus requiring keys shouldn't break
anyone's scripts.
- Updates code and tests accordingly.
Regarding eviction operators, directionality is already implicit in the
signal type (for a given signal, the decision to evict will be made when
crossing the threshold from either above or below, never both). There is
no need to expose an operator, such as `<`, in the API. By changing
`EvictionHard` and `EvictionSoft` to `map[string]string`, this PR
simplifies the experience of working with these fields via the
`KubeletConfiguration` type. Again, flags stay the same.
Other things:
- There is another flag parsing shim, `flags.ConfigurationMap`, from the
shared flag utility. The `NodeLabels` field still uses
`flags.ConfigurationMap`. This PR moves the allocation of the
`map[string]string` for the `NodeLabels` field from
`AddKubeletConfigFlags` to the defaulter for the external
`KubeletConfiguration` type. Flags are layered on top of an internal
object that has undergone conversion from a defaulted external object,
which means that previously the mere registration of flags would have
overwritten any previously-defined defaults for `NodeLabels` (fortunately
there were none).
Related: #53833 (lifting embedded structures out of string fields is part of getting this API to beta)
```release-note
The EvictionHard, EvictionSoft, EvictionSoftGracePeriod, EvictionMinimumReclaim, SystemReserved, and KubeReserved fields in the KubeletConfiguration object (kubeletconfig/v1alpha1) are now of type map[string]string, which facilitates writing JSON and YAML files.
```
- Changes the following KubeletConfiguration fields from `string` to
`map[string]string`:
- `EvictionHard`
- `EvictionSoft`
- `EvictionSoftGracePeriod`
- `EvictionMinimumReclaim`
- Adds flag parsing shims to maintain Kubelet's public flags API, while
enabling structured input in the file API.
- Also removes `kubeletconfig.ConfigurationMap`, which was an ad-hoc flag
parsing shim living in the kubeletconfig API group, and replaces it
with the `MapStringString` shim introduced in this PR. Flag parsing
shims belong in a common place, not in the kubeletconfig API.
I manually audited these to ensure that this wouldn't cause errors
parsing the command line for syntax that would have previously been
error free (`kubeletconfig.ConfigurationMap` was unique in that it
allowed keys to be provided on the CLI without values. I believe this was
done in `flags.ConfigurationMap` to facilitate the `--node-labels` flag,
which rightfully accepts value-free keys, and that this shim was then
just copied to `kubeletconfig`). Fortunately, the affected fields
(`ExperimentalQOSReserved`, `SystemReserved`, and `KubeReserved`) expect
non-empty strings in the values of the map, and as a result passing the
empty string is already an error. Thus requiring keys shouldn't break
anyone's scripts.
- Updates code and tests accordingly.
Regarding eviction operators, directionality is already implicit in the
signal type (for a given signal, the decision to evict will be made when
crossing the threshold from either above or below, never both). There is
no need to expose an operator, such as `<`, in the API. By changing
`EvictionHard` and `EvictionSoft` to `map[string]string`, this PR
simplifies the experience of working with these fields via the
`KubeletConfiguration` type. Again, flags stay the same.
Other things:
- There is another flag parsing shim, `flags.ConfigurationMap`, from the
shared flag utility. The `NodeLabels` field still uses
`flags.ConfigurationMap`. This PR moves the allocation of the
`map[string]string` for the `NodeLabels` field from
`AddKubeletConfigFlags` to the defaulter for the external
`KubeletConfiguration` type. Flags are layered on top of an internal
object that has undergone conversion from a defaulted external object,
which means that previously the mere registration of flags would have
overwritten any previously-defined defaults for `NodeLabels` (fortunately
there were none).
To reduce the impact of transitioning away from internal, make
Unstructured conversion a natural part of the scheme. Convert and
ConvertToVersion now automatically manage converting unstructured
objects into versioned types as necessary.
Alter the signature of Unstructured to make set possible.
Scheme conversion should support unstructured conversion natively to
allow going from unstructured to typed and back. It is not a higher
level responsibility to do that conversion because the scheme is the
only one who knows what types it supports.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Validation for CRD custom resources: feature gate promotion alpha->beta
**What this PR does / why we need it**: This promotes CRD Validation from **alpha** to **beta**.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#53829
**Special notes for your reviewer**: Issue #53829 discusses potential blockers to promoting CRD Validation to beta. None of the potential blockers are actual blockers, as they can all be accomplished without backward incompatible changes.
**Release note**:
```release-note
Promote validation for custom resources defined through CRD to beta
```
cc: @sttts @nikhita @mbohlool
Automatic merge from submit-queue (batch tested with PRs 55798, 49579, 54862, 55188, 51990). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
add back defaulting for parameter decoding
At the beginning of 1.7, we removed the last "conversion causes defaulting". This broke the "default to true" behavior for exec and attach options, but we didn't notice. This removes the broken defaulter (you can default a non-point bool to true on an object) and adds back defaulting to parameter codecs.
@k8s-mirror-api-machinery-misc @lavalamp @smarterclayton
Automatic merge from submit-queue (batch tested with PRs 55657, 54758, 47584, 55758, 55651). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update Gophercloud dependency for reauth problem
**What this PR does / why we need it**:
Fixes picked up from gophercloud:
443743e883...0b6b13c4dd
Including the one for endless loop on reauth:
https://github.com/gophercloud/gophercloud/pull/604
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#55656
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Fixes https://github.com/kubernetes/client-go/issues/327
Currently we're not capturing stderr when shelling out to "gcloud config
config-helper --format=json" fails. This patch is capturing the stderr in the
error message returned.
This gcloud command sometimes returns an upgrade reminder (in stderr) so using
`cmd.CombinedOutput()` is not an option here. Maybe we should also add an unit
test in gcp_test.go capturing this situation, too, in case someone decides to
replace this with CombinedOutput someday.
Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
Some errors are invoked outside of negotiation. These errors should
still have a kind and apiVersion (which is only set by structured
encoders, not always availabe). Ensure that all errors by default get a
status kind and version set.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
update apps/v1 types.go comments for controller spec selector fields
**What this PR does / why we need it**:
This PR updates apps/v1 types.go comments (including removal of `optional` tag) for controller spec selector fields.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
xref #50808
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54436, 53148, 55153, 55614, 55484). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
code-generator: complete PkgName, GroupName, GoName seperation
... in client-gen, informer-gen, lister-gen. Follow-up of https://github.com/kubernetes/kubernetes/pull/54950.
Before this PR, the generated code was broken for internal types and for group package names that were no valid Go identifiers.
This PR completes the separation in the following sense:
- GroupNames are domain-like logical name for the group. Only the first segment is used as default for GoName
- PkgName is the directory name. All packages in client, informer, lister re-use this for packages.
- GoName is the Go identifier (CamelCase) used to reference the group, e.g. in the interface names, in the clientsets etc. Moreover it is used for package import aliases.
Note: this PR **does not** change the generated code in Kubernetes, only the examples in k8s.io/code-generator.
```release-note
Fix code-generators to produce correct code when GroupName, PackageName and/or GoName differ.
```
Automatic merge from submit-queue (batch tested with PRs 54436, 53148, 55153, 55614, 55484). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add VolumeBindingMode to StorageClass API
**What this PR does / why we need it**:
Adds a new field `VolumeBindingMode` to `StorageClass`, as specified in kubernetes/community#1168
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#54434
**Special notes for your reviewer**:
API changes only. The scheduler and PV controller work will be submitted as a separate PR.
**Release note**:
NONE
@kubernetes/sig-storage-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 53780, 55663, 55321, 52421, 55659). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
remove duplicated import
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Introduce new `VolumeAttachment` API Object
**What this PR does / why we need it**:
Introduce a new `VolumeAttachment` API Object. This object will be used by the CSI volume plugin to enable external attachers (see design [here](https://github.com/kubernetes/community/pull/1258). In the future, existing volume plugins can be refactored to use this object as well.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: Part of issue https://github.com/kubernetes/features/issues/178
**Special notes for your reviewer**:
None
**Release note**:
```release-note
NONE
```
Move the namespace selector code to package webhook/namespace
Move the conversion related code to package to webhook/versioned
Move errors related code to package webhook/errors
Move admission review related code to package webhook/request
Introduce the v1alpha1 version to the Kubernetes storage API. And add a
new VolumeAttachment object to that version. This object will initially
be used only by the new CSI Volume Plugin. Eventually existing volume
plugins can be refactored to use it too.
Moved client and kubeconfig related code to webhook/config;
Moved the rule matcher to webhook/rules;
Left TODOs saying we are going to move some other common utilities;
Other code is moved to webhook/validation.
Automatic merge from submit-queue (batch tested with PRs 54602, 54877, 55243, 55509, 55128). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
stop timer
**What this PR does / why we need it**:
stop the timer after using it
Automatic merge from submit-queue (batch tested with PRs 54005, 55127, 53850, 55486, 53440). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Enforce use of fixed size int types in the API
Changes 'int' to 'int32', enforced by import_known_versions_test
Follow up to PR #53402
**What this PR does / why we need it**:
This PR changes a few fields within the API from 'int' to 'int32' and is now enforced by import_known_versions_test. We need this so integer fields are the same size regardless of $GOARCH.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
```
Automatic merge from submit-queue (batch tested with PRs 54005, 55127, 53850, 55486, 53440). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Validation webhook plugin converts objects to the external version before sending to webhooks
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
https://github.com/kubernetes/features/issues/492
**Special notes for your reviewer**:
**Release note**:
```release-note
The apiserver sends external versioned object to the admission webhooks now. Please update the webhooks to expect admissionReview.spec.object.raw to be serialized external versions of objects.
```
Automatic merge from submit-queue (batch tested with PRs 54005, 55127, 53850, 55486, 53440). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
aggregate cluster roles
xref https://github.com/kubernetes/community/pull/1219https://github.com/kubernetes/features/issues/502
This is a pull with API types, a controller, and a demonstration of how to move admin, edit, and view. Once we agree on the shape, I'll
I added
```yaml
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.authorization.k8s.io/aggregate-to-admin: true
```
to the `ClusterRole`. A controller then goes and gathers all the matching ClusterRoles and sets the `rules` to the union of matching cluster roles.
@kubernetes/sig-auth-pr-reviews
```release-note
RBAC ClusterRoles can now select other roles to aggregate
```
Automatic merge from submit-queue (batch tested with PRs 55283, 55461, 55288, 53970, 55487). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[authorize] rename test file and remove unused code
**What this PR does / why we need it**:
rename go test filename and remove unused code in builtin.go
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
nit fix, no impact to function.
**Release note**:
```release-note
NONE
```
Dr. Stefan Schimanski