- DRA: Starting Kubernetes 1.33, only users with access to an admin namespace with the `kubernetes.io/dra-admin-access` label are authorized to create ResourceClaim or ResourceClaimTemplate objects with the `adminAccess` field in this admin namespace if they want to and only they can reference these ResourceClaims or ResourceClaimTemplates in their pod or deployment specs. ([#130225](https://github...

- DRA: Starting with Kubernetes 1.34, the alpha-level `resource.k8s.io/admin-access` label has been updated to `resource.kubernetes.io/admin-access`. Admins using the alpha feature and updating from 1.33 can set both labels, upgrade, then remove `resource.k8s.io/admin-access` when no downgrade is going to happen anymore. ([#131996](https://github.com/kubernetes/kubernetes/pull/131996), [@ritazh](https://github.com/ritazh))...

That way, the original `APIRouter` will stay unmodified, so we can still share that same `app/internal/admin.py` file with other projects in the organization.

The result is that in our app, each of the *path operations* from the `admin` module will have:

* The prefix `/admin`.
* The tag `admin`.
* The dependency `get_token_header`.
* The response `418`. 🍵

test="${fe:permission('admin-webconfig-view') or fe:permission('admin-fileconfig-view') or fe:permission('admin-dataconfig-view') or fe:permission('admin-labeltype-view') or fe:permission('admin-keymatch-view') or fe:permission('admin-boostdoc-view') or fe:permission('admin-relatedcontent-view') or fe:permission('admin-relatedquery-view') or fe:permission('admin-pathmap-view') or fe:permission('admin-webauth-view') or fe:permission('admin-fileauth-view') or fe:permission('admin-reqheader-view') or fe:permiss...

    runner = new OpenSearchRunner();
    runner.build(newConfigs().clusterName("TestCluster").numOfNode(1));
    client = runner.client();
}

@Before
public void before() {
    runner.admin().indices().prepareDelete("_all").execute().actionGet();
}

@AfterClass
public static void afterClass() {
    runner.close();
    runner.clean();
}
```

### Testing Best Practices

        testUser.setRoleNames(new String[] { "admin" });
        String[] roles = fessUserBean.getRoles();
        assertEquals(1, roles.length);
        assertEquals("admin", roles[0]);

        // Test with multiple roles
        testUser.setRoleNames(new String[] { "admin", "user", "manager" });
        roles = fessUserBean.getRoles();
        assertEquals(3, roles.length);
        assertEquals("admin", roles[0]);

            key="labels.access_token_configuration"/></title>
    <jsp:include page="/WEB-INF/view/common/admin/head.jsp"></jsp:include>
</head>
<body class="hold-transition sidebar-mini">
<div class="wrapper">
    <jsp:include page="/WEB-INF/view/common/admin/header.jsp"></jsp:include>
    <jsp:include page="/WEB-INF/view/common/admin/sidebar.jsp">
        <jsp:param name="menuCategoryType" value="system"/>

            key="labels.reqheader_configuration"/></title>
    <jsp:include page="/WEB-INF/view/common/admin/head.jsp"></jsp:include>
</head>
<body class="hold-transition sidebar-mini">
<div class="wrapper">
    <jsp:include page="/WEB-INF/view/common/admin/header.jsp"></jsp:include>
    <jsp:include page="/WEB-INF/view/common/admin/sidebar.jsp">
        <jsp:param name="menuCategoryType" value="crawl"/>

            key="labels.group_configuration"/></title>
    <jsp:include page="/WEB-INF/view/common/admin/head.jsp"></jsp:include>
</head>
<body class="hold-transition sidebar-mini">
<div class="wrapper">
    <jsp:include page="/WEB-INF/view/common/admin/header.jsp"></jsp:include>
    <jsp:include page="/WEB-INF/view/common/admin/sidebar.jsp">
        <jsp:param name="menuCategoryType" value="user"/>

        });
        LdapManager ldapManager = new LdapManager();
        ldapManager.init();

        assertEquals("admin", ldapManager.normalizePermissionName("ADMIN"));
        assertEquals("admin", ldapManager.normalizePermissionName("Admin"));
        assertEquals("admin", ldapManager.normalizePermissionName("admin"));
    }

    @Test
    public void test_normalizePermissionName_withLowercaseDisabled() {