Merge pull request #9518 from baude/pruneremotecommand

prune remotecommand dependency

7 files changed, 0 insertions, 1286 deletions

diff --git a/vendor/k8s.io/client-go/transport/OWNERS b/vendor/k8s.io/client-go/transport/OWNERS
deleted file mode 100644
index a52176903..000000000
--- a/vendor/k8s.io/client-go/transport/OWNERS
+++ /dev/null
@@ -1,9 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-- smarterclayton
-- wojtek-t
-- deads2k
-- liggitt
-- krousey
-- caesarxuchao
diff --git a/vendor/k8s.io/client-go/transport/cache.go b/vendor/k8s.io/client-go/transport/cache.go
deleted file mode 100644
index 7cffe2a5f..000000000
--- a/vendor/k8s.io/client-go/transport/cache.go
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
-	"fmt"
-	"net"
-	"net/http"
-	"sync"
-	"time"
-
-	utilnet "k8s.io/apimachinery/pkg/util/net"
-)
-
-// TlsTransportCache caches TLS http.RoundTrippers different configurations. The
-// same RoundTripper will be returned for configs with identical TLS options If
-// the config has no custom TLS options, http.DefaultTransport is returned.
-type tlsTransportCache struct {
-	mu         sync.Mutex
-	transports map[tlsCacheKey]*http.Transport
-}
-
-const idleConnsPerHost = 25
-
-var tlsCache = &tlsTransportCache{transports: make(map[tlsCacheKey]*http.Transport)}
-
-type tlsCacheKey struct {
-	insecure   bool
-	caData     string
-	certData   string
-	keyData    string
-	getCert    string
-	serverName string
-	dial       string
-}
-
-func (t tlsCacheKey) String() string {
-	keyText := "<none>"
-	if len(t.keyData) > 0 {
-		keyText = "<redacted>"
-	}
-	return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, getCert: %s, serverName:%s, dial:%s", t.insecure, t.caData, t.certData, keyText, t.getCert, t.serverName, t.dial)
-}
-
-func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
-	key, err := tlsConfigKey(config)
-	if err != nil {
-		return nil, err
-	}
-
-	// Ensure we only create a single transport for the given TLS options
-	c.mu.Lock()
-	defer c.mu.Unlock()
-
-	// See if we already have a custom transport for this config
-	if t, ok := c.transports[key]; ok {
-		return t, nil
-	}
-
-	// Get the TLS options for this client config
-	tlsConfig, err := TLSConfigFor(config)
-	if err != nil {
-		return nil, err
-	}
-	// The options didn't require a custom TLS config
-	if tlsConfig == nil && config.Dial == nil {
-		return http.DefaultTransport, nil
-	}
-
-	dial := config.Dial
-	if dial == nil {
-		dial = (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-		}).DialContext
-	}
-	// Cache a single transport for these options
-	c.transports[key] = utilnet.SetTransportDefaults(&http.Transport{
-		Proxy:               http.ProxyFromEnvironment,
-		TLSHandshakeTimeout: 10 * time.Second,
-		TLSClientConfig:     tlsConfig,
-		MaxIdleConnsPerHost: idleConnsPerHost,
-		DialContext:         dial,
-	})
-	return c.transports[key], nil
-}
-
-// tlsConfigKey returns a unique key for tls.Config objects returned from TLSConfigFor
-func tlsConfigKey(c *Config) (tlsCacheKey, error) {
-	// Make sure ca/key/cert content is loaded
-	if err := loadTLSFiles(c); err != nil {
-		return tlsCacheKey{}, err
-	}
-	return tlsCacheKey{
-		insecure:   c.TLS.Insecure,
-		caData:     string(c.TLS.CAData),
-		certData:   string(c.TLS.CertData),
-		keyData:    string(c.TLS.KeyData),
-		getCert:    fmt.Sprintf("%p", c.TLS.GetCert),
-		serverName: c.TLS.ServerName,
-		dial:       fmt.Sprintf("%p", c.Dial),
-	}, nil
-}
diff --git a/vendor/k8s.io/client-go/transport/config.go b/vendor/k8s.io/client-go/transport/config.go
deleted file mode 100644
index 5de0a2cb1..000000000
--- a/vendor/k8s.io/client-go/transport/config.go
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
-	"context"
-	"crypto/tls"
-	"net"
-	"net/http"
-)
-
-// Config holds various options for establishing a transport.
-type Config struct {
-	// UserAgent is an optional field that specifies the caller of this
-	// request.
-	UserAgent string
-
-	// The base TLS configuration for this transport.
-	TLS TLSConfig
-
-	// Username and password for basic authentication
-	Username string
-	Password string
-
-	// Bearer token for authentication
-	BearerToken string
-
-	// Path to a file containing a BearerToken.
-	// If set, the contents are periodically read.
-	// The last successfully read value takes precedence over BearerToken.
-	BearerTokenFile string
-
-	// Impersonate is the config that this Config will impersonate using
-	Impersonate ImpersonationConfig
-
-	// Transport may be used for custom HTTP behavior. This attribute may
-	// not be specified with the TLS client certificate options. Use
-	// WrapTransport for most client level operations.
-	Transport http.RoundTripper
-
-	// WrapTransport will be invoked for custom HTTP behavior after the
-	// underlying transport is initialized (either the transport created
-	// from TLSClientConfig, Transport, or http.DefaultTransport). The
-	// config may layer other RoundTrippers on top of the returned
-	// RoundTripper.
-	//
-	// A future release will change this field to an array. Use config.Wrap()
-	// instead of setting this value directly.
-	WrapTransport WrapperFunc
-
-	// Dial specifies the dial function for creating unencrypted TCP connections.
-	Dial func(ctx context.Context, network, address string) (net.Conn, error)
-}
-
-// ImpersonationConfig has all the available impersonation options
-type ImpersonationConfig struct {
-	// UserName matches user.Info.GetName()
-	UserName string
-	// Groups matches user.Info.GetGroups()
-	Groups []string
-	// Extra matches user.Info.GetExtra()
-	Extra map[string][]string
-}
-
-// HasCA returns whether the configuration has a certificate authority or not.
-func (c *Config) HasCA() bool {
-	return len(c.TLS.CAData) > 0 || len(c.TLS.CAFile) > 0
-}
-
-// HasBasicAuth returns whether the configuration has basic authentication or not.
-func (c *Config) HasBasicAuth() bool {
-	return len(c.Username) != 0
-}
-
-// HasTokenAuth returns whether the configuration has token authentication or not.
-func (c *Config) HasTokenAuth() bool {
-	return len(c.BearerToken) != 0 || len(c.BearerTokenFile) != 0
-}
-
-// HasCertAuth returns whether the configuration has certificate authentication or not.
-func (c *Config) HasCertAuth() bool {
-	return (len(c.TLS.CertData) != 0 || len(c.TLS.CertFile) != 0) && (len(c.TLS.KeyData) != 0 || len(c.TLS.KeyFile) != 0)
-}
-
-// HasCertCallbacks returns whether the configuration has certificate callback or not.
-func (c *Config) HasCertCallback() bool {
-	return c.TLS.GetCert != nil
-}
-
-// Wrap adds a transport middleware function that will give the caller
-// an opportunity to wrap the underlying http.RoundTripper prior to the
-// first API call being made. The provided function is invoked after any
-// existing transport wrappers are invoked.
-func (c *Config) Wrap(fn WrapperFunc) {
-	c.WrapTransport = Wrappers(c.WrapTransport, fn)
-}
-
-// TLSConfig holds the information needed to set up a TLS transport.
-type TLSConfig struct {
-	CAFile   string // Path of the PEM-encoded server trusted root certificates.
-	CertFile string // Path of the PEM-encoded client certificate.
-	KeyFile  string // Path of the PEM-encoded client key.
-
-	Insecure   bool   // Server should be accessed without verifying the certificate. For testing only.
-	ServerName string // Override for the server name passed to the server for SNI and used to verify certificates.
-
-	CAData   []byte // Bytes of the PEM-encoded server trusted root certificates. Supercedes CAFile.
-	CertData []byte // Bytes of the PEM-encoded client certificate. Supercedes CertFile.
-	KeyData  []byte // Bytes of the PEM-encoded client key. Supercedes KeyFile.
-
-	GetCert func() (*tls.Certificate, error) // Callback that returns a TLS client certificate. CertData, CertFile, KeyData and KeyFile supercede this field.
-}
diff --git a/vendor/k8s.io/client-go/transport/round_trippers.go b/vendor/k8s.io/client-go/transport/round_trippers.go
deleted file mode 100644
index 117a9c8c4..000000000
--- a/vendor/k8s.io/client-go/transport/round_trippers.go
+++ /dev/null
@@ -1,564 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-
-	"golang.org/x/oauth2"
-	"k8s.io/klog"
-
-	utilnet "k8s.io/apimachinery/pkg/util/net"
-)
-
-// HTTPWrappersForConfig wraps a round tripper with any relevant layered
-// behavior from the config. Exposed to allow more clients that need HTTP-like
-// behavior but then must hijack the underlying connection (like WebSocket or
-// HTTP2 clients). Pure HTTP clients should use the RoundTripper returned from
-// New.
-func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTripper, error) {
-	if config.WrapTransport != nil {
-		rt = config.WrapTransport(rt)
-	}
-
-	rt = DebugWrappers(rt)
-
-	// Set authentication wrappers
-	switch {
-	case config.HasBasicAuth() && config.HasTokenAuth():
-		return nil, fmt.Errorf("username/password or bearer token may be set, but not both")
-	case config.HasTokenAuth():
-		var err error
-		rt, err = NewBearerAuthWithRefreshRoundTripper(config.BearerToken, config.BearerTokenFile, rt)
-		if err != nil {
-			return nil, err
-		}
-	case config.HasBasicAuth():
-		rt = NewBasicAuthRoundTripper(config.Username, config.Password, rt)
-	}
-	if len(config.UserAgent) > 0 {
-		rt = NewUserAgentRoundTripper(config.UserAgent, rt)
-	}
-	if len(config.Impersonate.UserName) > 0 ||
-		len(config.Impersonate.Groups) > 0 ||
-		len(config.Impersonate.Extra) > 0 {
-		rt = NewImpersonatingRoundTripper(config.Impersonate, rt)
-	}
-	return rt, nil
-}
-
-// DebugWrappers wraps a round tripper and logs based on the current log level.
-func DebugWrappers(rt http.RoundTripper) http.RoundTripper {
-	switch {
-	case bool(klog.V(9)):
-		rt = newDebuggingRoundTripper(rt, debugCurlCommand, debugURLTiming, debugResponseHeaders)
-	case bool(klog.V(8)):
-		rt = newDebuggingRoundTripper(rt, debugJustURL, debugRequestHeaders, debugResponseStatus, debugResponseHeaders)
-	case bool(klog.V(7)):
-		rt = newDebuggingRoundTripper(rt, debugJustURL, debugRequestHeaders, debugResponseStatus)
-	case bool(klog.V(6)):
-		rt = newDebuggingRoundTripper(rt, debugURLTiming)
-	}
-
-	return rt
-}
-
-type requestCanceler interface {
-	CancelRequest(*http.Request)
-}
-
-type authProxyRoundTripper struct {
-	username string
-	groups   []string
-	extra    map[string][]string
-
-	rt http.RoundTripper
-}
-
-// NewAuthProxyRoundTripper provides a roundtripper which will add auth proxy fields to requests for
-// authentication terminating proxy cases
-// assuming you pull the user from the context:
-// username is the user.Info.GetName() of the user
-// groups is the user.Info.GetGroups() of the user
-// extra is the user.Info.GetExtra() of the user
-// extra can contain any additional information that the authenticator
-// thought was interesting, for example authorization scopes.
-// In order to faithfully round-trip through an impersonation flow, these keys
-// MUST be lowercase.
-func NewAuthProxyRoundTripper(username string, groups []string, extra map[string][]string, rt http.RoundTripper) http.RoundTripper {
-	return &authProxyRoundTripper{
-		username: username,
-		groups:   groups,
-		extra:    extra,
-		rt:       rt,
-	}
-}
-
-func (rt *authProxyRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	req = utilnet.CloneRequest(req)
-	SetAuthProxyHeaders(req, rt.username, rt.groups, rt.extra)
-
-	return rt.rt.RoundTrip(req)
-}
-
-// SetAuthProxyHeaders stomps the auth proxy header fields.  It mutates its argument.
-func SetAuthProxyHeaders(req *http.Request, username string, groups []string, extra map[string][]string) {
-	req.Header.Del("X-Remote-User")
-	req.Header.Del("X-Remote-Group")
-	for key := range req.Header {
-		if strings.HasPrefix(strings.ToLower(key), strings.ToLower("X-Remote-Extra-")) {
-			req.Header.Del(key)
-		}
-	}
-
-	req.Header.Set("X-Remote-User", username)
-	for _, group := range groups {
-		req.Header.Add("X-Remote-Group", group)
-	}
-	for key, values := range extra {
-		for _, value := range values {
-			req.Header.Add("X-Remote-Extra-"+headerKeyEscape(key), value)
-		}
-	}
-}
-
-func (rt *authProxyRoundTripper) CancelRequest(req *http.Request) {
-	if canceler, ok := rt.rt.(requestCanceler); ok {
-		canceler.CancelRequest(req)
-	} else {
-		klog.Errorf("CancelRequest not implemented by %T", rt.rt)
-	}
-}
-
-func (rt *authProxyRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-type userAgentRoundTripper struct {
-	agent string
-	rt    http.RoundTripper
-}
-
-func NewUserAgentRoundTripper(agent string, rt http.RoundTripper) http.RoundTripper {
-	return &userAgentRoundTripper{agent, rt}
-}
-
-func (rt *userAgentRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	if len(req.Header.Get("User-Agent")) != 0 {
-		return rt.rt.RoundTrip(req)
-	}
-	req = utilnet.CloneRequest(req)
-	req.Header.Set("User-Agent", rt.agent)
-	return rt.rt.RoundTrip(req)
-}
-
-func (rt *userAgentRoundTripper) CancelRequest(req *http.Request) {
-	if canceler, ok := rt.rt.(requestCanceler); ok {
-		canceler.CancelRequest(req)
-	} else {
-		klog.Errorf("CancelRequest not implemented by %T", rt.rt)
-	}
-}
-
-func (rt *userAgentRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-type basicAuthRoundTripper struct {
-	username string
-	password string
-	rt       http.RoundTripper
-}
-
-// NewBasicAuthRoundTripper will apply a BASIC auth authorization header to a
-// request unless it has already been set.
-func NewBasicAuthRoundTripper(username, password string, rt http.RoundTripper) http.RoundTripper {
-	return &basicAuthRoundTripper{username, password, rt}
-}
-
-func (rt *basicAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	if len(req.Header.Get("Authorization")) != 0 {
-		return rt.rt.RoundTrip(req)
-	}
-	req = utilnet.CloneRequest(req)
-	req.SetBasicAuth(rt.username, rt.password)
-	return rt.rt.RoundTrip(req)
-}
-
-func (rt *basicAuthRoundTripper) CancelRequest(req *http.Request) {
-	if canceler, ok := rt.rt.(requestCanceler); ok {
-		canceler.CancelRequest(req)
-	} else {
-		klog.Errorf("CancelRequest not implemented by %T", rt.rt)
-	}
-}
-
-func (rt *basicAuthRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-// These correspond to the headers used in pkg/apis/authentication.  We don't want the package dependency,
-// but you must not change the values.
-const (
-	// ImpersonateUserHeader is used to impersonate a particular user during an API server request
-	ImpersonateUserHeader = "Impersonate-User"
-
-	// ImpersonateGroupHeader is used to impersonate a particular group during an API server request.
-	// It can be repeated multiplied times for multiple groups.
-	ImpersonateGroupHeader = "Impersonate-Group"
-
-	// ImpersonateUserExtraHeaderPrefix is a prefix for a header used to impersonate an entry in the
-	// extra map[string][]string for user.Info.  The key for the `extra` map is suffix.
-	// The same key can be repeated multiple times to have multiple elements in the slice under a single key.
-	// For instance:
-	// Impersonate-Extra-Foo: one
-	// Impersonate-Extra-Foo: two
-	// results in extra["Foo"] = []string{"one", "two"}
-	ImpersonateUserExtraHeaderPrefix = "Impersonate-Extra-"
-)
-
-type impersonatingRoundTripper struct {
-	impersonate ImpersonationConfig
-	delegate    http.RoundTripper
-}
-
-// NewImpersonatingRoundTripper will add an Act-As header to a request unless it has already been set.
-func NewImpersonatingRoundTripper(impersonate ImpersonationConfig, delegate http.RoundTripper) http.RoundTripper {
-	return &impersonatingRoundTripper{impersonate, delegate}
-}
-
-func (rt *impersonatingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	// use the user header as marker for the rest.
-	if len(req.Header.Get(ImpersonateUserHeader)) != 0 {
-		return rt.delegate.RoundTrip(req)
-	}
-	req = utilnet.CloneRequest(req)
-	req.Header.Set(ImpersonateUserHeader, rt.impersonate.UserName)
-
-	for _, group := range rt.impersonate.Groups {
-		req.Header.Add(ImpersonateGroupHeader, group)
-	}
-	for k, vv := range rt.impersonate.Extra {
-		for _, v := range vv {
-			req.Header.Add(ImpersonateUserExtraHeaderPrefix+headerKeyEscape(k), v)
-		}
-	}
-
-	return rt.delegate.RoundTrip(req)
-}
-
-func (rt *impersonatingRoundTripper) CancelRequest(req *http.Request) {
-	if canceler, ok := rt.delegate.(requestCanceler); ok {
-		canceler.CancelRequest(req)
-	} else {
-		klog.Errorf("CancelRequest not implemented by %T", rt.delegate)
-	}
-}
-
-func (rt *impersonatingRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.delegate }
-
-type bearerAuthRoundTripper struct {
-	bearer string
-	source oauth2.TokenSource
-	rt     http.RoundTripper
-}
-
-// NewBearerAuthRoundTripper adds the provided bearer token to a request
-// unless the authorization header has already been set.
-func NewBearerAuthRoundTripper(bearer string, rt http.RoundTripper) http.RoundTripper {
-	return &bearerAuthRoundTripper{bearer, nil, rt}
-}
-
-// NewBearerAuthRoundTripper adds the provided bearer token to a request
-// unless the authorization header has already been set.
-// If tokenFile is non-empty, it is periodically read,
-// and the last successfully read content is used as the bearer token.
-// If tokenFile is non-empty and bearer is empty, the tokenFile is read
-// immediately to populate the initial bearer token.
-func NewBearerAuthWithRefreshRoundTripper(bearer string, tokenFile string, rt http.RoundTripper) (http.RoundTripper, error) {
-	if len(tokenFile) == 0 {
-		return &bearerAuthRoundTripper{bearer, nil, rt}, nil
-	}
-	source := NewCachedFileTokenSource(tokenFile)
-	if len(bearer) == 0 {
-		token, err := source.Token()
-		if err != nil {
-			return nil, err
-		}
-		bearer = token.AccessToken
-	}
-	return &bearerAuthRoundTripper{bearer, source, rt}, nil
-}
-
-func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	if len(req.Header.Get("Authorization")) != 0 {
-		return rt.rt.RoundTrip(req)
-	}
-
-	req = utilnet.CloneRequest(req)
-	token := rt.bearer
-	if rt.source != nil {
-		if refreshedToken, err := rt.source.Token(); err == nil {
-			token = refreshedToken.AccessToken
-		}
-	}
-	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
-	return rt.rt.RoundTrip(req)
-}
-
-func (rt *bearerAuthRoundTripper) CancelRequest(req *http.Request) {
-	if canceler, ok := rt.rt.(requestCanceler); ok {
-		canceler.CancelRequest(req)
-	} else {
-		klog.Errorf("CancelRequest not implemented by %T", rt.rt)
-	}
-}
-
-func (rt *bearerAuthRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-// requestInfo keeps track of information about a request/response combination
-type requestInfo struct {
-	RequestHeaders http.Header
-	RequestVerb    string
-	RequestURL     string
-
-	ResponseStatus  string
-	ResponseHeaders http.Header
-	ResponseErr     error
-
-	Duration time.Duration
-}
-
-// newRequestInfo creates a new RequestInfo based on an http request
-func newRequestInfo(req *http.Request) *requestInfo {
-	return &requestInfo{
-		RequestURL:     req.URL.String(),
-		RequestVerb:    req.Method,
-		RequestHeaders: req.Header,
-	}
-}
-
-// complete adds information about the response to the requestInfo
-func (r *requestInfo) complete(response *http.Response, err error) {
-	if err != nil {
-		r.ResponseErr = err
-		return
-	}
-	r.ResponseStatus = response.Status
-	r.ResponseHeaders = response.Header
-}
-
-// toCurl returns a string that can be run as a command in a terminal (minus the body)
-func (r *requestInfo) toCurl() string {
-	headers := ""
-	for key, values := range r.RequestHeaders {
-		for _, value := range values {
-			headers += fmt.Sprintf(` -H %q`, fmt.Sprintf("%s: %s", key, value))
-		}
-	}
-
-	return fmt.Sprintf("curl -k -v -X%s %s '%s'", r.RequestVerb, headers, r.RequestURL)
-}
-
-// debuggingRoundTripper will display information about the requests passing
-// through it based on what is configured
-type debuggingRoundTripper struct {
-	delegatedRoundTripper http.RoundTripper
-
-	levels map[debugLevel]bool
-}
-
-type debugLevel int
-
-const (
-	debugJustURL debugLevel = iota
-	debugURLTiming
-	debugCurlCommand
-	debugRequestHeaders
-	debugResponseStatus
-	debugResponseHeaders
-)
-
-func newDebuggingRoundTripper(rt http.RoundTripper, levels ...debugLevel) *debuggingRoundTripper {
-	drt := &debuggingRoundTripper{
-		delegatedRoundTripper: rt,
-		levels:                make(map[debugLevel]bool, len(levels)),
-	}
-	for _, v := range levels {
-		drt.levels[v] = true
-	}
-	return drt
-}
-
-func (rt *debuggingRoundTripper) CancelRequest(req *http.Request) {
-	if canceler, ok := rt.delegatedRoundTripper.(requestCanceler); ok {
-		canceler.CancelRequest(req)
-	} else {
-		klog.Errorf("CancelRequest not implemented by %T", rt.delegatedRoundTripper)
-	}
-}
-
-func (rt *debuggingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
-	reqInfo := newRequestInfo(req)
-
-	if rt.levels[debugJustURL] {
-		klog.Infof("%s %s", reqInfo.RequestVerb, reqInfo.RequestURL)
-	}
-	if rt.levels[debugCurlCommand] {
-		klog.Infof("%s", reqInfo.toCurl())
-
-	}
-	if rt.levels[debugRequestHeaders] {
-		klog.Infof("Request Headers:")
-		for key, values := range reqInfo.RequestHeaders {
-			for _, value := range values {
-				klog.Infof("    %s: %s", key, value)
-			}
-		}
-	}
-
-	startTime := time.Now()
-	response, err := rt.delegatedRoundTripper.RoundTrip(req)
-	reqInfo.Duration = time.Since(startTime)
-
-	reqInfo.complete(response, err)
-
-	if rt.levels[debugURLTiming] {
-		klog.Infof("%s %s %s in %d milliseconds", reqInfo.RequestVerb, reqInfo.RequestURL, reqInfo.ResponseStatus, reqInfo.Duration.Nanoseconds()/int64(time.Millisecond))
-	}
-	if rt.levels[debugResponseStatus] {
-		klog.Infof("Response Status: %s in %d milliseconds", reqInfo.ResponseStatus, reqInfo.Duration.Nanoseconds()/int64(time.Millisecond))
-	}
-	if rt.levels[debugResponseHeaders] {
-		klog.Infof("Response Headers:")
-		for key, values := range reqInfo.ResponseHeaders {
-			for _, value := range values {
-				klog.Infof("    %s: %s", key, value)
-			}
-		}
-	}
-
-	return response, err
-}
-
-func (rt *debuggingRoundTripper) WrappedRoundTripper() http.RoundTripper {
-	return rt.delegatedRoundTripper
-}
-
-func legalHeaderByte(b byte) bool {
-	return int(b) < len(legalHeaderKeyBytes) && legalHeaderKeyBytes[b]
-}
-
-func shouldEscape(b byte) bool {
-	// url.PathUnescape() returns an error if any '%' is not followed by two
-	// hexadecimal digits, so we'll intentionally encode it.
-	return !legalHeaderByte(b) || b == '%'
-}
-
-func headerKeyEscape(key string) string {
-	buf := strings.Builder{}
-	for i := 0; i < len(key); i++ {
-		b := key[i]
-		if shouldEscape(b) {
-			// %-encode bytes that should be escaped:
-			// https://tools.ietf.org/html/rfc3986#section-2.1
-			fmt.Fprintf(&buf, "%%%02X", b)
-			continue
-		}
-		buf.WriteByte(b)
-	}
-	return buf.String()
-}
-
-// legalHeaderKeyBytes was copied from net/http/lex.go's isTokenTable.
-// See https://httpwg.github.io/specs/rfc7230.html#rule.token.separators
-var legalHeaderKeyBytes = [127]bool{
-	'%':  true,
-	'!':  true,
-	'#':  true,
-	'$':  true,
-	'&':  true,
-	'\'': true,
-	'*':  true,
-	'+':  true,
-	'-':  true,
-	'.':  true,
-	'0':  true,
-	'1':  true,
-	'2':  true,
-	'3':  true,
-	'4':  true,
-	'5':  true,
-	'6':  true,
-	'7':  true,
-	'8':  true,
-	'9':  true,
-	'A':  true,
-	'B':  true,
-	'C':  true,
-	'D':  true,
-	'E':  true,
-	'F':  true,
-	'G':  true,
-	'H':  true,
-	'I':  true,
-	'J':  true,
-	'K':  true,
-	'L':  true,
-	'M':  true,
-	'N':  true,
-	'O':  true,
-	'P':  true,
-	'Q':  true,
-	'R':  true,
-	'S':  true,
-	'T':  true,
-	'U':  true,
-	'W':  true,
-	'V':  true,
-	'X':  true,
-	'Y':  true,
-	'Z':  true,
-	'^':  true,
-	'_':  true,
-	'`':  true,
-	'a':  true,
-	'b':  true,
-	'c':  true,
-	'd':  true,
-	'e':  true,
-	'f':  true,
-	'g':  true,
-	'h':  true,
-	'i':  true,
-	'j':  true,
-	'k':  true,
-	'l':  true,
-	'm':  true,
-	'n':  true,
-	'o':  true,
-	'p':  true,
-	'q':  true,
-	'r':  true,
-	's':  true,
-	't':  true,
-	'u':  true,
-	'v':  true,
-	'w':  true,
-	'x':  true,
-	'y':  true,
-	'z':  true,
-	'|':  true,
-	'~':  true,
-}
diff --git a/vendor/k8s.io/client-go/transport/spdy/spdy.go b/vendor/k8s.io/client-go/transport/spdy/spdy.go
deleted file mode 100644
index 53cc7ee18..000000000
--- a/vendor/k8s.io/client-go/transport/spdy/spdy.go
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package spdy
-
-import (
-	"fmt"
-	"net/http"
-	"net/url"
-
-	"k8s.io/apimachinery/pkg/util/httpstream"
-	"k8s.io/apimachinery/pkg/util/httpstream/spdy"
-	restclient "k8s.io/client-go/rest"
-)
-
-// Upgrader validates a response from the server after a SPDY upgrade.
-type Upgrader interface {
-	// NewConnection validates the response and creates a new Connection.
-	NewConnection(resp *http.Response) (httpstream.Connection, error)
-}
-
-// RoundTripperFor returns a round tripper and upgrader to use with SPDY.
-func RoundTripperFor(config *restclient.Config) (http.RoundTripper, Upgrader, error) {
-	tlsConfig, err := restclient.TLSConfigFor(config)
-	if err != nil {
-		return nil, nil, err
-	}
-	upgradeRoundTripper := spdy.NewRoundTripper(tlsConfig, true, false)
-	wrapper, err := restclient.HTTPWrappersForConfig(config, upgradeRoundTripper)
-	if err != nil {
-		return nil, nil, err
-	}
-	return wrapper, upgradeRoundTripper, nil
-}
-
-// dialer implements the httpstream.Dialer interface.
-type dialer struct {
-	client   *http.Client
-	upgrader Upgrader
-	method   string
-	url      *url.URL
-}
-
-var _ httpstream.Dialer = &dialer{}
-
-// NewDialer will create a dialer that connects to the provided URL and upgrades the connection to SPDY.
-func NewDialer(upgrader Upgrader, client *http.Client, method string, url *url.URL) httpstream.Dialer {
-	return &dialer{
-		client:   client,
-		upgrader: upgrader,
-		method:   method,
-		url:      url,
-	}
-}
-
-func (d *dialer) Dial(protocols ...string) (httpstream.Connection, string, error) {
-	req, err := http.NewRequest(d.method, d.url.String(), nil)
-	if err != nil {
-		return nil, "", fmt.Errorf("error creating request: %v", err)
-	}
-	return Negotiate(d.upgrader, d.client, req, protocols...)
-}
-
-// Negotiate opens a connection to a remote server and attempts to negotiate
-// a SPDY connection. Upon success, it returns the connection and the protocol selected by
-// the server. The client transport must use the upgradeRoundTripper - see RoundTripperFor.
-func Negotiate(upgrader Upgrader, client *http.Client, req *http.Request, protocols ...string) (httpstream.Connection, string, error) {
-	for i := range protocols {
-		req.Header.Add(httpstream.HeaderProtocolVersion, protocols[i])
-	}
-	resp, err := client.Do(req)
-	if err != nil {
-		return nil, "", fmt.Errorf("error sending request: %v", err)
-	}
-	defer resp.Body.Close()
-	conn, err := upgrader.NewConnection(resp)
-	if err != nil {
-		return nil, "", err
-	}
-	return conn, resp.Header.Get(httpstream.HeaderProtocolVersion), nil
-}
diff --git a/vendor/k8s.io/client-go/transport/token_source.go b/vendor/k8s.io/client-go/transport/token_source.go
deleted file mode 100644
index b8cadd382..000000000
--- a/vendor/k8s.io/client-go/transport/token_source.go
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"strings"
-	"sync"
-	"time"
-
-	"golang.org/x/oauth2"
-	"k8s.io/klog"
-)
-
-// TokenSourceWrapTransport returns a WrapTransport that injects bearer tokens
-// authentication from an oauth2.TokenSource.
-func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) http.RoundTripper {
-	return func(rt http.RoundTripper) http.RoundTripper {
-		return &tokenSourceTransport{
-			base: rt,
-			ort: &oauth2.Transport{
-				Source: ts,
-				Base:   rt,
-			},
-		}
-	}
-}
-
-// NewCachedFileTokenSource returns a oauth2.TokenSource reads a token from a
-// file at a specified path and periodically reloads it.
-func NewCachedFileTokenSource(path string) oauth2.TokenSource {
-	return &cachingTokenSource{
-		now:    time.Now,
-		leeway: 10 * time.Second,
-		base: &fileTokenSource{
-			path: path,
-			// This period was picked because it is half of the duration between when the kubelet
-			// refreshes a projected service account token and when the original token expires.
-			// Default token lifetime is 10 minutes, and the kubelet starts refreshing at 80% of lifetime.
-			// This should induce re-reading at a frequency that works with the token volume source.
-			period: time.Minute,
-		},
-	}
-}
-
-// NewCachedTokenSource returns a oauth2.TokenSource reads a token from a
-// designed TokenSource. The ts would provide the source of token.
-func NewCachedTokenSource(ts oauth2.TokenSource) oauth2.TokenSource {
-	return &cachingTokenSource{
-		now:  time.Now,
-		base: ts,
-	}
-}
-
-type tokenSourceTransport struct {
-	base http.RoundTripper
-	ort  http.RoundTripper
-}
-
-func (tst *tokenSourceTransport) RoundTrip(req *http.Request) (*http.Response, error) {
-	// This is to allow --token to override other bearer token providers.
-	if req.Header.Get("Authorization") != "" {
-		return tst.base.RoundTrip(req)
-	}
-	return tst.ort.RoundTrip(req)
-}
-
-type fileTokenSource struct {
-	path   string
-	period time.Duration
-}
-
-var _ = oauth2.TokenSource(&fileTokenSource{})
-
-func (ts *fileTokenSource) Token() (*oauth2.Token, error) {
-	tokb, err := ioutil.ReadFile(ts.path)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read token file %q: %v", ts.path, err)
-	}
-	tok := strings.TrimSpace(string(tokb))
-	if len(tok) == 0 {
-		return nil, fmt.Errorf("read empty token from file %q", ts.path)
-	}
-
-	return &oauth2.Token{
-		AccessToken: tok,
-		Expiry:      time.Now().Add(ts.period),
-	}, nil
-}
-
-type cachingTokenSource struct {
-	base   oauth2.TokenSource
-	leeway time.Duration
-
-	sync.RWMutex
-	tok *oauth2.Token
-
-	// for testing
-	now func() time.Time
-}
-
-var _ = oauth2.TokenSource(&cachingTokenSource{})
-
-func (ts *cachingTokenSource) Token() (*oauth2.Token, error) {
-	now := ts.now()
-	// fast path
-	ts.RLock()
-	tok := ts.tok
-	ts.RUnlock()
-
-	if tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) {
-		return tok, nil
-	}
-
-	// slow path
-	ts.Lock()
-	defer ts.Unlock()
-	if tok := ts.tok; tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) {
-		return tok, nil
-	}
-
-	tok, err := ts.base.Token()
-	if err != nil {
-		if ts.tok == nil {
-			return nil, err
-		}
-		klog.Errorf("Unable to rotate token: %v", err)
-		return ts.tok, nil
-	}
-
-	ts.tok = tok
-	return tok, nil
-}
diff --git a/vendor/k8s.io/client-go/transport/transport.go b/vendor/k8s.io/client-go/transport/transport.go
deleted file mode 100644
index 2a145c971..000000000
--- a/vendor/k8s.io/client-go/transport/transport.go
+++ /dev/null
@@ -1,227 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
-	"context"
-	"crypto/tls"
-	"crypto/x509"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-)
-
-// New returns an http.RoundTripper that will provide the authentication
-// or transport level security defined by the provided Config.
-func New(config *Config) (http.RoundTripper, error) {
-	// Set transport level security
-	if config.Transport != nil && (config.HasCA() || config.HasCertAuth() || config.HasCertCallback() || config.TLS.Insecure) {
-		return nil, fmt.Errorf("using a custom transport with TLS certificate options or the insecure flag is not allowed")
-	}
-
-	var (
-		rt  http.RoundTripper
-		err error
-	)
-
-	if config.Transport != nil {
-		rt = config.Transport
-	} else {
-		rt, err = tlsCache.get(config)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	return HTTPWrappersForConfig(config, rt)
-}
-
-// TLSConfigFor returns a tls.Config that will provide the transport level security defined
-// by the provided Config. Will return nil if no transport level security is requested.
-func TLSConfigFor(c *Config) (*tls.Config, error) {
-	if !(c.HasCA() || c.HasCertAuth() || c.HasCertCallback() || c.TLS.Insecure || len(c.TLS.ServerName) > 0) {
-		return nil, nil
-	}
-	if c.HasCA() && c.TLS.Insecure {
-		return nil, fmt.Errorf("specifying a root certificates file with the insecure flag is not allowed")
-	}
-	if err := loadTLSFiles(c); err != nil {
-		return nil, err
-	}
-
-	tlsConfig := &tls.Config{
-		// Can't use SSLv3 because of POODLE and BEAST
-		// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
-		// Can't use TLSv1.1 because of RC4 cipher usage
-		MinVersion:         tls.VersionTLS12,
-		InsecureSkipVerify: c.TLS.Insecure,
-		ServerName:         c.TLS.ServerName,
-	}
-
-	if c.HasCA() {
-		tlsConfig.RootCAs = rootCertPool(c.TLS.CAData)
-	}
-
-	var staticCert *tls.Certificate
-	if c.HasCertAuth() {
-		// If key/cert were provided, verify them before setting up
-		// tlsConfig.GetClientCertificate.
-		cert, err := tls.X509KeyPair(c.TLS.CertData, c.TLS.KeyData)
-		if err != nil {
-			return nil, err
-		}
-		staticCert = &cert
-	}
-
-	if c.HasCertAuth() || c.HasCertCallback() {
-		tlsConfig.GetClientCertificate = func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
-			// Note: static key/cert data always take precedence over cert
-			// callback.
-			if staticCert != nil {
-				return staticCert, nil
-			}
-			if c.HasCertCallback() {
-				cert, err := c.TLS.GetCert()
-				if err != nil {
-					return nil, err
-				}
-				// GetCert may return empty value, meaning no cert.
-				if cert != nil {
-					return cert, nil
-				}
-			}
-
-			// Both c.TLS.CertData/KeyData were unset and GetCert didn't return
-			// anything. Return an empty tls.Certificate, no client cert will
-			// be sent to the server.
-			return &tls.Certificate{}, nil
-		}
-	}
-
-	return tlsConfig, nil
-}
-
-// loadTLSFiles copies the data from the CertFile, KeyFile, and CAFile fields into the CertData,
-// KeyData, and CAFile fields, or returns an error. If no error is returned, all three fields are
-// either populated or were empty to start.
-func loadTLSFiles(c *Config) error {
-	var err error
-	c.TLS.CAData, err = dataFromSliceOrFile(c.TLS.CAData, c.TLS.CAFile)
-	if err != nil {
-		return err
-	}
-
-	c.TLS.CertData, err = dataFromSliceOrFile(c.TLS.CertData, c.TLS.CertFile)
-	if err != nil {
-		return err
-	}
-
-	c.TLS.KeyData, err = dataFromSliceOrFile(c.TLS.KeyData, c.TLS.KeyFile)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// dataFromSliceOrFile returns data from the slice (if non-empty), or from the file,
-// or an error if an error occurred reading the file
-func dataFromSliceOrFile(data []byte, file string) ([]byte, error) {
-	if len(data) > 0 {
-		return data, nil
-	}
-	if len(file) > 0 {
-		fileData, err := ioutil.ReadFile(file)
-		if err != nil {
-			return []byte{}, err
-		}
-		return fileData, nil
-	}
-	return nil, nil
-}
-
-// rootCertPool returns nil if caData is empty.  When passed along, this will mean "use system CAs".
-// When caData is not empty, it will be the ONLY information used in the CertPool.
-func rootCertPool(caData []byte) *x509.CertPool {
-	// What we really want is a copy of x509.systemRootsPool, but that isn't exposed.  It's difficult to build (see the go
-	// code for a look at the platform specific insanity), so we'll use the fact that RootCAs == nil gives us the system values
-	// It doesn't allow trusting either/or, but hopefully that won't be an issue
-	if len(caData) == 0 {
-		return nil
-	}
-
-	// if we have caData, use it
-	certPool := x509.NewCertPool()
-	certPool.AppendCertsFromPEM(caData)
-	return certPool
-}
-
-// WrapperFunc wraps an http.RoundTripper when a new transport
-// is created for a client, allowing per connection behavior
-// to be injected.
-type WrapperFunc func(rt http.RoundTripper) http.RoundTripper
-
-// Wrappers accepts any number of wrappers and returns a wrapper
-// function that is the equivalent of calling each of them in order. Nil
-// values are ignored, which makes this function convenient for incrementally
-// wrapping a function.
-func Wrappers(fns ...WrapperFunc) WrapperFunc {
-	if len(fns) == 0 {
-		return nil
-	}
-	// optimize the common case of wrapping a possibly nil transport wrapper
-	// with an additional wrapper
-	if len(fns) == 2 && fns[0] == nil {
-		return fns[1]
-	}
-	return func(rt http.RoundTripper) http.RoundTripper {
-		base := rt
-		for _, fn := range fns {
-			if fn != nil {
-				base = fn(base)
-			}
-		}
-		return base
-	}
-}
-
-// ContextCanceller prevents new requests after the provided context is finished.
-// err is returned when the context is closed, allowing the caller to provide a context
-// appropriate error.
-func ContextCanceller(ctx context.Context, err error) WrapperFunc {
-	return func(rt http.RoundTripper) http.RoundTripper {
-		return &contextCanceller{
-			ctx: ctx,
-			rt:  rt,
-			err: err,
-		}
-	}
-}
-
-type contextCanceller struct {
-	ctx context.Context
-	rt  http.RoundTripper
-	err error
-}
-
-func (b *contextCanceller) RoundTrip(req *http.Request) (*http.Response, error) {
-	select {
-	case <-b.ctx.Done():
-		return nil, b.err
-	default:
-		return b.rt.RoundTrip(req)
-	}
-}