summaryrefslogtreecommitdiff
path: root/vendor/k8s.io/client-go
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2019-01-08 14:52:57 +0100
committerValentin Rothberg <rothberg@redhat.com>2019-01-11 13:38:11 +0100
commitbd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87 (patch)
tree5f06e4e289f16d9164d692590a3fe6541b5384cf /vendor/k8s.io/client-go
parent545f24421247c9f6251a634764db3f8f8070a812 (diff)
downloadpodman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.tar.gz
podman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.tar.bz2
podman-bd40dcfc2bc7c9014ea1f33482fb63aacbcdfe87.zip
vendor: update everything
* If possible, update each dependency to the latest available version. * Use releases over commit IDs and avoid vendoring branches. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'vendor/k8s.io/client-go')
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go19
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go50
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go70
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go23
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go55
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go70
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go141
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go137
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go32
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go137
-rw-r--r--vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go280
-rw-r--r--vendor/k8s.io/client-go/rest/config.go4
-rw-r--r--vendor/k8s.io/client-go/rest/transport.go15
-rw-r--r--vendor/k8s.io/client-go/rest/versions.go88
-rw-r--r--vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go2
-rw-r--r--vendor/k8s.io/client-go/tools/clientcmd/api/types.go32
-rw-r--r--vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go56
-rw-r--r--vendor/k8s.io/client-go/transport/cache.go6
-rw-r--r--vendor/k8s.io/client-go/transport/round_trippers.go112
-rw-r--r--vendor/k8s.io/client-go/transport/transport.go2
-rw-r--r--vendor/k8s.io/client-go/util/cert/cert.go40
21 files changed, 1269 insertions, 102 deletions
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go
new file mode 100644
index 000000000..d06482d55
--- /dev/null
+++ b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go
@@ -0,0 +1,19 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:deepcopy-gen=package
+// +groupName=client.authentication.k8s.io
+package clientauthentication // import "k8s.io/client-go/pkg/apis/clientauthentication"
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go
new file mode 100644
index 000000000..e4fbc3ea9
--- /dev/null
+++ b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go
@@ -0,0 +1,50 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package clientauthentication
+
+import (
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// GroupName is the group name use in this package
+const GroupName = "client.authentication.k8s.io"
+
+// SchemeGroupVersion is group version used to register these objects
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
+
+// Kind takes an unqualified kind and returns a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+ return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+ return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+ SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+ AddToScheme = SchemeBuilder.AddToScheme
+)
+
+func addKnownTypes(scheme *runtime.Scheme) error {
+ scheme.AddKnownTypes(SchemeGroupVersion,
+ &ExecCredential{},
+ )
+ return nil
+}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go
new file mode 100644
index 000000000..5c05825f6
--- /dev/null
+++ b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go
@@ -0,0 +1,70 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package clientauthentication
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ExecCredentials is used by exec-based plugins to communicate credentials to
+// HTTP transports.
+type ExecCredential struct {
+ metav1.TypeMeta
+
+ // Spec holds information passed to the plugin by the transport. This contains
+ // request and runtime specific information, such as if the session is interactive.
+ Spec ExecCredentialSpec
+
+ // Status is filled in by the plugin and holds the credentials that the transport
+ // should use to contact the API.
+ // +optional
+ Status *ExecCredentialStatus
+}
+
+// ExecCredenitalSpec holds request and runtime specific information provided by
+// the transport.
+type ExecCredentialSpec struct {
+ // Response is populated when the transport encounters HTTP status codes, such as 401,
+ // suggesting previous credentials were invalid.
+ // +optional
+ Response *Response
+
+ // Interactive is true when the transport detects the command is being called from an
+ // interactive prompt.
+ // +optional
+ Interactive bool
+}
+
+// ExecCredentialStatus holds credentials for the transport to use.
+type ExecCredentialStatus struct {
+ // ExpirationTimestamp indicates a time when the provided credentials expire.
+ // +optional
+ ExpirationTimestamp *metav1.Time
+ // Token is a bearer token used by the client for request authentication.
+ Token string
+}
+
+// Response defines metadata about a failed request, including HTTP status code and
+// response headers.
+type Response struct {
+ // Headers holds HTTP headers returned by the server.
+ Header map[string][]string
+ // Code is the HTTP status code returned by the server.
+ Code int32
+}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go
new file mode 100644
index 000000000..016adb28a
--- /dev/null
+++ b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go
@@ -0,0 +1,23 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:deepcopy-gen=package
+// +k8s:conversion-gen=k8s.io/client-go/pkg/apis/clientauthentication
+// +k8s:openapi-gen=true
+// +k8s:defaulter-gen=TypeMeta
+
+// +groupName=client.authentication.k8s.io
+package v1alpha1 // import "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1"
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go
new file mode 100644
index 000000000..2acd13dea
--- /dev/null
+++ b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go
@@ -0,0 +1,55 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// GroupName is the group name use in this package
+const GroupName = "client.authentication.k8s.io"
+
+// SchemeGroupVersion is group version used to register these objects
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+ return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+ SchemeBuilder runtime.SchemeBuilder
+ localSchemeBuilder = &SchemeBuilder
+ AddToScheme = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+ // We only register manually written functions here. The registration of the
+ // generated functions takes place in the generated files. The separation
+ // makes the code compile even when the generated files are missing.
+ localSchemeBuilder.Register(addKnownTypes)
+}
+
+func addKnownTypes(scheme *runtime.Scheme) error {
+ scheme.AddKnownTypes(SchemeGroupVersion,
+ &ExecCredential{},
+ )
+ metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
+ return nil
+}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go
new file mode 100644
index 000000000..8920d3187
--- /dev/null
+++ b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go
@@ -0,0 +1,70 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ExecCredentials is used by exec-based plugins to communicate credentials to
+// HTTP transports.
+type ExecCredential struct {
+ metav1.TypeMeta `json:",inline"`
+
+ // Spec holds information passed to the plugin by the transport. This contains
+ // request and runtime specific information, such as if the session is interactive.
+ Spec ExecCredentialSpec `json:"spec,omitempty"`
+
+ // Status is filled in by the plugin and holds the credentials that the transport
+ // should use to contact the API.
+ // +optional
+ Status *ExecCredentialStatus `json:"status,omitempty"`
+}
+
+// ExecCredenitalSpec holds request and runtime specific information provided by
+// the transport.
+type ExecCredentialSpec struct {
+ // Response is populated when the transport encounters HTTP status codes, such as 401,
+ // suggesting previous credentials were invalid.
+ // +optional
+ Response *Response `json:"response,omitempty"`
+
+ // Interactive is true when the transport detects the command is being called from an
+ // interactive prompt.
+ // +optional
+ Interactive bool `json:"interactive,omitempty"`
+}
+
+// ExecCredentialStatus holds credentials for the transport to use.
+type ExecCredentialStatus struct {
+ // ExpirationTimestamp indicates a time when the provided credentials expire.
+ // +optional
+ ExpirationTimestamp *metav1.Time `json:"expirationTimestamp,omitempty"`
+ // Token is a bearer token used by the client for request authentication.
+ Token string `json:"token,omitempty"`
+}
+
+// Response defines metadata about a failed request, including HTTP status code and
+// response headers.
+type Response struct {
+ // Header holds HTTP headers returned by the server.
+ Header map[string][]string `json:"header,omitempty"`
+ // Code is the HTTP status code returned by the server.
+ Code int32 `json:"code,omitempty"`
+}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go
new file mode 100644
index 000000000..bf28baef2
--- /dev/null
+++ b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go
@@ -0,0 +1,141 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by conversion-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ unsafe "unsafe"
+
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ conversion "k8s.io/apimachinery/pkg/conversion"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication"
+)
+
+func init() {
+ localSchemeBuilder.Register(RegisterConversions)
+}
+
+// RegisterConversions adds conversion functions to the given scheme.
+// Public to allow building arbitrary schemes.
+func RegisterConversions(scheme *runtime.Scheme) error {
+ return scheme.AddGeneratedConversionFuncs(
+ Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential,
+ Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential,
+ Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec,
+ Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec,
+ Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus,
+ Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus,
+ Convert_v1alpha1_Response_To_clientauthentication_Response,
+ Convert_clientauthentication_Response_To_v1alpha1_Response,
+ )
+}
+
+func autoConvert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error {
+ if err := Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
+ return err
+ }
+ out.Status = (*clientauthentication.ExecCredentialStatus)(unsafe.Pointer(in.Status))
+ return nil
+}
+
+// Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential is an autogenerated conversion function.
+func Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error {
+ return autoConvert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in, out, s)
+}
+
+func autoConvert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error {
+ if err := Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
+ return err
+ }
+ out.Status = (*ExecCredentialStatus)(unsafe.Pointer(in.Status))
+ return nil
+}
+
+// Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential is an autogenerated conversion function.
+func Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error {
+ return autoConvert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in, out, s)
+}
+
+func autoConvert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error {
+ out.Response = (*clientauthentication.Response)(unsafe.Pointer(in.Response))
+ out.Interactive = in.Interactive
+ return nil
+}
+
+// Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec is an autogenerated conversion function.
+func Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error {
+ return autoConvert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in, out, s)
+}
+
+func autoConvert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
+ out.Response = (*Response)(unsafe.Pointer(in.Response))
+ out.Interactive = in.Interactive
+ return nil
+}
+
+// Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec is an autogenerated conversion function.
+func Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
+ return autoConvert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in, out, s)
+}
+
+func autoConvert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
+ out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
+ out.Token = in.Token
+ return nil
+}
+
+// Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus is an autogenerated conversion function.
+func Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
+ return autoConvert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in, out, s)
+}
+
+func autoConvert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error {
+ out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
+ out.Token = in.Token
+ return nil
+}
+
+// Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus is an autogenerated conversion function.
+func Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error {
+ return autoConvert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in, out, s)
+}
+
+func autoConvert_v1alpha1_Response_To_clientauthentication_Response(in *Response, out *clientauthentication.Response, s conversion.Scope) error {
+ out.Header = *(*map[string][]string)(unsafe.Pointer(&in.Header))
+ out.Code = in.Code
+ return nil
+}
+
+// Convert_v1alpha1_Response_To_clientauthentication_Response is an autogenerated conversion function.
+func Convert_v1alpha1_Response_To_clientauthentication_Response(in *Response, out *clientauthentication.Response, s conversion.Scope) error {
+ return autoConvert_v1alpha1_Response_To_clientauthentication_Response(in, out, s)
+}
+
+func autoConvert_clientauthentication_Response_To_v1alpha1_Response(in *clientauthentication.Response, out *Response, s conversion.Scope) error {
+ out.Header = *(*map[string][]string)(unsafe.Pointer(&in.Header))
+ out.Code = in.Code
+ return nil
+}
+
+// Convert_clientauthentication_Response_To_v1alpha1_Response is an autogenerated conversion function.
+func Convert_clientauthentication_Response_To_v1alpha1_Response(in *clientauthentication.Response, out *Response, s conversion.Scope) error {
+ return autoConvert_clientauthentication_Response_To_v1alpha1_Response(in, out, s)
+}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go
new file mode 100644
index 000000000..c6dbbce4d
--- /dev/null
+++ b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go
@@ -0,0 +1,137 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExecCredential) DeepCopyInto(out *ExecCredential) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.Spec.DeepCopyInto(&out.Spec)
+ if in.Status != nil {
+ in, out := &in.Status, &out.Status
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(ExecCredentialStatus)
+ (*in).DeepCopyInto(*out)
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredential.
+func (in *ExecCredential) DeepCopy() *ExecCredential {
+ if in == nil {
+ return nil
+ }
+ out := new(ExecCredential)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ExecCredential) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) {
+ *out = *in
+ if in.Response != nil {
+ in, out := &in.Response, &out.Response
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(Response)
+ (*in).DeepCopyInto(*out)
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialSpec.
+func (in *ExecCredentialSpec) DeepCopy() *ExecCredentialSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(ExecCredentialSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExecCredentialStatus) DeepCopyInto(out *ExecCredentialStatus) {
+ *out = *in
+ if in.ExpirationTimestamp != nil {
+ in, out := &in.ExpirationTimestamp, &out.ExpirationTimestamp
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = (*in).DeepCopy()
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialStatus.
+func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus {
+ if in == nil {
+ return nil
+ }
+ out := new(ExecCredentialStatus)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Response) DeepCopyInto(out *Response) {
+ *out = *in
+ if in.Header != nil {
+ in, out := &in.Header, &out.Header
+ *out = make(map[string][]string, len(*in))
+ for key, val := range *in {
+ if val == nil {
+ (*out)[key] = nil
+ } else {
+ (*out)[key] = make([]string, len(val))
+ copy((*out)[key], val)
+ }
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response.
+func (in *Response) DeepCopy() *Response {
+ if in == nil {
+ return nil
+ }
+ out := new(Response)
+ in.DeepCopyInto(out)
+ return out
+}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go
new file mode 100644
index 000000000..2bd0078a3
--- /dev/null
+++ b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go
@@ -0,0 +1,32 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by defaulter-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// RegisterDefaults adds defaulters functions to the given scheme.
+// Public to allow building arbitrary schemes.
+// All generated defaulters are covering - they call all nested defaulters.
+func RegisterDefaults(scheme *runtime.Scheme) error {
+ return nil
+}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go
new file mode 100644
index 000000000..f8b15d848
--- /dev/null
+++ b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go
@@ -0,0 +1,137 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package clientauthentication
+
+import (
+ runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExecCredential) DeepCopyInto(out *ExecCredential) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.Spec.DeepCopyInto(&out.Spec)
+ if in.Status != nil {
+ in, out := &in.Status, &out.Status
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(ExecCredentialStatus)
+ (*in).DeepCopyInto(*out)
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredential.
+func (in *ExecCredential) DeepCopy() *ExecCredential {
+ if in == nil {
+ return nil
+ }
+ out := new(ExecCredential)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ExecCredential) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) {
+ *out = *in
+ if in.Response != nil {
+ in, out := &in.Response, &out.Response
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(Response)
+ (*in).DeepCopyInto(*out)
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialSpec.
+func (in *ExecCredentialSpec) DeepCopy() *ExecCredentialSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(ExecCredentialSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExecCredentialStatus) DeepCopyInto(out *ExecCredentialStatus) {
+ *out = *in
+ if in.ExpirationTimestamp != nil {
+ in, out := &in.ExpirationTimestamp, &out.ExpirationTimestamp
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = (*in).DeepCopy()
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialStatus.
+func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus {
+ if in == nil {
+ return nil
+ }
+ out := new(ExecCredentialStatus)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Response) DeepCopyInto(out *Response) {
+ *out = *in
+ if in.Header != nil {
+ in, out := &in.Header, &out.Header
+ *out = make(map[string][]string, len(*in))
+ for key, val := range *in {
+ if val == nil {
+ (*out)[key] = nil
+ } else {
+ (*out)[key] = make([]string, len(val))
+ copy((*out)[key], val)
+ }
+ }
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response.
+func (in *Response) DeepCopy() *Response {
+ if in == nil {
+ return nil
+ }
+ out := new(Response)
+ in.DeepCopyInto(out)
+ return out
+}
diff --git a/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go b/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
new file mode 100644
index 000000000..dfd434d0c
--- /dev/null
+++ b/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
@@ -0,0 +1,280 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package exec
+
+import (
+ "bytes"
+ "fmt"
+ "io"
+ "net/http"
+ "os"
+ "os/exec"
+ "sync"
+ "time"
+
+ "github.com/golang/glog"
+ "golang.org/x/crypto/ssh/terminal"
+ "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ "k8s.io/apimachinery/pkg/runtime/serializer"
+ "k8s.io/client-go/pkg/apis/clientauthentication"
+ "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1"
+ "k8s.io/client-go/tools/clientcmd/api"
+)
+
+const execInfoEnv = "KUBERNETES_EXEC_INFO"
+
+var scheme = runtime.NewScheme()
+var codecs = serializer.NewCodecFactory(scheme)
+
+func init() {
+ v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"})
+ v1alpha1.AddToScheme(scheme)
+ clientauthentication.AddToScheme(scheme)
+}
+
+var (
+ // Since transports can be constantly re-initialized by programs like kubectl,
+ // keep a cache of initialized authenticators keyed by a hash of their config.
+ globalCache = newCache()
+ // The list of API versions we accept.
+ apiVersions = map[string]schema.GroupVersion{
+ v1alpha1.SchemeGroupVersion.String(): v1alpha1.SchemeGroupVersion,
+ }
+)
+
+func newCache() *cache {
+ return &cache{m: make(map[string]*Authenticator)}
+}
+
+func cacheKey(c *api.ExecConfig) string {
+ return fmt.Sprintf("%#v", c)
+}
+
+type cache struct {
+ mu sync.Mutex
+ m map[string]*Authenticator
+}
+
+func (c *cache) get(s string) (*Authenticator, bool) {
+ c.mu.Lock()
+ defer c.mu.Unlock()
+ a, ok := c.m[s]
+ return a, ok
+}
+
+// put inserts an authenticator into the cache. If an authenticator is already
+// associated with the key, the first one is returned instead.
+func (c *cache) put(s string, a *Authenticator) *Authenticator {
+ c.mu.Lock()
+ defer c.mu.Unlock()
+ existing, ok := c.m[s]
+ if ok {
+ return existing
+ }
+ c.m[s] = a
+ return a
+}
+
+// GetAuthenticator returns an exec-based plugin for providing client credentials.
+func GetAuthenticator(config *api.ExecConfig) (*Authenticator, error) {
+ return newAuthenticator(globalCache, config)
+}
+
+func newAuthenticator(c *cache, config *api.ExecConfig) (*Authenticator, error) {
+ key := cacheKey(config)
+ if a, ok := c.get(key); ok {
+ return a, nil
+ }
+
+ gv, ok := apiVersions[config.APIVersion]
+ if !ok {
+ return nil, fmt.Errorf("exec plugin: invalid apiVersion %q", config.APIVersion)
+ }
+
+ a := &Authenticator{
+ cmd: config.Command,
+ args: config.Args,
+ group: gv,
+
+ stdin: os.Stdin,
+ stderr: os.Stderr,
+ interactive: terminal.IsTerminal(int(os.Stdout.Fd())),
+ now: time.Now,
+ environ: os.Environ,
+ }
+
+ for _, env := range config.Env {
+ a.env = append(a.env, env.Name+"="+env.Value)
+ }
+
+ return c.put(key, a), nil
+}
+
+// Authenticator is a client credential provider that rotates credentials by executing a plugin.
+// The plugin input and output are defined by the API group client.authentication.k8s.io.
+type Authenticator struct {
+ // Set by the config
+ cmd string
+ args []string
+ group schema.GroupVersion
+ env []string
+
+ // Stubbable for testing
+ stdin io.Reader
+ stderr io.Writer
+ interactive bool
+ now func() time.Time
+ environ func() []string
+
+ // Cached results.
+ //
+ // The mutex also guards calling the plugin. Since the plugin could be
+ // interactive we want to make sure it's only called once.
+ mu sync.Mutex
+ cachedToken string
+ exp time.Time
+}
+
+// WrapTransport instruments an existing http.RoundTripper with credentials returned
+// by the plugin.
+func (a *Authenticator) WrapTransport(rt http.RoundTripper) http.RoundTripper {
+ return &roundTripper{a, rt}
+}
+
+type roundTripper struct {
+ a *Authenticator
+ base http.RoundTripper
+}
+
+func (r *roundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+ // If a user has already set credentials, use that. This makes commands like
+ // "kubectl get --token (token) pods" work.
+ if req.Header.Get("Authorization") != "" {
+ return r.base.RoundTrip(req)
+ }
+
+ token, err := r.a.token()
+ if err != nil {
+ return nil, fmt.Errorf("getting token: %v", err)
+ }
+ req.Header.Set("Authorization", "Bearer "+token)
+
+ res, err := r.base.RoundTrip(req)
+ if err != nil {
+ return nil, err
+ }
+ if res.StatusCode == http.StatusUnauthorized {
+ resp := &clientauthentication.Response{
+ Header: res.Header,
+ Code: int32(res.StatusCode),
+ }
+ if err := r.a.refresh(token, resp); err != nil {
+ glog.Errorf("refreshing token: %v", err)
+ }
+ }
+ return res, nil
+}
+
+func (a *Authenticator) tokenExpired() bool {
+ if a.exp.IsZero() {
+ return false
+ }
+ return a.now().After(a.exp)
+}
+
+func (a *Authenticator) token() (string, error) {
+ a.mu.Lock()
+ defer a.mu.Unlock()
+ if a.cachedToken != "" && !a.tokenExpired() {
+ return a.cachedToken, nil
+ }
+
+ return a.getToken(nil)
+}
+
+// refresh executes the plugin to force a rotation of the token.
+func (a *Authenticator) refresh(token string, r *clientauthentication.Response) error {
+ a.mu.Lock()
+ defer a.mu.Unlock()
+
+ if token != a.cachedToken {
+ // Token already rotated.
+ return nil
+ }
+
+ _, err := a.getToken(r)
+ return err
+}
+
+// getToken executes the plugin and reads the credentials from stdout. It must be
+// called while holding the Authenticator's mutex.
+func (a *Authenticator) getToken(r *clientauthentication.Response) (string, error) {
+ cred := &clientauthentication.ExecCredential{
+ Spec: clientauthentication.ExecCredentialSpec{
+ Response: r,
+ Interactive: a.interactive,
+ },
+ }
+
+ data, err := runtime.Encode(codecs.LegacyCodec(a.group), cred)
+ if err != nil {
+ return "", fmt.Errorf("encode ExecCredentials: %v", err)
+ }
+
+ env := append(a.environ(), a.env...)
+ env = append(env, fmt.Sprintf("%s=%s", execInfoEnv, data))
+
+ stdout := &bytes.Buffer{}
+ cmd := exec.Command(a.cmd, a.args...)
+ cmd.Env = env
+ cmd.Stderr = a.stderr
+ cmd.Stdout = stdout
+ if a.interactive {
+ cmd.Stdin = a.stdin
+ }
+
+ if err := cmd.Run(); err != nil {
+ return "", fmt.Errorf("exec: %v", err)
+ }
+
+ _, gvk, err := codecs.UniversalDecoder(a.group).Decode(stdout.Bytes(), nil, cred)
+ if err != nil {
+ return "", fmt.Errorf("decode stdout: %v", err)
+ }
+ if gvk.Group != a.group.Group || gvk.Version != a.group.Version {
+ return "", fmt.Errorf("exec plugin is configured to use API version %s, plugin returned version %s",
+ a.group, schema.GroupVersion{Group: gvk.Group, Version: gvk.Version})
+ }
+
+ if cred.Status == nil {
+ return "", fmt.Errorf("exec plugin didn't return a status field")
+ }
+ if cred.Status.Token == "" {
+ return "", fmt.Errorf("exec plugin didn't return a token")
+ }
+
+ if cred.Status.ExpirationTimestamp != nil {
+ a.exp = cred.Status.ExpirationTimestamp.Time
+ } else {
+ a.exp = time.Time{}
+ }
+ a.cachedToken = cred.Status.Token
+
+ return a.cachedToken, nil
+}
diff --git a/vendor/k8s.io/client-go/rest/config.go b/vendor/k8s.io/client-go/rest/config.go
index c1a11b8f0..72a78bc0a 100644
--- a/vendor/k8s.io/client-go/rest/config.go
+++ b/vendor/k8s.io/client-go/rest/config.go
@@ -77,6 +77,9 @@ type Config struct {
// Callback to persist config for AuthProvider.
AuthConfigPersister AuthProviderConfigPersister
+ // Exec-based authentication provider.
+ ExecProvider *clientcmdapi.ExecConfig
+
// TLSClientConfig contains settings to enable transport layer security
TLSClientConfig
@@ -432,6 +435,7 @@ func CopyConfig(config *Config) *Config {
},
AuthProvider: config.AuthProvider,
AuthConfigPersister: config.AuthConfigPersister,
+ ExecProvider: config.ExecProvider,
TLSClientConfig: TLSClientConfig{
Insecure: config.TLSClientConfig.Insecure,
ServerName: config.TLSClientConfig.ServerName,
diff --git a/vendor/k8s.io/client-go/rest/transport.go b/vendor/k8s.io/client-go/rest/transport.go
index 878c6abf1..b6a067632 100644
--- a/vendor/k8s.io/client-go/rest/transport.go
+++ b/vendor/k8s.io/client-go/rest/transport.go
@@ -20,6 +20,7 @@ import (
"crypto/tls"
"net/http"
+ "k8s.io/client-go/plugin/pkg/client/auth/exec"
"k8s.io/client-go/transport"
)
@@ -59,6 +60,20 @@ func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTrip
// TransportConfig converts a client config to an appropriate transport config.
func (c *Config) TransportConfig() (*transport.Config, error) {
wt := c.WrapTransport
+ if c.ExecProvider != nil {
+ provider, err := exec.GetAuthenticator(c.ExecProvider)
+ if err != nil {
+ return nil, err
+ }
+ if wt != nil {
+ previousWT := wt
+ wt = func(rt http.RoundTripper) http.RoundTripper {
+ return provider.WrapTransport(previousWT(rt))
+ }
+ } else {
+ wt = provider.WrapTransport
+ }
+ }
if c.AuthProvider != nil {
provider, err := GetAuthProvider(c.Host, c.AuthProvider, c.AuthConfigPersister)
if err != nil {
diff --git a/vendor/k8s.io/client-go/rest/versions.go b/vendor/k8s.io/client-go/rest/versions.go
deleted file mode 100644
index 9d41812f2..000000000
--- a/vendor/k8s.io/client-go/rest/versions.go
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rest
-
-import (
- "encoding/json"
- "fmt"
- "net/http"
- "path"
-
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-const (
- legacyAPIPath = "/api"
- defaultAPIPath = "/apis"
-)
-
-// TODO: Is this obsoleted by the discovery client?
-
-// ServerAPIVersions returns the GroupVersions supported by the API server.
-// It creates a RESTClient based on the passed in config, but it doesn't rely
-// on the Version and Codec of the config, because it uses AbsPath and
-// takes the raw response.
-func ServerAPIVersions(c *Config) (groupVersions []string, err error) {
- transport, err := TransportFor(c)
- if err != nil {
- return nil, err
- }
- client := http.Client{Transport: transport}
-
- configCopy := *c
- configCopy.GroupVersion = nil
- configCopy.APIPath = ""
- baseURL, _, err := defaultServerUrlFor(&configCopy)
- if err != nil {
- return nil, err
- }
- // Get the groupVersions exposed at /api
- originalPath := baseURL.Path
- baseURL.Path = path.Join(originalPath, legacyAPIPath)
- resp, err := client.Get(baseURL.String())
- if err != nil {
- return nil, err
- }
- var v metav1.APIVersions
- defer resp.Body.Close()
- err = json.NewDecoder(resp.Body).Decode(&v)
- if err != nil {
- return nil, fmt.Errorf("unexpected error: %v", err)
- }
-
- groupVersions = append(groupVersions, v.Versions...)
- // Get the groupVersions exposed at /apis
- baseURL.Path = path.Join(originalPath, defaultAPIPath)
- resp2, err := client.Get(baseURL.String())
- if err != nil {
- return nil, err
- }
- var apiGroupList metav1.APIGroupList
- defer resp2.Body.Close()
- err = json.NewDecoder(resp2.Body).Decode(&apiGroupList)
- if err != nil {
- return nil, fmt.Errorf("unexpected error: %v", err)
- }
-
- for _, g := range apiGroupList.Groups {
- for _, gv := range g.Versions {
- groupVersions = append(groupVersions, gv.GroupVersion)
- }
- }
-
- return groupVersions, nil
-}
diff --git a/vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go
index 02d3b606e..67568bf0b 100644
--- a/vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go
@@ -16,7 +16,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-// This file was autogenerated by deepcopy-gen. Do not edit it manually!
+// Code generated by deepcopy-gen. DO NOT EDIT.
package rest
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
index 407dec83a..1391df702 100644
--- a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
+++ b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
@@ -119,6 +119,9 @@ type AuthInfo struct {
// AuthProvider specifies a custom authentication plugin for the kubernetes cluster.
// +optional
AuthProvider *AuthProviderConfig `json:"auth-provider,omitempty"`
+ // Exec specifies a custom exec-based authentication plugin for the kubernetes cluster.
+ // +optional
+ Exec *ExecConfig `json:"exec,omitempty"`
// Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
// +optional
Extensions map[string]runtime.Object `json:"extensions,omitempty"`
@@ -147,6 +150,35 @@ type AuthProviderConfig struct {
Config map[string]string `json:"config,omitempty"`
}
+// ExecConfig specifies a command to provide client credentials. The command is exec'd
+// and outputs structured stdout holding credentials.
+//
+// See the client.authentiction.k8s.io API group for specifications of the exact input
+// and output format
+type ExecConfig struct {
+ // Command to execute.
+ Command string `json:"command"`
+ // Arguments to pass to the command when executing it.
+ // +optional
+ Args []string `json:"args"`
+ // Env defines additional environment variables to expose to the process. These
+ // are unioned with the host's environment, as well as variables client-go uses
+ // to pass argument to the plugin.
+ // +optional
+ Env []ExecEnvVar `json:"env"`
+
+ // Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
+ // the same encoding version as the input.
+ APIVersion string `json:"apiVersion,omitempty"`
+}
+
+// ExecEnvVar is used for setting environment variables when executing an exec-based
+// credential plugin.
+type ExecEnvVar struct {
+ Name string `json:"name"`
+ Value string `json:"value"`
+}
+
// NewConfig is a convenience function that returns a new Config object with non-nil maps
func NewConfig() *Config {
return &Config{
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go
index e575b23d7..085c088ee 100644
--- a/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go
@@ -16,7 +16,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-// This file was autogenerated by deepcopy-gen. Do not edit it manually!
+// Code generated by deepcopy-gen. DO NOT EDIT.
package api
@@ -63,6 +63,15 @@ func (in *AuthInfo) DeepCopyInto(out *AuthInfo) {
(*in).DeepCopyInto(*out)
}
}
+ if in.Exec != nil {
+ in, out := &in.Exec, &out.Exec
+ if *in == nil {
+ *out = nil
+ } else {
+ *out = new(ExecConfig)
+ (*in).DeepCopyInto(*out)
+ }
+ }
if in.Extensions != nil {
in, out := &in.Extensions, &out.Extensions
*out = make(map[string]runtime.Object, len(*in))
@@ -210,9 +219,8 @@ func (in *Config) DeepCopy() *Config {
func (in *Config) DeepCopyObject() runtime.Object {
if c := in.DeepCopy(); c != nil {
return c
- } else {
- return nil
}
+ return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
@@ -243,6 +251,48 @@ func (in *Context) DeepCopy() *Context {
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExecConfig) DeepCopyInto(out *ExecConfig) {
+ *out = *in
+ if in.Args != nil {
+ in, out := &in.Args, &out.Args
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ if in.Env != nil {
+ in, out := &in.Env, &out.Env
+ *out = make([]ExecEnvVar, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecConfig.
+func (in *ExecConfig) DeepCopy() *ExecConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(ExecConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ExecEnvVar) DeepCopyInto(out *ExecEnvVar) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecEnvVar.
+func (in *ExecEnvVar) DeepCopy() *ExecEnvVar {
+ if in == nil {
+ return nil
+ }
+ out := new(ExecEnvVar)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Preferences) DeepCopyInto(out *Preferences) {
*out = *in
if in.Extensions != nil {
diff --git a/vendor/k8s.io/client-go/transport/cache.go b/vendor/k8s.io/client-go/transport/cache.go
index 7c40848c7..83291c575 100644
--- a/vendor/k8s.io/client-go/transport/cache.go
+++ b/vendor/k8s.io/client-go/transport/cache.go
@@ -44,6 +44,7 @@ type tlsCacheKey struct {
certData string
keyData string
serverName string
+ dial string
}
func (t tlsCacheKey) String() string {
@@ -51,7 +52,7 @@ func (t tlsCacheKey) String() string {
if len(t.keyData) > 0 {
keyText = "<redacted>"
}
- return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, serverName:%s", t.insecure, t.caData, t.certData, keyText, t.serverName)
+ return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, serverName:%s, dial:%s", t.insecure, t.caData, t.certData, keyText, t.serverName, t.dial)
}
func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
@@ -75,7 +76,7 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
return nil, err
}
// The options didn't require a custom TLS config
- if tlsConfig == nil {
+ if tlsConfig == nil && config.Dial == nil {
return http.DefaultTransport, nil
}
@@ -109,5 +110,6 @@ func tlsConfigKey(c *Config) (tlsCacheKey, error) {
certData: string(c.TLS.CertData),
keyData: string(c.TLS.KeyData),
serverName: c.TLS.ServerName,
+ dial: fmt.Sprintf("%p", c.Dial),
}, nil
}
diff --git a/vendor/k8s.io/client-go/transport/round_trippers.go b/vendor/k8s.io/client-go/transport/round_trippers.go
index c728b1877..de64e0078 100644
--- a/vendor/k8s.io/client-go/transport/round_trippers.go
+++ b/vendor/k8s.io/client-go/transport/round_trippers.go
@@ -17,6 +17,7 @@ limitations under the License.
package transport
import (
+ "bytes"
"fmt"
"net/http"
"strings"
@@ -129,7 +130,7 @@ func SetAuthProxyHeaders(req *http.Request, username string, groups []string, ex
}
for key, values := range extra {
for _, value := range values {
- req.Header.Add("X-Remote-Extra-"+key, value)
+ req.Header.Add("X-Remote-Extra-"+headerKeyEscape(key), value)
}
}
}
@@ -246,7 +247,7 @@ func (rt *impersonatingRoundTripper) RoundTrip(req *http.Request) (*http.Respons
}
for k, vv := range rt.impersonate.Extra {
for _, v := range vv {
- req.Header.Add(ImpersonateUserExtraHeaderPrefix+k, v)
+ req.Header.Add(ImpersonateUserExtraHeaderPrefix+headerKeyEscape(k), v)
}
}
@@ -422,3 +423,110 @@ func (rt *debuggingRoundTripper) RoundTrip(req *http.Request) (*http.Response, e
func (rt *debuggingRoundTripper) WrappedRoundTripper() http.RoundTripper {
return rt.delegatedRoundTripper
}
+
+func legalHeaderByte(b byte) bool {
+ return int(b) < len(legalHeaderKeyBytes) && legalHeaderKeyBytes[b]
+}
+
+func shouldEscape(b byte) bool {
+ // url.PathUnescape() returns an error if any '%' is not followed by two
+ // hexadecimal digits, so we'll intentionally encode it.
+ return !legalHeaderByte(b) || b == '%'
+}
+
+func headerKeyEscape(key string) string {
+ var buf bytes.Buffer
+ for i := 0; i < len(key); i++ {
+ b := key[i]
+ if shouldEscape(b) {
+ // %-encode bytes that should be escaped:
+ // https://tools.ietf.org/html/rfc3986#section-2.1
+ fmt.Fprintf(&buf, "%%%02X", b)
+ continue
+ }
+ buf.WriteByte(b)
+ }
+ return buf.String()
+}
+
+// legalHeaderKeyBytes was copied from net/http/lex.go's isTokenTable.
+// See https://httpwg.github.io/specs/rfc7230.html#rule.token.separators
+var legalHeaderKeyBytes = [127]bool{
+ '%': true,
+ '!': true,
+ '#': true,
+ '$': true,
+ '&': true,
+ '\'': true,
+ '*': true,
+ '+': true,
+ '-': true,
+ '.': true,
+ '0': true,
+ '1': true,
+ '2': true,
+ '3': true,
+ '4': true,
+ '5': true,
+ '6': true,
+ '7': true,
+ '8': true,
+ '9': true,
+ 'A': true,
+ 'B': true,
+ 'C': true,
+ 'D': true,
+ 'E': true,
+ 'F': true,
+ 'G': true,
+ 'H': true,
+ 'I': true,
+ 'J': true,
+ 'K': true,
+ 'L': true,
+ 'M': true,
+ 'N': true,
+ 'O': true,
+ 'P': true,
+ 'Q': true,
+ 'R': true,
+ 'S': true,
+ 'T': true,
+ 'U': true,
+ 'W': true,
+ 'V': true,
+ 'X': true,
+ 'Y': true,
+ 'Z': true,
+ '^': true,
+ '_': true,
+ '`': true,
+ 'a': true,
+ 'b': true,
+ 'c': true,
+ 'd': true,
+ 'e': true,
+ 'f': true,
+ 'g': true,
+ 'h': true,
+ 'i': true,
+ 'j': true,
+ 'k': true,
+ 'l': true,
+ 'm': true,
+ 'n': true,
+ 'o': true,
+ 'p': true,
+ 'q': true,
+ 'r': true,
+ 's': true,
+ 't': true,
+ 'u': true,
+ 'v': true,
+ 'w': true,
+ 'x': true,
+ 'y': true,
+ 'z': true,
+ '|': true,
+ '~': true,
+}
diff --git a/vendor/k8s.io/client-go/transport/transport.go b/vendor/k8s.io/client-go/transport/transport.go
index 15be0a3e6..c2bb7ae5e 100644
--- a/vendor/k8s.io/client-go/transport/transport.go
+++ b/vendor/k8s.io/client-go/transport/transport.go
@@ -52,7 +52,7 @@ func New(config *Config) (http.RoundTripper, error) {
// TLSConfigFor returns a tls.Config that will provide the transport level security defined
// by the provided Config. Will return nil if no transport level security is requested.
func TLSConfigFor(c *Config) (*tls.Config, error) {
- if !(c.HasCA() || c.HasCertAuth() || c.TLS.Insecure) {
+ if !(c.HasCA() || c.HasCertAuth() || c.TLS.Insecure || len(c.TLS.ServerName) > 0) {
return nil, nil
}
if c.HasCA() && c.TLS.Insecure {
diff --git a/vendor/k8s.io/client-go/util/cert/cert.go b/vendor/k8s.io/client-go/util/cert/cert.go
index 2c95754c1..fb7f5facc 100644
--- a/vendor/k8s.io/client-go/util/cert/cert.go
+++ b/vendor/k8s.io/client-go/util/cert/cert.go
@@ -138,23 +138,50 @@ func MakeEllipticPrivateKeyPEM() ([]byte, error) {
// Host may be an IP or a DNS name
// You may also specify additional subject alt names (either ip or dns names) for the certificate
func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error) {
+ caKey, err := rsa.GenerateKey(cryptorand.Reader, 2048)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ caTemplate := x509.Certificate{
+ SerialNumber: big.NewInt(1),
+ Subject: pkix.Name{
+ CommonName: fmt.Sprintf("%s-ca@%d", host, time.Now().Unix()),
+ },
+ NotBefore: time.Now(),
+ NotAfter: time.Now().Add(time.Hour * 24 * 365),
+
+ KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+ BasicConstraintsValid: true,
+ IsCA: true,
+ }
+
+ caDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &caTemplate, &caTemplate, &caKey.PublicKey, caKey)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ caCertificate, err := x509.ParseCertificate(caDERBytes)
+ if err != nil {
+ return nil, nil, err
+ }
+
priv, err := rsa.GenerateKey(cryptorand.Reader, 2048)
if err != nil {
return nil, nil, err
}
template := x509.Certificate{
- SerialNumber: big.NewInt(1),
+ SerialNumber: big.NewInt(2),
Subject: pkix.Name{
CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()),
},
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour * 24 * 365),
- KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+ KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
- IsCA: true,
}
if ip := net.ParseIP(host); ip != nil {
@@ -166,16 +193,19 @@ func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS
template.IPAddresses = append(template.IPAddresses, alternateIPs...)
template.DNSNames = append(template.DNSNames, alternateDNS...)
- derBytes, err := x509.CreateCertificate(cryptorand.Reader, &template, &template, &priv.PublicKey, priv)
+ derBytes, err := x509.CreateCertificate(cryptorand.Reader, &template, caCertificate, &priv.PublicKey, caKey)
if err != nil {
return nil, nil, err
}
- // Generate cert
+ // Generate cert, followed by ca
certBuffer := bytes.Buffer{}
if err := pem.Encode(&certBuffer, &pem.Block{Type: CertificateBlockType, Bytes: derBytes}); err != nil {
return nil, nil, err
}
+ if err := pem.Encode(&certBuffer, &pem.Block{Type: CertificateBlockType, Bytes: caDERBytes}); err != nil {
+ return nil, nil, err
+ }
// Generate key
keyBuffer := bytes.Buffer{}