summaryrefslogtreecommitdiff
path: root/vendor/k8s.io/client-go
diff options
context:
space:
mode:
authorbaude <bbaude@redhat.com>2021-02-25 09:25:28 -0600
committerbaude <bbaude@redhat.com>2021-02-25 10:02:41 -0600
commit24d9bda7ff8a3e6a9f249401e05e35e73284ae61 (patch)
tree6777cc2c23306d1a6b87ef40b9fe4eab2764b7dd /vendor/k8s.io/client-go
parent9ec8106841c55bc085012727748e2d73826be97d (diff)
downloadpodman-24d9bda7ff8a3e6a9f249401e05e35e73284ae61.tar.gz
podman-24d9bda7ff8a3e6a9f249401e05e35e73284ae61.tar.bz2
podman-24d9bda7ff8a3e6a9f249401e05e35e73284ae61.zip
prune remotecommand dependency
prune a dependency that was only being used for a simple struct. Should correct checksum issue on tarballs [NO TESTS NEEDED] Fixes: #9355 Signed-off-by: baude <bbaude@redhat.com>
Diffstat (limited to 'vendor/k8s.io/client-go')
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS9
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go20
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go50
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go77
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go24
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go55
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go78
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go176
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go128
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go32
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/conversion.go26
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/doc.go24
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/register.go55
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/types.go59
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go142
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.deepcopy.go92
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.defaults.go32
-rw-r--r--vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go128
-rw-r--r--vendor/k8s.io/client-go/pkg/version/.gitattributes1
-rw-r--r--vendor/k8s.io/client-go/pkg/version/base.go63
-rw-r--r--vendor/k8s.io/client-go/pkg/version/def.bzl38
-rw-r--r--vendor/k8s.io/client-go/pkg/version/doc.go21
-rw-r--r--vendor/k8s.io/client-go/pkg/version/version.go42
-rw-r--r--vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go360
-rw-r--r--vendor/k8s.io/client-go/rest/OWNERS26
-rw-r--r--vendor/k8s.io/client-go/rest/client.go258
-rw-r--r--vendor/k8s.io/client-go/rest/config.go549
-rw-r--r--vendor/k8s.io/client-go/rest/plugin.go73
-rw-r--r--vendor/k8s.io/client-go/rest/request.go1206
-rw-r--r--vendor/k8s.io/client-go/rest/transport.go118
-rw-r--r--vendor/k8s.io/client-go/rest/url_utils.go97
-rw-r--r--vendor/k8s.io/client-go/rest/urlbackoff.go107
-rw-r--r--vendor/k8s.io/client-go/rest/watch/decoder.go72
-rw-r--r--vendor/k8s.io/client-go/rest/watch/encoder.go56
-rw-r--r--vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go52
-rw-r--r--vendor/k8s.io/client-go/tools/clientcmd/api/doc.go19
-rw-r--r--vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go188
-rw-r--r--vendor/k8s.io/client-go/tools/clientcmd/api/register.go46
-rw-r--r--vendor/k8s.io/client-go/tools/clientcmd/api/types.go262
-rw-r--r--vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go324
-rw-r--r--vendor/k8s.io/client-go/tools/metrics/OWNERS9
-rw-r--r--vendor/k8s.io/client-go/tools/metrics/metrics.go61
-rw-r--r--vendor/k8s.io/client-go/tools/remotecommand/doc.go20
-rw-r--r--vendor/k8s.io/client-go/tools/remotecommand/errorstream.go55
-rw-r--r--vendor/k8s.io/client-go/tools/remotecommand/reader.go41
-rw-r--r--vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go142
-rw-r--r--vendor/k8s.io/client-go/tools/remotecommand/resize.go33
-rw-r--r--vendor/k8s.io/client-go/tools/remotecommand/v1.go160
-rw-r--r--vendor/k8s.io/client-go/tools/remotecommand/v2.go195
-rw-r--r--vendor/k8s.io/client-go/tools/remotecommand/v3.go111
-rw-r--r--vendor/k8s.io/client-go/tools/remotecommand/v4.go119
-rw-r--r--vendor/k8s.io/client-go/transport/OWNERS9
-rw-r--r--vendor/k8s.io/client-go/transport/cache.go117
-rw-r--r--vendor/k8s.io/client-go/transport/config.go126
-rw-r--r--vendor/k8s.io/client-go/transport/round_trippers.go564
-rw-r--r--vendor/k8s.io/client-go/transport/spdy/spdy.go94
-rw-r--r--vendor/k8s.io/client-go/transport/token_source.go149
-rw-r--r--vendor/k8s.io/client-go/transport/transport.go227
-rw-r--r--vendor/k8s.io/client-go/util/cert/OWNERS9
-rw-r--r--vendor/k8s.io/client-go/util/cert/cert.go206
-rw-r--r--vendor/k8s.io/client-go/util/cert/csr.go75
-rw-r--r--vendor/k8s.io/client-go/util/cert/io.go98
-rw-r--r--vendor/k8s.io/client-go/util/cert/pem.go61
-rw-r--r--vendor/k8s.io/client-go/util/connrotation/connrotation.go105
-rw-r--r--vendor/k8s.io/client-go/util/exec/exec.go52
-rw-r--r--vendor/k8s.io/client-go/util/flowcontrol/backoff.go149
-rw-r--r--vendor/k8s.io/client-go/util/flowcontrol/throttle.go143
-rw-r--r--vendor/k8s.io/client-go/util/keyutil/OWNERS7
-rw-r--r--vendor/k8s.io/client-go/util/keyutil/key.go323
69 files changed, 0 insertions, 8645 deletions
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS
deleted file mode 100644
index e0ec62deb..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS
+++ /dev/null
@@ -1,9 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-# approval on api packages bubbles to api-approvers
-reviewers:
-- sig-auth-authenticators-approvers
-- sig-auth-authenticators-reviewers
-labels:
-- sig/auth
-
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go
deleted file mode 100644
index b99459757..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// +k8s:deepcopy-gen=package
-// +groupName=client.authentication.k8s.io
-
-package clientauthentication // import "k8s.io/client-go/pkg/apis/clientauthentication"
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go
deleted file mode 100644
index e4fbc3ea9..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package clientauthentication
-
-import (
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-// GroupName is the group name use in this package
-const GroupName = "client.authentication.k8s.io"
-
-// SchemeGroupVersion is group version used to register these objects
-var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
-
-// Kind takes an unqualified kind and returns a Group qualified GroupKind
-func Kind(kind string) schema.GroupKind {
- return SchemeGroupVersion.WithKind(kind).GroupKind()
-}
-
-// Resource takes an unqualified resource and returns a Group qualified GroupResource
-func Resource(resource string) schema.GroupResource {
- return SchemeGroupVersion.WithResource(resource).GroupResource()
-}
-
-var (
- SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
- AddToScheme = SchemeBuilder.AddToScheme
-)
-
-func addKnownTypes(scheme *runtime.Scheme) error {
- scheme.AddKnownTypes(SchemeGroupVersion,
- &ExecCredential{},
- )
- return nil
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go
deleted file mode 100644
index 6fb53cecf..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package clientauthentication
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// ExecCredentials is used by exec-based plugins to communicate credentials to
-// HTTP transports.
-type ExecCredential struct {
- metav1.TypeMeta
-
- // Spec holds information passed to the plugin by the transport. This contains
- // request and runtime specific information, such as if the session is interactive.
- Spec ExecCredentialSpec
-
- // Status is filled in by the plugin and holds the credentials that the transport
- // should use to contact the API.
- // +optional
- Status *ExecCredentialStatus
-}
-
-// ExecCredenitalSpec holds request and runtime specific information provided by
-// the transport.
-type ExecCredentialSpec struct {
- // Response is populated when the transport encounters HTTP status codes, such as 401,
- // suggesting previous credentials were invalid.
- // +optional
- Response *Response
-
- // Interactive is true when the transport detects the command is being called from an
- // interactive prompt.
- // +optional
- Interactive bool
-}
-
-// ExecCredentialStatus holds credentials for the transport to use.
-type ExecCredentialStatus struct {
- // ExpirationTimestamp indicates a time when the provided credentials expire.
- // +optional
- ExpirationTimestamp *metav1.Time
- // Token is a bearer token used by the client for request authentication.
- // +optional
- Token string
- // PEM-encoded client TLS certificate.
- // +optional
- ClientCertificateData string
- // PEM-encoded client TLS private key.
- // +optional
- ClientKeyData string
-}
-
-// Response defines metadata about a failed request, including HTTP status code and
-// response headers.
-type Response struct {
- // Headers holds HTTP headers returned by the server.
- Header map[string][]string
- // Code is the HTTP status code returned by the server.
- Code int32
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go
deleted file mode 100644
index 19ab77614..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=k8s.io/client-go/pkg/apis/clientauthentication
-// +k8s:openapi-gen=true
-// +k8s:defaulter-gen=TypeMeta
-
-// +groupName=client.authentication.k8s.io
-
-package v1alpha1 // import "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1"
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go
deleted file mode 100644
index 2acd13dea..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-// GroupName is the group name use in this package
-const GroupName = "client.authentication.k8s.io"
-
-// SchemeGroupVersion is group version used to register these objects
-var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
-
-// Resource takes an unqualified resource and returns a Group qualified GroupResource
-func Resource(resource string) schema.GroupResource {
- return SchemeGroupVersion.WithResource(resource).GroupResource()
-}
-
-var (
- SchemeBuilder runtime.SchemeBuilder
- localSchemeBuilder = &SchemeBuilder
- AddToScheme = localSchemeBuilder.AddToScheme
-)
-
-func init() {
- // We only register manually written functions here. The registration of the
- // generated functions takes place in the generated files. The separation
- // makes the code compile even when the generated files are missing.
- localSchemeBuilder.Register(addKnownTypes)
-}
-
-func addKnownTypes(scheme *runtime.Scheme) error {
- scheme.AddKnownTypes(SchemeGroupVersion,
- &ExecCredential{},
- )
- metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
- return nil
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go
deleted file mode 100644
index c714e2457..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1alpha1
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// ExecCredential is used by exec-based plugins to communicate credentials to
-// HTTP transports.
-type ExecCredential struct {
- metav1.TypeMeta `json:",inline"`
-
- // Spec holds information passed to the plugin by the transport. This contains
- // request and runtime specific information, such as if the session is interactive.
- Spec ExecCredentialSpec `json:"spec,omitempty"`
-
- // Status is filled in by the plugin and holds the credentials that the transport
- // should use to contact the API.
- // +optional
- Status *ExecCredentialStatus `json:"status,omitempty"`
-}
-
-// ExecCredenitalSpec holds request and runtime specific information provided by
-// the transport.
-type ExecCredentialSpec struct {
- // Response is populated when the transport encounters HTTP status codes, such as 401,
- // suggesting previous credentials were invalid.
- // +optional
- Response *Response `json:"response,omitempty"`
-
- // Interactive is true when the transport detects the command is being called from an
- // interactive prompt.
- // +optional
- Interactive bool `json:"interactive,omitempty"`
-}
-
-// ExecCredentialStatus holds credentials for the transport to use.
-//
-// Token and ClientKeyData are sensitive fields. This data should only be
-// transmitted in-memory between client and exec plugin process. Exec plugin
-// itself should at least be protected via file permissions.
-type ExecCredentialStatus struct {
- // ExpirationTimestamp indicates a time when the provided credentials expire.
- // +optional
- ExpirationTimestamp *metav1.Time `json:"expirationTimestamp,omitempty"`
- // Token is a bearer token used by the client for request authentication.
- Token string `json:"token,omitempty"`
- // PEM-encoded client TLS certificates (including intermediates, if any).
- ClientCertificateData string `json:"clientCertificateData,omitempty"`
- // PEM-encoded private key for the above certificate.
- ClientKeyData string `json:"clientKeyData,omitempty"`
-}
-
-// Response defines metadata about a failed request, including HTTP status code and
-// response headers.
-type Response struct {
- // Header holds HTTP headers returned by the server.
- Header map[string][]string `json:"header,omitempty"`
- // Code is the HTTP status code returned by the server.
- Code int32 `json:"code,omitempty"`
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go
deleted file mode 100644
index 461c20b29..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go
+++ /dev/null
@@ -1,176 +0,0 @@
-// +build !ignore_autogenerated
-
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by conversion-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
- unsafe "unsafe"
-
- v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- conversion "k8s.io/apimachinery/pkg/conversion"
- runtime "k8s.io/apimachinery/pkg/runtime"
- clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication"
-)
-
-func init() {
- localSchemeBuilder.Register(RegisterConversions)
-}
-
-// RegisterConversions adds conversion functions to the given scheme.
-// Public to allow building arbitrary schemes.
-func RegisterConversions(s *runtime.Scheme) error {
- if err := s.AddGeneratedConversionFunc((*ExecCredential)(nil), (*clientauthentication.ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(a.(*ExecCredential), b.(*clientauthentication.ExecCredential), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredential)(nil), (*ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(a.(*clientauthentication.ExecCredential), b.(*ExecCredential), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*ExecCredentialSpec)(nil), (*clientauthentication.ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(a.(*ExecCredentialSpec), b.(*clientauthentication.ExecCredentialSpec), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*ExecCredentialStatus)(nil), (*clientauthentication.ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(a.(*ExecCredentialStatus), b.(*clientauthentication.ExecCredentialStatus), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialStatus)(nil), (*ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(a.(*clientauthentication.ExecCredentialStatus), b.(*ExecCredentialStatus), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*Response)(nil), (*clientauthentication.Response)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_v1alpha1_Response_To_clientauthentication_Response(a.(*Response), b.(*clientauthentication.Response), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*clientauthentication.Response)(nil), (*Response)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_clientauthentication_Response_To_v1alpha1_Response(a.(*clientauthentication.Response), b.(*Response), scope)
- }); err != nil {
- return err
- }
- return nil
-}
-
-func autoConvert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error {
- if err := Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
- return err
- }
- out.Status = (*clientauthentication.ExecCredentialStatus)(unsafe.Pointer(in.Status))
- return nil
-}
-
-// Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential is an autogenerated conversion function.
-func Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error {
- return autoConvert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in, out, s)
-}
-
-func autoConvert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error {
- if err := Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
- return err
- }
- out.Status = (*ExecCredentialStatus)(unsafe.Pointer(in.Status))
- return nil
-}
-
-// Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential is an autogenerated conversion function.
-func Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error {
- return autoConvert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in, out, s)
-}
-
-func autoConvert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error {
- out.Response = (*clientauthentication.Response)(unsafe.Pointer(in.Response))
- out.Interactive = in.Interactive
- return nil
-}
-
-// Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec is an autogenerated conversion function.
-func Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error {
- return autoConvert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in, out, s)
-}
-
-func autoConvert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
- out.Response = (*Response)(unsafe.Pointer(in.Response))
- out.Interactive = in.Interactive
- return nil
-}
-
-// Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec is an autogenerated conversion function.
-func Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
- return autoConvert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in, out, s)
-}
-
-func autoConvert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
- out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
- out.Token = in.Token
- out.ClientCertificateData = in.ClientCertificateData
- out.ClientKeyData = in.ClientKeyData
- return nil
-}
-
-// Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus is an autogenerated conversion function.
-func Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
- return autoConvert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in, out, s)
-}
-
-func autoConvert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error {
- out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
- out.Token = in.Token
- out.ClientCertificateData = in.ClientCertificateData
- out.ClientKeyData = in.ClientKeyData
- return nil
-}
-
-// Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus is an autogenerated conversion function.
-func Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error {
- return autoConvert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in, out, s)
-}
-
-func autoConvert_v1alpha1_Response_To_clientauthentication_Response(in *Response, out *clientauthentication.Response, s conversion.Scope) error {
- out.Header = *(*map[string][]string)(unsafe.Pointer(&in.Header))
- out.Code = in.Code
- return nil
-}
-
-// Convert_v1alpha1_Response_To_clientauthentication_Response is an autogenerated conversion function.
-func Convert_v1alpha1_Response_To_clientauthentication_Response(in *Response, out *clientauthentication.Response, s conversion.Scope) error {
- return autoConvert_v1alpha1_Response_To_clientauthentication_Response(in, out, s)
-}
-
-func autoConvert_clientauthentication_Response_To_v1alpha1_Response(in *clientauthentication.Response, out *Response, s conversion.Scope) error {
- out.Header = *(*map[string][]string)(unsafe.Pointer(&in.Header))
- out.Code = in.Code
- return nil
-}
-
-// Convert_clientauthentication_Response_To_v1alpha1_Response is an autogenerated conversion function.
-func Convert_clientauthentication_Response_To_v1alpha1_Response(in *clientauthentication.Response, out *Response, s conversion.Scope) error {
- return autoConvert_clientauthentication_Response_To_v1alpha1_Response(in, out, s)
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go
deleted file mode 100644
index a73d31b3f..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go
+++ /dev/null
@@ -1,128 +0,0 @@
-// +build !ignore_autogenerated
-
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by deepcopy-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
- runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExecCredential) DeepCopyInto(out *ExecCredential) {
- *out = *in
- out.TypeMeta = in.TypeMeta
- in.Spec.DeepCopyInto(&out.Spec)
- if in.Status != nil {
- in, out := &in.Status, &out.Status
- *out = new(ExecCredentialStatus)
- (*in).DeepCopyInto(*out)
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredential.
-func (in *ExecCredential) DeepCopy() *ExecCredential {
- if in == nil {
- return nil
- }
- out := new(ExecCredential)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ExecCredential) DeepCopyObject() runtime.Object {
- if c := in.DeepCopy(); c != nil {
- return c
- }
- return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) {
- *out = *in
- if in.Response != nil {
- in, out := &in.Response, &out.Response
- *out = new(Response)
- (*in).DeepCopyInto(*out)
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialSpec.
-func (in *ExecCredentialSpec) DeepCopy() *ExecCredentialSpec {
- if in == nil {
- return nil
- }
- out := new(ExecCredentialSpec)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExecCredentialStatus) DeepCopyInto(out *ExecCredentialStatus) {
- *out = *in
- if in.ExpirationTimestamp != nil {
- in, out := &in.ExpirationTimestamp, &out.ExpirationTimestamp
- *out = (*in).DeepCopy()
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialStatus.
-func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus {
- if in == nil {
- return nil
- }
- out := new(ExecCredentialStatus)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Response) DeepCopyInto(out *Response) {
- *out = *in
- if in.Header != nil {
- in, out := &in.Header, &out.Header
- *out = make(map[string][]string, len(*in))
- for key, val := range *in {
- var outVal []string
- if val == nil {
- (*out)[key] = nil
- } else {
- in, out := &val, &outVal
- *out = make([]string, len(*in))
- copy(*out, *in)
- }
- (*out)[key] = outVal
- }
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response.
-func (in *Response) DeepCopy() *Response {
- if in == nil {
- return nil
- }
- out := new(Response)
- in.DeepCopyInto(out)
- return out
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go
deleted file mode 100644
index dd621a3ac..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// +build !ignore_autogenerated
-
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by defaulter-gen. DO NOT EDIT.
-
-package v1alpha1
-
-import (
- runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// RegisterDefaults adds defaulters functions to the given scheme.
-// Public to allow building arbitrary schemes.
-// All generated defaulters are covering - they call all nested defaulters.
-func RegisterDefaults(scheme *runtime.Scheme) error {
- return nil
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/conversion.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/conversion.go
deleted file mode 100644
index f543806ac..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/conversion.go
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1beta1
-
-import (
- conversion "k8s.io/apimachinery/pkg/conversion"
- clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication"
-)
-
-func Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
- return nil
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/doc.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/doc.go
deleted file mode 100644
index 22d1c588b..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/doc.go
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// +k8s:deepcopy-gen=package
-// +k8s:conversion-gen=k8s.io/client-go/pkg/apis/clientauthentication
-// +k8s:openapi-gen=true
-// +k8s:defaulter-gen=TypeMeta
-
-// +groupName=client.authentication.k8s.io
-
-package v1beta1 // import "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/register.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/register.go
deleted file mode 100644
index 0bb92f16a..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/register.go
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1beta1
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-// GroupName is the group name use in this package
-const GroupName = "client.authentication.k8s.io"
-
-// SchemeGroupVersion is group version used to register these objects
-var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}
-
-// Resource takes an unqualified resource and returns a Group qualified GroupResource
-func Resource(resource string) schema.GroupResource {
- return SchemeGroupVersion.WithResource(resource).GroupResource()
-}
-
-var (
- SchemeBuilder runtime.SchemeBuilder
- localSchemeBuilder = &SchemeBuilder
- AddToScheme = localSchemeBuilder.AddToScheme
-)
-
-func init() {
- // We only register manually written functions here. The registration of the
- // generated functions takes place in the generated files. The separation
- // makes the code compile even when the generated files are missing.
- localSchemeBuilder.Register(addKnownTypes)
-}
-
-func addKnownTypes(scheme *runtime.Scheme) error {
- scheme.AddKnownTypes(SchemeGroupVersion,
- &ExecCredential{},
- )
- metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
- return nil
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/types.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/types.go
deleted file mode 100644
index d6e267452..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/types.go
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package v1beta1
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// ExecCredentials is used by exec-based plugins to communicate credentials to
-// HTTP transports.
-type ExecCredential struct {
- metav1.TypeMeta `json:",inline"`
-
- // Spec holds information passed to the plugin by the transport. This contains
- // request and runtime specific information, such as if the session is interactive.
- Spec ExecCredentialSpec `json:"spec,omitempty"`
-
- // Status is filled in by the plugin and holds the credentials that the transport
- // should use to contact the API.
- // +optional
- Status *ExecCredentialStatus `json:"status,omitempty"`
-}
-
-// ExecCredenitalSpec holds request and runtime specific information provided by
-// the transport.
-type ExecCredentialSpec struct{}
-
-// ExecCredentialStatus holds credentials for the transport to use.
-//
-// Token and ClientKeyData are sensitive fields. This data should only be
-// transmitted in-memory between client and exec plugin process. Exec plugin
-// itself should at least be protected via file permissions.
-type ExecCredentialStatus struct {
- // ExpirationTimestamp indicates a time when the provided credentials expire.
- // +optional
- ExpirationTimestamp *metav1.Time `json:"expirationTimestamp,omitempty"`
- // Token is a bearer token used by the client for request authentication.
- Token string `json:"token,omitempty"`
- // PEM-encoded client TLS certificates (including intermediates, if any).
- ClientCertificateData string `json:"clientCertificateData,omitempty"`
- // PEM-encoded private key for the above certificate.
- ClientKeyData string `json:"clientKeyData,omitempty"`
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go
deleted file mode 100644
index 94ef4b733..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go
+++ /dev/null
@@ -1,142 +0,0 @@
-// +build !ignore_autogenerated
-
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by conversion-gen. DO NOT EDIT.
-
-package v1beta1
-
-import (
- unsafe "unsafe"
-
- v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- conversion "k8s.io/apimachinery/pkg/conversion"
- runtime "k8s.io/apimachinery/pkg/runtime"
- clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication"
-)
-
-func init() {
- localSchemeBuilder.Register(RegisterConversions)
-}
-
-// RegisterConversions adds conversion functions to the given scheme.
-// Public to allow building arbitrary schemes.
-func RegisterConversions(s *runtime.Scheme) error {
- if err := s.AddGeneratedConversionFunc((*ExecCredential)(nil), (*clientauthentication.ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential(a.(*ExecCredential), b.(*clientauthentication.ExecCredential), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredential)(nil), (*ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential(a.(*clientauthentication.ExecCredential), b.(*ExecCredential), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*ExecCredentialSpec)(nil), (*clientauthentication.ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(a.(*ExecCredentialSpec), b.(*clientauthentication.ExecCredentialSpec), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*ExecCredentialStatus)(nil), (*clientauthentication.ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(a.(*ExecCredentialStatus), b.(*clientauthentication.ExecCredentialStatus), scope)
- }); err != nil {
- return err
- }
- if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialStatus)(nil), (*ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus(a.(*clientauthentication.ExecCredentialStatus), b.(*ExecCredentialStatus), scope)
- }); err != nil {
- return err
- }
- if err := s.AddConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error {
- return Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope)
- }); err != nil {
- return err
- }
- return nil
-}
-
-func autoConvert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error {
- if err := Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
- return err
- }
- out.Status = (*clientauthentication.ExecCredentialStatus)(unsafe.Pointer(in.Status))
- return nil
-}
-
-// Convert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential is an autogenerated conversion function.
-func Convert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error {
- return autoConvert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential(in, out, s)
-}
-
-func autoConvert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error {
- if err := Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil {
- return err
- }
- out.Status = (*ExecCredentialStatus)(unsafe.Pointer(in.Status))
- return nil
-}
-
-// Convert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential is an autogenerated conversion function.
-func Convert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error {
- return autoConvert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential(in, out, s)
-}
-
-func autoConvert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error {
- return nil
-}
-
-// Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec is an autogenerated conversion function.
-func Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error {
- return autoConvert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in, out, s)
-}
-
-func autoConvert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error {
- // WARNING: in.Response requires manual conversion: does not exist in peer-type
- // WARNING: in.Interactive requires manual conversion: does not exist in peer-type
- return nil
-}
-
-func autoConvert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
- out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
- out.Token = in.Token
- out.ClientCertificateData = in.ClientCertificateData
- out.ClientKeyData = in.ClientKeyData
- return nil
-}
-
-// Convert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus is an autogenerated conversion function.
-func Convert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error {
- return autoConvert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in, out, s)
-}
-
-func autoConvert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error {
- out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp))
- out.Token = in.Token
- out.ClientCertificateData = in.ClientCertificateData
- out.ClientKeyData = in.ClientKeyData
- return nil
-}
-
-// Convert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus is an autogenerated conversion function.
-func Convert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error {
- return autoConvert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus(in, out, s)
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.deepcopy.go
deleted file mode 100644
index 736b8cf00..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.deepcopy.go
+++ /dev/null
@@ -1,92 +0,0 @@
-// +build !ignore_autogenerated
-
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by deepcopy-gen. DO NOT EDIT.
-
-package v1beta1
-
-import (
- runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExecCredential) DeepCopyInto(out *ExecCredential) {
- *out = *in
- out.TypeMeta = in.TypeMeta
- out.Spec = in.Spec
- if in.Status != nil {
- in, out := &in.Status, &out.Status
- *out = new(ExecCredentialStatus)
- (*in).DeepCopyInto(*out)
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredential.
-func (in *ExecCredential) DeepCopy() *ExecCredential {
- if in == nil {
- return nil
- }
- out := new(ExecCredential)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ExecCredential) DeepCopyObject() runtime.Object {
- if c := in.DeepCopy(); c != nil {
- return c
- }
- return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) {
- *out = *in
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialSpec.
-func (in *ExecCredentialSpec) DeepCopy() *ExecCredentialSpec {
- if in == nil {
- return nil
- }
- out := new(ExecCredentialSpec)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExecCredentialStatus) DeepCopyInto(out *ExecCredentialStatus) {
- *out = *in
- if in.ExpirationTimestamp != nil {
- in, out := &in.ExpirationTimestamp, &out.ExpirationTimestamp
- *out = (*in).DeepCopy()
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialStatus.
-func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus {
- if in == nil {
- return nil
- }
- out := new(ExecCredentialStatus)
- in.DeepCopyInto(out)
- return out
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.defaults.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.defaults.go
deleted file mode 100644
index 73e63fc11..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.defaults.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// +build !ignore_autogenerated
-
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by defaulter-gen. DO NOT EDIT.
-
-package v1beta1
-
-import (
- runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// RegisterDefaults adds defaulters functions to the given scheme.
-// Public to allow building arbitrary schemes.
-// All generated defaulters are covering - they call all nested defaulters.
-func RegisterDefaults(scheme *runtime.Scheme) error {
- return nil
-}
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go
deleted file mode 100644
index c568a6fc8..000000000
--- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go
+++ /dev/null
@@ -1,128 +0,0 @@
-// +build !ignore_autogenerated
-
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by deepcopy-gen. DO NOT EDIT.
-
-package clientauthentication
-
-import (
- runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExecCredential) DeepCopyInto(out *ExecCredential) {
- *out = *in
- out.TypeMeta = in.TypeMeta
- in.Spec.DeepCopyInto(&out.Spec)
- if in.Status != nil {
- in, out := &in.Status, &out.Status
- *out = new(ExecCredentialStatus)
- (*in).DeepCopyInto(*out)
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredential.
-func (in *ExecCredential) DeepCopy() *ExecCredential {
- if in == nil {
- return nil
- }
- out := new(ExecCredential)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *ExecCredential) DeepCopyObject() runtime.Object {
- if c := in.DeepCopy(); c != nil {
- return c
- }
- return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) {
- *out = *in
- if in.Response != nil {
- in, out := &in.Response, &out.Response
- *out = new(Response)
- (*in).DeepCopyInto(*out)
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialSpec.
-func (in *ExecCredentialSpec) DeepCopy() *ExecCredentialSpec {
- if in == nil {
- return nil
- }
- out := new(ExecCredentialSpec)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExecCredentialStatus) DeepCopyInto(out *ExecCredentialStatus) {
- *out = *in
- if in.ExpirationTimestamp != nil {
- in, out := &in.ExpirationTimestamp, &out.ExpirationTimestamp
- *out = (*in).DeepCopy()
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialStatus.
-func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus {
- if in == nil {
- return nil
- }
- out := new(ExecCredentialStatus)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Response) DeepCopyInto(out *Response) {
- *out = *in
- if in.Header != nil {
- in, out := &in.Header, &out.Header
- *out = make(map[string][]string, len(*in))
- for key, val := range *in {
- var outVal []string
- if val == nil {
- (*out)[key] = nil
- } else {
- in, out := &val, &outVal
- *out = make([]string, len(*in))
- copy(*out, *in)
- }
- (*out)[key] = outVal
- }
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response.
-func (in *Response) DeepCopy() *Response {
- if in == nil {
- return nil
- }
- out := new(Response)
- in.DeepCopyInto(out)
- return out
-}
diff --git a/vendor/k8s.io/client-go/pkg/version/.gitattributes b/vendor/k8s.io/client-go/pkg/version/.gitattributes
deleted file mode 100644
index 7e349eff6..000000000
--- a/vendor/k8s.io/client-go/pkg/version/.gitattributes
+++ /dev/null
@@ -1 +0,0 @@
-base.go export-subst
diff --git a/vendor/k8s.io/client-go/pkg/version/base.go b/vendor/k8s.io/client-go/pkg/version/base.go
deleted file mode 100644
index 9b4c79f89..000000000
--- a/vendor/k8s.io/client-go/pkg/version/base.go
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package version
-
-// Base version information.
-//
-// This is the fallback data used when version information from git is not
-// provided via go ldflags. It provides an approximation of the Kubernetes
-// version for ad-hoc builds (e.g. `go build`) that cannot get the version
-// information from git.
-//
-// If you are looking at these fields in the git tree, they look
-// strange. They are modified on the fly by the build process. The
-// in-tree values are dummy values used for "git archive", which also
-// works for GitHub tar downloads.
-//
-// When releasing a new Kubernetes version, this file is updated by
-// build/mark_new_version.sh to reflect the new version, and then a
-// git annotated tag (using format vX.Y where X == Major version and Y
-// == Minor version) is created to point to the commit that updates
-// pkg/version/base.go
-var (
- // TODO: Deprecate gitMajor and gitMinor, use only gitVersion
- // instead. First step in deprecation, keep the fields but make
- // them irrelevant. (Next we'll take it out, which may muck with
- // scripts consuming the kubectl version output - but most of
- // these should be looking at gitVersion already anyways.)
- gitMajor string = "" // major version, always numeric
- gitMinor string = "" // minor version, numeric possibly followed by "+"
-
- // semantic version, derived by build scripts (see
- // https://git.k8s.io/community/contributors/design-proposals/release/versioning.md
- // for a detailed discussion of this field)
- //
- // TODO: This field is still called "gitVersion" for legacy
- // reasons. For prerelease versions, the build metadata on the
- // semantic version is a git hash, but the version itself is no
- // longer the direct output of "git describe", but a slight
- // translation to be semver compliant.
-
- // NOTE: The $Format strings are replaced during 'git archive' thanks to the
- // companion .gitattributes file containing 'export-subst' in this same
- // directory. See also https://git-scm.com/docs/gitattributes
- gitVersion string = "v0.0.0-master+$Format:%h$"
- gitCommit string = "$Format:%H$" // sha1 from git, output of $(git rev-parse HEAD)
- gitTreeState string = "" // state of git tree, either "clean" or "dirty"
-
- buildDate string = "1970-01-01T00:00:00Z" // build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ')
-)
diff --git a/vendor/k8s.io/client-go/pkg/version/def.bzl b/vendor/k8s.io/client-go/pkg/version/def.bzl
deleted file mode 100644
index 9c018a4ef..000000000
--- a/vendor/k8s.io/client-go/pkg/version/def.bzl
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 2017 The Kubernetes Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Implements hack/lib/version.sh's kube::version::ldflags() for Bazel.
-def version_x_defs():
- # This should match the list of packages in kube::version::ldflag
- stamp_pkgs = [
- "k8s.io/kubernetes/pkg/version",
- # In hack/lib/version.sh, this has a vendor/ prefix. That isn't needed here?
- "k8s.io/client-go/pkg/version",
- ]
- # This should match the list of vars in kube::version::ldflags
- # It should also match the list of vars set in hack/print-workspace-status.sh.
- stamp_vars = [
- "buildDate",
- "gitCommit",
- "gitMajor",
- "gitMinor",
- "gitTreeState",
- "gitVersion",
- ]
- # Generate the cross-product.
- x_defs = {}
- for pkg in stamp_pkgs:
- for var in stamp_vars:
- x_defs["%s.%s" % (pkg, var)] = "{%s}" % var
- return x_defs
diff --git a/vendor/k8s.io/client-go/pkg/version/doc.go b/vendor/k8s.io/client-go/pkg/version/doc.go
deleted file mode 100644
index 05e997e13..000000000
--- a/vendor/k8s.io/client-go/pkg/version/doc.go
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// +k8s:openapi-gen=true
-
-// Package version supplies version information collected at build time to
-// kubernetes components.
-package version // import "k8s.io/client-go/pkg/version"
diff --git a/vendor/k8s.io/client-go/pkg/version/version.go b/vendor/k8s.io/client-go/pkg/version/version.go
deleted file mode 100644
index 8c8350d13..000000000
--- a/vendor/k8s.io/client-go/pkg/version/version.go
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package version
-
-import (
- "fmt"
- "runtime"
-
- apimachineryversion "k8s.io/apimachinery/pkg/version"
-)
-
-// Get returns the overall codebase version. It's for detecting
-// what code a binary was built from.
-func Get() apimachineryversion.Info {
- // These variables typically come from -ldflags settings and in
- // their absence fallback to the settings in pkg/version/base.go
- return apimachineryversion.Info{
- Major: gitMajor,
- Minor: gitMinor,
- GitVersion: gitVersion,
- GitCommit: gitCommit,
- GitTreeState: gitTreeState,
- BuildDate: buildDate,
- GoVersion: runtime.Version(),
- Compiler: runtime.Compiler,
- Platform: fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH),
- }
-}
diff --git a/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go b/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
deleted file mode 100644
index b88902c10..000000000
--- a/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
+++ /dev/null
@@ -1,360 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package exec
-
-import (
- "bytes"
- "context"
- "crypto/tls"
- "errors"
- "fmt"
- "io"
- "net"
- "net/http"
- "os"
- "os/exec"
- "reflect"
- "sync"
- "time"
-
- "github.com/davecgh/go-spew/spew"
- "golang.org/x/crypto/ssh/terminal"
- v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/schema"
- "k8s.io/apimachinery/pkg/runtime/serializer"
- utilruntime "k8s.io/apimachinery/pkg/util/runtime"
- "k8s.io/client-go/pkg/apis/clientauthentication"
- "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1"
- "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
- "k8s.io/client-go/tools/clientcmd/api"
- "k8s.io/client-go/transport"
- "k8s.io/client-go/util/connrotation"
- "k8s.io/klog"
-)
-
-const execInfoEnv = "KUBERNETES_EXEC_INFO"
-
-var scheme = runtime.NewScheme()
-var codecs = serializer.NewCodecFactory(scheme)
-
-func init() {
- v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"})
- utilruntime.Must(v1alpha1.AddToScheme(scheme))
- utilruntime.Must(v1beta1.AddToScheme(scheme))
- utilruntime.Must(clientauthentication.AddToScheme(scheme))
-}
-
-var (
- // Since transports can be constantly re-initialized by programs like kubectl,
- // keep a cache of initialized authenticators keyed by a hash of their config.
- globalCache = newCache()
- // The list of API versions we accept.
- apiVersions = map[string]schema.GroupVersion{
- v1alpha1.SchemeGroupVersion.String(): v1alpha1.SchemeGroupVersion,
- v1beta1.SchemeGroupVersion.String(): v1beta1.SchemeGroupVersion,
- }
-)
-
-func newCache() *cache {
- return &cache{m: make(map[string]*Authenticator)}
-}
-
-var spewConfig = &spew.ConfigState{DisableMethods: true, Indent: " "}
-
-func cacheKey(c *api.ExecConfig) string {
- return spewConfig.Sprint(c)
-}
-
-type cache struct {
- mu sync.Mutex
- m map[string]*Authenticator
-}
-
-func (c *cache) get(s string) (*Authenticator, bool) {
- c.mu.Lock()
- defer c.mu.Unlock()
- a, ok := c.m[s]
- return a, ok
-}
-
-// put inserts an authenticator into the cache. If an authenticator is already
-// associated with the key, the first one is returned instead.
-func (c *cache) put(s string, a *Authenticator) *Authenticator {
- c.mu.Lock()
- defer c.mu.Unlock()
- existing, ok := c.m[s]
- if ok {
- return existing
- }
- c.m[s] = a
- return a
-}
-
-// GetAuthenticator returns an exec-based plugin for providing client credentials.
-func GetAuthenticator(config *api.ExecConfig) (*Authenticator, error) {
- return newAuthenticator(globalCache, config)
-}
-
-func newAuthenticator(c *cache, config *api.ExecConfig) (*Authenticator, error) {
- key := cacheKey(config)
- if a, ok := c.get(key); ok {
- return a, nil
- }
-
- gv, ok := apiVersions[config.APIVersion]
- if !ok {
- return nil, fmt.Errorf("exec plugin: invalid apiVersion %q", config.APIVersion)
- }
-
- a := &Authenticator{
- cmd: config.Command,
- args: config.Args,
- group: gv,
-
- stdin: os.Stdin,
- stderr: os.Stderr,
- interactive: terminal.IsTerminal(int(os.Stdout.Fd())),
- now: time.Now,
- environ: os.Environ,
- }
-
- for _, env := range config.Env {
- a.env = append(a.env, env.Name+"="+env.Value)
- }
-
- return c.put(key, a), nil
-}
-
-// Authenticator is a client credential provider that rotates credentials by executing a plugin.
-// The plugin input and output are defined by the API group client.authentication.k8s.io.
-type Authenticator struct {
- // Set by the config
- cmd string
- args []string
- group schema.GroupVersion
- env []string
-
- // Stubbable for testing
- stdin io.Reader
- stderr io.Writer
- interactive bool
- now func() time.Time
- environ func() []string
-
- // Cached results.
- //
- // The mutex also guards calling the plugin. Since the plugin could be
- // interactive we want to make sure it's only called once.
- mu sync.Mutex
- cachedCreds *credentials
- exp time.Time
-
- onRotate func()
-}
-
-type credentials struct {
- token string
- cert *tls.Certificate
-}
-
-// UpdateTransportConfig updates the transport.Config to use credentials
-// returned by the plugin.
-func (a *Authenticator) UpdateTransportConfig(c *transport.Config) error {
- c.Wrap(func(rt http.RoundTripper) http.RoundTripper {
- return &roundTripper{a, rt}
- })
-
- if c.TLS.GetCert != nil {
- return errors.New("can't add TLS certificate callback: transport.Config.TLS.GetCert already set")
- }
- c.TLS.GetCert = a.cert
-
- var dial func(ctx context.Context, network, addr string) (net.Conn, error)
- if c.Dial != nil {
- dial = c.Dial
- } else {
- dial = (&net.Dialer{Timeout: 30 * time.Second, KeepAlive: 30 * time.Second}).DialContext
- }
- d := connrotation.NewDialer(dial)
- a.onRotate = d.CloseAll
- c.Dial = d.DialContext
-
- return nil
-}
-
-type roundTripper struct {
- a *Authenticator
- base http.RoundTripper
-}
-
-func (r *roundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- // If a user has already set credentials, use that. This makes commands like
- // "kubectl get --token (token) pods" work.
- if req.Header.Get("Authorization") != "" {
- return r.base.RoundTrip(req)
- }
-
- creds, err := r.a.getCreds()
- if err != nil {
- return nil, fmt.Errorf("getting credentials: %v", err)
- }
- if creds.token != "" {
- req.Header.Set("Authorization", "Bearer "+creds.token)
- }
-
- res, err := r.base.RoundTrip(req)
- if err != nil {
- return nil, err
- }
- if res.StatusCode == http.StatusUnauthorized {
- resp := &clientauthentication.Response{
- Header: res.Header,
- Code: int32(res.StatusCode),
- }
- if err := r.a.maybeRefreshCreds(creds, resp); err != nil {
- klog.Errorf("refreshing credentials: %v", err)
- }
- }
- return res, nil
-}
-
-func (a *Authenticator) credsExpired() bool {
- if a.exp.IsZero() {
- return false
- }
- return a.now().After(a.exp)
-}
-
-func (a *Authenticator) cert() (*tls.Certificate, error) {
- creds, err := a.getCreds()
- if err != nil {
- return nil, err
- }
- return creds.cert, nil
-}
-
-func (a *Authenticator) getCreds() (*credentials, error) {
- a.mu.Lock()
- defer a.mu.Unlock()
- if a.cachedCreds != nil && !a.credsExpired() {
- return a.cachedCreds, nil
- }
-
- if err := a.refreshCredsLocked(nil); err != nil {
- return nil, err
- }
- return a.cachedCreds, nil
-}
-
-// maybeRefreshCreds executes the plugin to force a rotation of the
-// credentials, unless they were rotated already.
-func (a *Authenticator) maybeRefreshCreds(creds *credentials, r *clientauthentication.Response) error {
- a.mu.Lock()
- defer a.mu.Unlock()
-
- // Since we're not making a new pointer to a.cachedCreds in getCreds, no
- // need to do deep comparison.
- if creds != a.cachedCreds {
- // Credentials already rotated.
- return nil
- }
-
- return a.refreshCredsLocked(r)
-}
-
-// refreshCredsLocked executes the plugin and reads the credentials from
-// stdout. It must be called while holding the Authenticator's mutex.
-func (a *Authenticator) refreshCredsLocked(r *clientauthentication.Response) error {
- cred := &clientauthentication.ExecCredential{
- Spec: clientauthentication.ExecCredentialSpec{
- Response: r,
- Interactive: a.interactive,
- },
- }
-
- env := append(a.environ(), a.env...)
- if a.group == v1alpha1.SchemeGroupVersion {
- // Input spec disabled for beta due to lack of use. Possibly re-enable this later if
- // someone wants it back.
- //
- // See: https://github.com/kubernetes/kubernetes/issues/61796
- data, err := runtime.Encode(codecs.LegacyCodec(a.group), cred)
- if err != nil {
- return fmt.Errorf("encode ExecCredentials: %v", err)
- }
- env = append(env, fmt.Sprintf("%s=%s", execInfoEnv, data))
- }
-
- stdout := &bytes.Buffer{}
- cmd := exec.Command(a.cmd, a.args...)
- cmd.Env = env
- cmd.Stderr = a.stderr
- cmd.Stdout = stdout
- if a.interactive {
- cmd.Stdin = a.stdin
- }
-
- if err := cmd.Run(); err != nil {
- return fmt.Errorf("exec: %v", err)
- }
-
- _, gvk, err := codecs.UniversalDecoder(a.group).Decode(stdout.Bytes(), nil, cred)
- if err != nil {
- return fmt.Errorf("decoding stdout: %v", err)
- }
- if gvk.Group != a.group.Group || gvk.Version != a.group.Version {
- return fmt.Errorf("exec plugin is configured to use API version %s, plugin returned version %s",
- a.group, schema.GroupVersion{Group: gvk.Group, Version: gvk.Version})
- }
-
- if cred.Status == nil {
- return fmt.Errorf("exec plugin didn't return a status field")
- }
- if cred.Status.Token == "" && cred.Status.ClientCertificateData == "" && cred.Status.ClientKeyData == "" {
- return fmt.Errorf("exec plugin didn't return a token or cert/key pair")
- }
- if (cred.Status.ClientCertificateData == "") != (cred.Status.ClientKeyData == "") {
- return fmt.Errorf("exec plugin returned only certificate or key, not both")
- }
-
- if cred.Status.ExpirationTimestamp != nil {
- a.exp = cred.Status.ExpirationTimestamp.Time
- } else {
- a.exp = time.Time{}
- }
-
- newCreds := &credentials{
- token: cred.Status.Token,
- }
- if cred.Status.ClientKeyData != "" && cred.Status.ClientCertificateData != "" {
- cert, err := tls.X509KeyPair([]byte(cred.Status.ClientCertificateData), []byte(cred.Status.ClientKeyData))
- if err != nil {
- return fmt.Errorf("failed parsing client key/certificate: %v", err)
- }
- newCreds.cert = &cert
- }
-
- oldCreds := a.cachedCreds
- a.cachedCreds = newCreds
- // Only close all connections when TLS cert rotates. Token rotation doesn't
- // need the extra noise.
- if a.onRotate != nil && oldCreds != nil && !reflect.DeepEqual(oldCreds.cert, a.cachedCreds.cert) {
- a.onRotate()
- }
- return nil
-}
diff --git a/vendor/k8s.io/client-go/rest/OWNERS b/vendor/k8s.io/client-go/rest/OWNERS
deleted file mode 100644
index 49dabc61b..000000000
--- a/vendor/k8s.io/client-go/rest/OWNERS
+++ /dev/null
@@ -1,26 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-- thockin
-- smarterclayton
-- caesarxuchao
-- wojtek-t
-- deads2k
-- brendandburns
-- liggitt
-- nikhiljindal
-- gmarek
-- erictune
-- sttts
-- luxas
-- dims
-- errordeveloper
-- hongchaodeng
-- krousey
-- resouer
-- cjcullen
-- rmmh
-- lixiaobing10051267
-- asalkeld
-- juanvallejo
-- lojies
diff --git a/vendor/k8s.io/client-go/rest/client.go b/vendor/k8s.io/client-go/rest/client.go
deleted file mode 100644
index 927403cb2..000000000
--- a/vendor/k8s.io/client-go/rest/client.go
+++ /dev/null
@@ -1,258 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rest
-
-import (
- "fmt"
- "mime"
- "net/http"
- "net/url"
- "os"
- "strconv"
- "strings"
- "time"
-
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/schema"
- "k8s.io/apimachinery/pkg/types"
- "k8s.io/client-go/util/flowcontrol"
-)
-
-const (
- // Environment variables: Note that the duration should be long enough that the backoff
- // persists for some reasonable time (i.e. 120 seconds). The typical base might be "1".
- envBackoffBase = "KUBE_CLIENT_BACKOFF_BASE"
- envBackoffDuration = "KUBE_CLIENT_BACKOFF_DURATION"
-)
-
-// Interface captures the set of operations for generically interacting with Kubernetes REST apis.
-type Interface interface {
- GetRateLimiter() flowcontrol.RateLimiter
- Verb(verb string) *Request
- Post() *Request
- Put() *Request
- Patch(pt types.PatchType) *Request
- Get() *Request
- Delete() *Request
- APIVersion() schema.GroupVersion
-}
-
-// RESTClient imposes common Kubernetes API conventions on a set of resource paths.
-// The baseURL is expected to point to an HTTP or HTTPS path that is the parent
-// of one or more resources. The server should return a decodable API resource
-// object, or an api.Status object which contains information about the reason for
-// any failure.
-//
-// Most consumers should use client.New() to get a Kubernetes API client.
-type RESTClient struct {
- // base is the root URL for all invocations of the client
- base *url.URL
- // versionedAPIPath is a path segment connecting the base URL to the resource root
- versionedAPIPath string
-
- // contentConfig is the information used to communicate with the server.
- contentConfig ContentConfig
-
- // serializers contain all serializers for underlying content type.
- serializers Serializers
-
- // creates BackoffManager that is passed to requests.
- createBackoffMgr func() BackoffManager
-
- // TODO extract this into a wrapper interface via the RESTClient interface in kubectl.
- Throttle flowcontrol.RateLimiter
-
- // Set specific behavior of the client. If not set http.DefaultClient will be used.
- Client *http.Client
-}
-
-type Serializers struct {
- Encoder runtime.Encoder
- Decoder runtime.Decoder
- StreamingSerializer runtime.Serializer
- Framer runtime.Framer
- RenegotiatedDecoder func(contentType string, params map[string]string) (runtime.Decoder, error)
-}
-
-// NewRESTClient creates a new RESTClient. This client performs generic REST functions
-// such as Get, Put, Post, and Delete on specified paths. Codec controls encoding and
-// decoding of responses from the server.
-func NewRESTClient(baseURL *url.URL, versionedAPIPath string, config ContentConfig, maxQPS float32, maxBurst int, rateLimiter flowcontrol.RateLimiter, client *http.Client) (*RESTClient, error) {
- base := *baseURL
- if !strings.HasSuffix(base.Path, "/") {
- base.Path += "/"
- }
- base.RawQuery = ""
- base.Fragment = ""
-
- if config.GroupVersion == nil {
- config.GroupVersion = &schema.GroupVersion{}
- }
- if len(config.ContentType) == 0 {
- config.ContentType = "application/json"
- }
- serializers, err := createSerializers(config)
- if err != nil {
- return nil, err
- }
-
- var throttle flowcontrol.RateLimiter
- if maxQPS > 0 && rateLimiter == nil {
- throttle = flowcontrol.NewTokenBucketRateLimiter(maxQPS, maxBurst)
- } else if rateLimiter != nil {
- throttle = rateLimiter
- }
- return &RESTClient{
- base: &base,
- versionedAPIPath: versionedAPIPath,
- contentConfig: config,
- serializers: *serializers,
- createBackoffMgr: readExpBackoffConfig,
- Throttle: throttle,
- Client: client,
- }, nil
-}
-
-// GetRateLimiter returns rate limier for a given client, or nil if it's called on a nil client
-func (c *RESTClient) GetRateLimiter() flowcontrol.RateLimiter {
- if c == nil {
- return nil
- }
- return c.Throttle
-}
-
-// readExpBackoffConfig handles the internal logic of determining what the
-// backoff policy is. By default if no information is available, NoBackoff.
-// TODO Generalize this see #17727 .
-func readExpBackoffConfig() BackoffManager {
- backoffBase := os.Getenv(envBackoffBase)
- backoffDuration := os.Getenv(envBackoffDuration)
-
- backoffBaseInt, errBase := strconv.ParseInt(backoffBase, 10, 64)
- backoffDurationInt, errDuration := strconv.ParseInt(backoffDuration, 10, 64)
- if errBase != nil || errDuration != nil {
- return &NoBackoff{}
- }
- return &URLBackoff{
- Backoff: flowcontrol.NewBackOff(
- time.Duration(backoffBaseInt)*time.Second,
- time.Duration(backoffDurationInt)*time.Second)}
-}
-
-// createSerializers creates all necessary serializers for given contentType.
-// TODO: the negotiated serializer passed to this method should probably return
-// serializers that control decoding and versioning without this package
-// being aware of the types. Depends on whether RESTClient must deal with
-// generic infrastructure.
-func createSerializers(config ContentConfig) (*Serializers, error) {
- mediaTypes := config.NegotiatedSerializer.SupportedMediaTypes()
- contentType := config.ContentType
- mediaType, _, err := mime.ParseMediaType(contentType)
- if err != nil {
- return nil, fmt.Errorf("the content type specified in the client configuration is not recognized: %v", err)
- }
- info, ok := runtime.SerializerInfoForMediaType(mediaTypes, mediaType)
- if !ok {
- if len(contentType) != 0 || len(mediaTypes) == 0 {
- return nil, fmt.Errorf("no serializers registered for %s", contentType)
- }
- info = mediaTypes[0]
- }
-
- internalGV := schema.GroupVersions{
- {
- Group: config.GroupVersion.Group,
- Version: runtime.APIVersionInternal,
- },
- // always include the legacy group as a decoding target to handle non-error `Status` return types
- {
- Group: "",
- Version: runtime.APIVersionInternal,
- },
- }
-
- s := &Serializers{
- Encoder: config.NegotiatedSerializer.EncoderForVersion(info.Serializer, *config.GroupVersion),
- Decoder: config.NegotiatedSerializer.DecoderToVersion(info.Serializer, internalGV),
-
- RenegotiatedDecoder: func(contentType string, params map[string]string) (runtime.Decoder, error) {
- info, ok := runtime.SerializerInfoForMediaType(mediaTypes, contentType)
- if !ok {
- return nil, fmt.Errorf("serializer for %s not registered", contentType)
- }
- return config.NegotiatedSerializer.DecoderToVersion(info.Serializer, internalGV), nil
- },
- }
- if info.StreamSerializer != nil {
- s.StreamingSerializer = info.StreamSerializer.Serializer
- s.Framer = info.StreamSerializer.Framer
- }
-
- return s, nil
-}
-
-// Verb begins a request with a verb (GET, POST, PUT, DELETE).
-//
-// Example usage of RESTClient's request building interface:
-// c, err := NewRESTClient(...)
-// if err != nil { ... }
-// resp, err := c.Verb("GET").
-// Path("pods").
-// SelectorParam("labels", "area=staging").
-// Timeout(10*time.Second).
-// Do()
-// if err != nil { ... }
-// list, ok := resp.(*api.PodList)
-//
-func (c *RESTClient) Verb(verb string) *Request {
- backoff := c.createBackoffMgr()
-
- if c.Client == nil {
- return NewRequest(nil, verb, c.base, c.versionedAPIPath, c.contentConfig, c.serializers, backoff, c.Throttle, 0)
- }
- return NewRequest(c.Client, verb, c.base, c.versionedAPIPath, c.contentConfig, c.serializers, backoff, c.Throttle, c.Client.Timeout)
-}
-
-// Post begins a POST request. Short for c.Verb("POST").
-func (c *RESTClient) Post() *Request {
- return c.Verb("POST")
-}
-
-// Put begins a PUT request. Short for c.Verb("PUT").
-func (c *RESTClient) Put() *Request {
- return c.Verb("PUT")
-}
-
-// Patch begins a PATCH request. Short for c.Verb("Patch").
-func (c *RESTClient) Patch(pt types.PatchType) *Request {
- return c.Verb("PATCH").SetHeader("Content-Type", string(pt))
-}
-
-// Get begins a GET request. Short for c.Verb("GET").
-func (c *RESTClient) Get() *Request {
- return c.Verb("GET")
-}
-
-// Delete begins a DELETE request. Short for c.Verb("DELETE").
-func (c *RESTClient) Delete() *Request {
- return c.Verb("DELETE")
-}
-
-// APIVersion returns the APIVersion this RESTClient is expected to use.
-func (c *RESTClient) APIVersion() schema.GroupVersion {
- return *c.contentConfig.GroupVersion
-}
diff --git a/vendor/k8s.io/client-go/rest/config.go b/vendor/k8s.io/client-go/rest/config.go
deleted file mode 100644
index c75825ec5..000000000
--- a/vendor/k8s.io/client-go/rest/config.go
+++ /dev/null
@@ -1,549 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rest
-
-import (
- "context"
- "errors"
- "fmt"
- "io/ioutil"
- "net"
- "net/http"
- "os"
- "path/filepath"
- gruntime "runtime"
- "strings"
- "time"
-
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/schema"
- "k8s.io/client-go/pkg/version"
- clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
- "k8s.io/client-go/transport"
- certutil "k8s.io/client-go/util/cert"
- "k8s.io/client-go/util/flowcontrol"
- "k8s.io/klog"
-)
-
-const (
- DefaultQPS float32 = 5.0
- DefaultBurst int = 10
-)
-
-var ErrNotInCluster = errors.New("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
-
-// Config holds the common attributes that can be passed to a Kubernetes client on
-// initialization.
-type Config struct {
- // Host must be a host string, a host:port pair, or a URL to the base of the apiserver.
- // If a URL is given then the (optional) Path of that URL represents a prefix that must
- // be appended to all request URIs used to access the apiserver. This allows a frontend
- // proxy to easily relocate all of the apiserver endpoints.
- Host string
- // APIPath is a sub-path that points to an API root.
- APIPath string
-
- // ContentConfig contains settings that affect how objects are transformed when
- // sent to the server.
- ContentConfig
-
- // Server requires Basic authentication
- Username string
- Password string
-
- // Server requires Bearer authentication. This client will not attempt to use
- // refresh tokens for an OAuth2 flow.
- // TODO: demonstrate an OAuth2 compatible client.
- BearerToken string
-
- // Path to a file containing a BearerToken.
- // If set, the contents are periodically read.
- // The last successfully read value takes precedence over BearerToken.
- BearerTokenFile string
-
- // Impersonate is the configuration that RESTClient will use for impersonation.
- Impersonate ImpersonationConfig
-
- // Server requires plugin-specified authentication.
- AuthProvider *clientcmdapi.AuthProviderConfig
-
- // Callback to persist config for AuthProvider.
- AuthConfigPersister AuthProviderConfigPersister
-
- // Exec-based authentication provider.
- ExecProvider *clientcmdapi.ExecConfig
-
- // TLSClientConfig contains settings to enable transport layer security
- TLSClientConfig
-
- // UserAgent is an optional field that specifies the caller of this request.
- UserAgent string
-
- // Transport may be used for custom HTTP behavior. This attribute may not
- // be specified with the TLS client certificate options. Use WrapTransport
- // to provide additional per-server middleware behavior.
- Transport http.RoundTripper
- // WrapTransport will be invoked for custom HTTP behavior after the underlying
- // transport is initialized (either the transport created from TLSClientConfig,
- // Transport, or http.DefaultTransport). The config may layer other RoundTrippers
- // on top of the returned RoundTripper.
- //
- // A future release will change this field to an array. Use config.Wrap()
- // instead of setting this value directly.
- WrapTransport transport.WrapperFunc
-
- // QPS indicates the maximum QPS to the master from this client.
- // If it's zero, the created RESTClient will use DefaultQPS: 5
- QPS float32
-
- // Maximum burst for throttle.
- // If it's zero, the created RESTClient will use DefaultBurst: 10.
- Burst int
-
- // Rate limiter for limiting connections to the master from this client. If present overwrites QPS/Burst
- RateLimiter flowcontrol.RateLimiter
-
- // The maximum length of time to wait before giving up on a server request. A value of zero means no timeout.
- Timeout time.Duration
-
- // Dial specifies the dial function for creating unencrypted TCP connections.
- Dial func(ctx context.Context, network, address string) (net.Conn, error)
-
- // Version forces a specific version to be used (if registered)
- // Do we need this?
- // Version string
-}
-
-var _ fmt.Stringer = new(Config)
-var _ fmt.GoStringer = new(Config)
-
-type sanitizedConfig *Config
-
-type sanitizedAuthConfigPersister struct{ AuthProviderConfigPersister }
-
-func (sanitizedAuthConfigPersister) GoString() string {
- return "rest.AuthProviderConfigPersister(--- REDACTED ---)"
-}
-func (sanitizedAuthConfigPersister) String() string {
- return "rest.AuthProviderConfigPersister(--- REDACTED ---)"
-}
-
-// GoString implements fmt.GoStringer and sanitizes sensitive fields of Config
-// to prevent accidental leaking via logs.
-func (c *Config) GoString() string {
- return c.String()
-}
-
-// String implements fmt.Stringer and sanitizes sensitive fields of Config to
-// prevent accidental leaking via logs.
-func (c *Config) String() string {
- if c == nil {
- return "<nil>"
- }
- cc := sanitizedConfig(CopyConfig(c))
- // Explicitly mark non-empty credential fields as redacted.
- if cc.Password != "" {
- cc.Password = "--- REDACTED ---"
- }
- if cc.BearerToken != "" {
- cc.BearerToken = "--- REDACTED ---"
- }
- if cc.AuthConfigPersister != nil {
- cc.AuthConfigPersister = sanitizedAuthConfigPersister{cc.AuthConfigPersister}
- }
-
- return fmt.Sprintf("%#v", cc)
-}
-
-// ImpersonationConfig has all the available impersonation options
-type ImpersonationConfig struct {
- // UserName is the username to impersonate on each request.
- UserName string
- // Groups are the groups to impersonate on each request.
- Groups []string
- // Extra is a free-form field which can be used to link some authentication information
- // to authorization information. This field allows you to impersonate it.
- Extra map[string][]string
-}
-
-// +k8s:deepcopy-gen=true
-// TLSClientConfig contains settings to enable transport layer security
-type TLSClientConfig struct {
- // Server should be accessed without verifying the TLS certificate. For testing only.
- Insecure bool
- // ServerName is passed to the server for SNI and is used in the client to check server
- // ceritificates against. If ServerName is empty, the hostname used to contact the
- // server is used.
- ServerName string
-
- // Server requires TLS client certificate authentication
- CertFile string
- // Server requires TLS client certificate authentication
- KeyFile string
- // Trusted root certificates for server
- CAFile string
-
- // CertData holds PEM-encoded bytes (typically read from a client certificate file).
- // CertData takes precedence over CertFile
- CertData []byte
- // KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
- // KeyData takes precedence over KeyFile
- KeyData []byte
- // CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
- // CAData takes precedence over CAFile
- CAData []byte
-}
-
-var _ fmt.Stringer = TLSClientConfig{}
-var _ fmt.GoStringer = TLSClientConfig{}
-
-type sanitizedTLSClientConfig TLSClientConfig
-
-// GoString implements fmt.GoStringer and sanitizes sensitive fields of
-// TLSClientConfig to prevent accidental leaking via logs.
-func (c TLSClientConfig) GoString() string {
- return c.String()
-}
-
-// String implements fmt.Stringer and sanitizes sensitive fields of
-// TLSClientConfig to prevent accidental leaking via logs.
-func (c TLSClientConfig) String() string {
- cc := sanitizedTLSClientConfig{
- Insecure: c.Insecure,
- ServerName: c.ServerName,
- CertFile: c.CertFile,
- KeyFile: c.KeyFile,
- CAFile: c.CAFile,
- CertData: c.CertData,
- KeyData: c.KeyData,
- CAData: c.CAData,
- }
- // Explicitly mark non-empty credential fields as redacted.
- if len(cc.CertData) != 0 {
- cc.CertData = []byte("--- TRUNCATED ---")
- }
- if len(cc.KeyData) != 0 {
- cc.KeyData = []byte("--- REDACTED ---")
- }
- return fmt.Sprintf("%#v", cc)
-}
-
-type ContentConfig struct {
- // AcceptContentTypes specifies the types the client will accept and is optional.
- // If not set, ContentType will be used to define the Accept header
- AcceptContentTypes string
- // ContentType specifies the wire format used to communicate with the server.
- // This value will be set as the Accept header on requests made to the server, and
- // as the default content type on any object sent to the server. If not set,
- // "application/json" is used.
- ContentType string
- // GroupVersion is the API version to talk to. Must be provided when initializing
- // a RESTClient directly. When initializing a Client, will be set with the default
- // code version.
- GroupVersion *schema.GroupVersion
- // NegotiatedSerializer is used for obtaining encoders and decoders for multiple
- // supported media types.
- NegotiatedSerializer runtime.NegotiatedSerializer
-}
-
-// RESTClientFor returns a RESTClient that satisfies the requested attributes on a client Config
-// object. Note that a RESTClient may require fields that are optional when initializing a Client.
-// A RESTClient created by this method is generic - it expects to operate on an API that follows
-// the Kubernetes conventions, but may not be the Kubernetes API.
-func RESTClientFor(config *Config) (*RESTClient, error) {
- if config.GroupVersion == nil {
- return nil, fmt.Errorf("GroupVersion is required when initializing a RESTClient")
- }
- if config.NegotiatedSerializer == nil {
- return nil, fmt.Errorf("NegotiatedSerializer is required when initializing a RESTClient")
- }
- qps := config.QPS
- if config.QPS == 0.0 {
- qps = DefaultQPS
- }
- burst := config.Burst
- if config.Burst == 0 {
- burst = DefaultBurst
- }
-
- baseURL, versionedAPIPath, err := defaultServerUrlFor(config)
- if err != nil {
- return nil, err
- }
-
- transport, err := TransportFor(config)
- if err != nil {
- return nil, err
- }
-
- var httpClient *http.Client
- if transport != http.DefaultTransport {
- httpClient = &http.Client{Transport: transport}
- if config.Timeout > 0 {
- httpClient.Timeout = config.Timeout
- }
- }
-
- return NewRESTClient(baseURL, versionedAPIPath, config.ContentConfig, qps, burst, config.RateLimiter, httpClient)
-}
-
-// UnversionedRESTClientFor is the same as RESTClientFor, except that it allows
-// the config.Version to be empty.
-func UnversionedRESTClientFor(config *Config) (*RESTClient, error) {
- if config.NegotiatedSerializer == nil {
- return nil, fmt.Errorf("NegotiatedSerializer is required when initializing a RESTClient")
- }
-
- baseURL, versionedAPIPath, err := defaultServerUrlFor(config)
- if err != nil {
- return nil, err
- }
-
- transport, err := TransportFor(config)
- if err != nil {
- return nil, err
- }
-
- var httpClient *http.Client
- if transport != http.DefaultTransport {
- httpClient = &http.Client{Transport: transport}
- if config.Timeout > 0 {
- httpClient.Timeout = config.Timeout
- }
- }
-
- versionConfig := config.ContentConfig
- if versionConfig.GroupVersion == nil {
- v := metav1.SchemeGroupVersion
- versionConfig.GroupVersion = &v
- }
-
- return NewRESTClient(baseURL, versionedAPIPath, versionConfig, config.QPS, config.Burst, config.RateLimiter, httpClient)
-}
-
-// SetKubernetesDefaults sets default values on the provided client config for accessing the
-// Kubernetes API or returns an error if any of the defaults are impossible or invalid.
-func SetKubernetesDefaults(config *Config) error {
- if len(config.UserAgent) == 0 {
- config.UserAgent = DefaultKubernetesUserAgent()
- }
- return nil
-}
-
-// adjustCommit returns sufficient significant figures of the commit's git hash.
-func adjustCommit(c string) string {
- if len(c) == 0 {
- return "unknown"
- }
- if len(c) > 7 {
- return c[:7]
- }
- return c
-}
-
-// adjustVersion strips "alpha", "beta", etc. from version in form
-// major.minor.patch-[alpha|beta|etc].
-func adjustVersion(v string) string {
- if len(v) == 0 {
- return "unknown"
- }
- seg := strings.SplitN(v, "-", 2)
- return seg[0]
-}
-
-// adjustCommand returns the last component of the
-// OS-specific command path for use in User-Agent.
-func adjustCommand(p string) string {
- // Unlikely, but better than returning "".
- if len(p) == 0 {
- return "unknown"
- }
- return filepath.Base(p)
-}
-
-// buildUserAgent builds a User-Agent string from given args.
-func buildUserAgent(command, version, os, arch, commit string) string {
- return fmt.Sprintf(
- "%s/%s (%s/%s) kubernetes/%s", command, version, os, arch, commit)
-}
-
-// DefaultKubernetesUserAgent returns a User-Agent string built from static global vars.
-func DefaultKubernetesUserAgent() string {
- return buildUserAgent(
- adjustCommand(os.Args[0]),
- adjustVersion(version.Get().GitVersion),
- gruntime.GOOS,
- gruntime.GOARCH,
- adjustCommit(version.Get().GitCommit))
-}
-
-// InClusterConfig returns a config object which uses the service account
-// kubernetes gives to pods. It's intended for clients that expect to be
-// running inside a pod running on kubernetes. It will return ErrNotInCluster
-// if called from a process not running in a kubernetes environment.
-func InClusterConfig() (*Config, error) {
- const (
- tokenFile = "/var/run/secrets/kubernetes.io/serviceaccount/token"
- rootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
- )
- host, port := os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT")
- if len(host) == 0 || len(port) == 0 {
- return nil, ErrNotInCluster
- }
-
- token, err := ioutil.ReadFile(tokenFile)
- if err != nil {
- return nil, err
- }
-
- tlsClientConfig := TLSClientConfig{}
-
- if _, err := certutil.NewPool(rootCAFile); err != nil {
- klog.Errorf("Expected to load root CA config from %s, but got err: %v", rootCAFile, err)
- } else {
- tlsClientConfig.CAFile = rootCAFile
- }
-
- return &Config{
- // TODO: switch to using cluster DNS.
- Host: "https://" + net.JoinHostPort(host, port),
- TLSClientConfig: tlsClientConfig,
- BearerToken: string(token),
- BearerTokenFile: tokenFile,
- }, nil
-}
-
-// IsConfigTransportTLS returns true if and only if the provided
-// config will result in a protected connection to the server when it
-// is passed to restclient.RESTClientFor(). Use to determine when to
-// send credentials over the wire.
-//
-// Note: the Insecure flag is ignored when testing for this value, so MITM attacks are
-// still possible.
-func IsConfigTransportTLS(config Config) bool {
- baseURL, _, err := defaultServerUrlFor(&config)
- if err != nil {
- return false
- }
- return baseURL.Scheme == "https"
-}
-
-// LoadTLSFiles copies the data from the CertFile, KeyFile, and CAFile fields into the CertData,
-// KeyData, and CAFile fields, or returns an error. If no error is returned, all three fields are
-// either populated or were empty to start.
-func LoadTLSFiles(c *Config) error {
- var err error
- c.CAData, err = dataFromSliceOrFile(c.CAData, c.CAFile)
- if err != nil {
- return err
- }
-
- c.CertData, err = dataFromSliceOrFile(c.CertData, c.CertFile)
- if err != nil {
- return err
- }
-
- c.KeyData, err = dataFromSliceOrFile(c.KeyData, c.KeyFile)
- if err != nil {
- return err
- }
- return nil
-}
-
-// dataFromSliceOrFile returns data from the slice (if non-empty), or from the file,
-// or an error if an error occurred reading the file
-func dataFromSliceOrFile(data []byte, file string) ([]byte, error) {
- if len(data) > 0 {
- return data, nil
- }
- if len(file) > 0 {
- fileData, err := ioutil.ReadFile(file)
- if err != nil {
- return []byte{}, err
- }
- return fileData, nil
- }
- return nil, nil
-}
-
-func AddUserAgent(config *Config, userAgent string) *Config {
- fullUserAgent := DefaultKubernetesUserAgent() + "/" + userAgent
- config.UserAgent = fullUserAgent
- return config
-}
-
-// AnonymousClientConfig returns a copy of the given config with all user credentials (cert/key, bearer token, and username/password) and custom transports (WrapTransport, Transport) removed
-func AnonymousClientConfig(config *Config) *Config {
- // copy only known safe fields
- return &Config{
- Host: config.Host,
- APIPath: config.APIPath,
- ContentConfig: config.ContentConfig,
- TLSClientConfig: TLSClientConfig{
- Insecure: config.Insecure,
- ServerName: config.ServerName,
- CAFile: config.TLSClientConfig.CAFile,
- CAData: config.TLSClientConfig.CAData,
- },
- RateLimiter: config.RateLimiter,
- UserAgent: config.UserAgent,
- QPS: config.QPS,
- Burst: config.Burst,
- Timeout: config.Timeout,
- Dial: config.Dial,
- }
-}
-
-// CopyConfig returns a copy of the given config
-func CopyConfig(config *Config) *Config {
- return &Config{
- Host: config.Host,
- APIPath: config.APIPath,
- ContentConfig: config.ContentConfig,
- Username: config.Username,
- Password: config.Password,
- BearerToken: config.BearerToken,
- BearerTokenFile: config.BearerTokenFile,
- Impersonate: ImpersonationConfig{
- Groups: config.Impersonate.Groups,
- Extra: config.Impersonate.Extra,
- UserName: config.Impersonate.UserName,
- },
- AuthProvider: config.AuthProvider,
- AuthConfigPersister: config.AuthConfigPersister,
- ExecProvider: config.ExecProvider,
- TLSClientConfig: TLSClientConfig{
- Insecure: config.TLSClientConfig.Insecure,
- ServerName: config.TLSClientConfig.ServerName,
- CertFile: config.TLSClientConfig.CertFile,
- KeyFile: config.TLSClientConfig.KeyFile,
- CAFile: config.TLSClientConfig.CAFile,
- CertData: config.TLSClientConfig.CertData,
- KeyData: config.TLSClientConfig.KeyData,
- CAData: config.TLSClientConfig.CAData,
- },
- UserAgent: config.UserAgent,
- Transport: config.Transport,
- WrapTransport: config.WrapTransport,
- QPS: config.QPS,
- Burst: config.Burst,
- RateLimiter: config.RateLimiter,
- Timeout: config.Timeout,
- Dial: config.Dial,
- }
-}
diff --git a/vendor/k8s.io/client-go/rest/plugin.go b/vendor/k8s.io/client-go/rest/plugin.go
deleted file mode 100644
index 83ef5ae32..000000000
--- a/vendor/k8s.io/client-go/rest/plugin.go
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rest
-
-import (
- "fmt"
- "net/http"
- "sync"
-
- "k8s.io/klog"
-
- clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
-)
-
-type AuthProvider interface {
- // WrapTransport allows the plugin to create a modified RoundTripper that
- // attaches authorization headers (or other info) to requests.
- WrapTransport(http.RoundTripper) http.RoundTripper
- // Login allows the plugin to initialize its configuration. It must not
- // require direct user interaction.
- Login() error
-}
-
-// Factory generates an AuthProvider plugin.
-// clusterAddress is the address of the current cluster.
-// config is the initial configuration for this plugin.
-// persister allows the plugin to save updated configuration.
-type Factory func(clusterAddress string, config map[string]string, persister AuthProviderConfigPersister) (AuthProvider, error)
-
-// AuthProviderConfigPersister allows a plugin to persist configuration info
-// for just itself.
-type AuthProviderConfigPersister interface {
- Persist(map[string]string) error
-}
-
-// All registered auth provider plugins.
-var pluginsLock sync.Mutex
-var plugins = make(map[string]Factory)
-
-func RegisterAuthProviderPlugin(name string, plugin Factory) error {
- pluginsLock.Lock()
- defer pluginsLock.Unlock()
- if _, found := plugins[name]; found {
- return fmt.Errorf("Auth Provider Plugin %q was registered twice", name)
- }
- klog.V(4).Infof("Registered Auth Provider Plugin %q", name)
- plugins[name] = plugin
- return nil
-}
-
-func GetAuthProvider(clusterAddress string, apc *clientcmdapi.AuthProviderConfig, persister AuthProviderConfigPersister) (AuthProvider, error) {
- pluginsLock.Lock()
- defer pluginsLock.Unlock()
- p, ok := plugins[apc.Name]
- if !ok {
- return nil, fmt.Errorf("No Auth Provider found for name %q", apc.Name)
- }
- return p(clusterAddress, apc.Config, persister)
-}
diff --git a/vendor/k8s.io/client-go/rest/request.go b/vendor/k8s.io/client-go/rest/request.go
deleted file mode 100644
index 0570615fc..000000000
--- a/vendor/k8s.io/client-go/rest/request.go
+++ /dev/null
@@ -1,1206 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rest
-
-import (
- "bytes"
- "context"
- "encoding/hex"
- "fmt"
- "io"
- "io/ioutil"
- "mime"
- "net/http"
- "net/url"
- "path"
- "reflect"
- "strconv"
- "strings"
- "time"
-
- "golang.org/x/net/http2"
- "k8s.io/apimachinery/pkg/api/errors"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/schema"
- "k8s.io/apimachinery/pkg/runtime/serializer/streaming"
- "k8s.io/apimachinery/pkg/util/net"
- "k8s.io/apimachinery/pkg/watch"
- restclientwatch "k8s.io/client-go/rest/watch"
- "k8s.io/client-go/tools/metrics"
- "k8s.io/client-go/util/flowcontrol"
- "k8s.io/klog"
-)
-
-var (
- // longThrottleLatency defines threshold for logging requests. All requests being
- // throttle for more than longThrottleLatency will be logged.
- longThrottleLatency = 50 * time.Millisecond
-)
-
-// HTTPClient is an interface for testing a request object.
-type HTTPClient interface {
- Do(req *http.Request) (*http.Response, error)
-}
-
-// ResponseWrapper is an interface for getting a response.
-// The response may be either accessed as a raw data (the whole output is put into memory) or as a stream.
-type ResponseWrapper interface {
- DoRaw() ([]byte, error)
- Stream() (io.ReadCloser, error)
-}
-
-// RequestConstructionError is returned when there's an error assembling a request.
-type RequestConstructionError struct {
- Err error
-}
-
-// Error returns a textual description of 'r'.
-func (r *RequestConstructionError) Error() string {
- return fmt.Sprintf("request construction error: '%v'", r.Err)
-}
-
-// Request allows for building up a request to a server in a chained fashion.
-// Any errors are stored until the end of your call, so you only have to
-// check once.
-type Request struct {
- // required
- client HTTPClient
- verb string
-
- baseURL *url.URL
- content ContentConfig
- serializers Serializers
-
- // generic components accessible via method setters
- pathPrefix string
- subpath string
- params url.Values
- headers http.Header
-
- // structural elements of the request that are part of the Kubernetes API conventions
- namespace string
- namespaceSet bool
- resource string
- resourceName string
- subresource string
- timeout time.Duration
-
- // output
- err error
- body io.Reader
-
- // This is only used for per-request timeouts, deadlines, and cancellations.
- ctx context.Context
-
- backoffMgr BackoffManager
- throttle flowcontrol.RateLimiter
-}
-
-// NewRequest creates a new request helper object for accessing runtime.Objects on a server.
-func NewRequest(client HTTPClient, verb string, baseURL *url.URL, versionedAPIPath string, content ContentConfig, serializers Serializers, backoff BackoffManager, throttle flowcontrol.RateLimiter, timeout time.Duration) *Request {
- if backoff == nil {
- klog.V(2).Infof("Not implementing request backoff strategy.")
- backoff = &NoBackoff{}
- }
-
- pathPrefix := "/"
- if baseURL != nil {
- pathPrefix = path.Join(pathPrefix, baseURL.Path)
- }
- r := &Request{
- client: client,
- verb: verb,
- baseURL: baseURL,
- pathPrefix: path.Join(pathPrefix, versionedAPIPath),
- content: content,
- serializers: serializers,
- backoffMgr: backoff,
- throttle: throttle,
- timeout: timeout,
- }
- switch {
- case len(content.AcceptContentTypes) > 0:
- r.SetHeader("Accept", content.AcceptContentTypes)
- case len(content.ContentType) > 0:
- r.SetHeader("Accept", content.ContentType+", */*")
- }
- return r
-}
-
-// Prefix adds segments to the relative beginning to the request path. These
-// items will be placed before the optional Namespace, Resource, or Name sections.
-// Setting AbsPath will clear any previously set Prefix segments
-func (r *Request) Prefix(segments ...string) *Request {
- if r.err != nil {
- return r
- }
- r.pathPrefix = path.Join(r.pathPrefix, path.Join(segments...))
- return r
-}
-
-// Suffix appends segments to the end of the path. These items will be placed after the prefix and optional
-// Namespace, Resource, or Name sections.
-func (r *Request) Suffix(segments ...string) *Request {
- if r.err != nil {
- return r
- }
- r.subpath = path.Join(r.subpath, path.Join(segments...))
- return r
-}
-
-// Resource sets the resource to access (<resource>/[ns/<namespace>/]<name>)
-func (r *Request) Resource(resource string) *Request {
- if r.err != nil {
- return r
- }
- if len(r.resource) != 0 {
- r.err = fmt.Errorf("resource already set to %q, cannot change to %q", r.resource, resource)
- return r
- }
- if msgs := IsValidPathSegmentName(resource); len(msgs) != 0 {
- r.err = fmt.Errorf("invalid resource %q: %v", resource, msgs)
- return r
- }
- r.resource = resource
- return r
-}
-
-// BackOff sets the request's backoff manager to the one specified,
-// or defaults to the stub implementation if nil is provided
-func (r *Request) BackOff(manager BackoffManager) *Request {
- if manager == nil {
- r.backoffMgr = &NoBackoff{}
- return r
- }
-
- r.backoffMgr = manager
- return r
-}
-
-// Throttle receives a rate-limiter and sets or replaces an existing request limiter
-func (r *Request) Throttle(limiter flowcontrol.RateLimiter) *Request {
- r.throttle = limiter
- return r
-}
-
-// SubResource sets a sub-resource path which can be multiple segments after the resource
-// name but before the suffix.
-func (r *Request) SubResource(subresources ...string) *Request {
- if r.err != nil {
- return r
- }
- subresource := path.Join(subresources...)
- if len(r.subresource) != 0 {
- r.err = fmt.Errorf("subresource already set to %q, cannot change to %q", r.resource, subresource)
- return r
- }
- for _, s := range subresources {
- if msgs := IsValidPathSegmentName(s); len(msgs) != 0 {
- r.err = fmt.Errorf("invalid subresource %q: %v", s, msgs)
- return r
- }
- }
- r.subresource = subresource
- return r
-}
-
-// Name sets the name of a resource to access (<resource>/[ns/<namespace>/]<name>)
-func (r *Request) Name(resourceName string) *Request {
- if r.err != nil {
- return r
- }
- if len(resourceName) == 0 {
- r.err = fmt.Errorf("resource name may not be empty")
- return r
- }
- if len(r.resourceName) != 0 {
- r.err = fmt.Errorf("resource name already set to %q, cannot change to %q", r.resourceName, resourceName)
- return r
- }
- if msgs := IsValidPathSegmentName(resourceName); len(msgs) != 0 {
- r.err = fmt.Errorf("invalid resource name %q: %v", resourceName, msgs)
- return r
- }
- r.resourceName = resourceName
- return r
-}
-
-// Namespace applies the namespace scope to a request (<resource>/[ns/<namespace>/]<name>)
-func (r *Request) Namespace(namespace string) *Request {
- if r.err != nil {
- return r
- }
- if r.namespaceSet {
- r.err = fmt.Errorf("namespace already set to %q, cannot change to %q", r.namespace, namespace)
- return r
- }
- if msgs := IsValidPathSegmentName(namespace); len(msgs) != 0 {
- r.err = fmt.Errorf("invalid namespace %q: %v", namespace, msgs)
- return r
- }
- r.namespaceSet = true
- r.namespace = namespace
- return r
-}
-
-// NamespaceIfScoped is a convenience function to set a namespace if scoped is true
-func (r *Request) NamespaceIfScoped(namespace string, scoped bool) *Request {
- if scoped {
- return r.Namespace(namespace)
- }
- return r
-}
-
-// AbsPath overwrites an existing path with the segments provided. Trailing slashes are preserved
-// when a single segment is passed.
-func (r *Request) AbsPath(segments ...string) *Request {
- if r.err != nil {
- return r
- }
- r.pathPrefix = path.Join(r.baseURL.Path, path.Join(segments...))
- if len(segments) == 1 && (len(r.baseURL.Path) > 1 || len(segments[0]) > 1) && strings.HasSuffix(segments[0], "/") {
- // preserve any trailing slashes for legacy behavior
- r.pathPrefix += "/"
- }
- return r
-}
-
-// RequestURI overwrites existing path and parameters with the value of the provided server relative
-// URI.
-func (r *Request) RequestURI(uri string) *Request {
- if r.err != nil {
- return r
- }
- locator, err := url.Parse(uri)
- if err != nil {
- r.err = err
- return r
- }
- r.pathPrefix = locator.Path
- if len(locator.Query()) > 0 {
- if r.params == nil {
- r.params = make(url.Values)
- }
- for k, v := range locator.Query() {
- r.params[k] = v
- }
- }
- return r
-}
-
-// Param creates a query parameter with the given string value.
-func (r *Request) Param(paramName, s string) *Request {
- if r.err != nil {
- return r
- }
- return r.setParam(paramName, s)
-}
-
-// VersionedParams will take the provided object, serialize it to a map[string][]string using the
-// implicit RESTClient API version and the default parameter codec, and then add those as parameters
-// to the request. Use this to provide versioned query parameters from client libraries.
-// VersionedParams will not write query parameters that have omitempty set and are empty. If a
-// parameter has already been set it is appended to (Params and VersionedParams are additive).
-func (r *Request) VersionedParams(obj runtime.Object, codec runtime.ParameterCodec) *Request {
- return r.SpecificallyVersionedParams(obj, codec, *r.content.GroupVersion)
-}
-
-func (r *Request) SpecificallyVersionedParams(obj runtime.Object, codec runtime.ParameterCodec, version schema.GroupVersion) *Request {
- if r.err != nil {
- return r
- }
- params, err := codec.EncodeParameters(obj, version)
- if err != nil {
- r.err = err
- return r
- }
- for k, v := range params {
- if r.params == nil {
- r.params = make(url.Values)
- }
- r.params[k] = append(r.params[k], v...)
- }
- return r
-}
-
-func (r *Request) setParam(paramName, value string) *Request {
- if r.params == nil {
- r.params = make(url.Values)
- }
- r.params[paramName] = append(r.params[paramName], value)
- return r
-}
-
-func (r *Request) SetHeader(key string, values ...string) *Request {
- if r.headers == nil {
- r.headers = http.Header{}
- }
- r.headers.Del(key)
- for _, value := range values {
- r.headers.Add(key, value)
- }
- return r
-}
-
-// Timeout makes the request use the given duration as an overall timeout for the
-// request. Additionally, if set passes the value as "timeout" parameter in URL.
-func (r *Request) Timeout(d time.Duration) *Request {
- if r.err != nil {
- return r
- }
- r.timeout = d
- return r
-}
-
-// Body makes the request use obj as the body. Optional.
-// If obj is a string, try to read a file of that name.
-// If obj is a []byte, send it directly.
-// If obj is an io.Reader, use it directly.
-// If obj is a runtime.Object, marshal it correctly, and set Content-Type header.
-// If obj is a runtime.Object and nil, do nothing.
-// Otherwise, set an error.
-func (r *Request) Body(obj interface{}) *Request {
- if r.err != nil {
- return r
- }
- switch t := obj.(type) {
- case string:
- data, err := ioutil.ReadFile(t)
- if err != nil {
- r.err = err
- return r
- }
- glogBody("Request Body", data)
- r.body = bytes.NewReader(data)
- case []byte:
- glogBody("Request Body", t)
- r.body = bytes.NewReader(t)
- case io.Reader:
- r.body = t
- case runtime.Object:
- // callers may pass typed interface pointers, therefore we must check nil with reflection
- if reflect.ValueOf(t).IsNil() {
- return r
- }
- data, err := runtime.Encode(r.serializers.Encoder, t)
- if err != nil {
- r.err = err
- return r
- }
- glogBody("Request Body", data)
- r.body = bytes.NewReader(data)
- r.SetHeader("Content-Type", r.content.ContentType)
- default:
- r.err = fmt.Errorf("unknown type used for body: %+v", obj)
- }
- return r
-}
-
-// Context adds a context to the request. Contexts are only used for
-// timeouts, deadlines, and cancellations.
-func (r *Request) Context(ctx context.Context) *Request {
- r.ctx = ctx
- return r
-}
-
-// URL returns the current working URL.
-func (r *Request) URL() *url.URL {
- p := r.pathPrefix
- if r.namespaceSet && len(r.namespace) > 0 {
- p = path.Join(p, "namespaces", r.namespace)
- }
- if len(r.resource) != 0 {
- p = path.Join(p, strings.ToLower(r.resource))
- }
- // Join trims trailing slashes, so preserve r.pathPrefix's trailing slash for backwards compatibility if nothing was changed
- if len(r.resourceName) != 0 || len(r.subpath) != 0 || len(r.subresource) != 0 {
- p = path.Join(p, r.resourceName, r.subresource, r.subpath)
- }
-
- finalURL := &url.URL{}
- if r.baseURL != nil {
- *finalURL = *r.baseURL
- }
- finalURL.Path = p
-
- query := url.Values{}
- for key, values := range r.params {
- for _, value := range values {
- query.Add(key, value)
- }
- }
-
- // timeout is handled specially here.
- if r.timeout != 0 {
- query.Set("timeout", r.timeout.String())
- }
- finalURL.RawQuery = query.Encode()
- return finalURL
-}
-
-// finalURLTemplate is similar to URL(), but will make all specific parameter values equal
-// - instead of name or namespace, "{name}" and "{namespace}" will be used, and all query
-// parameters will be reset. This creates a copy of the url so as not to change the
-// underlying object.
-func (r Request) finalURLTemplate() url.URL {
- newParams := url.Values{}
- v := []string{"{value}"}
- for k := range r.params {
- newParams[k] = v
- }
- r.params = newParams
- url := r.URL()
- segments := strings.Split(r.URL().Path, "/")
- groupIndex := 0
- index := 0
- if r.URL() != nil && r.baseURL != nil && strings.Contains(r.URL().Path, r.baseURL.Path) {
- groupIndex += len(strings.Split(r.baseURL.Path, "/"))
- }
- if groupIndex >= len(segments) {
- return *url
- }
-
- const CoreGroupPrefix = "api"
- const NamedGroupPrefix = "apis"
- isCoreGroup := segments[groupIndex] == CoreGroupPrefix
- isNamedGroup := segments[groupIndex] == NamedGroupPrefix
- if isCoreGroup {
- // checking the case of core group with /api/v1/... format
- index = groupIndex + 2
- } else if isNamedGroup {
- // checking the case of named group with /apis/apps/v1/... format
- index = groupIndex + 3
- } else {
- // this should not happen that the only two possibilities are /api... and /apis..., just want to put an
- // outlet here in case more API groups are added in future if ever possible:
- // https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-groups
- // if a wrong API groups name is encountered, return the {prefix} for url.Path
- url.Path = "/{prefix}"
- url.RawQuery = ""
- return *url
- }
- //switch segLength := len(segments) - index; segLength {
- switch {
- // case len(segments) - index == 1:
- // resource (with no name) do nothing
- case len(segments)-index == 2:
- // /$RESOURCE/$NAME: replace $NAME with {name}
- segments[index+1] = "{name}"
- case len(segments)-index == 3:
- if segments[index+2] == "finalize" || segments[index+2] == "status" {
- // /$RESOURCE/$NAME/$SUBRESOURCE: replace $NAME with {name}
- segments[index+1] = "{name}"
- } else {
- // /namespace/$NAMESPACE/$RESOURCE: replace $NAMESPACE with {namespace}
- segments[index+1] = "{namespace}"
- }
- case len(segments)-index >= 4:
- segments[index+1] = "{namespace}"
- // /namespace/$NAMESPACE/$RESOURCE/$NAME: replace $NAMESPACE with {namespace}, $NAME with {name}
- if segments[index+3] != "finalize" && segments[index+3] != "status" {
- // /$RESOURCE/$NAME/$SUBRESOURCE: replace $NAME with {name}
- segments[index+3] = "{name}"
- }
- }
- url.Path = path.Join(segments...)
- return *url
-}
-
-func (r *Request) tryThrottle() {
- now := time.Now()
- if r.throttle != nil {
- r.throttle.Accept()
- }
- if latency := time.Since(now); latency > longThrottleLatency {
- klog.V(4).Infof("Throttling request took %v, request: %s:%s", latency, r.verb, r.URL().String())
- }
-}
-
-// Watch attempts to begin watching the requested location.
-// Returns a watch.Interface, or an error.
-func (r *Request) Watch() (watch.Interface, error) {
- return r.WatchWithSpecificDecoders(
- func(body io.ReadCloser) streaming.Decoder {
- framer := r.serializers.Framer.NewFrameReader(body)
- return streaming.NewDecoder(framer, r.serializers.StreamingSerializer)
- },
- r.serializers.Decoder,
- )
-}
-
-// WatchWithSpecificDecoders attempts to begin watching the requested location with a *different* decoder.
-// Turns out that you want one "standard" decoder for the watch event and one "personal" decoder for the content
-// Returns a watch.Interface, or an error.
-func (r *Request) WatchWithSpecificDecoders(wrapperDecoderFn func(io.ReadCloser) streaming.Decoder, embeddedDecoder runtime.Decoder) (watch.Interface, error) {
- // We specifically don't want to rate limit watches, so we
- // don't use r.throttle here.
- if r.err != nil {
- return nil, r.err
- }
- if r.serializers.Framer == nil {
- return nil, fmt.Errorf("watching resources is not possible with this client (content-type: %s)", r.content.ContentType)
- }
-
- url := r.URL().String()
- req, err := http.NewRequest(r.verb, url, r.body)
- if err != nil {
- return nil, err
- }
- if r.ctx != nil {
- req = req.WithContext(r.ctx)
- }
- req.Header = r.headers
- client := r.client
- if client == nil {
- client = http.DefaultClient
- }
- r.backoffMgr.Sleep(r.backoffMgr.CalculateBackoff(r.URL()))
- resp, err := client.Do(req)
- updateURLMetrics(r, resp, err)
- if r.baseURL != nil {
- if err != nil {
- r.backoffMgr.UpdateBackoff(r.baseURL, err, 0)
- } else {
- r.backoffMgr.UpdateBackoff(r.baseURL, err, resp.StatusCode)
- }
- }
- if err != nil {
- // The watch stream mechanism handles many common partial data errors, so closed
- // connections can be retried in many cases.
- if net.IsProbableEOF(err) {
- return watch.NewEmptyWatch(), nil
- }
- return nil, err
- }
- if resp.StatusCode != http.StatusOK {
- defer resp.Body.Close()
- if result := r.transformResponse(resp, req); result.err != nil {
- return nil, result.err
- }
- return nil, fmt.Errorf("for request %s, got status: %v", url, resp.StatusCode)
- }
- wrapperDecoder := wrapperDecoderFn(resp.Body)
- return watch.NewStreamWatcher(
- restclientwatch.NewDecoder(wrapperDecoder, embeddedDecoder),
- // use 500 to indicate that the cause of the error is unknown - other error codes
- // are more specific to HTTP interactions, and set a reason
- errors.NewClientErrorReporter(http.StatusInternalServerError, r.verb, "ClientWatchDecoding"),
- ), nil
-}
-
-// updateURLMetrics is a convenience function for pushing metrics.
-// It also handles corner cases for incomplete/invalid request data.
-func updateURLMetrics(req *Request, resp *http.Response, err error) {
- url := "none"
- if req.baseURL != nil {
- url = req.baseURL.Host
- }
-
- // Errors can be arbitrary strings. Unbound label cardinality is not suitable for a metric
- // system so we just report them as `<error>`.
- if err != nil {
- metrics.RequestResult.Increment("<error>", req.verb, url)
- } else {
- //Metrics for failure codes
- metrics.RequestResult.Increment(strconv.Itoa(resp.StatusCode), req.verb, url)
- }
-}
-
-// Stream formats and executes the request, and offers streaming of the response.
-// Returns io.ReadCloser which could be used for streaming of the response, or an error
-// Any non-2xx http status code causes an error. If we get a non-2xx code, we try to convert the body into an APIStatus object.
-// If we can, we return that as an error. Otherwise, we create an error that lists the http status and the content of the response.
-func (r *Request) Stream() (io.ReadCloser, error) {
- if r.err != nil {
- return nil, r.err
- }
-
- r.tryThrottle()
-
- url := r.URL().String()
- req, err := http.NewRequest(r.verb, url, nil)
- if err != nil {
- return nil, err
- }
- if r.ctx != nil {
- req = req.WithContext(r.ctx)
- }
- req.Header = r.headers
- client := r.client
- if client == nil {
- client = http.DefaultClient
- }
- r.backoffMgr.Sleep(r.backoffMgr.CalculateBackoff(r.URL()))
- resp, err := client.Do(req)
- updateURLMetrics(r, resp, err)
- if r.baseURL != nil {
- if err != nil {
- r.backoffMgr.UpdateBackoff(r.URL(), err, 0)
- } else {
- r.backoffMgr.UpdateBackoff(r.URL(), err, resp.StatusCode)
- }
- }
- if err != nil {
- return nil, err
- }
-
- switch {
- case (resp.StatusCode >= 200) && (resp.StatusCode < 300):
- return resp.Body, nil
-
- default:
- // ensure we close the body before returning the error
- defer resp.Body.Close()
-
- result := r.transformResponse(resp, req)
- err := result.Error()
- if err == nil {
- err = fmt.Errorf("%d while accessing %v: %s", result.statusCode, url, string(result.body))
- }
- return nil, err
- }
-}
-
-// request connects to the server and invokes the provided function when a server response is
-// received. It handles retry behavior and up front validation of requests. It will invoke
-// fn at most once. It will return an error if a problem occurred prior to connecting to the
-// server - the provided function is responsible for handling server errors.
-func (r *Request) request(fn func(*http.Request, *http.Response)) error {
- //Metrics for total request latency
- start := time.Now()
- defer func() {
- metrics.RequestLatency.Observe(r.verb, r.finalURLTemplate(), time.Since(start))
- }()
-
- if r.err != nil {
- klog.V(4).Infof("Error in request: %v", r.err)
- return r.err
- }
-
- // TODO: added to catch programmer errors (invoking operations with an object with an empty namespace)
- if (r.verb == "GET" || r.verb == "PUT" || r.verb == "DELETE") && r.namespaceSet && len(r.resourceName) > 0 && len(r.namespace) == 0 {
- return fmt.Errorf("an empty namespace may not be set when a resource name is provided")
- }
- if (r.verb == "POST") && r.namespaceSet && len(r.namespace) == 0 {
- return fmt.Errorf("an empty namespace may not be set during creation")
- }
-
- client := r.client
- if client == nil {
- client = http.DefaultClient
- }
-
- // Right now we make about ten retry attempts if we get a Retry-After response.
- maxRetries := 10
- retries := 0
- for {
- url := r.URL().String()
- req, err := http.NewRequest(r.verb, url, r.body)
- if err != nil {
- return err
- }
- if r.timeout > 0 {
- if r.ctx == nil {
- r.ctx = context.Background()
- }
- var cancelFn context.CancelFunc
- r.ctx, cancelFn = context.WithTimeout(r.ctx, r.timeout)
- defer cancelFn()
- }
- if r.ctx != nil {
- req = req.WithContext(r.ctx)
- }
- req.Header = r.headers
-
- r.backoffMgr.Sleep(r.backoffMgr.CalculateBackoff(r.URL()))
- if retries > 0 {
- // We are retrying the request that we already send to apiserver
- // at least once before.
- // This request should also be throttled with the client-internal throttler.
- r.tryThrottle()
- }
- resp, err := client.Do(req)
- updateURLMetrics(r, resp, err)
- if err != nil {
- r.backoffMgr.UpdateBackoff(r.URL(), err, 0)
- } else {
- r.backoffMgr.UpdateBackoff(r.URL(), err, resp.StatusCode)
- }
- if err != nil {
- // "Connection reset by peer" is usually a transient error.
- // Thus in case of "GET" operations, we simply retry it.
- // We are not automatically retrying "write" operations, as
- // they are not idempotent.
- if !net.IsConnectionReset(err) || r.verb != "GET" {
- return err
- }
- // For the purpose of retry, we set the artificial "retry-after" response.
- // TODO: Should we clean the original response if it exists?
- resp = &http.Response{
- StatusCode: http.StatusInternalServerError,
- Header: http.Header{"Retry-After": []string{"1"}},
- Body: ioutil.NopCloser(bytes.NewReader([]byte{})),
- }
- }
-
- done := func() bool {
- // Ensure the response body is fully read and closed
- // before we reconnect, so that we reuse the same TCP
- // connection.
- defer func() {
- const maxBodySlurpSize = 2 << 10
- if resp.ContentLength <= maxBodySlurpSize {
- io.Copy(ioutil.Discard, &io.LimitedReader{R: resp.Body, N: maxBodySlurpSize})
- }
- resp.Body.Close()
- }()
-
- retries++
- if seconds, wait := checkWait(resp); wait && retries < maxRetries {
- if seeker, ok := r.body.(io.Seeker); ok && r.body != nil {
- _, err := seeker.Seek(0, 0)
- if err != nil {
- klog.V(4).Infof("Could not retry request, can't Seek() back to beginning of body for %T", r.body)
- fn(req, resp)
- return true
- }
- }
-
- klog.V(4).Infof("Got a Retry-After %ds response for attempt %d to %v", seconds, retries, url)
- r.backoffMgr.Sleep(time.Duration(seconds) * time.Second)
- return false
- }
- fn(req, resp)
- return true
- }()
- if done {
- return nil
- }
- }
-}
-
-// Do formats and executes the request. Returns a Result object for easy response
-// processing.
-//
-// Error type:
-// * If the request can't be constructed, or an error happened earlier while building its
-// arguments: *RequestConstructionError
-// * If the server responds with a status: *errors.StatusError or *errors.UnexpectedObjectError
-// * http.Client.Do errors are returned directly.
-func (r *Request) Do() Result {
- r.tryThrottle()
-
- var result Result
- err := r.request(func(req *http.Request, resp *http.Response) {
- result = r.transformResponse(resp, req)
- })
- if err != nil {
- return Result{err: err}
- }
- return result
-}
-
-// DoRaw executes the request but does not process the response body.
-func (r *Request) DoRaw() ([]byte, error) {
- r.tryThrottle()
-
- var result Result
- err := r.request(func(req *http.Request, resp *http.Response) {
- result.body, result.err = ioutil.ReadAll(resp.Body)
- glogBody("Response Body", result.body)
- if resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusPartialContent {
- result.err = r.transformUnstructuredResponseError(resp, req, result.body)
- }
- })
- if err != nil {
- return nil, err
- }
- return result.body, result.err
-}
-
-// transformResponse converts an API response into a structured API object
-func (r *Request) transformResponse(resp *http.Response, req *http.Request) Result {
- var body []byte
- if resp.Body != nil {
- data, err := ioutil.ReadAll(resp.Body)
- switch err.(type) {
- case nil:
- body = data
- case http2.StreamError:
- // This is trying to catch the scenario that the server may close the connection when sending the
- // response body. This can be caused by server timeout due to a slow network connection.
- // TODO: Add test for this. Steps may be:
- // 1. client-go (or kubectl) sends a GET request.
- // 2. Apiserver sends back the headers and then part of the body
- // 3. Apiserver closes connection.
- // 4. client-go should catch this and return an error.
- klog.V(2).Infof("Stream error %#v when reading response body, may be caused by closed connection.", err)
- streamErr := fmt.Errorf("Stream error when reading response body, may be caused by closed connection. Please retry. Original error: %v", err)
- return Result{
- err: streamErr,
- }
- default:
- klog.Errorf("Unexpected error when reading response body: %v", err)
- unexpectedErr := fmt.Errorf("Unexpected error when reading response body. Please retry. Original error: %v", err)
- return Result{
- err: unexpectedErr,
- }
- }
- }
-
- glogBody("Response Body", body)
-
- // verify the content type is accurate
- contentType := resp.Header.Get("Content-Type")
- decoder := r.serializers.Decoder
- if len(contentType) > 0 && (decoder == nil || (len(r.content.ContentType) > 0 && contentType != r.content.ContentType)) {
- mediaType, params, err := mime.ParseMediaType(contentType)
- if err != nil {
- return Result{err: errors.NewInternalError(err)}
- }
- decoder, err = r.serializers.RenegotiatedDecoder(mediaType, params)
- if err != nil {
- // if we fail to negotiate a decoder, treat this as an unstructured error
- switch {
- case resp.StatusCode == http.StatusSwitchingProtocols:
- // no-op, we've been upgraded
- case resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusPartialContent:
- return Result{err: r.transformUnstructuredResponseError(resp, req, body)}
- }
- return Result{
- body: body,
- contentType: contentType,
- statusCode: resp.StatusCode,
- }
- }
- }
-
- switch {
- case resp.StatusCode == http.StatusSwitchingProtocols:
- // no-op, we've been upgraded
- case resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusPartialContent:
- // calculate an unstructured error from the response which the Result object may use if the caller
- // did not return a structured error.
- retryAfter, _ := retryAfterSeconds(resp)
- err := r.newUnstructuredResponseError(body, isTextResponse(resp), resp.StatusCode, req.Method, retryAfter)
- return Result{
- body: body,
- contentType: contentType,
- statusCode: resp.StatusCode,
- decoder: decoder,
- err: err,
- }
- }
-
- return Result{
- body: body,
- contentType: contentType,
- statusCode: resp.StatusCode,
- decoder: decoder,
- }
-}
-
-// truncateBody decides if the body should be truncated, based on the glog Verbosity.
-func truncateBody(body string) string {
- max := 0
- switch {
- case bool(klog.V(10)):
- return body
- case bool(klog.V(9)):
- max = 10240
- case bool(klog.V(8)):
- max = 1024
- }
-
- if len(body) <= max {
- return body
- }
-
- return body[:max] + fmt.Sprintf(" [truncated %d chars]", len(body)-max)
-}
-
-// glogBody logs a body output that could be either JSON or protobuf. It explicitly guards against
-// allocating a new string for the body output unless necessary. Uses a simple heuristic to determine
-// whether the body is printable.
-func glogBody(prefix string, body []byte) {
- if klog.V(8) {
- if bytes.IndexFunc(body, func(r rune) bool {
- return r < 0x0a
- }) != -1 {
- klog.Infof("%s:\n%s", prefix, truncateBody(hex.Dump(body)))
- } else {
- klog.Infof("%s: %s", prefix, truncateBody(string(body)))
- }
- }
-}
-
-// maxUnstructuredResponseTextBytes is an upper bound on how much output to include in the unstructured error.
-const maxUnstructuredResponseTextBytes = 2048
-
-// transformUnstructuredResponseError handles an error from the server that is not in a structured form.
-// It is expected to transform any response that is not recognizable as a clear server sent error from the
-// K8S API using the information provided with the request. In practice, HTTP proxies and client libraries
-// introduce a level of uncertainty to the responses returned by servers that in common use result in
-// unexpected responses. The rough structure is:
-//
-// 1. Assume the server sends you something sane - JSON + well defined error objects + proper codes
-// - this is the happy path
-// - when you get this output, trust what the server sends
-// 2. Guard against empty fields / bodies in received JSON and attempt to cull sufficient info from them to
-// generate a reasonable facsimile of the original failure.
-// - Be sure to use a distinct error type or flag that allows a client to distinguish between this and error 1 above
-// 3. Handle true disconnect failures / completely malformed data by moving up to a more generic client error
-// 4. Distinguish between various connection failures like SSL certificates, timeouts, proxy errors, unexpected
-// initial contact, the presence of mismatched body contents from posted content types
-// - Give these a separate distinct error type and capture as much as possible of the original message
-//
-// TODO: introduce transformation of generic http.Client.Do() errors that separates 4.
-func (r *Request) transformUnstructuredResponseError(resp *http.Response, req *http.Request, body []byte) error {
- if body == nil && resp.Body != nil {
- if data, err := ioutil.ReadAll(&io.LimitedReader{R: resp.Body, N: maxUnstructuredResponseTextBytes}); err == nil {
- body = data
- }
- }
- retryAfter, _ := retryAfterSeconds(resp)
- return r.newUnstructuredResponseError(body, isTextResponse(resp), resp.StatusCode, req.Method, retryAfter)
-}
-
-// newUnstructuredResponseError instantiates the appropriate generic error for the provided input. It also logs the body.
-func (r *Request) newUnstructuredResponseError(body []byte, isTextResponse bool, statusCode int, method string, retryAfter int) error {
- // cap the amount of output we create
- if len(body) > maxUnstructuredResponseTextBytes {
- body = body[:maxUnstructuredResponseTextBytes]
- }
-
- message := "unknown"
- if isTextResponse {
- message = strings.TrimSpace(string(body))
- }
- var groupResource schema.GroupResource
- if len(r.resource) > 0 {
- groupResource.Group = r.content.GroupVersion.Group
- groupResource.Resource = r.resource
- }
- return errors.NewGenericServerResponse(
- statusCode,
- method,
- groupResource,
- r.resourceName,
- message,
- retryAfter,
- true,
- )
-}
-
-// isTextResponse returns true if the response appears to be a textual media type.
-func isTextResponse(resp *http.Response) bool {
- contentType := resp.Header.Get("Content-Type")
- if len(contentType) == 0 {
- return true
- }
- media, _, err := mime.ParseMediaType(contentType)
- if err != nil {
- return false
- }
- return strings.HasPrefix(media, "text/")
-}
-
-// checkWait returns true along with a number of seconds if the server instructed us to wait
-// before retrying.
-func checkWait(resp *http.Response) (int, bool) {
- switch r := resp.StatusCode; {
- // any 500 error code and 429 can trigger a wait
- case r == http.StatusTooManyRequests, r >= 500:
- default:
- return 0, false
- }
- i, ok := retryAfterSeconds(resp)
- return i, ok
-}
-
-// retryAfterSeconds returns the value of the Retry-After header and true, or 0 and false if
-// the header was missing or not a valid number.
-func retryAfterSeconds(resp *http.Response) (int, bool) {
- if h := resp.Header.Get("Retry-After"); len(h) > 0 {
- if i, err := strconv.Atoi(h); err == nil {
- return i, true
- }
- }
- return 0, false
-}
-
-// Result contains the result of calling Request.Do().
-type Result struct {
- body []byte
- contentType string
- err error
- statusCode int
-
- decoder runtime.Decoder
-}
-
-// Raw returns the raw result.
-func (r Result) Raw() ([]byte, error) {
- return r.body, r.err
-}
-
-// Get returns the result as an object, which means it passes through the decoder.
-// If the returned object is of type Status and has .Status != StatusSuccess, the
-// additional information in Status will be used to enrich the error.
-func (r Result) Get() (runtime.Object, error) {
- if r.err != nil {
- // Check whether the result has a Status object in the body and prefer that.
- return nil, r.Error()
- }
- if r.decoder == nil {
- return nil, fmt.Errorf("serializer for %s doesn't exist", r.contentType)
- }
-
- // decode, but if the result is Status return that as an error instead.
- out, _, err := r.decoder.Decode(r.body, nil, nil)
- if err != nil {
- return nil, err
- }
- switch t := out.(type) {
- case *metav1.Status:
- // any status besides StatusSuccess is considered an error.
- if t.Status != metav1.StatusSuccess {
- return nil, errors.FromObject(t)
- }
- }
- return out, nil
-}
-
-// StatusCode returns the HTTP status code of the request. (Only valid if no
-// error was returned.)
-func (r Result) StatusCode(statusCode *int) Result {
- *statusCode = r.statusCode
- return r
-}
-
-// Into stores the result into obj, if possible. If obj is nil it is ignored.
-// If the returned object is of type Status and has .Status != StatusSuccess, the
-// additional information in Status will be used to enrich the error.
-func (r Result) Into(obj runtime.Object) error {
- if r.err != nil {
- // Check whether the result has a Status object in the body and prefer that.
- return r.Error()
- }
- if r.decoder == nil {
- return fmt.Errorf("serializer for %s doesn't exist", r.contentType)
- }
- if len(r.body) == 0 {
- return fmt.Errorf("0-length response with status code: %d and content type: %s",
- r.statusCode, r.contentType)
- }
-
- out, _, err := r.decoder.Decode(r.body, nil, obj)
- if err != nil || out == obj {
- return err
- }
- // if a different object is returned, see if it is Status and avoid double decoding
- // the object.
- switch t := out.(type) {
- case *metav1.Status:
- // any status besides StatusSuccess is considered an error.
- if t.Status != metav1.StatusSuccess {
- return errors.FromObject(t)
- }
- }
- return nil
-}
-
-// WasCreated updates the provided bool pointer to whether the server returned
-// 201 created or a different response.
-func (r Result) WasCreated(wasCreated *bool) Result {
- *wasCreated = r.statusCode == http.StatusCreated
- return r
-}
-
-// Error returns the error executing the request, nil if no error occurred.
-// If the returned object is of type Status and has Status != StatusSuccess, the
-// additional information in Status will be used to enrich the error.
-// See the Request.Do() comment for what errors you might get.
-func (r Result) Error() error {
- // if we have received an unexpected server error, and we have a body and decoder, we can try to extract
- // a Status object.
- if r.err == nil || !errors.IsUnexpectedServerError(r.err) || len(r.body) == 0 || r.decoder == nil {
- return r.err
- }
-
- // attempt to convert the body into a Status object
- // to be backwards compatible with old servers that do not return a version, default to "v1"
- out, _, err := r.decoder.Decode(r.body, &schema.GroupVersionKind{Version: "v1"}, nil)
- if err != nil {
- klog.V(5).Infof("body was not decodable (unable to check for Status): %v", err)
- return r.err
- }
- switch t := out.(type) {
- case *metav1.Status:
- // because we default the kind, we *must* check for StatusFailure
- if t.Status == metav1.StatusFailure {
- return errors.FromObject(t)
- }
- }
- return r.err
-}
-
-// NameMayNotBe specifies strings that cannot be used as names specified as path segments (like the REST API or etcd store)
-var NameMayNotBe = []string{".", ".."}
-
-// NameMayNotContain specifies substrings that cannot be used in names specified as path segments (like the REST API or etcd store)
-var NameMayNotContain = []string{"/", "%"}
-
-// IsValidPathSegmentName validates the name can be safely encoded as a path segment
-func IsValidPathSegmentName(name string) []string {
- for _, illegalName := range NameMayNotBe {
- if name == illegalName {
- return []string{fmt.Sprintf(`may not be '%s'`, illegalName)}
- }
- }
-
- var errors []string
- for _, illegalContent := range NameMayNotContain {
- if strings.Contains(name, illegalContent) {
- errors = append(errors, fmt.Sprintf(`may not contain '%s'`, illegalContent))
- }
- }
-
- return errors
-}
-
-// IsValidPathSegmentPrefix validates the name can be used as a prefix for a name which will be encoded as a path segment
-// It does not check for exact matches with disallowed names, since an arbitrary suffix might make the name valid
-func IsValidPathSegmentPrefix(name string) []string {
- var errors []string
- for _, illegalContent := range NameMayNotContain {
- if strings.Contains(name, illegalContent) {
- errors = append(errors, fmt.Sprintf(`may not contain '%s'`, illegalContent))
- }
- }
-
- return errors
-}
-
-// ValidatePathSegmentName validates the name can be safely encoded as a path segment
-func ValidatePathSegmentName(name string, prefix bool) []string {
- if prefix {
- return IsValidPathSegmentPrefix(name)
- }
- return IsValidPathSegmentName(name)
-}
diff --git a/vendor/k8s.io/client-go/rest/transport.go b/vendor/k8s.io/client-go/rest/transport.go
deleted file mode 100644
index de33ecbfc..000000000
--- a/vendor/k8s.io/client-go/rest/transport.go
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rest
-
-import (
- "crypto/tls"
- "errors"
- "net/http"
-
- "k8s.io/client-go/plugin/pkg/client/auth/exec"
- "k8s.io/client-go/transport"
-)
-
-// TLSConfigFor returns a tls.Config that will provide the transport level security defined
-// by the provided Config. Will return nil if no transport level security is requested.
-func TLSConfigFor(config *Config) (*tls.Config, error) {
- cfg, err := config.TransportConfig()
- if err != nil {
- return nil, err
- }
- return transport.TLSConfigFor(cfg)
-}
-
-// TransportFor returns an http.RoundTripper that will provide the authentication
-// or transport level security defined by the provided Config. Will return the
-// default http.DefaultTransport if no special case behavior is needed.
-func TransportFor(config *Config) (http.RoundTripper, error) {
- cfg, err := config.TransportConfig()
- if err != nil {
- return nil, err
- }
- return transport.New(cfg)
-}
-
-// HTTPWrappersForConfig wraps a round tripper with any relevant layered behavior from the
-// config. Exposed to allow more clients that need HTTP-like behavior but then must hijack
-// the underlying connection (like WebSocket or HTTP2 clients). Pure HTTP clients should use
-// the higher level TransportFor or RESTClientFor methods.
-func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTripper, error) {
- cfg, err := config.TransportConfig()
- if err != nil {
- return nil, err
- }
- return transport.HTTPWrappersForConfig(cfg, rt)
-}
-
-// TransportConfig converts a client config to an appropriate transport config.
-func (c *Config) TransportConfig() (*transport.Config, error) {
- conf := &transport.Config{
- UserAgent: c.UserAgent,
- Transport: c.Transport,
- WrapTransport: c.WrapTransport,
- TLS: transport.TLSConfig{
- Insecure: c.Insecure,
- ServerName: c.ServerName,
- CAFile: c.CAFile,
- CAData: c.CAData,
- CertFile: c.CertFile,
- CertData: c.CertData,
- KeyFile: c.KeyFile,
- KeyData: c.KeyData,
- },
- Username: c.Username,
- Password: c.Password,
- BearerToken: c.BearerToken,
- BearerTokenFile: c.BearerTokenFile,
- Impersonate: transport.ImpersonationConfig{
- UserName: c.Impersonate.UserName,
- Groups: c.Impersonate.Groups,
- Extra: c.Impersonate.Extra,
- },
- Dial: c.Dial,
- }
-
- if c.ExecProvider != nil && c.AuthProvider != nil {
- return nil, errors.New("execProvider and authProvider cannot be used in combination")
- }
-
- if c.ExecProvider != nil {
- provider, err := exec.GetAuthenticator(c.ExecProvider)
- if err != nil {
- return nil, err
- }
- if err := provider.UpdateTransportConfig(conf); err != nil {
- return nil, err
- }
- }
- if c.AuthProvider != nil {
- provider, err := GetAuthProvider(c.Host, c.AuthProvider, c.AuthConfigPersister)
- if err != nil {
- return nil, err
- }
- conf.Wrap(provider.WrapTransport)
- }
- return conf, nil
-}
-
-// Wrap adds a transport middleware function that will give the caller
-// an opportunity to wrap the underlying http.RoundTripper prior to the
-// first API call being made. The provided function is invoked after any
-// existing transport wrappers are invoked.
-func (c *Config) Wrap(fn transport.WrapperFunc) {
- c.WrapTransport = transport.Wrappers(c.WrapTransport, fn)
-}
diff --git a/vendor/k8s.io/client-go/rest/url_utils.go b/vendor/k8s.io/client-go/rest/url_utils.go
deleted file mode 100644
index a56d1838d..000000000
--- a/vendor/k8s.io/client-go/rest/url_utils.go
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rest
-
-import (
- "fmt"
- "net/url"
- "path"
-
- "k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-// DefaultServerURL converts a host, host:port, or URL string to the default base server API path
-// to use with a Client at a given API version following the standard conventions for a
-// Kubernetes API.
-func DefaultServerURL(host, apiPath string, groupVersion schema.GroupVersion, defaultTLS bool) (*url.URL, string, error) {
- if host == "" {
- return nil, "", fmt.Errorf("host must be a URL or a host:port pair")
- }
- base := host
- hostURL, err := url.Parse(base)
- if err != nil || hostURL.Scheme == "" || hostURL.Host == "" {
- scheme := "http://"
- if defaultTLS {
- scheme = "https://"
- }
- hostURL, err = url.Parse(scheme + base)
- if err != nil {
- return nil, "", err
- }
- if hostURL.Path != "" && hostURL.Path != "/" {
- return nil, "", fmt.Errorf("host must be a URL or a host:port pair: %q", base)
- }
- }
-
- // hostURL.Path is optional; a non-empty Path is treated as a prefix that is to be applied to
- // all URIs used to access the host. this is useful when there's a proxy in front of the
- // apiserver that has relocated the apiserver endpoints, forwarding all requests from, for
- // example, /a/b/c to the apiserver. in this case the Path should be /a/b/c.
- //
- // if running without a frontend proxy (that changes the location of the apiserver), then
- // hostURL.Path should be blank.
- //
- // versionedAPIPath, a path relative to baseURL.Path, points to a versioned API base
- versionedAPIPath := DefaultVersionedAPIPath(apiPath, groupVersion)
-
- return hostURL, versionedAPIPath, nil
-}
-
-// DefaultVersionedAPIPathFor constructs the default path for the given group version, assuming the given
-// API path, following the standard conventions of the Kubernetes API.
-func DefaultVersionedAPIPath(apiPath string, groupVersion schema.GroupVersion) string {
- versionedAPIPath := path.Join("/", apiPath)
-
- // Add the version to the end of the path
- if len(groupVersion.Group) > 0 {
- versionedAPIPath = path.Join(versionedAPIPath, groupVersion.Group, groupVersion.Version)
-
- } else {
- versionedAPIPath = path.Join(versionedAPIPath, groupVersion.Version)
- }
-
- return versionedAPIPath
-}
-
-// defaultServerUrlFor is shared between IsConfigTransportTLS and RESTClientFor. It
-// requires Host and Version to be set prior to being called.
-func defaultServerUrlFor(config *Config) (*url.URL, string, error) {
- // TODO: move the default to secure when the apiserver supports TLS by default
- // config.Insecure is taken to mean "I want HTTPS but don't bother checking the certs against a CA."
- hasCA := len(config.CAFile) != 0 || len(config.CAData) != 0
- hasCert := len(config.CertFile) != 0 || len(config.CertData) != 0
- defaultTLS := hasCA || hasCert || config.Insecure
- host := config.Host
- if host == "" {
- host = "localhost"
- }
-
- if config.GroupVersion != nil {
- return DefaultServerURL(host, config.APIPath, *config.GroupVersion, defaultTLS)
- }
- return DefaultServerURL(host, config.APIPath, schema.GroupVersion{}, defaultTLS)
-}
diff --git a/vendor/k8s.io/client-go/rest/urlbackoff.go b/vendor/k8s.io/client-go/rest/urlbackoff.go
deleted file mode 100644
index d00e42f86..000000000
--- a/vendor/k8s.io/client-go/rest/urlbackoff.go
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rest
-
-import (
- "net/url"
- "time"
-
- "k8s.io/apimachinery/pkg/util/sets"
- "k8s.io/client-go/util/flowcontrol"
- "k8s.io/klog"
-)
-
-// Set of resp. Codes that we backoff for.
-// In general these should be errors that indicate a server is overloaded.
-// These shouldn't be configured by any user, we set them based on conventions
-// described in
-var serverIsOverloadedSet = sets.NewInt(429)
-var maxResponseCode = 499
-
-type BackoffManager interface {
- UpdateBackoff(actualUrl *url.URL, err error, responseCode int)
- CalculateBackoff(actualUrl *url.URL) time.Duration
- Sleep(d time.Duration)
-}
-
-// URLBackoff struct implements the semantics on top of Backoff which
-// we need for URL specific exponential backoff.
-type URLBackoff struct {
- // Uses backoff as underlying implementation.
- Backoff *flowcontrol.Backoff
-}
-
-// NoBackoff is a stub implementation, can be used for mocking or else as a default.
-type NoBackoff struct {
-}
-
-func (n *NoBackoff) UpdateBackoff(actualUrl *url.URL, err error, responseCode int) {
- // do nothing.
-}
-
-func (n *NoBackoff) CalculateBackoff(actualUrl *url.URL) time.Duration {
- return 0 * time.Second
-}
-
-func (n *NoBackoff) Sleep(d time.Duration) {
- time.Sleep(d)
-}
-
-// Disable makes the backoff trivial, i.e., sets it to zero. This might be used
-// by tests which want to run 1000s of mock requests without slowing down.
-func (b *URLBackoff) Disable() {
- klog.V(4).Infof("Disabling backoff strategy")
- b.Backoff = flowcontrol.NewBackOff(0*time.Second, 0*time.Second)
-}
-
-// baseUrlKey returns the key which urls will be mapped to.
-// For example, 127.0.0.1:8080/api/v2/abcde -> 127.0.0.1:8080.
-func (b *URLBackoff) baseUrlKey(rawurl *url.URL) string {
- // Simple implementation for now, just the host.
- // We may backoff specific paths (i.e. "pods") differentially
- // in the future.
- host, err := url.Parse(rawurl.String())
- if err != nil {
- klog.V(4).Infof("Error extracting url: %v", rawurl)
- panic("bad url!")
- }
- return host.Host
-}
-
-// UpdateBackoff updates backoff metadata
-func (b *URLBackoff) UpdateBackoff(actualUrl *url.URL, err error, responseCode int) {
- // range for retry counts that we store is [0,13]
- if responseCode > maxResponseCode || serverIsOverloadedSet.Has(responseCode) {
- b.Backoff.Next(b.baseUrlKey(actualUrl), b.Backoff.Clock.Now())
- return
- } else if responseCode >= 300 || err != nil {
- klog.V(4).Infof("Client is returning errors: code %v, error %v", responseCode, err)
- }
-
- //If we got this far, there is no backoff required for this URL anymore.
- b.Backoff.Reset(b.baseUrlKey(actualUrl))
-}
-
-// CalculateBackoff takes a url and back's off exponentially,
-// based on its knowledge of existing failures.
-func (b *URLBackoff) CalculateBackoff(actualUrl *url.URL) time.Duration {
- return b.Backoff.Get(b.baseUrlKey(actualUrl))
-}
-
-func (b *URLBackoff) Sleep(d time.Duration) {
- b.Backoff.Clock.Sleep(d)
-}
diff --git a/vendor/k8s.io/client-go/rest/watch/decoder.go b/vendor/k8s.io/client-go/rest/watch/decoder.go
deleted file mode 100644
index e95c020b2..000000000
--- a/vendor/k8s.io/client-go/rest/watch/decoder.go
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package versioned
-
-import (
- "fmt"
-
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/serializer/streaming"
- "k8s.io/apimachinery/pkg/watch"
-)
-
-// Decoder implements the watch.Decoder interface for io.ReadClosers that
-// have contents which consist of a series of watchEvent objects encoded
-// with the given streaming decoder. The internal objects will be then
-// decoded by the embedded decoder.
-type Decoder struct {
- decoder streaming.Decoder
- embeddedDecoder runtime.Decoder
-}
-
-// NewDecoder creates an Decoder for the given writer and codec.
-func NewDecoder(decoder streaming.Decoder, embeddedDecoder runtime.Decoder) *Decoder {
- return &Decoder{
- decoder: decoder,
- embeddedDecoder: embeddedDecoder,
- }
-}
-
-// Decode blocks until it can return the next object in the reader. Returns an error
-// if the reader is closed or an object can't be decoded.
-func (d *Decoder) Decode() (watch.EventType, runtime.Object, error) {
- var got metav1.WatchEvent
- res, _, err := d.decoder.Decode(nil, &got)
- if err != nil {
- return "", nil, err
- }
- if res != &got {
- return "", nil, fmt.Errorf("unable to decode to metav1.Event")
- }
- switch got.Type {
- case string(watch.Added), string(watch.Modified), string(watch.Deleted), string(watch.Error), string(watch.Bookmark):
- default:
- return "", nil, fmt.Errorf("got invalid watch event type: %v", got.Type)
- }
-
- obj, err := runtime.Decode(d.embeddedDecoder, got.Object.Raw)
- if err != nil {
- return "", nil, fmt.Errorf("unable to decode watch event: %v", err)
- }
- return watch.EventType(got.Type), obj, nil
-}
-
-// Close closes the underlying r.
-func (d *Decoder) Close() {
- d.decoder.Close()
-}
diff --git a/vendor/k8s.io/client-go/rest/watch/encoder.go b/vendor/k8s.io/client-go/rest/watch/encoder.go
deleted file mode 100644
index e55aa12d9..000000000
--- a/vendor/k8s.io/client-go/rest/watch/encoder.go
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package versioned
-
-import (
- "encoding/json"
-
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/serializer/streaming"
- "k8s.io/apimachinery/pkg/watch"
-)
-
-// Encoder serializes watch.Events into io.Writer. The internal objects
-// are encoded using embedded encoder, and the outer Event is serialized
-// using encoder.
-// TODO: this type is only used by tests
-type Encoder struct {
- encoder streaming.Encoder
- embeddedEncoder runtime.Encoder
-}
-
-func NewEncoder(encoder streaming.Encoder, embeddedEncoder runtime.Encoder) *Encoder {
- return &Encoder{
- encoder: encoder,
- embeddedEncoder: embeddedEncoder,
- }
-}
-
-// Encode writes an event to the writer. Returns an error
-// if the writer is closed or an object can't be encoded.
-func (e *Encoder) Encode(event *watch.Event) error {
- data, err := runtime.Encode(e.embeddedEncoder, event.Object)
- if err != nil {
- return err
- }
- // FIXME: get rid of json.RawMessage.
- return e.encoder.Encode(&metav1.WatchEvent{
- Type: string(event.Type),
- Object: runtime.RawExtension{Raw: json.RawMessage(data)},
- })
-}
diff --git a/vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go
deleted file mode 100644
index c1ab45f33..000000000
--- a/vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go
+++ /dev/null
@@ -1,52 +0,0 @@
-// +build !ignore_autogenerated
-
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by deepcopy-gen. DO NOT EDIT.
-
-package rest
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *TLSClientConfig) DeepCopyInto(out *TLSClientConfig) {
- *out = *in
- if in.CertData != nil {
- in, out := &in.CertData, &out.CertData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- if in.KeyData != nil {
- in, out := &in.KeyData, &out.KeyData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- if in.CAData != nil {
- in, out := &in.CAData, &out.CAData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSClientConfig.
-func (in *TLSClientConfig) DeepCopy() *TLSClientConfig {
- if in == nil {
- return nil
- }
- out := new(TLSClientConfig)
- in.DeepCopyInto(out)
- return out
-}
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/doc.go b/vendor/k8s.io/client-go/tools/clientcmd/api/doc.go
deleted file mode 100644
index 5871575a6..000000000
--- a/vendor/k8s.io/client-go/tools/clientcmd/api/doc.go
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// +k8s:deepcopy-gen=package
-
-package api
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go b/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go
deleted file mode 100644
index 65a36936b..000000000
--- a/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package api
-
-import (
- "encoding/base64"
- "errors"
- "fmt"
- "io/ioutil"
- "os"
- "path"
- "path/filepath"
-)
-
-func init() {
- sDec, _ := base64.StdEncoding.DecodeString("REDACTED+")
- redactedBytes = []byte(string(sDec))
- sDec, _ = base64.StdEncoding.DecodeString("DATA+OMITTED")
- dataOmittedBytes = []byte(string(sDec))
-}
-
-// IsConfigEmpty returns true if the config is empty.
-func IsConfigEmpty(config *Config) bool {
- return len(config.AuthInfos) == 0 && len(config.Clusters) == 0 && len(config.Contexts) == 0 &&
- len(config.CurrentContext) == 0 &&
- len(config.Preferences.Extensions) == 0 && !config.Preferences.Colors &&
- len(config.Extensions) == 0
-}
-
-// MinifyConfig read the current context and uses that to keep only the relevant pieces of config
-// This is useful for making secrets based on kubeconfig files
-func MinifyConfig(config *Config) error {
- if len(config.CurrentContext) == 0 {
- return errors.New("current-context must exist in order to minify")
- }
-
- currContext, exists := config.Contexts[config.CurrentContext]
- if !exists {
- return fmt.Errorf("cannot locate context %v", config.CurrentContext)
- }
-
- newContexts := map[string]*Context{}
- newContexts[config.CurrentContext] = currContext
-
- newClusters := map[string]*Cluster{}
- if len(currContext.Cluster) > 0 {
- if _, exists := config.Clusters[currContext.Cluster]; !exists {
- return fmt.Errorf("cannot locate cluster %v", currContext.Cluster)
- }
-
- newClusters[currContext.Cluster] = config.Clusters[currContext.Cluster]
- }
-
- newAuthInfos := map[string]*AuthInfo{}
- if len(currContext.AuthInfo) > 0 {
- if _, exists := config.AuthInfos[currContext.AuthInfo]; !exists {
- return fmt.Errorf("cannot locate user %v", currContext.AuthInfo)
- }
-
- newAuthInfos[currContext.AuthInfo] = config.AuthInfos[currContext.AuthInfo]
- }
-
- config.AuthInfos = newAuthInfos
- config.Clusters = newClusters
- config.Contexts = newContexts
-
- return nil
-}
-
-var (
- redactedBytes []byte
- dataOmittedBytes []byte
-)
-
-// Flatten redacts raw data entries from the config object for a human-readable view.
-func ShortenConfig(config *Config) {
- // trick json encoder into printing a human readable string in the raw data
- // by base64 decoding what we want to print. Relies on implementation of
- // http://golang.org/pkg/encoding/json/#Marshal using base64 to encode []byte
- for key, authInfo := range config.AuthInfos {
- if len(authInfo.ClientKeyData) > 0 {
- authInfo.ClientKeyData = redactedBytes
- }
- if len(authInfo.ClientCertificateData) > 0 {
- authInfo.ClientCertificateData = redactedBytes
- }
- config.AuthInfos[key] = authInfo
- }
- for key, cluster := range config.Clusters {
- if len(cluster.CertificateAuthorityData) > 0 {
- cluster.CertificateAuthorityData = dataOmittedBytes
- }
- config.Clusters[key] = cluster
- }
-}
-
-// Flatten changes the config object into a self contained config (useful for making secrets)
-func FlattenConfig(config *Config) error {
- for key, authInfo := range config.AuthInfos {
- baseDir, err := MakeAbs(path.Dir(authInfo.LocationOfOrigin), "")
- if err != nil {
- return err
- }
-
- if err := FlattenContent(&authInfo.ClientCertificate, &authInfo.ClientCertificateData, baseDir); err != nil {
- return err
- }
- if err := FlattenContent(&authInfo.ClientKey, &authInfo.ClientKeyData, baseDir); err != nil {
- return err
- }
-
- config.AuthInfos[key] = authInfo
- }
- for key, cluster := range config.Clusters {
- baseDir, err := MakeAbs(path.Dir(cluster.LocationOfOrigin), "")
- if err != nil {
- return err
- }
-
- if err := FlattenContent(&cluster.CertificateAuthority, &cluster.CertificateAuthorityData, baseDir); err != nil {
- return err
- }
-
- config.Clusters[key] = cluster
- }
-
- return nil
-}
-
-func FlattenContent(path *string, contents *[]byte, baseDir string) error {
- if len(*path) != 0 {
- if len(*contents) > 0 {
- return errors.New("cannot have values for both path and contents")
- }
-
- var err error
- absPath := ResolvePath(*path, baseDir)
- *contents, err = ioutil.ReadFile(absPath)
- if err != nil {
- return err
- }
-
- *path = ""
- }
-
- return nil
-}
-
-// ResolvePath returns the path as an absolute paths, relative to the given base directory
-func ResolvePath(path string, base string) string {
- // Don't resolve empty paths
- if len(path) > 0 {
- // Don't resolve absolute paths
- if !filepath.IsAbs(path) {
- return filepath.Join(base, path)
- }
- }
-
- return path
-}
-
-func MakeAbs(path, base string) (string, error) {
- if filepath.IsAbs(path) {
- return path, nil
- }
- if len(base) == 0 {
- cwd, err := os.Getwd()
- if err != nil {
- return "", err
- }
- base = cwd
- }
- return filepath.Join(base, path), nil
-}
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/register.go b/vendor/k8s.io/client-go/tools/clientcmd/api/register.go
deleted file mode 100644
index 2eec3881c..000000000
--- a/vendor/k8s.io/client-go/tools/clientcmd/api/register.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package api
-
-import (
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-// SchemeGroupVersion is group version used to register these objects
-// TODO this should be in the "kubeconfig" group
-var SchemeGroupVersion = schema.GroupVersion{Group: "", Version: runtime.APIVersionInternal}
-
-var (
- SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
- AddToScheme = SchemeBuilder.AddToScheme
-)
-
-func addKnownTypes(scheme *runtime.Scheme) error {
- scheme.AddKnownTypes(SchemeGroupVersion,
- &Config{},
- )
- return nil
-}
-
-func (obj *Config) GetObjectKind() schema.ObjectKind { return obj }
-func (obj *Config) SetGroupVersionKind(gvk schema.GroupVersionKind) {
- obj.APIVersion, obj.Kind = gvk.ToAPIVersionAndKind()
-}
-func (obj *Config) GroupVersionKind() schema.GroupVersionKind {
- return schema.FromAPIVersionAndKind(obj.APIVersion, obj.Kind)
-}
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
deleted file mode 100644
index 990a440c6..000000000
--- a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go
+++ /dev/null
@@ -1,262 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package api
-
-import (
- "fmt"
-
- "k8s.io/apimachinery/pkg/runtime"
-)
-
-// Where possible, json tags match the cli argument names.
-// Top level config objects and all values required for proper functioning are not "omitempty". Any truly optional piece of config is allowed to be omitted.
-
-// Config holds the information needed to build connect to remote kubernetes clusters as a given user
-// IMPORTANT if you add fields to this struct, please update IsConfigEmpty()
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type Config struct {
- // Legacy field from pkg/api/types.go TypeMeta.
- // TODO(jlowdermilk): remove this after eliminating downstream dependencies.
- // +optional
- Kind string `json:"kind,omitempty"`
- // Legacy field from pkg/api/types.go TypeMeta.
- // TODO(jlowdermilk): remove this after eliminating downstream dependencies.
- // +optional
- APIVersion string `json:"apiVersion,omitempty"`
- // Preferences holds general information to be use for cli interactions
- Preferences Preferences `json:"preferences"`
- // Clusters is a map of referencable names to cluster configs
- Clusters map[string]*Cluster `json:"clusters"`
- // AuthInfos is a map of referencable names to user configs
- AuthInfos map[string]*AuthInfo `json:"users"`
- // Contexts is a map of referencable names to context configs
- Contexts map[string]*Context `json:"contexts"`
- // CurrentContext is the name of the context that you would like to use by default
- CurrentContext string `json:"current-context"`
- // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
- // +optional
- Extensions map[string]runtime.Object `json:"extensions,omitempty"`
-}
-
-// IMPORTANT if you add fields to this struct, please update IsConfigEmpty()
-type Preferences struct {
- // +optional
- Colors bool `json:"colors,omitempty"`
- // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
- // +optional
- Extensions map[string]runtime.Object `json:"extensions,omitempty"`
-}
-
-// Cluster contains information about how to communicate with a kubernetes cluster
-type Cluster struct {
- // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
- LocationOfOrigin string
- // Server is the address of the kubernetes cluster (https://hostname:port).
- Server string `json:"server"`
- // InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.
- // +optional
- InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify,omitempty"`
- // CertificateAuthority is the path to a cert file for the certificate authority.
- // +optional
- CertificateAuthority string `json:"certificate-authority,omitempty"`
- // CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority
- // +optional
- CertificateAuthorityData []byte `json:"certificate-authority-data,omitempty"`
- // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
- // +optional
- Extensions map[string]runtime.Object `json:"extensions,omitempty"`
-}
-
-// AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are.
-type AuthInfo struct {
- // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
- LocationOfOrigin string
- // ClientCertificate is the path to a client cert file for TLS.
- // +optional
- ClientCertificate string `json:"client-certificate,omitempty"`
- // ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate
- // +optional
- ClientCertificateData []byte `json:"client-certificate-data,omitempty"`
- // ClientKey is the path to a client key file for TLS.
- // +optional
- ClientKey string `json:"client-key,omitempty"`
- // ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey
- // +optional
- ClientKeyData []byte `json:"client-key-data,omitempty"`
- // Token is the bearer token for authentication to the kubernetes cluster.
- // +optional
- Token string `json:"token,omitempty"`
- // TokenFile is a pointer to a file that contains a bearer token (as described above). If both Token and TokenFile are present, Token takes precedence.
- // +optional
- TokenFile string `json:"tokenFile,omitempty"`
- // Impersonate is the username to act-as.
- // +optional
- Impersonate string `json:"act-as,omitempty"`
- // ImpersonateGroups is the groups to imperonate.
- // +optional
- ImpersonateGroups []string `json:"act-as-groups,omitempty"`
- // ImpersonateUserExtra contains additional information for impersonated user.
- // +optional
- ImpersonateUserExtra map[string][]string `json:"act-as-user-extra,omitempty"`
- // Username is the username for basic authentication to the kubernetes cluster.
- // +optional
- Username string `json:"username,omitempty"`
- // Password is the password for basic authentication to the kubernetes cluster.
- // +optional
- Password string `json:"password,omitempty"`
- // AuthProvider specifies a custom authentication plugin for the kubernetes cluster.
- // +optional
- AuthProvider *AuthProviderConfig `json:"auth-provider,omitempty"`
- // Exec specifies a custom exec-based authentication plugin for the kubernetes cluster.
- // +optional
- Exec *ExecConfig `json:"exec,omitempty"`
- // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
- // +optional
- Extensions map[string]runtime.Object `json:"extensions,omitempty"`
-}
-
-// Context is a tuple of references to a cluster (how do I communicate with a kubernetes cluster), a user (how do I identify myself), and a namespace (what subset of resources do I want to work with)
-type Context struct {
- // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized.
- LocationOfOrigin string
- // Cluster is the name of the cluster for this context
- Cluster string `json:"cluster"`
- // AuthInfo is the name of the authInfo for this context
- AuthInfo string `json:"user"`
- // Namespace is the default namespace to use on unspecified requests
- // +optional
- Namespace string `json:"namespace,omitempty"`
- // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields
- // +optional
- Extensions map[string]runtime.Object `json:"extensions,omitempty"`
-}
-
-// AuthProviderConfig holds the configuration for a specified auth provider.
-type AuthProviderConfig struct {
- Name string `json:"name"`
- // +optional
- Config map[string]string `json:"config,omitempty"`
-}
-
-var _ fmt.Stringer = new(AuthProviderConfig)
-var _ fmt.GoStringer = new(AuthProviderConfig)
-
-// GoString implements fmt.GoStringer and sanitizes sensitive fields of
-// AuthProviderConfig to prevent accidental leaking via logs.
-func (c AuthProviderConfig) GoString() string {
- return c.String()
-}
-
-// String implements fmt.Stringer and sanitizes sensitive fields of
-// AuthProviderConfig to prevent accidental leaking via logs.
-func (c AuthProviderConfig) String() string {
- cfg := "<nil>"
- if c.Config != nil {
- cfg = "--- REDACTED ---"
- }
- return fmt.Sprintf("api.AuthProviderConfig{Name: %q, Config: map[string]string{%s}}", c.Name, cfg)
-}
-
-// ExecConfig specifies a command to provide client credentials. The command is exec'd
-// and outputs structured stdout holding credentials.
-//
-// See the client.authentiction.k8s.io API group for specifications of the exact input
-// and output format
-type ExecConfig struct {
- // Command to execute.
- Command string `json:"command"`
- // Arguments to pass to the command when executing it.
- // +optional
- Args []string `json:"args"`
- // Env defines additional environment variables to expose to the process. These
- // are unioned with the host's environment, as well as variables client-go uses
- // to pass argument to the plugin.
- // +optional
- Env []ExecEnvVar `json:"env"`
-
- // Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
- // the same encoding version as the input.
- APIVersion string `json:"apiVersion,omitempty"`
-}
-
-var _ fmt.Stringer = new(ExecConfig)
-var _ fmt.GoStringer = new(ExecConfig)
-
-// GoString implements fmt.GoStringer and sanitizes sensitive fields of
-// ExecConfig to prevent accidental leaking via logs.
-func (c ExecConfig) GoString() string {
- return c.String()
-}
-
-// String implements fmt.Stringer and sanitizes sensitive fields of ExecConfig
-// to prevent accidental leaking via logs.
-func (c ExecConfig) String() string {
- var args []string
- if len(c.Args) > 0 {
- args = []string{"--- REDACTED ---"}
- }
- env := "[]ExecEnvVar(nil)"
- if len(c.Env) > 0 {
- env = "[]ExecEnvVar{--- REDACTED ---}"
- }
- return fmt.Sprintf("api.AuthProviderConfig{Command: %q, Args: %#v, Env: %s, APIVersion: %q}", c.Command, args, env, c.APIVersion)
-}
-
-// ExecEnvVar is used for setting environment variables when executing an exec-based
-// credential plugin.
-type ExecEnvVar struct {
- Name string `json:"name"`
- Value string `json:"value"`
-}
-
-// NewConfig is a convenience function that returns a new Config object with non-nil maps
-func NewConfig() *Config {
- return &Config{
- Preferences: *NewPreferences(),
- Clusters: make(map[string]*Cluster),
- AuthInfos: make(map[string]*AuthInfo),
- Contexts: make(map[string]*Context),
- Extensions: make(map[string]runtime.Object),
- }
-}
-
-// NewContext is a convenience function that returns a new Context
-// object with non-nil maps
-func NewContext() *Context {
- return &Context{Extensions: make(map[string]runtime.Object)}
-}
-
-// NewCluster is a convenience function that returns a new Cluster
-// object with non-nil maps
-func NewCluster() *Cluster {
- return &Cluster{Extensions: make(map[string]runtime.Object)}
-}
-
-// NewAuthInfo is a convenience function that returns a new AuthInfo
-// object with non-nil maps
-func NewAuthInfo() *AuthInfo {
- return &AuthInfo{
- Extensions: make(map[string]runtime.Object),
- ImpersonateUserExtra: make(map[string][]string),
- }
-}
-
-// NewPreferences is a convenience function that returns a new
-// Preferences object with non-nil maps
-func NewPreferences() *Preferences {
- return &Preferences{Extensions: make(map[string]runtime.Object)}
-}
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go
deleted file mode 100644
index 3240a7a98..000000000
--- a/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go
+++ /dev/null
@@ -1,324 +0,0 @@
-// +build !ignore_autogenerated
-
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by deepcopy-gen. DO NOT EDIT.
-
-package api
-
-import (
- runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *AuthInfo) DeepCopyInto(out *AuthInfo) {
- *out = *in
- if in.ClientCertificateData != nil {
- in, out := &in.ClientCertificateData, &out.ClientCertificateData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- if in.ClientKeyData != nil {
- in, out := &in.ClientKeyData, &out.ClientKeyData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- if in.ImpersonateGroups != nil {
- in, out := &in.ImpersonateGroups, &out.ImpersonateGroups
- *out = make([]string, len(*in))
- copy(*out, *in)
- }
- if in.ImpersonateUserExtra != nil {
- in, out := &in.ImpersonateUserExtra, &out.ImpersonateUserExtra
- *out = make(map[string][]string, len(*in))
- for key, val := range *in {
- var outVal []string
- if val == nil {
- (*out)[key] = nil
- } else {
- in, out := &val, &outVal
- *out = make([]string, len(*in))
- copy(*out, *in)
- }
- (*out)[key] = outVal
- }
- }
- if in.AuthProvider != nil {
- in, out := &in.AuthProvider, &out.AuthProvider
- *out = new(AuthProviderConfig)
- (*in).DeepCopyInto(*out)
- }
- if in.Exec != nil {
- in, out := &in.Exec, &out.Exec
- *out = new(ExecConfig)
- (*in).DeepCopyInto(*out)
- }
- if in.Extensions != nil {
- in, out := &in.Extensions, &out.Extensions
- *out = make(map[string]runtime.Object, len(*in))
- for key, val := range *in {
- if val == nil {
- (*out)[key] = nil
- } else {
- (*out)[key] = val.DeepCopyObject()
- }
- }
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthInfo.
-func (in *AuthInfo) DeepCopy() *AuthInfo {
- if in == nil {
- return nil
- }
- out := new(AuthInfo)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *AuthProviderConfig) DeepCopyInto(out *AuthProviderConfig) {
- *out = *in
- if in.Config != nil {
- in, out := &in.Config, &out.Config
- *out = make(map[string]string, len(*in))
- for key, val := range *in {
- (*out)[key] = val
- }
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthProviderConfig.
-func (in *AuthProviderConfig) DeepCopy() *AuthProviderConfig {
- if in == nil {
- return nil
- }
- out := new(AuthProviderConfig)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Cluster) DeepCopyInto(out *Cluster) {
- *out = *in
- if in.CertificateAuthorityData != nil {
- in, out := &in.CertificateAuthorityData, &out.CertificateAuthorityData
- *out = make([]byte, len(*in))
- copy(*out, *in)
- }
- if in.Extensions != nil {
- in, out := &in.Extensions, &out.Extensions
- *out = make(map[string]runtime.Object, len(*in))
- for key, val := range *in {
- if val == nil {
- (*out)[key] = nil
- } else {
- (*out)[key] = val.DeepCopyObject()
- }
- }
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cluster.
-func (in *Cluster) DeepCopy() *Cluster {
- if in == nil {
- return nil
- }
- out := new(Cluster)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Config) DeepCopyInto(out *Config) {
- *out = *in
- in.Preferences.DeepCopyInto(&out.Preferences)
- if in.Clusters != nil {
- in, out := &in.Clusters, &out.Clusters
- *out = make(map[string]*Cluster, len(*in))
- for key, val := range *in {
- var outVal *Cluster
- if val == nil {
- (*out)[key] = nil
- } else {
- in, out := &val, &outVal
- *out = new(Cluster)
- (*in).DeepCopyInto(*out)
- }
- (*out)[key] = outVal
- }
- }
- if in.AuthInfos != nil {
- in, out := &in.AuthInfos, &out.AuthInfos
- *out = make(map[string]*AuthInfo, len(*in))
- for key, val := range *in {
- var outVal *AuthInfo
- if val == nil {
- (*out)[key] = nil
- } else {
- in, out := &val, &outVal
- *out = new(AuthInfo)
- (*in).DeepCopyInto(*out)
- }
- (*out)[key] = outVal
- }
- }
- if in.Contexts != nil {
- in, out := &in.Contexts, &out.Contexts
- *out = make(map[string]*Context, len(*in))
- for key, val := range *in {
- var outVal *Context
- if val == nil {
- (*out)[key] = nil
- } else {
- in, out := &val, &outVal
- *out = new(Context)
- (*in).DeepCopyInto(*out)
- }
- (*out)[key] = outVal
- }
- }
- if in.Extensions != nil {
- in, out := &in.Extensions, &out.Extensions
- *out = make(map[string]runtime.Object, len(*in))
- for key, val := range *in {
- if val == nil {
- (*out)[key] = nil
- } else {
- (*out)[key] = val.DeepCopyObject()
- }
- }
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Config.
-func (in *Config) DeepCopy() *Config {
- if in == nil {
- return nil
- }
- out := new(Config)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
-func (in *Config) DeepCopyObject() runtime.Object {
- if c := in.DeepCopy(); c != nil {
- return c
- }
- return nil
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Context) DeepCopyInto(out *Context) {
- *out = *in
- if in.Extensions != nil {
- in, out := &in.Extensions, &out.Extensions
- *out = make(map[string]runtime.Object, len(*in))
- for key, val := range *in {
- if val == nil {
- (*out)[key] = nil
- } else {
- (*out)[key] = val.DeepCopyObject()
- }
- }
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Context.
-func (in *Context) DeepCopy() *Context {
- if in == nil {
- return nil
- }
- out := new(Context)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExecConfig) DeepCopyInto(out *ExecConfig) {
- *out = *in
- if in.Args != nil {
- in, out := &in.Args, &out.Args
- *out = make([]string, len(*in))
- copy(*out, *in)
- }
- if in.Env != nil {
- in, out := &in.Env, &out.Env
- *out = make([]ExecEnvVar, len(*in))
- copy(*out, *in)
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecConfig.
-func (in *ExecConfig) DeepCopy() *ExecConfig {
- if in == nil {
- return nil
- }
- out := new(ExecConfig)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ExecEnvVar) DeepCopyInto(out *ExecEnvVar) {
- *out = *in
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecEnvVar.
-func (in *ExecEnvVar) DeepCopy() *ExecEnvVar {
- if in == nil {
- return nil
- }
- out := new(ExecEnvVar)
- in.DeepCopyInto(out)
- return out
-}
-
-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *Preferences) DeepCopyInto(out *Preferences) {
- *out = *in
- if in.Extensions != nil {
- in, out := &in.Extensions, &out.Extensions
- *out = make(map[string]runtime.Object, len(*in))
- for key, val := range *in {
- if val == nil {
- (*out)[key] = nil
- } else {
- (*out)[key] = val.DeepCopyObject()
- }
- }
- }
- return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Preferences.
-func (in *Preferences) DeepCopy() *Preferences {
- if in == nil {
- return nil
- }
- out := new(Preferences)
- in.DeepCopyInto(out)
- return out
-}
diff --git a/vendor/k8s.io/client-go/tools/metrics/OWNERS b/vendor/k8s.io/client-go/tools/metrics/OWNERS
deleted file mode 100644
index f150be536..000000000
--- a/vendor/k8s.io/client-go/tools/metrics/OWNERS
+++ /dev/null
@@ -1,9 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-- wojtek-t
-- eparis
-- krousey
-- jayunit100
-- fgrzadkowski
-- tmrts
diff --git a/vendor/k8s.io/client-go/tools/metrics/metrics.go b/vendor/k8s.io/client-go/tools/metrics/metrics.go
deleted file mode 100644
index a01306c65..000000000
--- a/vendor/k8s.io/client-go/tools/metrics/metrics.go
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package metrics provides abstractions for registering which metrics
-// to record.
-package metrics
-
-import (
- "net/url"
- "sync"
- "time"
-)
-
-var registerMetrics sync.Once
-
-// LatencyMetric observes client latency partitioned by verb and url.
-type LatencyMetric interface {
- Observe(verb string, u url.URL, latency time.Duration)
-}
-
-// ResultMetric counts response codes partitioned by method and host.
-type ResultMetric interface {
- Increment(code string, method string, host string)
-}
-
-var (
- // RequestLatency is the latency metric that rest clients will update.
- RequestLatency LatencyMetric = noopLatency{}
- // RequestResult is the result metric that rest clients will update.
- RequestResult ResultMetric = noopResult{}
-)
-
-// Register registers metrics for the rest client to use. This can
-// only be called once.
-func Register(lm LatencyMetric, rm ResultMetric) {
- registerMetrics.Do(func() {
- RequestLatency = lm
- RequestResult = rm
- })
-}
-
-type noopLatency struct{}
-
-func (noopLatency) Observe(string, url.URL, time.Duration) {}
-
-type noopResult struct{}
-
-func (noopResult) Increment(string, string, string) {}
diff --git a/vendor/k8s.io/client-go/tools/remotecommand/doc.go b/vendor/k8s.io/client-go/tools/remotecommand/doc.go
deleted file mode 100644
index ac06a9cd3..000000000
--- a/vendor/k8s.io/client-go/tools/remotecommand/doc.go
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package remotecommand adds support for executing commands in containers,
-// with support for separate stdin, stdout, and stderr streams, as well as
-// TTY.
-package remotecommand // import "k8s.io/client-go/tools/remotecommand"
diff --git a/vendor/k8s.io/client-go/tools/remotecommand/errorstream.go b/vendor/k8s.io/client-go/tools/remotecommand/errorstream.go
deleted file mode 100644
index 360276b65..000000000
--- a/vendor/k8s.io/client-go/tools/remotecommand/errorstream.go
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package remotecommand
-
-import (
- "fmt"
- "io"
- "io/ioutil"
-
- "k8s.io/apimachinery/pkg/util/runtime"
-)
-
-// errorStreamDecoder interprets the data on the error channel and creates a go error object from it.
-type errorStreamDecoder interface {
- decode(message []byte) error
-}
-
-// watchErrorStream watches the errorStream for remote command error data,
-// decodes it with the given errorStreamDecoder, sends the decoded error (or nil if the remote
-// command exited successfully) to the returned error channel, and closes it.
-// This function returns immediately.
-func watchErrorStream(errorStream io.Reader, d errorStreamDecoder) chan error {
- errorChan := make(chan error)
-
- go func() {
- defer runtime.HandleCrash()
-
- message, err := ioutil.ReadAll(errorStream)
- switch {
- case err != nil && err != io.EOF:
- errorChan <- fmt.Errorf("error reading from error stream: %s", err)
- case len(message) > 0:
- errorChan <- d.decode(message)
- default:
- errorChan <- nil
- }
- close(errorChan)
- }()
-
- return errorChan
-}
diff --git a/vendor/k8s.io/client-go/tools/remotecommand/reader.go b/vendor/k8s.io/client-go/tools/remotecommand/reader.go
deleted file mode 100644
index d1f1be34c..000000000
--- a/vendor/k8s.io/client-go/tools/remotecommand/reader.go
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package remotecommand
-
-import (
- "io"
-)
-
-// readerWrapper delegates to an io.Reader so that only the io.Reader interface is implemented,
-// to keep io.Copy from doing things we don't want when copying from the reader to the data stream.
-//
-// If the Stdin io.Reader provided to remotecommand implements a WriteTo function (like bytes.Buffer does[1]),
-// io.Copy calls that method[2] to attempt to write the entire buffer to the stream in one call.
-// That results in an oversized call to spdystream.Stream#Write [3],
-// which results in a single oversized data frame[4] that is too large.
-//
-// [1] https://golang.org/pkg/bytes/#Buffer.WriteTo
-// [2] https://golang.org/pkg/io/#Copy
-// [3] https://github.com/kubernetes/kubernetes/blob/90295640ef87db9daa0144c5617afe889e7992b2/vendor/github.com/docker/spdystream/stream.go#L66-L73
-// [4] https://github.com/kubernetes/kubernetes/blob/90295640ef87db9daa0144c5617afe889e7992b2/vendor/github.com/docker/spdystream/spdy/write.go#L302-L304
-type readerWrapper struct {
- reader io.Reader
-}
-
-func (r readerWrapper) Read(p []byte) (int, error) {
- return r.reader.Read(p)
-}
diff --git a/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go b/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go
deleted file mode 100644
index 892d8d105..000000000
--- a/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package remotecommand
-
-import (
- "fmt"
- "io"
- "net/http"
- "net/url"
-
- "k8s.io/klog"
-
- "k8s.io/apimachinery/pkg/util/httpstream"
- "k8s.io/apimachinery/pkg/util/remotecommand"
- restclient "k8s.io/client-go/rest"
- spdy "k8s.io/client-go/transport/spdy"
-)
-
-// StreamOptions holds information pertaining to the current streaming session:
-// input/output streams, if the client is requesting a TTY, and a terminal size queue to
-// support terminal resizing.
-type StreamOptions struct {
- Stdin io.Reader
- Stdout io.Writer
- Stderr io.Writer
- Tty bool
- TerminalSizeQueue TerminalSizeQueue
-}
-
-// Executor is an interface for transporting shell-style streams.
-type Executor interface {
- // Stream initiates the transport of the standard shell streams. It will transport any
- // non-nil stream to a remote system, and return an error if a problem occurs. If tty
- // is set, the stderr stream is not used (raw TTY manages stdout and stderr over the
- // stdout stream).
- Stream(options StreamOptions) error
-}
-
-type streamCreator interface {
- CreateStream(headers http.Header) (httpstream.Stream, error)
-}
-
-type streamProtocolHandler interface {
- stream(conn streamCreator) error
-}
-
-// streamExecutor handles transporting standard shell streams over an httpstream connection.
-type streamExecutor struct {
- upgrader spdy.Upgrader
- transport http.RoundTripper
-
- method string
- url *url.URL
- protocols []string
-}
-
-// NewSPDYExecutor connects to the provided server and upgrades the connection to
-// multiplexed bidirectional streams.
-func NewSPDYExecutor(config *restclient.Config, method string, url *url.URL) (Executor, error) {
- wrapper, upgradeRoundTripper, err := spdy.RoundTripperFor(config)
- if err != nil {
- return nil, err
- }
- return NewSPDYExecutorForTransports(wrapper, upgradeRoundTripper, method, url)
-}
-
-// NewSPDYExecutorForTransports connects to the provided server using the given transport,
-// upgrades the response using the given upgrader to multiplexed bidirectional streams.
-func NewSPDYExecutorForTransports(transport http.RoundTripper, upgrader spdy.Upgrader, method string, url *url.URL) (Executor, error) {
- return NewSPDYExecutorForProtocols(
- transport, upgrader, method, url,
- remotecommand.StreamProtocolV4Name,
- remotecommand.StreamProtocolV3Name,
- remotecommand.StreamProtocolV2Name,
- remotecommand.StreamProtocolV1Name,
- )
-}
-
-// NewSPDYExecutorForProtocols connects to the provided server and upgrades the connection to
-// multiplexed bidirectional streams using only the provided protocols. Exposed for testing, most
-// callers should use NewSPDYExecutor or NewSPDYExecutorForTransports.
-func NewSPDYExecutorForProtocols(transport http.RoundTripper, upgrader spdy.Upgrader, method string, url *url.URL, protocols ...string) (Executor, error) {
- return &streamExecutor{
- upgrader: upgrader,
- transport: transport,
- method: method,
- url: url,
- protocols: protocols,
- }, nil
-}
-
-// Stream opens a protocol streamer to the server and streams until a client closes
-// the connection or the server disconnects.
-func (e *streamExecutor) Stream(options StreamOptions) error {
- req, err := http.NewRequest(e.method, e.url.String(), nil)
- if err != nil {
- return fmt.Errorf("error creating request: %v", err)
- }
-
- conn, protocol, err := spdy.Negotiate(
- e.upgrader,
- &http.Client{Transport: e.transport},
- req,
- e.protocols...,
- )
- if err != nil {
- return err
- }
- defer conn.Close()
-
- var streamer streamProtocolHandler
-
- switch protocol {
- case remotecommand.StreamProtocolV4Name:
- streamer = newStreamProtocolV4(options)
- case remotecommand.StreamProtocolV3Name:
- streamer = newStreamProtocolV3(options)
- case remotecommand.StreamProtocolV2Name:
- streamer = newStreamProtocolV2(options)
- case "":
- klog.V(4).Infof("The server did not negotiate a streaming protocol version. Falling back to %s", remotecommand.StreamProtocolV1Name)
- fallthrough
- case remotecommand.StreamProtocolV1Name:
- streamer = newStreamProtocolV1(options)
- }
-
- return streamer.stream(conn)
-}
diff --git a/vendor/k8s.io/client-go/tools/remotecommand/resize.go b/vendor/k8s.io/client-go/tools/remotecommand/resize.go
deleted file mode 100644
index c838f21ba..000000000
--- a/vendor/k8s.io/client-go/tools/remotecommand/resize.go
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package remotecommand
-
-// TerminalSize and TerminalSizeQueue was a part of k8s.io/kubernetes/pkg/util/term
-// and were moved in order to decouple client from other term dependencies
-
-// TerminalSize represents the width and height of a terminal.
-type TerminalSize struct {
- Width uint16
- Height uint16
-}
-
-// TerminalSizeQueue is capable of returning terminal resize events as they occur.
-type TerminalSizeQueue interface {
- // Next returns the new terminal size after the terminal has been resized. It returns nil when
- // monitoring has been stopped.
- Next() *TerminalSize
-}
diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v1.go b/vendor/k8s.io/client-go/tools/remotecommand/v1.go
deleted file mode 100644
index 4120f1f5f..000000000
--- a/vendor/k8s.io/client-go/tools/remotecommand/v1.go
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package remotecommand
-
-import (
- "fmt"
- "io"
- "io/ioutil"
- "net/http"
-
- "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/util/httpstream"
- "k8s.io/klog"
-)
-
-// streamProtocolV1 implements the first version of the streaming exec & attach
-// protocol. This version has some bugs, such as not being able to detect when
-// non-interactive stdin data has ended. See http://issues.k8s.io/13394 and
-// http://issues.k8s.io/13395 for more details.
-type streamProtocolV1 struct {
- StreamOptions
-
- errorStream httpstream.Stream
- remoteStdin httpstream.Stream
- remoteStdout httpstream.Stream
- remoteStderr httpstream.Stream
-}
-
-var _ streamProtocolHandler = &streamProtocolV1{}
-
-func newStreamProtocolV1(options StreamOptions) streamProtocolHandler {
- return &streamProtocolV1{
- StreamOptions: options,
- }
-}
-
-func (p *streamProtocolV1) stream(conn streamCreator) error {
- doneChan := make(chan struct{}, 2)
- errorChan := make(chan error)
-
- cp := func(s string, dst io.Writer, src io.Reader) {
- klog.V(6).Infof("Copying %s", s)
- defer klog.V(6).Infof("Done copying %s", s)
- if _, err := io.Copy(dst, src); err != nil && err != io.EOF {
- klog.Errorf("Error copying %s: %v", s, err)
- }
- if s == v1.StreamTypeStdout || s == v1.StreamTypeStderr {
- doneChan <- struct{}{}
- }
- }
-
- // set up all the streams first
- var err error
- headers := http.Header{}
- headers.Set(v1.StreamType, v1.StreamTypeError)
- p.errorStream, err = conn.CreateStream(headers)
- if err != nil {
- return err
- }
- defer p.errorStream.Reset()
-
- // Create all the streams first, then start the copy goroutines. The server doesn't start its copy
- // goroutines until it's received all of the streams. If the client creates the stdin stream and
- // immediately begins copying stdin data to the server, it's possible to overwhelm and wedge the
- // spdy frame handler in the server so that it is full of unprocessed frames. The frames aren't
- // getting processed because the server hasn't started its copying, and it won't do that until it
- // gets all the streams. By creating all the streams first, we ensure that the server is ready to
- // process data before the client starts sending any. See https://issues.k8s.io/16373 for more info.
- if p.Stdin != nil {
- headers.Set(v1.StreamType, v1.StreamTypeStdin)
- p.remoteStdin, err = conn.CreateStream(headers)
- if err != nil {
- return err
- }
- defer p.remoteStdin.Reset()
- }
-
- if p.Stdout != nil {
- headers.Set(v1.StreamType, v1.StreamTypeStdout)
- p.remoteStdout, err = conn.CreateStream(headers)
- if err != nil {
- return err
- }
- defer p.remoteStdout.Reset()
- }
-
- if p.Stderr != nil && !p.Tty {
- headers.Set(v1.StreamType, v1.StreamTypeStderr)
- p.remoteStderr, err = conn.CreateStream(headers)
- if err != nil {
- return err
- }
- defer p.remoteStderr.Reset()
- }
-
- // now that all the streams have been created, proceed with reading & copying
-
- // always read from errorStream
- go func() {
- message, err := ioutil.ReadAll(p.errorStream)
- if err != nil && err != io.EOF {
- errorChan <- fmt.Errorf("Error reading from error stream: %s", err)
- return
- }
- if len(message) > 0 {
- errorChan <- fmt.Errorf("Error executing remote command: %s", message)
- return
- }
- }()
-
- if p.Stdin != nil {
- // TODO this goroutine will never exit cleanly (the io.Copy never unblocks)
- // because stdin is not closed until the process exits. If we try to call
- // stdin.Close(), it returns no error but doesn't unblock the copy. It will
- // exit when the process exits, instead.
- go cp(v1.StreamTypeStdin, p.remoteStdin, readerWrapper{p.Stdin})
- }
-
- waitCount := 0
- completedStreams := 0
-
- if p.Stdout != nil {
- waitCount++
- go cp(v1.StreamTypeStdout, p.Stdout, p.remoteStdout)
- }
-
- if p.Stderr != nil && !p.Tty {
- waitCount++
- go cp(v1.StreamTypeStderr, p.Stderr, p.remoteStderr)
- }
-
-Loop:
- for {
- select {
- case <-doneChan:
- completedStreams++
- if completedStreams == waitCount {
- break Loop
- }
- case err := <-errorChan:
- return err
- }
- }
-
- return nil
-}
diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v2.go b/vendor/k8s.io/client-go/tools/remotecommand/v2.go
deleted file mode 100644
index 4b0001502..000000000
--- a/vendor/k8s.io/client-go/tools/remotecommand/v2.go
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package remotecommand
-
-import (
- "fmt"
- "io"
- "io/ioutil"
- "net/http"
- "sync"
-
- "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/util/runtime"
-)
-
-// streamProtocolV2 implements version 2 of the streaming protocol for attach
-// and exec. The original streaming protocol was metav1. As a result, this
-// version is referred to as version 2, even though it is the first actual
-// numbered version.
-type streamProtocolV2 struct {
- StreamOptions
-
- errorStream io.Reader
- remoteStdin io.ReadWriteCloser
- remoteStdout io.Reader
- remoteStderr io.Reader
-}
-
-var _ streamProtocolHandler = &streamProtocolV2{}
-
-func newStreamProtocolV2(options StreamOptions) streamProtocolHandler {
- return &streamProtocolV2{
- StreamOptions: options,
- }
-}
-
-func (p *streamProtocolV2) createStreams(conn streamCreator) error {
- var err error
- headers := http.Header{}
-
- // set up error stream
- headers.Set(v1.StreamType, v1.StreamTypeError)
- p.errorStream, err = conn.CreateStream(headers)
- if err != nil {
- return err
- }
-
- // set up stdin stream
- if p.Stdin != nil {
- headers.Set(v1.StreamType, v1.StreamTypeStdin)
- p.remoteStdin, err = conn.CreateStream(headers)
- if err != nil {
- return err
- }
- }
-
- // set up stdout stream
- if p.Stdout != nil {
- headers.Set(v1.StreamType, v1.StreamTypeStdout)
- p.remoteStdout, err = conn.CreateStream(headers)
- if err != nil {
- return err
- }
- }
-
- // set up stderr stream
- if p.Stderr != nil && !p.Tty {
- headers.Set(v1.StreamType, v1.StreamTypeStderr)
- p.remoteStderr, err = conn.CreateStream(headers)
- if err != nil {
- return err
- }
- }
- return nil
-}
-
-func (p *streamProtocolV2) copyStdin() {
- if p.Stdin != nil {
- var once sync.Once
-
- // copy from client's stdin to container's stdin
- go func() {
- defer runtime.HandleCrash()
-
- // if p.stdin is noninteractive, p.g. `echo abc | kubectl exec -i <pod> -- cat`, make sure
- // we close remoteStdin as soon as the copy from p.stdin to remoteStdin finishes. Otherwise
- // the executed command will remain running.
- defer once.Do(func() { p.remoteStdin.Close() })
-
- if _, err := io.Copy(p.remoteStdin, readerWrapper{p.Stdin}); err != nil {
- runtime.HandleError(err)
- }
- }()
-
- // read from remoteStdin until the stream is closed. this is essential to
- // be able to exit interactive sessions cleanly and not leak goroutines or
- // hang the client's terminal.
- //
- // TODO we aren't using go-dockerclient any more; revisit this to determine if it's still
- // required by engine-api.
- //
- // go-dockerclient's current hijack implementation
- // (https://github.com/fsouza/go-dockerclient/blob/89f3d56d93788dfe85f864a44f85d9738fca0670/client.go#L564)
- // waits for all three streams (stdin/stdout/stderr) to finish copying
- // before returning. When hijack finishes copying stdout/stderr, it calls
- // Close() on its side of remoteStdin, which allows this copy to complete.
- // When that happens, we must Close() on our side of remoteStdin, to
- // allow the copy in hijack to complete, and hijack to return.
- go func() {
- defer runtime.HandleCrash()
- defer once.Do(func() { p.remoteStdin.Close() })
-
- // this "copy" doesn't actually read anything - it's just here to wait for
- // the server to close remoteStdin.
- if _, err := io.Copy(ioutil.Discard, p.remoteStdin); err != nil {
- runtime.HandleError(err)
- }
- }()
- }
-}
-
-func (p *streamProtocolV2) copyStdout(wg *sync.WaitGroup) {
- if p.Stdout == nil {
- return
- }
-
- wg.Add(1)
- go func() {
- defer runtime.HandleCrash()
- defer wg.Done()
-
- if _, err := io.Copy(p.Stdout, p.remoteStdout); err != nil {
- runtime.HandleError(err)
- }
- }()
-}
-
-func (p *streamProtocolV2) copyStderr(wg *sync.WaitGroup) {
- if p.Stderr == nil || p.Tty {
- return
- }
-
- wg.Add(1)
- go func() {
- defer runtime.HandleCrash()
- defer wg.Done()
-
- if _, err := io.Copy(p.Stderr, p.remoteStderr); err != nil {
- runtime.HandleError(err)
- }
- }()
-}
-
-func (p *streamProtocolV2) stream(conn streamCreator) error {
- if err := p.createStreams(conn); err != nil {
- return err
- }
-
- // now that all the streams have been created, proceed with reading & copying
-
- errorChan := watchErrorStream(p.errorStream, &errorDecoderV2{})
-
- p.copyStdin()
-
- var wg sync.WaitGroup
- p.copyStdout(&wg)
- p.copyStderr(&wg)
-
- // we're waiting for stdout/stderr to finish copying
- wg.Wait()
-
- // waits for errorStream to finish reading with an error or nil
- return <-errorChan
-}
-
-// errorDecoderV2 interprets the error channel data as plain text.
-type errorDecoderV2 struct{}
-
-func (d *errorDecoderV2) decode(message []byte) error {
- return fmt.Errorf("error executing remote command: %s", message)
-}
diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v3.go b/vendor/k8s.io/client-go/tools/remotecommand/v3.go
deleted file mode 100644
index 846dd24a5..000000000
--- a/vendor/k8s.io/client-go/tools/remotecommand/v3.go
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package remotecommand
-
-import (
- "encoding/json"
- "io"
- "net/http"
- "sync"
-
- "k8s.io/api/core/v1"
- "k8s.io/apimachinery/pkg/util/runtime"
-)
-
-// streamProtocolV3 implements version 3 of the streaming protocol for attach
-// and exec. This version adds support for resizing the container's terminal.
-type streamProtocolV3 struct {
- *streamProtocolV2
-
- resizeStream io.Writer
-}
-
-var _ streamProtocolHandler = &streamProtocolV3{}
-
-func newStreamProtocolV3(options StreamOptions) streamProtocolHandler {
- return &streamProtocolV3{
- streamProtocolV2: newStreamProtocolV2(options).(*streamProtocolV2),
- }
-}
-
-func (p *streamProtocolV3) createStreams(conn streamCreator) error {
- // set up the streams from v2
- if err := p.streamProtocolV2.createStreams(conn); err != nil {
- return err
- }
-
- // set up resize stream
- if p.Tty {
- headers := http.Header{}
- headers.Set(v1.StreamType, v1.StreamTypeResize)
- var err error
- p.resizeStream, err = conn.CreateStream(headers)
- if err != nil {
- return err
- }
- }
-
- return nil
-}
-
-func (p *streamProtocolV3) handleResizes() {
- if p.resizeStream == nil || p.TerminalSizeQueue == nil {
- return
- }
- go func() {
- defer runtime.HandleCrash()
-
- encoder := json.NewEncoder(p.resizeStream)
- for {
- size := p.TerminalSizeQueue.Next()
- if size == nil {
- return
- }
- if err := encoder.Encode(&size); err != nil {
- runtime.HandleError(err)
- }
- }
- }()
-}
-
-func (p *streamProtocolV3) stream(conn streamCreator) error {
- if err := p.createStreams(conn); err != nil {
- return err
- }
-
- // now that all the streams have been created, proceed with reading & copying
-
- errorChan := watchErrorStream(p.errorStream, &errorDecoderV3{})
-
- p.handleResizes()
-
- p.copyStdin()
-
- var wg sync.WaitGroup
- p.copyStdout(&wg)
- p.copyStderr(&wg)
-
- // we're waiting for stdout/stderr to finish copying
- wg.Wait()
-
- // waits for errorStream to finish reading with an error or nil
- return <-errorChan
-}
-
-type errorDecoderV3 struct {
- errorDecoderV2
-}
diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v4.go b/vendor/k8s.io/client-go/tools/remotecommand/v4.go
deleted file mode 100644
index 69ca934a0..000000000
--- a/vendor/k8s.io/client-go/tools/remotecommand/v4.go
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package remotecommand
-
-import (
- "encoding/json"
- "errors"
- "fmt"
- "strconv"
- "sync"
-
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/util/remotecommand"
- "k8s.io/client-go/util/exec"
-)
-
-// streamProtocolV4 implements version 4 of the streaming protocol for attach
-// and exec. This version adds support for exit codes on the error stream through
-// the use of metav1.Status instead of plain text messages.
-type streamProtocolV4 struct {
- *streamProtocolV3
-}
-
-var _ streamProtocolHandler = &streamProtocolV4{}
-
-func newStreamProtocolV4(options StreamOptions) streamProtocolHandler {
- return &streamProtocolV4{
- streamProtocolV3: newStreamProtocolV3(options).(*streamProtocolV3),
- }
-}
-
-func (p *streamProtocolV4) createStreams(conn streamCreator) error {
- return p.streamProtocolV3.createStreams(conn)
-}
-
-func (p *streamProtocolV4) handleResizes() {
- p.streamProtocolV3.handleResizes()
-}
-
-func (p *streamProtocolV4) stream(conn streamCreator) error {
- if err := p.createStreams(conn); err != nil {
- return err
- }
-
- // now that all the streams have been created, proceed with reading & copying
-
- errorChan := watchErrorStream(p.errorStream, &errorDecoderV4{})
-
- p.handleResizes()
-
- p.copyStdin()
-
- var wg sync.WaitGroup
- p.copyStdout(&wg)
- p.copyStderr(&wg)
-
- // we're waiting for stdout/stderr to finish copying
- wg.Wait()
-
- // waits for errorStream to finish reading with an error or nil
- return <-errorChan
-}
-
-// errorDecoderV4 interprets the json-marshaled metav1.Status on the error channel
-// and creates an exec.ExitError from it.
-type errorDecoderV4 struct{}
-
-func (d *errorDecoderV4) decode(message []byte) error {
- status := metav1.Status{}
- err := json.Unmarshal(message, &status)
- if err != nil {
- return fmt.Errorf("error stream protocol error: %v in %q", err, string(message))
- }
- switch status.Status {
- case metav1.StatusSuccess:
- return nil
- case metav1.StatusFailure:
- if status.Reason == remotecommand.NonZeroExitCodeReason {
- if status.Details == nil {
- return errors.New("error stream protocol error: details must be set")
- }
- for i := range status.Details.Causes {
- c := &status.Details.Causes[i]
- if c.Type != remotecommand.ExitCodeCauseType {
- continue
- }
-
- rc, err := strconv.ParseUint(c.Message, 10, 8)
- if err != nil {
- return fmt.Errorf("error stream protocol error: invalid exit code value %q", c.Message)
- }
- return exec.CodeExitError{
- Err: fmt.Errorf("command terminated with exit code %d", rc),
- Code: int(rc),
- }
- }
-
- return fmt.Errorf("error stream protocol error: no %s cause given", remotecommand.ExitCodeCauseType)
- }
- default:
- return errors.New("error stream protocol error: unknown error")
- }
-
- return fmt.Errorf(status.Message)
-}
diff --git a/vendor/k8s.io/client-go/transport/OWNERS b/vendor/k8s.io/client-go/transport/OWNERS
deleted file mode 100644
index a52176903..000000000
--- a/vendor/k8s.io/client-go/transport/OWNERS
+++ /dev/null
@@ -1,9 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-- smarterclayton
-- wojtek-t
-- deads2k
-- liggitt
-- krousey
-- caesarxuchao
diff --git a/vendor/k8s.io/client-go/transport/cache.go b/vendor/k8s.io/client-go/transport/cache.go
deleted file mode 100644
index 7cffe2a5f..000000000
--- a/vendor/k8s.io/client-go/transport/cache.go
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
- "fmt"
- "net"
- "net/http"
- "sync"
- "time"
-
- utilnet "k8s.io/apimachinery/pkg/util/net"
-)
-
-// TlsTransportCache caches TLS http.RoundTrippers different configurations. The
-// same RoundTripper will be returned for configs with identical TLS options If
-// the config has no custom TLS options, http.DefaultTransport is returned.
-type tlsTransportCache struct {
- mu sync.Mutex
- transports map[tlsCacheKey]*http.Transport
-}
-
-const idleConnsPerHost = 25
-
-var tlsCache = &tlsTransportCache{transports: make(map[tlsCacheKey]*http.Transport)}
-
-type tlsCacheKey struct {
- insecure bool
- caData string
- certData string
- keyData string
- getCert string
- serverName string
- dial string
-}
-
-func (t tlsCacheKey) String() string {
- keyText := "<none>"
- if len(t.keyData) > 0 {
- keyText = "<redacted>"
- }
- return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, getCert: %s, serverName:%s, dial:%s", t.insecure, t.caData, t.certData, keyText, t.getCert, t.serverName, t.dial)
-}
-
-func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
- key, err := tlsConfigKey(config)
- if err != nil {
- return nil, err
- }
-
- // Ensure we only create a single transport for the given TLS options
- c.mu.Lock()
- defer c.mu.Unlock()
-
- // See if we already have a custom transport for this config
- if t, ok := c.transports[key]; ok {
- return t, nil
- }
-
- // Get the TLS options for this client config
- tlsConfig, err := TLSConfigFor(config)
- if err != nil {
- return nil, err
- }
- // The options didn't require a custom TLS config
- if tlsConfig == nil && config.Dial == nil {
- return http.DefaultTransport, nil
- }
-
- dial := config.Dial
- if dial == nil {
- dial = (&net.Dialer{
- Timeout: 30 * time.Second,
- KeepAlive: 30 * time.Second,
- }).DialContext
- }
- // Cache a single transport for these options
- c.transports[key] = utilnet.SetTransportDefaults(&http.Transport{
- Proxy: http.ProxyFromEnvironment,
- TLSHandshakeTimeout: 10 * time.Second,
- TLSClientConfig: tlsConfig,
- MaxIdleConnsPerHost: idleConnsPerHost,
- DialContext: dial,
- })
- return c.transports[key], nil
-}
-
-// tlsConfigKey returns a unique key for tls.Config objects returned from TLSConfigFor
-func tlsConfigKey(c *Config) (tlsCacheKey, error) {
- // Make sure ca/key/cert content is loaded
- if err := loadTLSFiles(c); err != nil {
- return tlsCacheKey{}, err
- }
- return tlsCacheKey{
- insecure: c.TLS.Insecure,
- caData: string(c.TLS.CAData),
- certData: string(c.TLS.CertData),
- keyData: string(c.TLS.KeyData),
- getCert: fmt.Sprintf("%p", c.TLS.GetCert),
- serverName: c.TLS.ServerName,
- dial: fmt.Sprintf("%p", c.Dial),
- }, nil
-}
diff --git a/vendor/k8s.io/client-go/transport/config.go b/vendor/k8s.io/client-go/transport/config.go
deleted file mode 100644
index 5de0a2cb1..000000000
--- a/vendor/k8s.io/client-go/transport/config.go
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
- "context"
- "crypto/tls"
- "net"
- "net/http"
-)
-
-// Config holds various options for establishing a transport.
-type Config struct {
- // UserAgent is an optional field that specifies the caller of this
- // request.
- UserAgent string
-
- // The base TLS configuration for this transport.
- TLS TLSConfig
-
- // Username and password for basic authentication
- Username string
- Password string
-
- // Bearer token for authentication
- BearerToken string
-
- // Path to a file containing a BearerToken.
- // If set, the contents are periodically read.
- // The last successfully read value takes precedence over BearerToken.
- BearerTokenFile string
-
- // Impersonate is the config that this Config will impersonate using
- Impersonate ImpersonationConfig
-
- // Transport may be used for custom HTTP behavior. This attribute may
- // not be specified with the TLS client certificate options. Use
- // WrapTransport for most client level operations.
- Transport http.RoundTripper
-
- // WrapTransport will be invoked for custom HTTP behavior after the
- // underlying transport is initialized (either the transport created
- // from TLSClientConfig, Transport, or http.DefaultTransport). The
- // config may layer other RoundTrippers on top of the returned
- // RoundTripper.
- //
- // A future release will change this field to an array. Use config.Wrap()
- // instead of setting this value directly.
- WrapTransport WrapperFunc
-
- // Dial specifies the dial function for creating unencrypted TCP connections.
- Dial func(ctx context.Context, network, address string) (net.Conn, error)
-}
-
-// ImpersonationConfig has all the available impersonation options
-type ImpersonationConfig struct {
- // UserName matches user.Info.GetName()
- UserName string
- // Groups matches user.Info.GetGroups()
- Groups []string
- // Extra matches user.Info.GetExtra()
- Extra map[string][]string
-}
-
-// HasCA returns whether the configuration has a certificate authority or not.
-func (c *Config) HasCA() bool {
- return len(c.TLS.CAData) > 0 || len(c.TLS.CAFile) > 0
-}
-
-// HasBasicAuth returns whether the configuration has basic authentication or not.
-func (c *Config) HasBasicAuth() bool {
- return len(c.Username) != 0
-}
-
-// HasTokenAuth returns whether the configuration has token authentication or not.
-func (c *Config) HasTokenAuth() bool {
- return len(c.BearerToken) != 0 || len(c.BearerTokenFile) != 0
-}
-
-// HasCertAuth returns whether the configuration has certificate authentication or not.
-func (c *Config) HasCertAuth() bool {
- return (len(c.TLS.CertData) != 0 || len(c.TLS.CertFile) != 0) && (len(c.TLS.KeyData) != 0 || len(c.TLS.KeyFile) != 0)
-}
-
-// HasCertCallbacks returns whether the configuration has certificate callback or not.
-func (c *Config) HasCertCallback() bool {
- return c.TLS.GetCert != nil
-}
-
-// Wrap adds a transport middleware function that will give the caller
-// an opportunity to wrap the underlying http.RoundTripper prior to the
-// first API call being made. The provided function is invoked after any
-// existing transport wrappers are invoked.
-func (c *Config) Wrap(fn WrapperFunc) {
- c.WrapTransport = Wrappers(c.WrapTransport, fn)
-}
-
-// TLSConfig holds the information needed to set up a TLS transport.
-type TLSConfig struct {
- CAFile string // Path of the PEM-encoded server trusted root certificates.
- CertFile string // Path of the PEM-encoded client certificate.
- KeyFile string // Path of the PEM-encoded client key.
-
- Insecure bool // Server should be accessed without verifying the certificate. For testing only.
- ServerName string // Override for the server name passed to the server for SNI and used to verify certificates.
-
- CAData []byte // Bytes of the PEM-encoded server trusted root certificates. Supercedes CAFile.
- CertData []byte // Bytes of the PEM-encoded client certificate. Supercedes CertFile.
- KeyData []byte // Bytes of the PEM-encoded client key. Supercedes KeyFile.
-
- GetCert func() (*tls.Certificate, error) // Callback that returns a TLS client certificate. CertData, CertFile, KeyData and KeyFile supercede this field.
-}
diff --git a/vendor/k8s.io/client-go/transport/round_trippers.go b/vendor/k8s.io/client-go/transport/round_trippers.go
deleted file mode 100644
index 117a9c8c4..000000000
--- a/vendor/k8s.io/client-go/transport/round_trippers.go
+++ /dev/null
@@ -1,564 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
- "fmt"
- "net/http"
- "strings"
- "time"
-
- "golang.org/x/oauth2"
- "k8s.io/klog"
-
- utilnet "k8s.io/apimachinery/pkg/util/net"
-)
-
-// HTTPWrappersForConfig wraps a round tripper with any relevant layered
-// behavior from the config. Exposed to allow more clients that need HTTP-like
-// behavior but then must hijack the underlying connection (like WebSocket or
-// HTTP2 clients). Pure HTTP clients should use the RoundTripper returned from
-// New.
-func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTripper, error) {
- if config.WrapTransport != nil {
- rt = config.WrapTransport(rt)
- }
-
- rt = DebugWrappers(rt)
-
- // Set authentication wrappers
- switch {
- case config.HasBasicAuth() && config.HasTokenAuth():
- return nil, fmt.Errorf("username/password or bearer token may be set, but not both")
- case config.HasTokenAuth():
- var err error
- rt, err = NewBearerAuthWithRefreshRoundTripper(config.BearerToken, config.BearerTokenFile, rt)
- if err != nil {
- return nil, err
- }
- case config.HasBasicAuth():
- rt = NewBasicAuthRoundTripper(config.Username, config.Password, rt)
- }
- if len(config.UserAgent) > 0 {
- rt = NewUserAgentRoundTripper(config.UserAgent, rt)
- }
- if len(config.Impersonate.UserName) > 0 ||
- len(config.Impersonate.Groups) > 0 ||
- len(config.Impersonate.Extra) > 0 {
- rt = NewImpersonatingRoundTripper(config.Impersonate, rt)
- }
- return rt, nil
-}
-
-// DebugWrappers wraps a round tripper and logs based on the current log level.
-func DebugWrappers(rt http.RoundTripper) http.RoundTripper {
- switch {
- case bool(klog.V(9)):
- rt = newDebuggingRoundTripper(rt, debugCurlCommand, debugURLTiming, debugResponseHeaders)
- case bool(klog.V(8)):
- rt = newDebuggingRoundTripper(rt, debugJustURL, debugRequestHeaders, debugResponseStatus, debugResponseHeaders)
- case bool(klog.V(7)):
- rt = newDebuggingRoundTripper(rt, debugJustURL, debugRequestHeaders, debugResponseStatus)
- case bool(klog.V(6)):
- rt = newDebuggingRoundTripper(rt, debugURLTiming)
- }
-
- return rt
-}
-
-type requestCanceler interface {
- CancelRequest(*http.Request)
-}
-
-type authProxyRoundTripper struct {
- username string
- groups []string
- extra map[string][]string
-
- rt http.RoundTripper
-}
-
-// NewAuthProxyRoundTripper provides a roundtripper which will add auth proxy fields to requests for
-// authentication terminating proxy cases
-// assuming you pull the user from the context:
-// username is the user.Info.GetName() of the user
-// groups is the user.Info.GetGroups() of the user
-// extra is the user.Info.GetExtra() of the user
-// extra can contain any additional information that the authenticator
-// thought was interesting, for example authorization scopes.
-// In order to faithfully round-trip through an impersonation flow, these keys
-// MUST be lowercase.
-func NewAuthProxyRoundTripper(username string, groups []string, extra map[string][]string, rt http.RoundTripper) http.RoundTripper {
- return &authProxyRoundTripper{
- username: username,
- groups: groups,
- extra: extra,
- rt: rt,
- }
-}
-
-func (rt *authProxyRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- req = utilnet.CloneRequest(req)
- SetAuthProxyHeaders(req, rt.username, rt.groups, rt.extra)
-
- return rt.rt.RoundTrip(req)
-}
-
-// SetAuthProxyHeaders stomps the auth proxy header fields. It mutates its argument.
-func SetAuthProxyHeaders(req *http.Request, username string, groups []string, extra map[string][]string) {
- req.Header.Del("X-Remote-User")
- req.Header.Del("X-Remote-Group")
- for key := range req.Header {
- if strings.HasPrefix(strings.ToLower(key), strings.ToLower("X-Remote-Extra-")) {
- req.Header.Del(key)
- }
- }
-
- req.Header.Set("X-Remote-User", username)
- for _, group := range groups {
- req.Header.Add("X-Remote-Group", group)
- }
- for key, values := range extra {
- for _, value := range values {
- req.Header.Add("X-Remote-Extra-"+headerKeyEscape(key), value)
- }
- }
-}
-
-func (rt *authProxyRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.rt.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.rt)
- }
-}
-
-func (rt *authProxyRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-type userAgentRoundTripper struct {
- agent string
- rt http.RoundTripper
-}
-
-func NewUserAgentRoundTripper(agent string, rt http.RoundTripper) http.RoundTripper {
- return &userAgentRoundTripper{agent, rt}
-}
-
-func (rt *userAgentRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- if len(req.Header.Get("User-Agent")) != 0 {
- return rt.rt.RoundTrip(req)
- }
- req = utilnet.CloneRequest(req)
- req.Header.Set("User-Agent", rt.agent)
- return rt.rt.RoundTrip(req)
-}
-
-func (rt *userAgentRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.rt.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.rt)
- }
-}
-
-func (rt *userAgentRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-type basicAuthRoundTripper struct {
- username string
- password string
- rt http.RoundTripper
-}
-
-// NewBasicAuthRoundTripper will apply a BASIC auth authorization header to a
-// request unless it has already been set.
-func NewBasicAuthRoundTripper(username, password string, rt http.RoundTripper) http.RoundTripper {
- return &basicAuthRoundTripper{username, password, rt}
-}
-
-func (rt *basicAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- if len(req.Header.Get("Authorization")) != 0 {
- return rt.rt.RoundTrip(req)
- }
- req = utilnet.CloneRequest(req)
- req.SetBasicAuth(rt.username, rt.password)
- return rt.rt.RoundTrip(req)
-}
-
-func (rt *basicAuthRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.rt.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.rt)
- }
-}
-
-func (rt *basicAuthRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-// These correspond to the headers used in pkg/apis/authentication. We don't want the package dependency,
-// but you must not change the values.
-const (
- // ImpersonateUserHeader is used to impersonate a particular user during an API server request
- ImpersonateUserHeader = "Impersonate-User"
-
- // ImpersonateGroupHeader is used to impersonate a particular group during an API server request.
- // It can be repeated multiplied times for multiple groups.
- ImpersonateGroupHeader = "Impersonate-Group"
-
- // ImpersonateUserExtraHeaderPrefix is a prefix for a header used to impersonate an entry in the
- // extra map[string][]string for user.Info. The key for the `extra` map is suffix.
- // The same key can be repeated multiple times to have multiple elements in the slice under a single key.
- // For instance:
- // Impersonate-Extra-Foo: one
- // Impersonate-Extra-Foo: two
- // results in extra["Foo"] = []string{"one", "two"}
- ImpersonateUserExtraHeaderPrefix = "Impersonate-Extra-"
-)
-
-type impersonatingRoundTripper struct {
- impersonate ImpersonationConfig
- delegate http.RoundTripper
-}
-
-// NewImpersonatingRoundTripper will add an Act-As header to a request unless it has already been set.
-func NewImpersonatingRoundTripper(impersonate ImpersonationConfig, delegate http.RoundTripper) http.RoundTripper {
- return &impersonatingRoundTripper{impersonate, delegate}
-}
-
-func (rt *impersonatingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- // use the user header as marker for the rest.
- if len(req.Header.Get(ImpersonateUserHeader)) != 0 {
- return rt.delegate.RoundTrip(req)
- }
- req = utilnet.CloneRequest(req)
- req.Header.Set(ImpersonateUserHeader, rt.impersonate.UserName)
-
- for _, group := range rt.impersonate.Groups {
- req.Header.Add(ImpersonateGroupHeader, group)
- }
- for k, vv := range rt.impersonate.Extra {
- for _, v := range vv {
- req.Header.Add(ImpersonateUserExtraHeaderPrefix+headerKeyEscape(k), v)
- }
- }
-
- return rt.delegate.RoundTrip(req)
-}
-
-func (rt *impersonatingRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.delegate.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.delegate)
- }
-}
-
-func (rt *impersonatingRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.delegate }
-
-type bearerAuthRoundTripper struct {
- bearer string
- source oauth2.TokenSource
- rt http.RoundTripper
-}
-
-// NewBearerAuthRoundTripper adds the provided bearer token to a request
-// unless the authorization header has already been set.
-func NewBearerAuthRoundTripper(bearer string, rt http.RoundTripper) http.RoundTripper {
- return &bearerAuthRoundTripper{bearer, nil, rt}
-}
-
-// NewBearerAuthRoundTripper adds the provided bearer token to a request
-// unless the authorization header has already been set.
-// If tokenFile is non-empty, it is periodically read,
-// and the last successfully read content is used as the bearer token.
-// If tokenFile is non-empty and bearer is empty, the tokenFile is read
-// immediately to populate the initial bearer token.
-func NewBearerAuthWithRefreshRoundTripper(bearer string, tokenFile string, rt http.RoundTripper) (http.RoundTripper, error) {
- if len(tokenFile) == 0 {
- return &bearerAuthRoundTripper{bearer, nil, rt}, nil
- }
- source := NewCachedFileTokenSource(tokenFile)
- if len(bearer) == 0 {
- token, err := source.Token()
- if err != nil {
- return nil, err
- }
- bearer = token.AccessToken
- }
- return &bearerAuthRoundTripper{bearer, source, rt}, nil
-}
-
-func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- if len(req.Header.Get("Authorization")) != 0 {
- return rt.rt.RoundTrip(req)
- }
-
- req = utilnet.CloneRequest(req)
- token := rt.bearer
- if rt.source != nil {
- if refreshedToken, err := rt.source.Token(); err == nil {
- token = refreshedToken.AccessToken
- }
- }
- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
- return rt.rt.RoundTrip(req)
-}
-
-func (rt *bearerAuthRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.rt.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.rt)
- }
-}
-
-func (rt *bearerAuthRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-// requestInfo keeps track of information about a request/response combination
-type requestInfo struct {
- RequestHeaders http.Header
- RequestVerb string
- RequestURL string
-
- ResponseStatus string
- ResponseHeaders http.Header
- ResponseErr error
-
- Duration time.Duration
-}
-
-// newRequestInfo creates a new RequestInfo based on an http request
-func newRequestInfo(req *http.Request) *requestInfo {
- return &requestInfo{
- RequestURL: req.URL.String(),
- RequestVerb: req.Method,
- RequestHeaders: req.Header,
- }
-}
-
-// complete adds information about the response to the requestInfo
-func (r *requestInfo) complete(response *http.Response, err error) {
- if err != nil {
- r.ResponseErr = err
- return
- }
- r.ResponseStatus = response.Status
- r.ResponseHeaders = response.Header
-}
-
-// toCurl returns a string that can be run as a command in a terminal (minus the body)
-func (r *requestInfo) toCurl() string {
- headers := ""
- for key, values := range r.RequestHeaders {
- for _, value := range values {
- headers += fmt.Sprintf(` -H %q`, fmt.Sprintf("%s: %s", key, value))
- }
- }
-
- return fmt.Sprintf("curl -k -v -X%s %s '%s'", r.RequestVerb, headers, r.RequestURL)
-}
-
-// debuggingRoundTripper will display information about the requests passing
-// through it based on what is configured
-type debuggingRoundTripper struct {
- delegatedRoundTripper http.RoundTripper
-
- levels map[debugLevel]bool
-}
-
-type debugLevel int
-
-const (
- debugJustURL debugLevel = iota
- debugURLTiming
- debugCurlCommand
- debugRequestHeaders
- debugResponseStatus
- debugResponseHeaders
-)
-
-func newDebuggingRoundTripper(rt http.RoundTripper, levels ...debugLevel) *debuggingRoundTripper {
- drt := &debuggingRoundTripper{
- delegatedRoundTripper: rt,
- levels: make(map[debugLevel]bool, len(levels)),
- }
- for _, v := range levels {
- drt.levels[v] = true
- }
- return drt
-}
-
-func (rt *debuggingRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.delegatedRoundTripper.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.delegatedRoundTripper)
- }
-}
-
-func (rt *debuggingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- reqInfo := newRequestInfo(req)
-
- if rt.levels[debugJustURL] {
- klog.Infof("%s %s", reqInfo.RequestVerb, reqInfo.RequestURL)
- }
- if rt.levels[debugCurlCommand] {
- klog.Infof("%s", reqInfo.toCurl())
-
- }
- if rt.levels[debugRequestHeaders] {
- klog.Infof("Request Headers:")
- for key, values := range reqInfo.RequestHeaders {
- for _, value := range values {
- klog.Infof(" %s: %s", key, value)
- }
- }
- }
-
- startTime := time.Now()
- response, err := rt.delegatedRoundTripper.RoundTrip(req)
- reqInfo.Duration = time.Since(startTime)
-
- reqInfo.complete(response, err)
-
- if rt.levels[debugURLTiming] {
- klog.Infof("%s %s %s in %d milliseconds", reqInfo.RequestVerb, reqInfo.RequestURL, reqInfo.ResponseStatus, reqInfo.Duration.Nanoseconds()/int64(time.Millisecond))
- }
- if rt.levels[debugResponseStatus] {
- klog.Infof("Response Status: %s in %d milliseconds", reqInfo.ResponseStatus, reqInfo.Duration.Nanoseconds()/int64(time.Millisecond))
- }
- if rt.levels[debugResponseHeaders] {
- klog.Infof("Response Headers:")
- for key, values := range reqInfo.ResponseHeaders {
- for _, value := range values {
- klog.Infof(" %s: %s", key, value)
- }
- }
- }
-
- return response, err
-}
-
-func (rt *debuggingRoundTripper) WrappedRoundTripper() http.RoundTripper {
- return rt.delegatedRoundTripper
-}
-
-func legalHeaderByte(b byte) bool {
- return int(b) < len(legalHeaderKeyBytes) && legalHeaderKeyBytes[b]
-}
-
-func shouldEscape(b byte) bool {
- // url.PathUnescape() returns an error if any '%' is not followed by two
- // hexadecimal digits, so we'll intentionally encode it.
- return !legalHeaderByte(b) || b == '%'
-}
-
-func headerKeyEscape(key string) string {
- buf := strings.Builder{}
- for i := 0; i < len(key); i++ {
- b := key[i]
- if shouldEscape(b) {
- // %-encode bytes that should be escaped:
- // https://tools.ietf.org/html/rfc3986#section-2.1
- fmt.Fprintf(&buf, "%%%02X", b)
- continue
- }
- buf.WriteByte(b)
- }
- return buf.String()
-}
-
-// legalHeaderKeyBytes was copied from net/http/lex.go's isTokenTable.
-// See https://httpwg.github.io/specs/rfc7230.html#rule.token.separators
-var legalHeaderKeyBytes = [127]bool{
- '%': true,
- '!': true,
- '#': true,
- '$': true,
- '&': true,
- '\'': true,
- '*': true,
- '+': true,
- '-': true,
- '.': true,
- '0': true,
- '1': true,
- '2': true,
- '3': true,
- '4': true,
- '5': true,
- '6': true,
- '7': true,
- '8': true,
- '9': true,
- 'A': true,
- 'B': true,
- 'C': true,
- 'D': true,
- 'E': true,
- 'F': true,
- 'G': true,
- 'H': true,
- 'I': true,
- 'J': true,
- 'K': true,
- 'L': true,
- 'M': true,
- 'N': true,
- 'O': true,
- 'P': true,
- 'Q': true,
- 'R': true,
- 'S': true,
- 'T': true,
- 'U': true,
- 'W': true,
- 'V': true,
- 'X': true,
- 'Y': true,
- 'Z': true,
- '^': true,
- '_': true,
- '`': true,
- 'a': true,
- 'b': true,
- 'c': true,
- 'd': true,
- 'e': true,
- 'f': true,
- 'g': true,
- 'h': true,
- 'i': true,
- 'j': true,
- 'k': true,
- 'l': true,
- 'm': true,
- 'n': true,
- 'o': true,
- 'p': true,
- 'q': true,
- 'r': true,
- 's': true,
- 't': true,
- 'u': true,
- 'v': true,
- 'w': true,
- 'x': true,
- 'y': true,
- 'z': true,
- '|': true,
- '~': true,
-}
diff --git a/vendor/k8s.io/client-go/transport/spdy/spdy.go b/vendor/k8s.io/client-go/transport/spdy/spdy.go
deleted file mode 100644
index 53cc7ee18..000000000
--- a/vendor/k8s.io/client-go/transport/spdy/spdy.go
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package spdy
-
-import (
- "fmt"
- "net/http"
- "net/url"
-
- "k8s.io/apimachinery/pkg/util/httpstream"
- "k8s.io/apimachinery/pkg/util/httpstream/spdy"
- restclient "k8s.io/client-go/rest"
-)
-
-// Upgrader validates a response from the server after a SPDY upgrade.
-type Upgrader interface {
- // NewConnection validates the response and creates a new Connection.
- NewConnection(resp *http.Response) (httpstream.Connection, error)
-}
-
-// RoundTripperFor returns a round tripper and upgrader to use with SPDY.
-func RoundTripperFor(config *restclient.Config) (http.RoundTripper, Upgrader, error) {
- tlsConfig, err := restclient.TLSConfigFor(config)
- if err != nil {
- return nil, nil, err
- }
- upgradeRoundTripper := spdy.NewRoundTripper(tlsConfig, true, false)
- wrapper, err := restclient.HTTPWrappersForConfig(config, upgradeRoundTripper)
- if err != nil {
- return nil, nil, err
- }
- return wrapper, upgradeRoundTripper, nil
-}
-
-// dialer implements the httpstream.Dialer interface.
-type dialer struct {
- client *http.Client
- upgrader Upgrader
- method string
- url *url.URL
-}
-
-var _ httpstream.Dialer = &dialer{}
-
-// NewDialer will create a dialer that connects to the provided URL and upgrades the connection to SPDY.
-func NewDialer(upgrader Upgrader, client *http.Client, method string, url *url.URL) httpstream.Dialer {
- return &dialer{
- client: client,
- upgrader: upgrader,
- method: method,
- url: url,
- }
-}
-
-func (d *dialer) Dial(protocols ...string) (httpstream.Connection, string, error) {
- req, err := http.NewRequest(d.method, d.url.String(), nil)
- if err != nil {
- return nil, "", fmt.Errorf("error creating request: %v", err)
- }
- return Negotiate(d.upgrader, d.client, req, protocols...)
-}
-
-// Negotiate opens a connection to a remote server and attempts to negotiate
-// a SPDY connection. Upon success, it returns the connection and the protocol selected by
-// the server. The client transport must use the upgradeRoundTripper - see RoundTripperFor.
-func Negotiate(upgrader Upgrader, client *http.Client, req *http.Request, protocols ...string) (httpstream.Connection, string, error) {
- for i := range protocols {
- req.Header.Add(httpstream.HeaderProtocolVersion, protocols[i])
- }
- resp, err := client.Do(req)
- if err != nil {
- return nil, "", fmt.Errorf("error sending request: %v", err)
- }
- defer resp.Body.Close()
- conn, err := upgrader.NewConnection(resp)
- if err != nil {
- return nil, "", err
- }
- return conn, resp.Header.Get(httpstream.HeaderProtocolVersion), nil
-}
diff --git a/vendor/k8s.io/client-go/transport/token_source.go b/vendor/k8s.io/client-go/transport/token_source.go
deleted file mode 100644
index b8cadd382..000000000
--- a/vendor/k8s.io/client-go/transport/token_source.go
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
- "fmt"
- "io/ioutil"
- "net/http"
- "strings"
- "sync"
- "time"
-
- "golang.org/x/oauth2"
- "k8s.io/klog"
-)
-
-// TokenSourceWrapTransport returns a WrapTransport that injects bearer tokens
-// authentication from an oauth2.TokenSource.
-func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) http.RoundTripper {
- return func(rt http.RoundTripper) http.RoundTripper {
- return &tokenSourceTransport{
- base: rt,
- ort: &oauth2.Transport{
- Source: ts,
- Base: rt,
- },
- }
- }
-}
-
-// NewCachedFileTokenSource returns a oauth2.TokenSource reads a token from a
-// file at a specified path and periodically reloads it.
-func NewCachedFileTokenSource(path string) oauth2.TokenSource {
- return &cachingTokenSource{
- now: time.Now,
- leeway: 10 * time.Second,
- base: &fileTokenSource{
- path: path,
- // This period was picked because it is half of the duration between when the kubelet
- // refreshes a projected service account token and when the original token expires.
- // Default token lifetime is 10 minutes, and the kubelet starts refreshing at 80% of lifetime.
- // This should induce re-reading at a frequency that works with the token volume source.
- period: time.Minute,
- },
- }
-}
-
-// NewCachedTokenSource returns a oauth2.TokenSource reads a token from a
-// designed TokenSource. The ts would provide the source of token.
-func NewCachedTokenSource(ts oauth2.TokenSource) oauth2.TokenSource {
- return &cachingTokenSource{
- now: time.Now,
- base: ts,
- }
-}
-
-type tokenSourceTransport struct {
- base http.RoundTripper
- ort http.RoundTripper
-}
-
-func (tst *tokenSourceTransport) RoundTrip(req *http.Request) (*http.Response, error) {
- // This is to allow --token to override other bearer token providers.
- if req.Header.Get("Authorization") != "" {
- return tst.base.RoundTrip(req)
- }
- return tst.ort.RoundTrip(req)
-}
-
-type fileTokenSource struct {
- path string
- period time.Duration
-}
-
-var _ = oauth2.TokenSource(&fileTokenSource{})
-
-func (ts *fileTokenSource) Token() (*oauth2.Token, error) {
- tokb, err := ioutil.ReadFile(ts.path)
- if err != nil {
- return nil, fmt.Errorf("failed to read token file %q: %v", ts.path, err)
- }
- tok := strings.TrimSpace(string(tokb))
- if len(tok) == 0 {
- return nil, fmt.Errorf("read empty token from file %q", ts.path)
- }
-
- return &oauth2.Token{
- AccessToken: tok,
- Expiry: time.Now().Add(ts.period),
- }, nil
-}
-
-type cachingTokenSource struct {
- base oauth2.TokenSource
- leeway time.Duration
-
- sync.RWMutex
- tok *oauth2.Token
-
- // for testing
- now func() time.Time
-}
-
-var _ = oauth2.TokenSource(&cachingTokenSource{})
-
-func (ts *cachingTokenSource) Token() (*oauth2.Token, error) {
- now := ts.now()
- // fast path
- ts.RLock()
- tok := ts.tok
- ts.RUnlock()
-
- if tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) {
- return tok, nil
- }
-
- // slow path
- ts.Lock()
- defer ts.Unlock()
- if tok := ts.tok; tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) {
- return tok, nil
- }
-
- tok, err := ts.base.Token()
- if err != nil {
- if ts.tok == nil {
- return nil, err
- }
- klog.Errorf("Unable to rotate token: %v", err)
- return ts.tok, nil
- }
-
- ts.tok = tok
- return tok, nil
-}
diff --git a/vendor/k8s.io/client-go/transport/transport.go b/vendor/k8s.io/client-go/transport/transport.go
deleted file mode 100644
index 2a145c971..000000000
--- a/vendor/k8s.io/client-go/transport/transport.go
+++ /dev/null
@@ -1,227 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
- "context"
- "crypto/tls"
- "crypto/x509"
- "fmt"
- "io/ioutil"
- "net/http"
-)
-
-// New returns an http.RoundTripper that will provide the authentication
-// or transport level security defined by the provided Config.
-func New(config *Config) (http.RoundTripper, error) {
- // Set transport level security
- if config.Transport != nil && (config.HasCA() || config.HasCertAuth() || config.HasCertCallback() || config.TLS.Insecure) {
- return nil, fmt.Errorf("using a custom transport with TLS certificate options or the insecure flag is not allowed")
- }
-
- var (
- rt http.RoundTripper
- err error
- )
-
- if config.Transport != nil {
- rt = config.Transport
- } else {
- rt, err = tlsCache.get(config)
- if err != nil {
- return nil, err
- }
- }
-
- return HTTPWrappersForConfig(config, rt)
-}
-
-// TLSConfigFor returns a tls.Config that will provide the transport level security defined
-// by the provided Config. Will return nil if no transport level security is requested.
-func TLSConfigFor(c *Config) (*tls.Config, error) {
- if !(c.HasCA() || c.HasCertAuth() || c.HasCertCallback() || c.TLS.Insecure || len(c.TLS.ServerName) > 0) {
- return nil, nil
- }
- if c.HasCA() && c.TLS.Insecure {
- return nil, fmt.Errorf("specifying a root certificates file with the insecure flag is not allowed")
- }
- if err := loadTLSFiles(c); err != nil {
- return nil, err
- }
-
- tlsConfig := &tls.Config{
- // Can't use SSLv3 because of POODLE and BEAST
- // Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
- // Can't use TLSv1.1 because of RC4 cipher usage
- MinVersion: tls.VersionTLS12,
- InsecureSkipVerify: c.TLS.Insecure,
- ServerName: c.TLS.ServerName,
- }
-
- if c.HasCA() {
- tlsConfig.RootCAs = rootCertPool(c.TLS.CAData)
- }
-
- var staticCert *tls.Certificate
- if c.HasCertAuth() {
- // If key/cert were provided, verify them before setting up
- // tlsConfig.GetClientCertificate.
- cert, err := tls.X509KeyPair(c.TLS.CertData, c.TLS.KeyData)
- if err != nil {
- return nil, err
- }
- staticCert = &cert
- }
-
- if c.HasCertAuth() || c.HasCertCallback() {
- tlsConfig.GetClientCertificate = func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
- // Note: static key/cert data always take precedence over cert
- // callback.
- if staticCert != nil {
- return staticCert, nil
- }
- if c.HasCertCallback() {
- cert, err := c.TLS.GetCert()
- if err != nil {
- return nil, err
- }
- // GetCert may return empty value, meaning no cert.
- if cert != nil {
- return cert, nil
- }
- }
-
- // Both c.TLS.CertData/KeyData were unset and GetCert didn't return
- // anything. Return an empty tls.Certificate, no client cert will
- // be sent to the server.
- return &tls.Certificate{}, nil
- }
- }
-
- return tlsConfig, nil
-}
-
-// loadTLSFiles copies the data from the CertFile, KeyFile, and CAFile fields into the CertData,
-// KeyData, and CAFile fields, or returns an error. If no error is returned, all three fields are
-// either populated or were empty to start.
-func loadTLSFiles(c *Config) error {
- var err error
- c.TLS.CAData, err = dataFromSliceOrFile(c.TLS.CAData, c.TLS.CAFile)
- if err != nil {
- return err
- }
-
- c.TLS.CertData, err = dataFromSliceOrFile(c.TLS.CertData, c.TLS.CertFile)
- if err != nil {
- return err
- }
-
- c.TLS.KeyData, err = dataFromSliceOrFile(c.TLS.KeyData, c.TLS.KeyFile)
- if err != nil {
- return err
- }
- return nil
-}
-
-// dataFromSliceOrFile returns data from the slice (if non-empty), or from the file,
-// or an error if an error occurred reading the file
-func dataFromSliceOrFile(data []byte, file string) ([]byte, error) {
- if len(data) > 0 {
- return data, nil
- }
- if len(file) > 0 {
- fileData, err := ioutil.ReadFile(file)
- if err != nil {
- return []byte{}, err
- }
- return fileData, nil
- }
- return nil, nil
-}
-
-// rootCertPool returns nil if caData is empty. When passed along, this will mean "use system CAs".
-// When caData is not empty, it will be the ONLY information used in the CertPool.
-func rootCertPool(caData []byte) *x509.CertPool {
- // What we really want is a copy of x509.systemRootsPool, but that isn't exposed. It's difficult to build (see the go
- // code for a look at the platform specific insanity), so we'll use the fact that RootCAs == nil gives us the system values
- // It doesn't allow trusting either/or, but hopefully that won't be an issue
- if len(caData) == 0 {
- return nil
- }
-
- // if we have caData, use it
- certPool := x509.NewCertPool()
- certPool.AppendCertsFromPEM(caData)
- return certPool
-}
-
-// WrapperFunc wraps an http.RoundTripper when a new transport
-// is created for a client, allowing per connection behavior
-// to be injected.
-type WrapperFunc func(rt http.RoundTripper) http.RoundTripper
-
-// Wrappers accepts any number of wrappers and returns a wrapper
-// function that is the equivalent of calling each of them in order. Nil
-// values are ignored, which makes this function convenient for incrementally
-// wrapping a function.
-func Wrappers(fns ...WrapperFunc) WrapperFunc {
- if len(fns) == 0 {
- return nil
- }
- // optimize the common case of wrapping a possibly nil transport wrapper
- // with an additional wrapper
- if len(fns) == 2 && fns[0] == nil {
- return fns[1]
- }
- return func(rt http.RoundTripper) http.RoundTripper {
- base := rt
- for _, fn := range fns {
- if fn != nil {
- base = fn(base)
- }
- }
- return base
- }
-}
-
-// ContextCanceller prevents new requests after the provided context is finished.
-// err is returned when the context is closed, allowing the caller to provide a context
-// appropriate error.
-func ContextCanceller(ctx context.Context, err error) WrapperFunc {
- return func(rt http.RoundTripper) http.RoundTripper {
- return &contextCanceller{
- ctx: ctx,
- rt: rt,
- err: err,
- }
- }
-}
-
-type contextCanceller struct {
- ctx context.Context
- rt http.RoundTripper
- err error
-}
-
-func (b *contextCanceller) RoundTrip(req *http.Request) (*http.Response, error) {
- select {
- case <-b.ctx.Done():
- return nil, b.err
- default:
- return b.rt.RoundTrip(req)
- }
-}
diff --git a/vendor/k8s.io/client-go/util/cert/OWNERS b/vendor/k8s.io/client-go/util/cert/OWNERS
deleted file mode 100644
index 3cf036438..000000000
--- a/vendor/k8s.io/client-go/util/cert/OWNERS
+++ /dev/null
@@ -1,9 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-approvers:
-- sig-auth-certificates-approvers
-reviewers:
-- sig-auth-certificates-reviewers
-labels:
-- sig/auth
-
diff --git a/vendor/k8s.io/client-go/util/cert/cert.go b/vendor/k8s.io/client-go/util/cert/cert.go
deleted file mode 100644
index 9fd097af5..000000000
--- a/vendor/k8s.io/client-go/util/cert/cert.go
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package cert
-
-import (
- "bytes"
- "crypto"
- cryptorand "crypto/rand"
- "crypto/rsa"
- "crypto/x509"
- "crypto/x509/pkix"
- "encoding/pem"
- "fmt"
- "io/ioutil"
- "math/big"
- "net"
- "path"
- "strings"
- "time"
-
- "k8s.io/client-go/util/keyutil"
-)
-
-const duration365d = time.Hour * 24 * 365
-
-// Config contains the basic fields required for creating a certificate
-type Config struct {
- CommonName string
- Organization []string
- AltNames AltNames
- Usages []x509.ExtKeyUsage
-}
-
-// AltNames contains the domain names and IP addresses that will be added
-// to the API Server's x509 certificate SubAltNames field. The values will
-// be passed directly to the x509.Certificate object.
-type AltNames struct {
- DNSNames []string
- IPs []net.IP
-}
-
-// NewSelfSignedCACert creates a CA certificate
-func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) {
- now := time.Now()
- tmpl := x509.Certificate{
- SerialNumber: new(big.Int).SetInt64(0),
- Subject: pkix.Name{
- CommonName: cfg.CommonName,
- Organization: cfg.Organization,
- },
- NotBefore: now.UTC(),
- NotAfter: now.Add(duration365d * 10).UTC(),
- KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
- BasicConstraintsValid: true,
- IsCA: true,
- }
-
- certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &tmpl, &tmpl, key.Public(), key)
- if err != nil {
- return nil, err
- }
- return x509.ParseCertificate(certDERBytes)
-}
-
-// GenerateSelfSignedCertKey creates a self-signed certificate and key for the given host.
-// Host may be an IP or a DNS name
-// You may also specify additional subject alt names (either ip or dns names) for the certificate.
-func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error) {
- return GenerateSelfSignedCertKeyWithFixtures(host, alternateIPs, alternateDNS, "")
-}
-
-// GenerateSelfSignedCertKeyWithFixtures creates a self-signed certificate and key for the given host.
-// Host may be an IP or a DNS name. You may also specify additional subject alt names (either ip or dns names)
-// for the certificate.
-//
-// If fixtureDirectory is non-empty, it is a directory path which can contain pre-generated certs. The format is:
-// <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.crt
-// <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.key
-// Certs/keys not existing in that directory are created.
-func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, alternateDNS []string, fixtureDirectory string) ([]byte, []byte, error) {
- validFrom := time.Now().Add(-time.Hour) // valid an hour earlier to avoid flakes due to clock skew
- maxAge := time.Hour * 24 * 365 // one year self-signed certs
-
- baseName := fmt.Sprintf("%s_%s_%s", host, strings.Join(ipsToStrings(alternateIPs), "-"), strings.Join(alternateDNS, "-"))
- certFixturePath := path.Join(fixtureDirectory, baseName+".crt")
- keyFixturePath := path.Join(fixtureDirectory, baseName+".key")
- if len(fixtureDirectory) > 0 {
- cert, err := ioutil.ReadFile(certFixturePath)
- if err == nil {
- key, err := ioutil.ReadFile(keyFixturePath)
- if err == nil {
- return cert, key, nil
- }
- return nil, nil, fmt.Errorf("cert %s can be read, but key %s cannot: %v", certFixturePath, keyFixturePath, err)
- }
- maxAge = 100 * time.Hour * 24 * 365 // 100 years fixtures
- }
-
- caKey, err := rsa.GenerateKey(cryptorand.Reader, 2048)
- if err != nil {
- return nil, nil, err
- }
-
- caTemplate := x509.Certificate{
- SerialNumber: big.NewInt(1),
- Subject: pkix.Name{
- CommonName: fmt.Sprintf("%s-ca@%d", host, time.Now().Unix()),
- },
- NotBefore: validFrom,
- NotAfter: validFrom.Add(maxAge),
-
- KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
- BasicConstraintsValid: true,
- IsCA: true,
- }
-
- caDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &caTemplate, &caTemplate, &caKey.PublicKey, caKey)
- if err != nil {
- return nil, nil, err
- }
-
- caCertificate, err := x509.ParseCertificate(caDERBytes)
- if err != nil {
- return nil, nil, err
- }
-
- priv, err := rsa.GenerateKey(cryptorand.Reader, 2048)
- if err != nil {
- return nil, nil, err
- }
-
- template := x509.Certificate{
- SerialNumber: big.NewInt(2),
- Subject: pkix.Name{
- CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()),
- },
- NotBefore: validFrom,
- NotAfter: validFrom.Add(maxAge),
-
- KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
- ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
- BasicConstraintsValid: true,
- }
-
- if ip := net.ParseIP(host); ip != nil {
- template.IPAddresses = append(template.IPAddresses, ip)
- } else {
- template.DNSNames = append(template.DNSNames, host)
- }
-
- template.IPAddresses = append(template.IPAddresses, alternateIPs...)
- template.DNSNames = append(template.DNSNames, alternateDNS...)
-
- derBytes, err := x509.CreateCertificate(cryptorand.Reader, &template, caCertificate, &priv.PublicKey, caKey)
- if err != nil {
- return nil, nil, err
- }
-
- // Generate cert, followed by ca
- certBuffer := bytes.Buffer{}
- if err := pem.Encode(&certBuffer, &pem.Block{Type: CertificateBlockType, Bytes: derBytes}); err != nil {
- return nil, nil, err
- }
- if err := pem.Encode(&certBuffer, &pem.Block{Type: CertificateBlockType, Bytes: caDERBytes}); err != nil {
- return nil, nil, err
- }
-
- // Generate key
- keyBuffer := bytes.Buffer{}
- if err := pem.Encode(&keyBuffer, &pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(priv)}); err != nil {
- return nil, nil, err
- }
-
- if len(fixtureDirectory) > 0 {
- if err := ioutil.WriteFile(certFixturePath, certBuffer.Bytes(), 0644); err != nil {
- return nil, nil, fmt.Errorf("failed to write cert fixture to %s: %v", certFixturePath, err)
- }
- if err := ioutil.WriteFile(keyFixturePath, keyBuffer.Bytes(), 0644); err != nil {
- return nil, nil, fmt.Errorf("failed to write key fixture to %s: %v", certFixturePath, err)
- }
- }
-
- return certBuffer.Bytes(), keyBuffer.Bytes(), nil
-}
-
-func ipsToStrings(ips []net.IP) []string {
- ss := make([]string, 0, len(ips))
- for _, ip := range ips {
- ss = append(ss, ip.String())
- }
- return ss
-}
diff --git a/vendor/k8s.io/client-go/util/cert/csr.go b/vendor/k8s.io/client-go/util/cert/csr.go
deleted file mode 100644
index 39a6751f7..000000000
--- a/vendor/k8s.io/client-go/util/cert/csr.go
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package cert
-
-import (
- cryptorand "crypto/rand"
- "crypto/rsa"
- "crypto/x509"
- "crypto/x509/pkix"
- "encoding/pem"
- "net"
-)
-
-// MakeCSR generates a PEM-encoded CSR using the supplied private key, subject, and SANs.
-// All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.)
-func MakeCSR(privateKey interface{}, subject *pkix.Name, dnsSANs []string, ipSANs []net.IP) (csr []byte, err error) {
- template := &x509.CertificateRequest{
- Subject: *subject,
- DNSNames: dnsSANs,
- IPAddresses: ipSANs,
- }
-
- return MakeCSRFromTemplate(privateKey, template)
-}
-
-// MakeCSRFromTemplate generates a PEM-encoded CSR using the supplied private
-// key and certificate request as a template. All key types that are
-// implemented via crypto.Signer are supported (This includes *rsa.PrivateKey
-// and *ecdsa.PrivateKey.)
-func MakeCSRFromTemplate(privateKey interface{}, template *x509.CertificateRequest) ([]byte, error) {
- t := *template
- t.SignatureAlgorithm = sigType(privateKey)
-
- csrDER, err := x509.CreateCertificateRequest(cryptorand.Reader, &t, privateKey)
- if err != nil {
- return nil, err
- }
-
- csrPemBlock := &pem.Block{
- Type: CertificateRequestBlockType,
- Bytes: csrDER,
- }
-
- return pem.EncodeToMemory(csrPemBlock), nil
-}
-
-func sigType(privateKey interface{}) x509.SignatureAlgorithm {
- // Customize the signature for RSA keys, depending on the key size
- if privateKey, ok := privateKey.(*rsa.PrivateKey); ok {
- keySize := privateKey.N.BitLen()
- switch {
- case keySize >= 4096:
- return x509.SHA512WithRSA
- case keySize >= 3072:
- return x509.SHA384WithRSA
- default:
- return x509.SHA256WithRSA
- }
- }
- return x509.UnknownSignatureAlgorithm
-}
diff --git a/vendor/k8s.io/client-go/util/cert/io.go b/vendor/k8s.io/client-go/util/cert/io.go
deleted file mode 100644
index 5efb24894..000000000
--- a/vendor/k8s.io/client-go/util/cert/io.go
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package cert
-
-import (
- "crypto/x509"
- "fmt"
- "io/ioutil"
- "os"
- "path/filepath"
-)
-
-// CanReadCertAndKey returns true if the certificate and key files already exists,
-// otherwise returns false. If lost one of cert and key, returns error.
-func CanReadCertAndKey(certPath, keyPath string) (bool, error) {
- certReadable := canReadFile(certPath)
- keyReadable := canReadFile(keyPath)
-
- if certReadable == false && keyReadable == false {
- return false, nil
- }
-
- if certReadable == false {
- return false, fmt.Errorf("error reading %s, certificate and key must be supplied as a pair", certPath)
- }
-
- if keyReadable == false {
- return false, fmt.Errorf("error reading %s, certificate and key must be supplied as a pair", keyPath)
- }
-
- return true, nil
-}
-
-// If the file represented by path exists and
-// readable, returns true otherwise returns false.
-func canReadFile(path string) bool {
- f, err := os.Open(path)
- if err != nil {
- return false
- }
-
- defer f.Close()
-
- return true
-}
-
-// WriteCert writes the pem-encoded certificate data to certPath.
-// The certificate file will be created with file mode 0644.
-// If the certificate file already exists, it will be overwritten.
-// The parent directory of the certPath will be created as needed with file mode 0755.
-func WriteCert(certPath string, data []byte) error {
- if err := os.MkdirAll(filepath.Dir(certPath), os.FileMode(0755)); err != nil {
- return err
- }
- return ioutil.WriteFile(certPath, data, os.FileMode(0644))
-}
-
-// NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file.
-// Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
-func NewPool(filename string) (*x509.CertPool, error) {
- certs, err := CertsFromFile(filename)
- if err != nil {
- return nil, err
- }
- pool := x509.NewCertPool()
- for _, cert := range certs {
- pool.AddCert(cert)
- }
- return pool, nil
-}
-
-// CertsFromFile returns the x509.Certificates contained in the given PEM-encoded file.
-// Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
-func CertsFromFile(file string) ([]*x509.Certificate, error) {
- pemBlock, err := ioutil.ReadFile(file)
- if err != nil {
- return nil, err
- }
- certs, err := ParseCertsPEM(pemBlock)
- if err != nil {
- return nil, fmt.Errorf("error reading %s: %s", file, err)
- }
- return certs, nil
-}
diff --git a/vendor/k8s.io/client-go/util/cert/pem.go b/vendor/k8s.io/client-go/util/cert/pem.go
deleted file mode 100644
index 9185e2e22..000000000
--- a/vendor/k8s.io/client-go/util/cert/pem.go
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package cert
-
-import (
- "crypto/x509"
- "encoding/pem"
- "errors"
-)
-
-const (
- // CertificateBlockType is a possible value for pem.Block.Type.
- CertificateBlockType = "CERTIFICATE"
- // CertificateRequestBlockType is a possible value for pem.Block.Type.
- CertificateRequestBlockType = "CERTIFICATE REQUEST"
-)
-
-// ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array
-// Returns an error if a certificate could not be parsed, or if the data does not contain any certificates
-func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error) {
- ok := false
- certs := []*x509.Certificate{}
- for len(pemCerts) > 0 {
- var block *pem.Block
- block, pemCerts = pem.Decode(pemCerts)
- if block == nil {
- break
- }
- // Only use PEM "CERTIFICATE" blocks without extra headers
- if block.Type != CertificateBlockType || len(block.Headers) != 0 {
- continue
- }
-
- cert, err := x509.ParseCertificate(block.Bytes)
- if err != nil {
- return certs, err
- }
-
- certs = append(certs, cert)
- ok = true
- }
-
- if !ok {
- return certs, errors.New("data does not contain any valid RSA or ECDSA certificates")
- }
- return certs, nil
-}
diff --git a/vendor/k8s.io/client-go/util/connrotation/connrotation.go b/vendor/k8s.io/client-go/util/connrotation/connrotation.go
deleted file mode 100644
index 235a9e019..000000000
--- a/vendor/k8s.io/client-go/util/connrotation/connrotation.go
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package connrotation implements a connection dialer that tracks and can close
-// all created connections.
-//
-// This is used for credential rotation of long-lived connections, when there's
-// no way to re-authenticate on a live connection.
-package connrotation
-
-import (
- "context"
- "net"
- "sync"
-)
-
-// DialFunc is a shorthand for signature of net.DialContext.
-type DialFunc func(ctx context.Context, network, address string) (net.Conn, error)
-
-// Dialer opens connections through Dial and tracks them.
-type Dialer struct {
- dial DialFunc
-
- mu sync.Mutex
- conns map[*closableConn]struct{}
-}
-
-// NewDialer creates a new Dialer instance.
-//
-// If dial is not nil, it will be used to create new underlying connections.
-// Otherwise net.DialContext is used.
-func NewDialer(dial DialFunc) *Dialer {
- return &Dialer{
- dial: dial,
- conns: make(map[*closableConn]struct{}),
- }
-}
-
-// CloseAll forcibly closes all tracked connections.
-//
-// Note: new connections may get created before CloseAll returns.
-func (d *Dialer) CloseAll() {
- d.mu.Lock()
- conns := d.conns
- d.conns = make(map[*closableConn]struct{})
- d.mu.Unlock()
-
- for conn := range conns {
- conn.Close()
- }
-}
-
-// Dial creates a new tracked connection.
-func (d *Dialer) Dial(network, address string) (net.Conn, error) {
- return d.DialContext(context.Background(), network, address)
-}
-
-// DialContext creates a new tracked connection.
-func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
- conn, err := d.dial(ctx, network, address)
- if err != nil {
- return nil, err
- }
-
- closable := &closableConn{Conn: conn}
-
- // Start tracking the connection
- d.mu.Lock()
- d.conns[closable] = struct{}{}
- d.mu.Unlock()
-
- // When the connection is closed, remove it from the map. This will
- // be no-op if the connection isn't in the map, e.g. if CloseAll()
- // is called.
- closable.onClose = func() {
- d.mu.Lock()
- delete(d.conns, closable)
- d.mu.Unlock()
- }
-
- return closable, nil
-}
-
-type closableConn struct {
- onClose func()
- net.Conn
-}
-
-func (c *closableConn) Close() error {
- go c.onClose()
- return c.Conn.Close()
-}
diff --git a/vendor/k8s.io/client-go/util/exec/exec.go b/vendor/k8s.io/client-go/util/exec/exec.go
deleted file mode 100644
index d170badb6..000000000
--- a/vendor/k8s.io/client-go/util/exec/exec.go
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package exec
-
-// ExitError is an interface that presents an API similar to os.ProcessState, which is
-// what ExitError from os/exec is. This is designed to make testing a bit easier and
-// probably loses some of the cross-platform properties of the underlying library.
-type ExitError interface {
- String() string
- Error() string
- Exited() bool
- ExitStatus() int
-}
-
-// CodeExitError is an implementation of ExitError consisting of an error object
-// and an exit code (the upper bits of os.exec.ExitStatus).
-type CodeExitError struct {
- Err error
- Code int
-}
-
-var _ ExitError = CodeExitError{}
-
-func (e CodeExitError) Error() string {
- return e.Err.Error()
-}
-
-func (e CodeExitError) String() string {
- return e.Err.Error()
-}
-
-func (e CodeExitError) Exited() bool {
- return true
-}
-
-func (e CodeExitError) ExitStatus() int {
- return e.Code
-}
diff --git a/vendor/k8s.io/client-go/util/flowcontrol/backoff.go b/vendor/k8s.io/client-go/util/flowcontrol/backoff.go
deleted file mode 100644
index 39cd72f95..000000000
--- a/vendor/k8s.io/client-go/util/flowcontrol/backoff.go
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package flowcontrol
-
-import (
- "sync"
- "time"
-
- "k8s.io/apimachinery/pkg/util/clock"
- "k8s.io/utils/integer"
-)
-
-type backoffEntry struct {
- backoff time.Duration
- lastUpdate time.Time
-}
-
-type Backoff struct {
- sync.Mutex
- Clock clock.Clock
- defaultDuration time.Duration
- maxDuration time.Duration
- perItemBackoff map[string]*backoffEntry
-}
-
-func NewFakeBackOff(initial, max time.Duration, tc *clock.FakeClock) *Backoff {
- return &Backoff{
- perItemBackoff: map[string]*backoffEntry{},
- Clock: tc,
- defaultDuration: initial,
- maxDuration: max,
- }
-}
-
-func NewBackOff(initial, max time.Duration) *Backoff {
- return &Backoff{
- perItemBackoff: map[string]*backoffEntry{},
- Clock: clock.RealClock{},
- defaultDuration: initial,
- maxDuration: max,
- }
-}
-
-// Get the current backoff Duration
-func (p *Backoff) Get(id string) time.Duration {
- p.Lock()
- defer p.Unlock()
- var delay time.Duration
- entry, ok := p.perItemBackoff[id]
- if ok {
- delay = entry.backoff
- }
- return delay
-}
-
-// move backoff to the next mark, capping at maxDuration
-func (p *Backoff) Next(id string, eventTime time.Time) {
- p.Lock()
- defer p.Unlock()
- entry, ok := p.perItemBackoff[id]
- if !ok || hasExpired(eventTime, entry.lastUpdate, p.maxDuration) {
- entry = p.initEntryUnsafe(id)
- } else {
- delay := entry.backoff * 2 // exponential
- entry.backoff = time.Duration(integer.Int64Min(int64(delay), int64(p.maxDuration)))
- }
- entry.lastUpdate = p.Clock.Now()
-}
-
-// Reset forces clearing of all backoff data for a given key.
-func (p *Backoff) Reset(id string) {
- p.Lock()
- defer p.Unlock()
- delete(p.perItemBackoff, id)
-}
-
-// Returns True if the elapsed time since eventTime is smaller than the current backoff window
-func (p *Backoff) IsInBackOffSince(id string, eventTime time.Time) bool {
- p.Lock()
- defer p.Unlock()
- entry, ok := p.perItemBackoff[id]
- if !ok {
- return false
- }
- if hasExpired(eventTime, entry.lastUpdate, p.maxDuration) {
- return false
- }
- return p.Clock.Since(eventTime) < entry.backoff
-}
-
-// Returns True if time since lastupdate is less than the current backoff window.
-func (p *Backoff) IsInBackOffSinceUpdate(id string, eventTime time.Time) bool {
- p.Lock()
- defer p.Unlock()
- entry, ok := p.perItemBackoff[id]
- if !ok {
- return false
- }
- if hasExpired(eventTime, entry.lastUpdate, p.maxDuration) {
- return false
- }
- return eventTime.Sub(entry.lastUpdate) < entry.backoff
-}
-
-// Garbage collect records that have aged past maxDuration. Backoff users are expected
-// to invoke this periodically.
-func (p *Backoff) GC() {
- p.Lock()
- defer p.Unlock()
- now := p.Clock.Now()
- for id, entry := range p.perItemBackoff {
- if now.Sub(entry.lastUpdate) > p.maxDuration*2 {
- // GC when entry has not been updated for 2*maxDuration
- delete(p.perItemBackoff, id)
- }
- }
-}
-
-func (p *Backoff) DeleteEntry(id string) {
- p.Lock()
- defer p.Unlock()
- delete(p.perItemBackoff, id)
-}
-
-// Take a lock on *Backoff, before calling initEntryUnsafe
-func (p *Backoff) initEntryUnsafe(id string) *backoffEntry {
- entry := &backoffEntry{backoff: p.defaultDuration}
- p.perItemBackoff[id] = entry
- return entry
-}
-
-// After 2*maxDuration we restart the backoff factor to the beginning
-func hasExpired(eventTime time.Time, lastUpdate time.Time, maxDuration time.Duration) bool {
- return eventTime.Sub(lastUpdate) > maxDuration*2 // consider stable if it's ok for twice the maxDuration
-}
diff --git a/vendor/k8s.io/client-go/util/flowcontrol/throttle.go b/vendor/k8s.io/client-go/util/flowcontrol/throttle.go
deleted file mode 100644
index e671c044d..000000000
--- a/vendor/k8s.io/client-go/util/flowcontrol/throttle.go
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package flowcontrol
-
-import (
- "sync"
- "time"
-
- "golang.org/x/time/rate"
-)
-
-type RateLimiter interface {
- // TryAccept returns true if a token is taken immediately. Otherwise,
- // it returns false.
- TryAccept() bool
- // Accept returns once a token becomes available.
- Accept()
- // Stop stops the rate limiter, subsequent calls to CanAccept will return false
- Stop()
- // QPS returns QPS of this rate limiter
- QPS() float32
-}
-
-type tokenBucketRateLimiter struct {
- limiter *rate.Limiter
- clock Clock
- qps float32
-}
-
-// NewTokenBucketRateLimiter creates a rate limiter which implements a token bucket approach.
-// The rate limiter allows bursts of up to 'burst' to exceed the QPS, while still maintaining a
-// smoothed qps rate of 'qps'.
-// The bucket is initially filled with 'burst' tokens, and refills at a rate of 'qps'.
-// The maximum number of tokens in the bucket is capped at 'burst'.
-func NewTokenBucketRateLimiter(qps float32, burst int) RateLimiter {
- limiter := rate.NewLimiter(rate.Limit(qps), burst)
- return newTokenBucketRateLimiter(limiter, realClock{}, qps)
-}
-
-// An injectable, mockable clock interface.
-type Clock interface {
- Now() time.Time
- Sleep(time.Duration)
-}
-
-type realClock struct{}
-
-func (realClock) Now() time.Time {
- return time.Now()
-}
-func (realClock) Sleep(d time.Duration) {
- time.Sleep(d)
-}
-
-// NewTokenBucketRateLimiterWithClock is identical to NewTokenBucketRateLimiter
-// but allows an injectable clock, for testing.
-func NewTokenBucketRateLimiterWithClock(qps float32, burst int, c Clock) RateLimiter {
- limiter := rate.NewLimiter(rate.Limit(qps), burst)
- return newTokenBucketRateLimiter(limiter, c, qps)
-}
-
-func newTokenBucketRateLimiter(limiter *rate.Limiter, c Clock, qps float32) RateLimiter {
- return &tokenBucketRateLimiter{
- limiter: limiter,
- clock: c,
- qps: qps,
- }
-}
-
-func (t *tokenBucketRateLimiter) TryAccept() bool {
- return t.limiter.AllowN(t.clock.Now(), 1)
-}
-
-// Accept will block until a token becomes available
-func (t *tokenBucketRateLimiter) Accept() {
- now := t.clock.Now()
- t.clock.Sleep(t.limiter.ReserveN(now, 1).DelayFrom(now))
-}
-
-func (t *tokenBucketRateLimiter) Stop() {
-}
-
-func (t *tokenBucketRateLimiter) QPS() float32 {
- return t.qps
-}
-
-type fakeAlwaysRateLimiter struct{}
-
-func NewFakeAlwaysRateLimiter() RateLimiter {
- return &fakeAlwaysRateLimiter{}
-}
-
-func (t *fakeAlwaysRateLimiter) TryAccept() bool {
- return true
-}
-
-func (t *fakeAlwaysRateLimiter) Stop() {}
-
-func (t *fakeAlwaysRateLimiter) Accept() {}
-
-func (t *fakeAlwaysRateLimiter) QPS() float32 {
- return 1
-}
-
-type fakeNeverRateLimiter struct {
- wg sync.WaitGroup
-}
-
-func NewFakeNeverRateLimiter() RateLimiter {
- rl := fakeNeverRateLimiter{}
- rl.wg.Add(1)
- return &rl
-}
-
-func (t *fakeNeverRateLimiter) TryAccept() bool {
- return false
-}
-
-func (t *fakeNeverRateLimiter) Stop() {
- t.wg.Done()
-}
-
-func (t *fakeNeverRateLimiter) Accept() {
- t.wg.Wait()
-}
-
-func (t *fakeNeverRateLimiter) QPS() float32 {
- return 1
-}
diff --git a/vendor/k8s.io/client-go/util/keyutil/OWNERS b/vendor/k8s.io/client-go/util/keyutil/OWNERS
deleted file mode 100644
index 470b7a1c9..000000000
--- a/vendor/k8s.io/client-go/util/keyutil/OWNERS
+++ /dev/null
@@ -1,7 +0,0 @@
-approvers:
-- sig-auth-certificates-approvers
-reviewers:
-- sig-auth-certificates-reviewers
-labels:
-- sig/auth
-
diff --git a/vendor/k8s.io/client-go/util/keyutil/key.go b/vendor/k8s.io/client-go/util/keyutil/key.go
deleted file mode 100644
index 83c2c6254..000000000
--- a/vendor/k8s.io/client-go/util/keyutil/key.go
+++ /dev/null
@@ -1,323 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package keyutil contains utilities for managing public/private key pairs.
-package keyutil
-
-import (
- "crypto"
- "crypto/ecdsa"
- "crypto/elliptic"
- cryptorand "crypto/rand"
- "crypto/rsa"
- "crypto/x509"
- "encoding/pem"
- "fmt"
- "io/ioutil"
- "os"
- "path/filepath"
-)
-
-const (
- // ECPrivateKeyBlockType is a possible value for pem.Block.Type.
- ECPrivateKeyBlockType = "EC PRIVATE KEY"
- // RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
- RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
- // PrivateKeyBlockType is a possible value for pem.Block.Type.
- PrivateKeyBlockType = "PRIVATE KEY"
- // PublicKeyBlockType is a possible value for pem.Block.Type.
- PublicKeyBlockType = "PUBLIC KEY"
-)
-
-// MakeEllipticPrivateKeyPEM creates an ECDSA private key
-func MakeEllipticPrivateKeyPEM() ([]byte, error) {
- privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader)
- if err != nil {
- return nil, err
- }
-
- derBytes, err := x509.MarshalECPrivateKey(privateKey)
- if err != nil {
- return nil, err
- }
-
- privateKeyPemBlock := &pem.Block{
- Type: ECPrivateKeyBlockType,
- Bytes: derBytes,
- }
- return pem.EncodeToMemory(privateKeyPemBlock), nil
-}
-
-// WriteKey writes the pem-encoded key data to keyPath.
-// The key file will be created with file mode 0600.
-// If the key file already exists, it will be overwritten.
-// The parent directory of the keyPath will be created as needed with file mode 0755.
-func WriteKey(keyPath string, data []byte) error {
- if err := os.MkdirAll(filepath.Dir(keyPath), os.FileMode(0755)); err != nil {
- return err
- }
- return ioutil.WriteFile(keyPath, data, os.FileMode(0600))
-}
-
-// LoadOrGenerateKeyFile looks for a key in the file at the given path. If it
-// can't find one, it will generate a new key and store it there.
-func LoadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error) {
- loadedData, err := ioutil.ReadFile(keyPath)
- // Call verifyKeyData to ensure the file wasn't empty/corrupt.
- if err == nil && verifyKeyData(loadedData) {
- return loadedData, false, err
- }
- if !os.IsNotExist(err) {
- return nil, false, fmt.Errorf("error loading key from %s: %v", keyPath, err)
- }
-
- generatedData, err := MakeEllipticPrivateKeyPEM()
- if err != nil {
- return nil, false, fmt.Errorf("error generating key: %v", err)
- }
- if err := WriteKey(keyPath, generatedData); err != nil {
- return nil, false, fmt.Errorf("error writing key to %s: %v", keyPath, err)
- }
- return generatedData, true, nil
-}
-
-// MarshalPrivateKeyToPEM converts a known private key type of RSA or ECDSA to
-// a PEM encoded block or returns an error.
-func MarshalPrivateKeyToPEM(privateKey crypto.PrivateKey) ([]byte, error) {
- switch t := privateKey.(type) {
- case *ecdsa.PrivateKey:
- derBytes, err := x509.MarshalECPrivateKey(t)
- if err != nil {
- return nil, err
- }
- block := &pem.Block{
- Type: ECPrivateKeyBlockType,
- Bytes: derBytes,
- }
- return pem.EncodeToMemory(block), nil
- case *rsa.PrivateKey:
- block := &pem.Block{
- Type: RSAPrivateKeyBlockType,
- Bytes: x509.MarshalPKCS1PrivateKey(t),
- }
- return pem.EncodeToMemory(block), nil
- default:
- return nil, fmt.Errorf("private key is not a recognized type: %T", privateKey)
- }
-}
-
-// PrivateKeyFromFile returns the private key in rsa.PrivateKey or ecdsa.PrivateKey format from a given PEM-encoded file.
-// Returns an error if the file could not be read or if the private key could not be parsed.
-func PrivateKeyFromFile(file string) (interface{}, error) {
- data, err := ioutil.ReadFile(file)
- if err != nil {
- return nil, err
- }
- key, err := ParsePrivateKeyPEM(data)
- if err != nil {
- return nil, fmt.Errorf("error reading private key file %s: %v", file, err)
- }
- return key, nil
-}
-
-// PublicKeysFromFile returns the public keys in rsa.PublicKey or ecdsa.PublicKey format from a given PEM-encoded file.
-// Reads public keys from both public and private key files.
-func PublicKeysFromFile(file string) ([]interface{}, error) {
- data, err := ioutil.ReadFile(file)
- if err != nil {
- return nil, err
- }
- keys, err := ParsePublicKeysPEM(data)
- if err != nil {
- return nil, fmt.Errorf("error reading public key file %s: %v", file, err)
- }
- return keys, nil
-}
-
-// verifyKeyData returns true if the provided data appears to be a valid private key.
-func verifyKeyData(data []byte) bool {
- if len(data) == 0 {
- return false
- }
- _, err := ParsePrivateKeyPEM(data)
- return err == nil
-}
-
-// ParsePrivateKeyPEM returns a private key parsed from a PEM block in the supplied data.
-// Recognizes PEM blocks for "EC PRIVATE KEY", "RSA PRIVATE KEY", or "PRIVATE KEY"
-func ParsePrivateKeyPEM(keyData []byte) (interface{}, error) {
- var privateKeyPemBlock *pem.Block
- for {
- privateKeyPemBlock, keyData = pem.Decode(keyData)
- if privateKeyPemBlock == nil {
- break
- }
-
- switch privateKeyPemBlock.Type {
- case ECPrivateKeyBlockType:
- // ECDSA Private Key in ASN.1 format
- if key, err := x509.ParseECPrivateKey(privateKeyPemBlock.Bytes); err == nil {
- return key, nil
- }
- case RSAPrivateKeyBlockType:
- // RSA Private Key in PKCS#1 format
- if key, err := x509.ParsePKCS1PrivateKey(privateKeyPemBlock.Bytes); err == nil {
- return key, nil
- }
- case PrivateKeyBlockType:
- // RSA or ECDSA Private Key in unencrypted PKCS#8 format
- if key, err := x509.ParsePKCS8PrivateKey(privateKeyPemBlock.Bytes); err == nil {
- return key, nil
- }
- }
-
- // tolerate non-key PEM blocks for compatibility with things like "EC PARAMETERS" blocks
- // originally, only the first PEM block was parsed and expected to be a key block
- }
-
- // we read all the PEM blocks and didn't recognize one
- return nil, fmt.Errorf("data does not contain a valid RSA or ECDSA private key")
-}
-
-// ParsePublicKeysPEM is a helper function for reading an array of rsa.PublicKey or ecdsa.PublicKey from a PEM-encoded byte array.
-// Reads public keys from both public and private key files.
-func ParsePublicKeysPEM(keyData []byte) ([]interface{}, error) {
- var block *pem.Block
- keys := []interface{}{}
- for {
- // read the next block
- block, keyData = pem.Decode(keyData)
- if block == nil {
- break
- }
-
- // test block against parsing functions
- if privateKey, err := parseRSAPrivateKey(block.Bytes); err == nil {
- keys = append(keys, &privateKey.PublicKey)
- continue
- }
- if publicKey, err := parseRSAPublicKey(block.Bytes); err == nil {
- keys = append(keys, publicKey)
- continue
- }
- if privateKey, err := parseECPrivateKey(block.Bytes); err == nil {
- keys = append(keys, &privateKey.PublicKey)
- continue
- }
- if publicKey, err := parseECPublicKey(block.Bytes); err == nil {
- keys = append(keys, publicKey)
- continue
- }
-
- // tolerate non-key PEM blocks for backwards compatibility
- // originally, only the first PEM block was parsed and expected to be a key block
- }
-
- if len(keys) == 0 {
- return nil, fmt.Errorf("data does not contain any valid RSA or ECDSA public keys")
- }
- return keys, nil
-}
-
-// parseRSAPublicKey parses a single RSA public key from the provided data
-func parseRSAPublicKey(data []byte) (*rsa.PublicKey, error) {
- var err error
-
- // Parse the key
- var parsedKey interface{}
- if parsedKey, err = x509.ParsePKIXPublicKey(data); err != nil {
- if cert, err := x509.ParseCertificate(data); err == nil {
- parsedKey = cert.PublicKey
- } else {
- return nil, err
- }
- }
-
- // Test if parsed key is an RSA Public Key
- var pubKey *rsa.PublicKey
- var ok bool
- if pubKey, ok = parsedKey.(*rsa.PublicKey); !ok {
- return nil, fmt.Errorf("data doesn't contain valid RSA Public Key")
- }
-
- return pubKey, nil
-}
-
-// parseRSAPrivateKey parses a single RSA private key from the provided data
-func parseRSAPrivateKey(data []byte) (*rsa.PrivateKey, error) {
- var err error
-
- // Parse the key
- var parsedKey interface{}
- if parsedKey, err = x509.ParsePKCS1PrivateKey(data); err != nil {
- if parsedKey, err = x509.ParsePKCS8PrivateKey(data); err != nil {
- return nil, err
- }
- }
-
- // Test if parsed key is an RSA Private Key
- var privKey *rsa.PrivateKey
- var ok bool
- if privKey, ok = parsedKey.(*rsa.PrivateKey); !ok {
- return nil, fmt.Errorf("data doesn't contain valid RSA Private Key")
- }
-
- return privKey, nil
-}
-
-// parseECPublicKey parses a single ECDSA public key from the provided data
-func parseECPublicKey(data []byte) (*ecdsa.PublicKey, error) {
- var err error
-
- // Parse the key
- var parsedKey interface{}
- if parsedKey, err = x509.ParsePKIXPublicKey(data); err != nil {
- if cert, err := x509.ParseCertificate(data); err == nil {
- parsedKey = cert.PublicKey
- } else {
- return nil, err
- }
- }
-
- // Test if parsed key is an ECDSA Public Key
- var pubKey *ecdsa.PublicKey
- var ok bool
- if pubKey, ok = parsedKey.(*ecdsa.PublicKey); !ok {
- return nil, fmt.Errorf("data doesn't contain valid ECDSA Public Key")
- }
-
- return pubKey, nil
-}
-
-// parseECPrivateKey parses a single ECDSA private key from the provided data
-func parseECPrivateKey(data []byte) (*ecdsa.PrivateKey, error) {
- var err error
-
- // Parse the key
- var parsedKey interface{}
- if parsedKey, err = x509.ParseECPrivateKey(data); err != nil {
- return nil, err
- }
-
- // Test if parsed key is an ECDSA Private Key
- var privKey *ecdsa.PrivateKey
- var ok bool
- if privKey, ok = parsedKey.(*ecdsa.PrivateKey); !ok {
- return nil, fmt.Errorf("data doesn't contain valid ECDSA Private Key")
- }
-
- return privKey, nil
-}