diff options
Diffstat (limited to 'vendor/k8s.io/apimachinery/pkg/util')
10 files changed, 287 insertions, 46 deletions
diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go index 9d5fdeece..00ce5f785 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go +++ b/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go @@ -114,6 +114,18 @@ func negotiateProtocol(clientProtocols, serverProtocols []string) string { return "" } +func commaSeparatedHeaderValues(header []string) []string { + var parsedClientProtocols []string + for i := range header { + for _, clientProtocol := range strings.Split(header[i], ",") { + if proto := strings.Trim(clientProtocol, " "); len(proto) > 0 { + parsedClientProtocols = append(parsedClientProtocols, proto) + } + } + } + return parsedClientProtocols +} + // Handshake performs a subprotocol negotiation. If the client did request a // subprotocol, Handshake will select the first common value found in // serverProtocols. If a match is found, Handshake adds a response header @@ -121,7 +133,7 @@ func negotiateProtocol(clientProtocols, serverProtocols []string) string { // returned, along with a response header containing the list of protocols the // server can accept. func Handshake(req *http.Request, w http.ResponseWriter, serverProtocols []string) (string, error) { - clientProtocols := req.Header[http.CanonicalHeaderKey(HeaderProtocolVersion)] + clientProtocols := commaSeparatedHeaderValues(req.Header[http.CanonicalHeaderKey(HeaderProtocolVersion)]) if len(clientProtocols) == 0 { return "", fmt.Errorf("unable to upgrade: %s is required", HeaderProtocolVersion) } diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go index 9d222faa8..7a6881250 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go +++ b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go @@ -24,7 +24,7 @@ import ( "github.com/docker/spdystream" "k8s.io/apimachinery/pkg/util/httpstream" - "k8s.io/klog" + "k8s.io/klog/v2" ) // connection maintains state about a spdystream.Connection and its associated diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go index 2699597e7..6309fbc26 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go +++ b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go @@ -76,19 +76,20 @@ var _ utilnet.TLSClientConfigHolder = &SpdyRoundTripper{} var _ httpstream.UpgradeRoundTripper = &SpdyRoundTripper{} var _ utilnet.Dialer = &SpdyRoundTripper{} -// NewRoundTripper creates a new SpdyRoundTripper that will use -// the specified tlsConfig. -func NewRoundTripper(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool) httpstream.UpgradeRoundTripper { - return NewSpdyRoundTripper(tlsConfig, followRedirects, requireSameHostRedirects) +// NewRoundTripper creates a new SpdyRoundTripper that will use the specified +// tlsConfig. +func NewRoundTripper(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool) *SpdyRoundTripper { + return NewRoundTripperWithProxy(tlsConfig, followRedirects, requireSameHostRedirects, utilnet.NewProxierWithNoProxyCIDR(http.ProxyFromEnvironment)) } -// NewSpdyRoundTripper creates a new SpdyRoundTripper that will use -// the specified tlsConfig. This function is mostly meant for unit tests. -func NewSpdyRoundTripper(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool) *SpdyRoundTripper { +// NewRoundTripperWithProxy creates a new SpdyRoundTripper that will use the +// specified tlsConfig and proxy func. +func NewRoundTripperWithProxy(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool, proxier func(*http.Request) (*url.URL, error)) *SpdyRoundTripper { return &SpdyRoundTripper{ tlsConfig: tlsConfig, followRedirects: followRedirects, requireSameHostRedirects: requireSameHostRedirects, + proxier: proxier, } } @@ -116,11 +117,7 @@ func (s *SpdyRoundTripper) Dial(req *http.Request) (net.Conn, error) { // dial dials the host specified by req, using TLS if appropriate, optionally // using a proxy server if one is configured via environment variables. func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) { - proxier := s.proxier - if proxier == nil { - proxier = utilnet.NewProxierWithNoProxyCIDR(http.ProxyFromEnvironment) - } - proxyURL, err := proxier(req) + proxyURL, err := s.proxier(req) if err != nil { return nil, err } diff --git a/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go b/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go index cb974dcf7..6576def82 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go +++ b/vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go @@ -26,7 +26,7 @@ import ( "strings" "github.com/google/gofuzz" - "k8s.io/klog" + "k8s.io/klog/v2" ) // IntOrString is a type that can hold an int32 or a string. When used in diff --git a/vendor/k8s.io/apimachinery/pkg/util/net/http.go b/vendor/k8s.io/apimachinery/pkg/util/net/http.go index 7b64e6815..945886c43 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/net/http.go +++ b/vendor/k8s.io/apimachinery/pkg/util/net/http.go @@ -21,18 +21,23 @@ import ( "bytes" "context" "crypto/tls" + "errors" "fmt" "io" + "mime" "net" "net/http" "net/url" "os" "path" + "regexp" "strconv" "strings" + "unicode" + "unicode/utf8" "golang.org/x/net/http2" - "k8s.io/klog" + "k8s.io/klog/v2" ) // JoinPreservingTrailingSlash does a path.Join of the specified elements, @@ -57,8 +62,11 @@ func JoinPreservingTrailingSlash(elem ...string) string { // IsTimeout returns true if the given error is a network timeout error func IsTimeout(err error) bool { - neterr, ok := err.(net.Error) - return ok && neterr != nil && neterr.Timeout() + var neterr net.Error + if errors.As(err, &neterr) { + return neterr != nil && neterr.Timeout() + } + return false } // IsProbableEOF returns true if the given error resembles a connection termination @@ -71,13 +79,16 @@ func IsProbableEOF(err error) bool { if err == nil { return false } - if uerr, ok := err.(*url.Error); ok { + var uerr *url.Error + if errors.As(err, &uerr) { err = uerr.Err } msg := err.Error() switch { case err == io.EOF: return true + case err == io.ErrUnexpectedEOF: + return true case msg == "http: can't write HTTP request on broken connection": return true case strings.Contains(msg, "http2: server sent GOAWAY and closed the connection"): @@ -482,3 +493,232 @@ func CloneHeader(in http.Header) http.Header { } return out } + +// WarningHeader contains a single RFC2616 14.46 warnings header +type WarningHeader struct { + // Codeindicates the type of warning. 299 is a miscellaneous persistent warning + Code int + // Agent contains the name or pseudonym of the server adding the Warning header. + // A single "-" is recommended when agent is unknown. + Agent string + // Warning text + Text string +} + +// ParseWarningHeaders extract RFC2616 14.46 warnings headers from the specified set of header values. +// Multiple comma-separated warnings per header are supported. +// If errors are encountered on a header, the remainder of that header are skipped and subsequent headers are parsed. +// Returns successfully parsed warnings and any errors encountered. +func ParseWarningHeaders(headers []string) ([]WarningHeader, []error) { + var ( + results []WarningHeader + errs []error + ) + for _, header := range headers { + for len(header) > 0 { + result, remainder, err := ParseWarningHeader(header) + if err != nil { + errs = append(errs, err) + break + } + results = append(results, result) + header = remainder + } + } + return results, errs +} + +var ( + codeMatcher = regexp.MustCompile(`^[0-9]{3}$`) + wordDecoder = &mime.WordDecoder{} +) + +// ParseWarningHeader extracts one RFC2616 14.46 warning from the specified header, +// returning an error if the header does not contain a correctly formatted warning. +// Any remaining content in the header is returned. +func ParseWarningHeader(header string) (result WarningHeader, remainder string, err error) { + // https://tools.ietf.org/html/rfc2616#section-14.46 + // updated by + // https://tools.ietf.org/html/rfc7234#section-5.5 + // https://tools.ietf.org/html/rfc7234#appendix-A + // Some requirements regarding production and processing of the Warning + // header fields have been relaxed, as it is not widely implemented. + // Furthermore, the Warning header field no longer uses RFC 2047 + // encoding, nor does it allow multiple languages, as these aspects were + // not implemented. + // + // Format is one of: + // warn-code warn-agent "warn-text" + // warn-code warn-agent "warn-text" "warn-date" + // + // warn-code is a three digit number + // warn-agent is unquoted and contains no spaces + // warn-text is quoted with backslash escaping (RFC2047-encoded according to RFC2616, not encoded according to RFC7234) + // warn-date is optional, quoted, and in HTTP-date format (no embedded or escaped quotes) + // + // additional warnings can optionally be included in the same header by comma-separating them: + // warn-code warn-agent "warn-text" "warn-date"[, warn-code warn-agent "warn-text" "warn-date", ...] + + // tolerate leading whitespace + header = strings.TrimSpace(header) + + parts := strings.SplitN(header, " ", 3) + if len(parts) != 3 { + return WarningHeader{}, "", errors.New("invalid warning header: fewer than 3 segments") + } + code, agent, textDateRemainder := parts[0], parts[1], parts[2] + + // verify code format + if !codeMatcher.Match([]byte(code)) { + return WarningHeader{}, "", errors.New("invalid warning header: code segment is not 3 digits between 100-299") + } + codeInt, _ := strconv.ParseInt(code, 10, 64) + + // verify agent presence + if len(agent) == 0 { + return WarningHeader{}, "", errors.New("invalid warning header: empty agent segment") + } + if !utf8.ValidString(agent) || hasAnyRunes(agent, unicode.IsControl) { + return WarningHeader{}, "", errors.New("invalid warning header: invalid agent") + } + + // verify textDateRemainder presence + if len(textDateRemainder) == 0 { + return WarningHeader{}, "", errors.New("invalid warning header: empty text segment") + } + + // extract text + text, dateAndRemainder, err := parseQuotedString(textDateRemainder) + if err != nil { + return WarningHeader{}, "", fmt.Errorf("invalid warning header: %v", err) + } + // tolerate RFC2047-encoded text from warnings produced according to RFC2616 + if decodedText, err := wordDecoder.DecodeHeader(text); err == nil { + text = decodedText + } + if !utf8.ValidString(text) || hasAnyRunes(text, unicode.IsControl) { + return WarningHeader{}, "", errors.New("invalid warning header: invalid text") + } + result = WarningHeader{Code: int(codeInt), Agent: agent, Text: text} + + if len(dateAndRemainder) > 0 { + if dateAndRemainder[0] == '"' { + // consume date + foundEndQuote := false + for i := 1; i < len(dateAndRemainder); i++ { + if dateAndRemainder[i] == '"' { + foundEndQuote = true + remainder = strings.TrimSpace(dateAndRemainder[i+1:]) + break + } + } + if !foundEndQuote { + return WarningHeader{}, "", errors.New("invalid warning header: unterminated date segment") + } + } else { + remainder = dateAndRemainder + } + } + if len(remainder) > 0 { + if remainder[0] == ',' { + // consume comma if present + remainder = strings.TrimSpace(remainder[1:]) + } else { + return WarningHeader{}, "", errors.New("invalid warning header: unexpected token after warn-date") + } + } + + return result, remainder, nil +} + +func parseQuotedString(quotedString string) (string, string, error) { + if len(quotedString) == 0 { + return "", "", errors.New("invalid quoted string: 0-length") + } + + if quotedString[0] != '"' { + return "", "", errors.New("invalid quoted string: missing initial quote") + } + + quotedString = quotedString[1:] + var remainder string + escaping := false + closedQuote := false + result := &bytes.Buffer{} +loop: + for i := 0; i < len(quotedString); i++ { + b := quotedString[i] + switch b { + case '"': + if escaping { + result.WriteByte(b) + escaping = false + } else { + closedQuote = true + remainder = strings.TrimSpace(quotedString[i+1:]) + break loop + } + case '\\': + if escaping { + result.WriteByte(b) + escaping = false + } else { + escaping = true + } + default: + result.WriteByte(b) + escaping = false + } + } + + if !closedQuote { + return "", "", errors.New("invalid quoted string: missing closing quote") + } + return result.String(), remainder, nil +} + +func NewWarningHeader(code int, agent, text string) (string, error) { + if code < 0 || code > 999 { + return "", errors.New("code must be between 0 and 999") + } + if len(agent) == 0 { + agent = "-" + } else if !utf8.ValidString(agent) || strings.ContainsAny(agent, `\"`) || hasAnyRunes(agent, unicode.IsSpace, unicode.IsControl) { + return "", errors.New("agent must be valid UTF-8 and must not contain spaces, quotes, backslashes, or control characters") + } + if !utf8.ValidString(text) || hasAnyRunes(text, unicode.IsControl) { + return "", errors.New("text must be valid UTF-8 and must not contain control characters") + } + return fmt.Sprintf("%03d %s %s", code, agent, makeQuotedString(text)), nil +} + +func hasAnyRunes(s string, runeCheckers ...func(rune) bool) bool { + for _, r := range s { + for _, checker := range runeCheckers { + if checker(r) { + return true + } + } + } + return false +} + +func makeQuotedString(s string) string { + result := &bytes.Buffer{} + // opening quote + result.WriteRune('"') + for _, c := range s { + switch c { + case '"', '\\': + // escape " and \ + result.WriteRune('\\') + result.WriteRune(c) + default: + // write everything else as-is + result.WriteRune(c) + } + } + // closing quote + result.WriteRune('"') + return result.String() +} diff --git a/vendor/k8s.io/apimachinery/pkg/util/net/interface.go b/vendor/k8s.io/apimachinery/pkg/util/net/interface.go index 836494d57..204e223ca 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/net/interface.go +++ b/vendor/k8s.io/apimachinery/pkg/util/net/interface.go @@ -26,7 +26,7 @@ import ( "strings" - "k8s.io/klog" + "k8s.io/klog/v2" ) type AddressFamily uint diff --git a/vendor/k8s.io/apimachinery/pkg/util/net/util.go b/vendor/k8s.io/apimachinery/pkg/util/net/util.go index 2e7cb9499..5950087e0 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/net/util.go +++ b/vendor/k8s.io/apimachinery/pkg/util/net/util.go @@ -17,9 +17,8 @@ limitations under the License. package net import ( + "errors" "net" - "net/url" - "os" "reflect" "syscall" ) @@ -40,34 +39,18 @@ func IPNetEqual(ipnet1, ipnet2 *net.IPNet) bool { // Returns if the given err is "connection reset by peer" error. func IsConnectionReset(err error) bool { - if urlErr, ok := err.(*url.Error); ok { - err = urlErr.Err - } - if opErr, ok := err.(*net.OpError); ok { - err = opErr.Err - } - if osErr, ok := err.(*os.SyscallError); ok { - err = osErr.Err - } - if errno, ok := err.(syscall.Errno); ok && errno == syscall.ECONNRESET { - return true + var errno syscall.Errno + if errors.As(err, &errno) { + return errno == syscall.ECONNRESET } return false } // Returns if the given err is "connection refused" error func IsConnectionRefused(err error) bool { - if urlErr, ok := err.(*url.Error); ok { - err = urlErr.Err - } - if opErr, ok := err.(*net.OpError); ok { - err = opErr.Err - } - if osErr, ok := err.(*os.SyscallError); ok { - err = osErr.Err - } - if errno, ok := err.(syscall.Errno); ok && errno == syscall.ECONNREFUSED { - return true + var errno syscall.Errno + if errors.As(err, &errno) { + return errno == syscall.ECONNREFUSED } return false } diff --git a/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go b/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go index 1428443f5..e8a9f609f 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go +++ b/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go @@ -23,7 +23,7 @@ import ( "sync" "time" - "k8s.io/klog" + "k8s.io/klog/v2" ) var ( diff --git a/vendor/k8s.io/apimachinery/pkg/util/validation/validation.go b/vendor/k8s.io/apimachinery/pkg/util/validation/validation.go index 915231f2e..4752b29a9 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/validation/validation.go +++ b/vendor/k8s.io/apimachinery/pkg/util/validation/validation.go @@ -106,6 +106,11 @@ func IsFullyQualifiedDomainName(fldPath *field.Path, name string) field.ErrorLis if len(strings.Split(name, ".")) < 2 { return append(allErrors, field.Invalid(fldPath, name, "should be a domain with at least two segments separated by dots")) } + for _, label := range strings.Split(name, ".") { + if errs := IsDNS1123Label(label); len(errs) > 0 { + return append(allErrors, field.Invalid(fldPath, label, strings.Join(errs, ","))) + } + } return allErrors } diff --git a/vendor/k8s.io/apimachinery/pkg/util/yaml/decoder.go b/vendor/k8s.io/apimachinery/pkg/util/yaml/decoder.go index a9a3853ac..492171faf 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/yaml/decoder.go +++ b/vendor/k8s.io/apimachinery/pkg/util/yaml/decoder.go @@ -26,7 +26,7 @@ import ( "strings" "unicode" - "k8s.io/klog" + "k8s.io/klog/v2" "sigs.k8s.io/yaml" ) @@ -92,6 +92,10 @@ type YAMLDecoder struct { // the caller in framing the chunk. func NewDocumentDecoder(r io.ReadCloser) io.ReadCloser { scanner := bufio.NewScanner(r) + // the size of initial allocation for buffer 4k + buf := make([]byte, 4*1024) + // the maximum size used to buffer a token 5M + scanner.Buffer(buf, 5*1024*1024) scanner.Split(splitYAMLDocument) return &YAMLDecoder{ r: r, |