diff options
Diffstat (limited to 'vendor/k8s.io/client-go/tools')
9 files changed, 130 insertions, 33 deletions
diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/doc.go b/vendor/k8s.io/client-go/tools/clientcmd/api/doc.go index 0a081871a..5871575a6 100644 --- a/vendor/k8s.io/client-go/tools/clientcmd/api/doc.go +++ b/vendor/k8s.io/client-go/tools/clientcmd/api/doc.go @@ -15,4 +15,5 @@ limitations under the License. */ // +k8s:deepcopy-gen=package + package api diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go b/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go index 43e26487c..65a36936b 100644 --- a/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go +++ b/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go @@ -29,6 +29,8 @@ import ( func init() { sDec, _ := base64.StdEncoding.DecodeString("REDACTED+") redactedBytes = []byte(string(sDec)) + sDec, _ = base64.StdEncoding.DecodeString("DATA+OMITTED") + dataOmittedBytes = []byte(string(sDec)) } // IsConfigEmpty returns true if the config is empty. @@ -79,7 +81,10 @@ func MinifyConfig(config *Config) error { return nil } -var redactedBytes []byte +var ( + redactedBytes []byte + dataOmittedBytes []byte +) // Flatten redacts raw data entries from the config object for a human-readable view. func ShortenConfig(config *Config) { @@ -97,7 +102,7 @@ func ShortenConfig(config *Config) { } for key, cluster := range config.Clusters { if len(cluster.CertificateAuthorityData) > 0 { - cluster.CertificateAuthorityData = redactedBytes + cluster.CertificateAuthorityData = dataOmittedBytes } config.Clusters[key] = cluster } diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go index 1391df702..990a440c6 100644 --- a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go +++ b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go @@ -17,6 +17,8 @@ limitations under the License. package api import ( + "fmt" + "k8s.io/apimachinery/pkg/runtime" ) @@ -150,6 +152,25 @@ type AuthProviderConfig struct { Config map[string]string `json:"config,omitempty"` } +var _ fmt.Stringer = new(AuthProviderConfig) +var _ fmt.GoStringer = new(AuthProviderConfig) + +// GoString implements fmt.GoStringer and sanitizes sensitive fields of +// AuthProviderConfig to prevent accidental leaking via logs. +func (c AuthProviderConfig) GoString() string { + return c.String() +} + +// String implements fmt.Stringer and sanitizes sensitive fields of +// AuthProviderConfig to prevent accidental leaking via logs. +func (c AuthProviderConfig) String() string { + cfg := "<nil>" + if c.Config != nil { + cfg = "--- REDACTED ---" + } + return fmt.Sprintf("api.AuthProviderConfig{Name: %q, Config: map[string]string{%s}}", c.Name, cfg) +} + // ExecConfig specifies a command to provide client credentials. The command is exec'd // and outputs structured stdout holding credentials. // @@ -172,6 +193,29 @@ type ExecConfig struct { APIVersion string `json:"apiVersion,omitempty"` } +var _ fmt.Stringer = new(ExecConfig) +var _ fmt.GoStringer = new(ExecConfig) + +// GoString implements fmt.GoStringer and sanitizes sensitive fields of +// ExecConfig to prevent accidental leaking via logs. +func (c ExecConfig) GoString() string { + return c.String() +} + +// String implements fmt.Stringer and sanitizes sensitive fields of ExecConfig +// to prevent accidental leaking via logs. +func (c ExecConfig) String() string { + var args []string + if len(c.Args) > 0 { + args = []string{"--- REDACTED ---"} + } + env := "[]ExecEnvVar(nil)" + if len(c.Env) > 0 { + env = "[]ExecEnvVar{--- REDACTED ---}" + } + return fmt.Sprintf("api.AuthProviderConfig{Command: %q, Args: %#v, Env: %s, APIVersion: %q}", c.Command, args, env, c.APIVersion) +} + // ExecEnvVar is used for setting environment variables when executing an exec-based // credential plugin. type ExecEnvVar struct { diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go index 085c088ee..3240a7a98 100644 --- a/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go +++ b/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go @@ -1,7 +1,7 @@ // +build !ignore_autogenerated /* -Copyright 2018 The Kubernetes Authors. +Copyright The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -46,31 +46,26 @@ func (in *AuthInfo) DeepCopyInto(out *AuthInfo) { in, out := &in.ImpersonateUserExtra, &out.ImpersonateUserExtra *out = make(map[string][]string, len(*in)) for key, val := range *in { + var outVal []string if val == nil { (*out)[key] = nil } else { - (*out)[key] = make([]string, len(val)) - copy((*out)[key], val) + in, out := &val, &outVal + *out = make([]string, len(*in)) + copy(*out, *in) } + (*out)[key] = outVal } } if in.AuthProvider != nil { in, out := &in.AuthProvider, &out.AuthProvider - if *in == nil { - *out = nil - } else { - *out = new(AuthProviderConfig) - (*in).DeepCopyInto(*out) - } + *out = new(AuthProviderConfig) + (*in).DeepCopyInto(*out) } if in.Exec != nil { in, out := &in.Exec, &out.Exec - if *in == nil { - *out = nil - } else { - *out = new(ExecConfig) - (*in).DeepCopyInto(*out) - } + *out = new(ExecConfig) + (*in).DeepCopyInto(*out) } if in.Extensions != nil { in, out := &in.Extensions, &out.Extensions @@ -159,36 +154,45 @@ func (in *Config) DeepCopyInto(out *Config) { in, out := &in.Clusters, &out.Clusters *out = make(map[string]*Cluster, len(*in)) for key, val := range *in { + var outVal *Cluster if val == nil { (*out)[key] = nil } else { - (*out)[key] = new(Cluster) - val.DeepCopyInto((*out)[key]) + in, out := &val, &outVal + *out = new(Cluster) + (*in).DeepCopyInto(*out) } + (*out)[key] = outVal } } if in.AuthInfos != nil { in, out := &in.AuthInfos, &out.AuthInfos *out = make(map[string]*AuthInfo, len(*in)) for key, val := range *in { + var outVal *AuthInfo if val == nil { (*out)[key] = nil } else { - (*out)[key] = new(AuthInfo) - val.DeepCopyInto((*out)[key]) + in, out := &val, &outVal + *out = new(AuthInfo) + (*in).DeepCopyInto(*out) } + (*out)[key] = outVal } } if in.Contexts != nil { in, out := &in.Contexts, &out.Contexts *out = make(map[string]*Context, len(*in)) for key, val := range *in { + var outVal *Context if val == nil { (*out)[key] = nil } else { - (*out)[key] = new(Context) - val.DeepCopyInto((*out)[key]) + in, out := &val, &outVal + *out = new(Context) + (*in).DeepCopyInto(*out) } + (*out)[key] = outVal } } if in.Extensions != nil { diff --git a/vendor/k8s.io/client-go/tools/metrics/OWNERS b/vendor/k8s.io/client-go/tools/metrics/OWNERS index ff5179807..f150be536 100644 --- a/vendor/k8s.io/client-go/tools/metrics/OWNERS +++ b/vendor/k8s.io/client-go/tools/metrics/OWNERS @@ -1,3 +1,5 @@ +# See the OWNERS docs at https://go.k8s.io/owners + reviewers: - wojtek-t - eparis diff --git a/vendor/k8s.io/client-go/tools/remotecommand/reader.go b/vendor/k8s.io/client-go/tools/remotecommand/reader.go new file mode 100644 index 000000000..d1f1be34c --- /dev/null +++ b/vendor/k8s.io/client-go/tools/remotecommand/reader.go @@ -0,0 +1,41 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package remotecommand + +import ( + "io" +) + +// readerWrapper delegates to an io.Reader so that only the io.Reader interface is implemented, +// to keep io.Copy from doing things we don't want when copying from the reader to the data stream. +// +// If the Stdin io.Reader provided to remotecommand implements a WriteTo function (like bytes.Buffer does[1]), +// io.Copy calls that method[2] to attempt to write the entire buffer to the stream in one call. +// That results in an oversized call to spdystream.Stream#Write [3], +// which results in a single oversized data frame[4] that is too large. +// +// [1] https://golang.org/pkg/bytes/#Buffer.WriteTo +// [2] https://golang.org/pkg/io/#Copy +// [3] https://github.com/kubernetes/kubernetes/blob/90295640ef87db9daa0144c5617afe889e7992b2/vendor/github.com/docker/spdystream/stream.go#L66-L73 +// [4] https://github.com/kubernetes/kubernetes/blob/90295640ef87db9daa0144c5617afe889e7992b2/vendor/github.com/docker/spdystream/spdy/write.go#L302-L304 +type readerWrapper struct { + reader io.Reader +} + +func (r readerWrapper) Read(p []byte) (int, error) { + return r.reader.Read(p) +} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go b/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go index 6b69f366e..892d8d105 100644 --- a/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go +++ b/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go @@ -22,7 +22,7 @@ import ( "net/http" "net/url" - "github.com/golang/glog" + "k8s.io/klog" "k8s.io/apimachinery/pkg/util/httpstream" "k8s.io/apimachinery/pkg/util/remotecommand" @@ -30,8 +30,8 @@ import ( spdy "k8s.io/client-go/transport/spdy" ) -// StreamOptions holds information pertaining to the current streaming session: supported stream -// protocols, input/output streams, if the client is requesting a TTY, and a terminal size queue to +// StreamOptions holds information pertaining to the current streaming session: +// input/output streams, if the client is requesting a TTY, and a terminal size queue to // support terminal resizing. type StreamOptions struct { Stdin io.Reader @@ -132,7 +132,7 @@ func (e *streamExecutor) Stream(options StreamOptions) error { case remotecommand.StreamProtocolV2Name: streamer = newStreamProtocolV2(options) case "": - glog.V(4).Infof("The server did not negotiate a streaming protocol version. Falling back to %s", remotecommand.StreamProtocolV1Name) + klog.V(4).Infof("The server did not negotiate a streaming protocol version. Falling back to %s", remotecommand.StreamProtocolV1Name) fallthrough case remotecommand.StreamProtocolV1Name: streamer = newStreamProtocolV1(options) diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v1.go b/vendor/k8s.io/client-go/tools/remotecommand/v1.go index 92dad727f..4120f1f5f 100644 --- a/vendor/k8s.io/client-go/tools/remotecommand/v1.go +++ b/vendor/k8s.io/client-go/tools/remotecommand/v1.go @@ -22,9 +22,9 @@ import ( "io/ioutil" "net/http" - "github.com/golang/glog" "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/httpstream" + "k8s.io/klog" ) // streamProtocolV1 implements the first version of the streaming exec & attach @@ -53,10 +53,10 @@ func (p *streamProtocolV1) stream(conn streamCreator) error { errorChan := make(chan error) cp := func(s string, dst io.Writer, src io.Reader) { - glog.V(6).Infof("Copying %s", s) - defer glog.V(6).Infof("Done copying %s", s) + klog.V(6).Infof("Copying %s", s) + defer klog.V(6).Infof("Done copying %s", s) if _, err := io.Copy(dst, src); err != nil && err != io.EOF { - glog.Errorf("Error copying %s: %v", s, err) + klog.Errorf("Error copying %s: %v", s, err) } if s == v1.StreamTypeStdout || s == v1.StreamTypeStderr { doneChan <- struct{}{} @@ -127,7 +127,7 @@ func (p *streamProtocolV1) stream(conn streamCreator) error { // because stdin is not closed until the process exits. If we try to call // stdin.Close(), it returns no error but doesn't unblock the copy. It will // exit when the process exits, instead. - go cp(v1.StreamTypeStdin, p.remoteStdin, p.Stdin) + go cp(v1.StreamTypeStdin, p.remoteStdin, readerWrapper{p.Stdin}) } waitCount := 0 diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v2.go b/vendor/k8s.io/client-go/tools/remotecommand/v2.go index b74ae8de2..4b0001502 100644 --- a/vendor/k8s.io/client-go/tools/remotecommand/v2.go +++ b/vendor/k8s.io/client-go/tools/remotecommand/v2.go @@ -101,7 +101,7 @@ func (p *streamProtocolV2) copyStdin() { // the executed command will remain running. defer once.Do(func() { p.remoteStdin.Close() }) - if _, err := io.Copy(p.remoteStdin, p.Stdin); err != nil { + if _, err := io.Copy(p.remoteStdin, readerWrapper{p.Stdin}); err != nil { runtime.HandleError(err) } }() |