summaryrefslogtreecommitdiff
path: root/vendor/k8s.io/client-go/transport
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/k8s.io/client-go/transport')
-rw-r--r--vendor/k8s.io/client-go/transport/OWNERS9
-rw-r--r--vendor/k8s.io/client-go/transport/cache.go117
-rw-r--r--vendor/k8s.io/client-go/transport/config.go126
-rw-r--r--vendor/k8s.io/client-go/transport/round_trippers.go564
-rw-r--r--vendor/k8s.io/client-go/transport/spdy/spdy.go94
-rw-r--r--vendor/k8s.io/client-go/transport/token_source.go149
-rw-r--r--vendor/k8s.io/client-go/transport/transport.go227
7 files changed, 0 insertions, 1286 deletions
diff --git a/vendor/k8s.io/client-go/transport/OWNERS b/vendor/k8s.io/client-go/transport/OWNERS
deleted file mode 100644
index a52176903..000000000
--- a/vendor/k8s.io/client-go/transport/OWNERS
+++ /dev/null
@@ -1,9 +0,0 @@
-# See the OWNERS docs at https://go.k8s.io/owners
-
-reviewers:
-- smarterclayton
-- wojtek-t
-- deads2k
-- liggitt
-- krousey
-- caesarxuchao
diff --git a/vendor/k8s.io/client-go/transport/cache.go b/vendor/k8s.io/client-go/transport/cache.go
deleted file mode 100644
index 7cffe2a5f..000000000
--- a/vendor/k8s.io/client-go/transport/cache.go
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
- "fmt"
- "net"
- "net/http"
- "sync"
- "time"
-
- utilnet "k8s.io/apimachinery/pkg/util/net"
-)
-
-// TlsTransportCache caches TLS http.RoundTrippers different configurations. The
-// same RoundTripper will be returned for configs with identical TLS options If
-// the config has no custom TLS options, http.DefaultTransport is returned.
-type tlsTransportCache struct {
- mu sync.Mutex
- transports map[tlsCacheKey]*http.Transport
-}
-
-const idleConnsPerHost = 25
-
-var tlsCache = &tlsTransportCache{transports: make(map[tlsCacheKey]*http.Transport)}
-
-type tlsCacheKey struct {
- insecure bool
- caData string
- certData string
- keyData string
- getCert string
- serverName string
- dial string
-}
-
-func (t tlsCacheKey) String() string {
- keyText := "<none>"
- if len(t.keyData) > 0 {
- keyText = "<redacted>"
- }
- return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, getCert: %s, serverName:%s, dial:%s", t.insecure, t.caData, t.certData, keyText, t.getCert, t.serverName, t.dial)
-}
-
-func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
- key, err := tlsConfigKey(config)
- if err != nil {
- return nil, err
- }
-
- // Ensure we only create a single transport for the given TLS options
- c.mu.Lock()
- defer c.mu.Unlock()
-
- // See if we already have a custom transport for this config
- if t, ok := c.transports[key]; ok {
- return t, nil
- }
-
- // Get the TLS options for this client config
- tlsConfig, err := TLSConfigFor(config)
- if err != nil {
- return nil, err
- }
- // The options didn't require a custom TLS config
- if tlsConfig == nil && config.Dial == nil {
- return http.DefaultTransport, nil
- }
-
- dial := config.Dial
- if dial == nil {
- dial = (&net.Dialer{
- Timeout: 30 * time.Second,
- KeepAlive: 30 * time.Second,
- }).DialContext
- }
- // Cache a single transport for these options
- c.transports[key] = utilnet.SetTransportDefaults(&http.Transport{
- Proxy: http.ProxyFromEnvironment,
- TLSHandshakeTimeout: 10 * time.Second,
- TLSClientConfig: tlsConfig,
- MaxIdleConnsPerHost: idleConnsPerHost,
- DialContext: dial,
- })
- return c.transports[key], nil
-}
-
-// tlsConfigKey returns a unique key for tls.Config objects returned from TLSConfigFor
-func tlsConfigKey(c *Config) (tlsCacheKey, error) {
- // Make sure ca/key/cert content is loaded
- if err := loadTLSFiles(c); err != nil {
- return tlsCacheKey{}, err
- }
- return tlsCacheKey{
- insecure: c.TLS.Insecure,
- caData: string(c.TLS.CAData),
- certData: string(c.TLS.CertData),
- keyData: string(c.TLS.KeyData),
- getCert: fmt.Sprintf("%p", c.TLS.GetCert),
- serverName: c.TLS.ServerName,
- dial: fmt.Sprintf("%p", c.Dial),
- }, nil
-}
diff --git a/vendor/k8s.io/client-go/transport/config.go b/vendor/k8s.io/client-go/transport/config.go
deleted file mode 100644
index 5de0a2cb1..000000000
--- a/vendor/k8s.io/client-go/transport/config.go
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
- "context"
- "crypto/tls"
- "net"
- "net/http"
-)
-
-// Config holds various options for establishing a transport.
-type Config struct {
- // UserAgent is an optional field that specifies the caller of this
- // request.
- UserAgent string
-
- // The base TLS configuration for this transport.
- TLS TLSConfig
-
- // Username and password for basic authentication
- Username string
- Password string
-
- // Bearer token for authentication
- BearerToken string
-
- // Path to a file containing a BearerToken.
- // If set, the contents are periodically read.
- // The last successfully read value takes precedence over BearerToken.
- BearerTokenFile string
-
- // Impersonate is the config that this Config will impersonate using
- Impersonate ImpersonationConfig
-
- // Transport may be used for custom HTTP behavior. This attribute may
- // not be specified with the TLS client certificate options. Use
- // WrapTransport for most client level operations.
- Transport http.RoundTripper
-
- // WrapTransport will be invoked for custom HTTP behavior after the
- // underlying transport is initialized (either the transport created
- // from TLSClientConfig, Transport, or http.DefaultTransport). The
- // config may layer other RoundTrippers on top of the returned
- // RoundTripper.
- //
- // A future release will change this field to an array. Use config.Wrap()
- // instead of setting this value directly.
- WrapTransport WrapperFunc
-
- // Dial specifies the dial function for creating unencrypted TCP connections.
- Dial func(ctx context.Context, network, address string) (net.Conn, error)
-}
-
-// ImpersonationConfig has all the available impersonation options
-type ImpersonationConfig struct {
- // UserName matches user.Info.GetName()
- UserName string
- // Groups matches user.Info.GetGroups()
- Groups []string
- // Extra matches user.Info.GetExtra()
- Extra map[string][]string
-}
-
-// HasCA returns whether the configuration has a certificate authority or not.
-func (c *Config) HasCA() bool {
- return len(c.TLS.CAData) > 0 || len(c.TLS.CAFile) > 0
-}
-
-// HasBasicAuth returns whether the configuration has basic authentication or not.
-func (c *Config) HasBasicAuth() bool {
- return len(c.Username) != 0
-}
-
-// HasTokenAuth returns whether the configuration has token authentication or not.
-func (c *Config) HasTokenAuth() bool {
- return len(c.BearerToken) != 0 || len(c.BearerTokenFile) != 0
-}
-
-// HasCertAuth returns whether the configuration has certificate authentication or not.
-func (c *Config) HasCertAuth() bool {
- return (len(c.TLS.CertData) != 0 || len(c.TLS.CertFile) != 0) && (len(c.TLS.KeyData) != 0 || len(c.TLS.KeyFile) != 0)
-}
-
-// HasCertCallbacks returns whether the configuration has certificate callback or not.
-func (c *Config) HasCertCallback() bool {
- return c.TLS.GetCert != nil
-}
-
-// Wrap adds a transport middleware function that will give the caller
-// an opportunity to wrap the underlying http.RoundTripper prior to the
-// first API call being made. The provided function is invoked after any
-// existing transport wrappers are invoked.
-func (c *Config) Wrap(fn WrapperFunc) {
- c.WrapTransport = Wrappers(c.WrapTransport, fn)
-}
-
-// TLSConfig holds the information needed to set up a TLS transport.
-type TLSConfig struct {
- CAFile string // Path of the PEM-encoded server trusted root certificates.
- CertFile string // Path of the PEM-encoded client certificate.
- KeyFile string // Path of the PEM-encoded client key.
-
- Insecure bool // Server should be accessed without verifying the certificate. For testing only.
- ServerName string // Override for the server name passed to the server for SNI and used to verify certificates.
-
- CAData []byte // Bytes of the PEM-encoded server trusted root certificates. Supercedes CAFile.
- CertData []byte // Bytes of the PEM-encoded client certificate. Supercedes CertFile.
- KeyData []byte // Bytes of the PEM-encoded client key. Supercedes KeyFile.
-
- GetCert func() (*tls.Certificate, error) // Callback that returns a TLS client certificate. CertData, CertFile, KeyData and KeyFile supercede this field.
-}
diff --git a/vendor/k8s.io/client-go/transport/round_trippers.go b/vendor/k8s.io/client-go/transport/round_trippers.go
deleted file mode 100644
index 117a9c8c4..000000000
--- a/vendor/k8s.io/client-go/transport/round_trippers.go
+++ /dev/null
@@ -1,564 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
- "fmt"
- "net/http"
- "strings"
- "time"
-
- "golang.org/x/oauth2"
- "k8s.io/klog"
-
- utilnet "k8s.io/apimachinery/pkg/util/net"
-)
-
-// HTTPWrappersForConfig wraps a round tripper with any relevant layered
-// behavior from the config. Exposed to allow more clients that need HTTP-like
-// behavior but then must hijack the underlying connection (like WebSocket or
-// HTTP2 clients). Pure HTTP clients should use the RoundTripper returned from
-// New.
-func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTripper, error) {
- if config.WrapTransport != nil {
- rt = config.WrapTransport(rt)
- }
-
- rt = DebugWrappers(rt)
-
- // Set authentication wrappers
- switch {
- case config.HasBasicAuth() && config.HasTokenAuth():
- return nil, fmt.Errorf("username/password or bearer token may be set, but not both")
- case config.HasTokenAuth():
- var err error
- rt, err = NewBearerAuthWithRefreshRoundTripper(config.BearerToken, config.BearerTokenFile, rt)
- if err != nil {
- return nil, err
- }
- case config.HasBasicAuth():
- rt = NewBasicAuthRoundTripper(config.Username, config.Password, rt)
- }
- if len(config.UserAgent) > 0 {
- rt = NewUserAgentRoundTripper(config.UserAgent, rt)
- }
- if len(config.Impersonate.UserName) > 0 ||
- len(config.Impersonate.Groups) > 0 ||
- len(config.Impersonate.Extra) > 0 {
- rt = NewImpersonatingRoundTripper(config.Impersonate, rt)
- }
- return rt, nil
-}
-
-// DebugWrappers wraps a round tripper and logs based on the current log level.
-func DebugWrappers(rt http.RoundTripper) http.RoundTripper {
- switch {
- case bool(klog.V(9)):
- rt = newDebuggingRoundTripper(rt, debugCurlCommand, debugURLTiming, debugResponseHeaders)
- case bool(klog.V(8)):
- rt = newDebuggingRoundTripper(rt, debugJustURL, debugRequestHeaders, debugResponseStatus, debugResponseHeaders)
- case bool(klog.V(7)):
- rt = newDebuggingRoundTripper(rt, debugJustURL, debugRequestHeaders, debugResponseStatus)
- case bool(klog.V(6)):
- rt = newDebuggingRoundTripper(rt, debugURLTiming)
- }
-
- return rt
-}
-
-type requestCanceler interface {
- CancelRequest(*http.Request)
-}
-
-type authProxyRoundTripper struct {
- username string
- groups []string
- extra map[string][]string
-
- rt http.RoundTripper
-}
-
-// NewAuthProxyRoundTripper provides a roundtripper which will add auth proxy fields to requests for
-// authentication terminating proxy cases
-// assuming you pull the user from the context:
-// username is the user.Info.GetName() of the user
-// groups is the user.Info.GetGroups() of the user
-// extra is the user.Info.GetExtra() of the user
-// extra can contain any additional information that the authenticator
-// thought was interesting, for example authorization scopes.
-// In order to faithfully round-trip through an impersonation flow, these keys
-// MUST be lowercase.
-func NewAuthProxyRoundTripper(username string, groups []string, extra map[string][]string, rt http.RoundTripper) http.RoundTripper {
- return &authProxyRoundTripper{
- username: username,
- groups: groups,
- extra: extra,
- rt: rt,
- }
-}
-
-func (rt *authProxyRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- req = utilnet.CloneRequest(req)
- SetAuthProxyHeaders(req, rt.username, rt.groups, rt.extra)
-
- return rt.rt.RoundTrip(req)
-}
-
-// SetAuthProxyHeaders stomps the auth proxy header fields. It mutates its argument.
-func SetAuthProxyHeaders(req *http.Request, username string, groups []string, extra map[string][]string) {
- req.Header.Del("X-Remote-User")
- req.Header.Del("X-Remote-Group")
- for key := range req.Header {
- if strings.HasPrefix(strings.ToLower(key), strings.ToLower("X-Remote-Extra-")) {
- req.Header.Del(key)
- }
- }
-
- req.Header.Set("X-Remote-User", username)
- for _, group := range groups {
- req.Header.Add("X-Remote-Group", group)
- }
- for key, values := range extra {
- for _, value := range values {
- req.Header.Add("X-Remote-Extra-"+headerKeyEscape(key), value)
- }
- }
-}
-
-func (rt *authProxyRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.rt.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.rt)
- }
-}
-
-func (rt *authProxyRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-type userAgentRoundTripper struct {
- agent string
- rt http.RoundTripper
-}
-
-func NewUserAgentRoundTripper(agent string, rt http.RoundTripper) http.RoundTripper {
- return &userAgentRoundTripper{agent, rt}
-}
-
-func (rt *userAgentRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- if len(req.Header.Get("User-Agent")) != 0 {
- return rt.rt.RoundTrip(req)
- }
- req = utilnet.CloneRequest(req)
- req.Header.Set("User-Agent", rt.agent)
- return rt.rt.RoundTrip(req)
-}
-
-func (rt *userAgentRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.rt.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.rt)
- }
-}
-
-func (rt *userAgentRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-type basicAuthRoundTripper struct {
- username string
- password string
- rt http.RoundTripper
-}
-
-// NewBasicAuthRoundTripper will apply a BASIC auth authorization header to a
-// request unless it has already been set.
-func NewBasicAuthRoundTripper(username, password string, rt http.RoundTripper) http.RoundTripper {
- return &basicAuthRoundTripper{username, password, rt}
-}
-
-func (rt *basicAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- if len(req.Header.Get("Authorization")) != 0 {
- return rt.rt.RoundTrip(req)
- }
- req = utilnet.CloneRequest(req)
- req.SetBasicAuth(rt.username, rt.password)
- return rt.rt.RoundTrip(req)
-}
-
-func (rt *basicAuthRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.rt.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.rt)
- }
-}
-
-func (rt *basicAuthRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-// These correspond to the headers used in pkg/apis/authentication. We don't want the package dependency,
-// but you must not change the values.
-const (
- // ImpersonateUserHeader is used to impersonate a particular user during an API server request
- ImpersonateUserHeader = "Impersonate-User"
-
- // ImpersonateGroupHeader is used to impersonate a particular group during an API server request.
- // It can be repeated multiplied times for multiple groups.
- ImpersonateGroupHeader = "Impersonate-Group"
-
- // ImpersonateUserExtraHeaderPrefix is a prefix for a header used to impersonate an entry in the
- // extra map[string][]string for user.Info. The key for the `extra` map is suffix.
- // The same key can be repeated multiple times to have multiple elements in the slice under a single key.
- // For instance:
- // Impersonate-Extra-Foo: one
- // Impersonate-Extra-Foo: two
- // results in extra["Foo"] = []string{"one", "two"}
- ImpersonateUserExtraHeaderPrefix = "Impersonate-Extra-"
-)
-
-type impersonatingRoundTripper struct {
- impersonate ImpersonationConfig
- delegate http.RoundTripper
-}
-
-// NewImpersonatingRoundTripper will add an Act-As header to a request unless it has already been set.
-func NewImpersonatingRoundTripper(impersonate ImpersonationConfig, delegate http.RoundTripper) http.RoundTripper {
- return &impersonatingRoundTripper{impersonate, delegate}
-}
-
-func (rt *impersonatingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- // use the user header as marker for the rest.
- if len(req.Header.Get(ImpersonateUserHeader)) != 0 {
- return rt.delegate.RoundTrip(req)
- }
- req = utilnet.CloneRequest(req)
- req.Header.Set(ImpersonateUserHeader, rt.impersonate.UserName)
-
- for _, group := range rt.impersonate.Groups {
- req.Header.Add(ImpersonateGroupHeader, group)
- }
- for k, vv := range rt.impersonate.Extra {
- for _, v := range vv {
- req.Header.Add(ImpersonateUserExtraHeaderPrefix+headerKeyEscape(k), v)
- }
- }
-
- return rt.delegate.RoundTrip(req)
-}
-
-func (rt *impersonatingRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.delegate.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.delegate)
- }
-}
-
-func (rt *impersonatingRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.delegate }
-
-type bearerAuthRoundTripper struct {
- bearer string
- source oauth2.TokenSource
- rt http.RoundTripper
-}
-
-// NewBearerAuthRoundTripper adds the provided bearer token to a request
-// unless the authorization header has already been set.
-func NewBearerAuthRoundTripper(bearer string, rt http.RoundTripper) http.RoundTripper {
- return &bearerAuthRoundTripper{bearer, nil, rt}
-}
-
-// NewBearerAuthRoundTripper adds the provided bearer token to a request
-// unless the authorization header has already been set.
-// If tokenFile is non-empty, it is periodically read,
-// and the last successfully read content is used as the bearer token.
-// If tokenFile is non-empty and bearer is empty, the tokenFile is read
-// immediately to populate the initial bearer token.
-func NewBearerAuthWithRefreshRoundTripper(bearer string, tokenFile string, rt http.RoundTripper) (http.RoundTripper, error) {
- if len(tokenFile) == 0 {
- return &bearerAuthRoundTripper{bearer, nil, rt}, nil
- }
- source := NewCachedFileTokenSource(tokenFile)
- if len(bearer) == 0 {
- token, err := source.Token()
- if err != nil {
- return nil, err
- }
- bearer = token.AccessToken
- }
- return &bearerAuthRoundTripper{bearer, source, rt}, nil
-}
-
-func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- if len(req.Header.Get("Authorization")) != 0 {
- return rt.rt.RoundTrip(req)
- }
-
- req = utilnet.CloneRequest(req)
- token := rt.bearer
- if rt.source != nil {
- if refreshedToken, err := rt.source.Token(); err == nil {
- token = refreshedToken.AccessToken
- }
- }
- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
- return rt.rt.RoundTrip(req)
-}
-
-func (rt *bearerAuthRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.rt.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.rt)
- }
-}
-
-func (rt *bearerAuthRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt }
-
-// requestInfo keeps track of information about a request/response combination
-type requestInfo struct {
- RequestHeaders http.Header
- RequestVerb string
- RequestURL string
-
- ResponseStatus string
- ResponseHeaders http.Header
- ResponseErr error
-
- Duration time.Duration
-}
-
-// newRequestInfo creates a new RequestInfo based on an http request
-func newRequestInfo(req *http.Request) *requestInfo {
- return &requestInfo{
- RequestURL: req.URL.String(),
- RequestVerb: req.Method,
- RequestHeaders: req.Header,
- }
-}
-
-// complete adds information about the response to the requestInfo
-func (r *requestInfo) complete(response *http.Response, err error) {
- if err != nil {
- r.ResponseErr = err
- return
- }
- r.ResponseStatus = response.Status
- r.ResponseHeaders = response.Header
-}
-
-// toCurl returns a string that can be run as a command in a terminal (minus the body)
-func (r *requestInfo) toCurl() string {
- headers := ""
- for key, values := range r.RequestHeaders {
- for _, value := range values {
- headers += fmt.Sprintf(` -H %q`, fmt.Sprintf("%s: %s", key, value))
- }
- }
-
- return fmt.Sprintf("curl -k -v -X%s %s '%s'", r.RequestVerb, headers, r.RequestURL)
-}
-
-// debuggingRoundTripper will display information about the requests passing
-// through it based on what is configured
-type debuggingRoundTripper struct {
- delegatedRoundTripper http.RoundTripper
-
- levels map[debugLevel]bool
-}
-
-type debugLevel int
-
-const (
- debugJustURL debugLevel = iota
- debugURLTiming
- debugCurlCommand
- debugRequestHeaders
- debugResponseStatus
- debugResponseHeaders
-)
-
-func newDebuggingRoundTripper(rt http.RoundTripper, levels ...debugLevel) *debuggingRoundTripper {
- drt := &debuggingRoundTripper{
- delegatedRoundTripper: rt,
- levels: make(map[debugLevel]bool, len(levels)),
- }
- for _, v := range levels {
- drt.levels[v] = true
- }
- return drt
-}
-
-func (rt *debuggingRoundTripper) CancelRequest(req *http.Request) {
- if canceler, ok := rt.delegatedRoundTripper.(requestCanceler); ok {
- canceler.CancelRequest(req)
- } else {
- klog.Errorf("CancelRequest not implemented by %T", rt.delegatedRoundTripper)
- }
-}
-
-func (rt *debuggingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
- reqInfo := newRequestInfo(req)
-
- if rt.levels[debugJustURL] {
- klog.Infof("%s %s", reqInfo.RequestVerb, reqInfo.RequestURL)
- }
- if rt.levels[debugCurlCommand] {
- klog.Infof("%s", reqInfo.toCurl())
-
- }
- if rt.levels[debugRequestHeaders] {
- klog.Infof("Request Headers:")
- for key, values := range reqInfo.RequestHeaders {
- for _, value := range values {
- klog.Infof(" %s: %s", key, value)
- }
- }
- }
-
- startTime := time.Now()
- response, err := rt.delegatedRoundTripper.RoundTrip(req)
- reqInfo.Duration = time.Since(startTime)
-
- reqInfo.complete(response, err)
-
- if rt.levels[debugURLTiming] {
- klog.Infof("%s %s %s in %d milliseconds", reqInfo.RequestVerb, reqInfo.RequestURL, reqInfo.ResponseStatus, reqInfo.Duration.Nanoseconds()/int64(time.Millisecond))
- }
- if rt.levels[debugResponseStatus] {
- klog.Infof("Response Status: %s in %d milliseconds", reqInfo.ResponseStatus, reqInfo.Duration.Nanoseconds()/int64(time.Millisecond))
- }
- if rt.levels[debugResponseHeaders] {
- klog.Infof("Response Headers:")
- for key, values := range reqInfo.ResponseHeaders {
- for _, value := range values {
- klog.Infof(" %s: %s", key, value)
- }
- }
- }
-
- return response, err
-}
-
-func (rt *debuggingRoundTripper) WrappedRoundTripper() http.RoundTripper {
- return rt.delegatedRoundTripper
-}
-
-func legalHeaderByte(b byte) bool {
- return int(b) < len(legalHeaderKeyBytes) && legalHeaderKeyBytes[b]
-}
-
-func shouldEscape(b byte) bool {
- // url.PathUnescape() returns an error if any '%' is not followed by two
- // hexadecimal digits, so we'll intentionally encode it.
- return !legalHeaderByte(b) || b == '%'
-}
-
-func headerKeyEscape(key string) string {
- buf := strings.Builder{}
- for i := 0; i < len(key); i++ {
- b := key[i]
- if shouldEscape(b) {
- // %-encode bytes that should be escaped:
- // https://tools.ietf.org/html/rfc3986#section-2.1
- fmt.Fprintf(&buf, "%%%02X", b)
- continue
- }
- buf.WriteByte(b)
- }
- return buf.String()
-}
-
-// legalHeaderKeyBytes was copied from net/http/lex.go's isTokenTable.
-// See https://httpwg.github.io/specs/rfc7230.html#rule.token.separators
-var legalHeaderKeyBytes = [127]bool{
- '%': true,
- '!': true,
- '#': true,
- '$': true,
- '&': true,
- '\'': true,
- '*': true,
- '+': true,
- '-': true,
- '.': true,
- '0': true,
- '1': true,
- '2': true,
- '3': true,
- '4': true,
- '5': true,
- '6': true,
- '7': true,
- '8': true,
- '9': true,
- 'A': true,
- 'B': true,
- 'C': true,
- 'D': true,
- 'E': true,
- 'F': true,
- 'G': true,
- 'H': true,
- 'I': true,
- 'J': true,
- 'K': true,
- 'L': true,
- 'M': true,
- 'N': true,
- 'O': true,
- 'P': true,
- 'Q': true,
- 'R': true,
- 'S': true,
- 'T': true,
- 'U': true,
- 'W': true,
- 'V': true,
- 'X': true,
- 'Y': true,
- 'Z': true,
- '^': true,
- '_': true,
- '`': true,
- 'a': true,
- 'b': true,
- 'c': true,
- 'd': true,
- 'e': true,
- 'f': true,
- 'g': true,
- 'h': true,
- 'i': true,
- 'j': true,
- 'k': true,
- 'l': true,
- 'm': true,
- 'n': true,
- 'o': true,
- 'p': true,
- 'q': true,
- 'r': true,
- 's': true,
- 't': true,
- 'u': true,
- 'v': true,
- 'w': true,
- 'x': true,
- 'y': true,
- 'z': true,
- '|': true,
- '~': true,
-}
diff --git a/vendor/k8s.io/client-go/transport/spdy/spdy.go b/vendor/k8s.io/client-go/transport/spdy/spdy.go
deleted file mode 100644
index 53cc7ee18..000000000
--- a/vendor/k8s.io/client-go/transport/spdy/spdy.go
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package spdy
-
-import (
- "fmt"
- "net/http"
- "net/url"
-
- "k8s.io/apimachinery/pkg/util/httpstream"
- "k8s.io/apimachinery/pkg/util/httpstream/spdy"
- restclient "k8s.io/client-go/rest"
-)
-
-// Upgrader validates a response from the server after a SPDY upgrade.
-type Upgrader interface {
- // NewConnection validates the response and creates a new Connection.
- NewConnection(resp *http.Response) (httpstream.Connection, error)
-}
-
-// RoundTripperFor returns a round tripper and upgrader to use with SPDY.
-func RoundTripperFor(config *restclient.Config) (http.RoundTripper, Upgrader, error) {
- tlsConfig, err := restclient.TLSConfigFor(config)
- if err != nil {
- return nil, nil, err
- }
- upgradeRoundTripper := spdy.NewRoundTripper(tlsConfig, true, false)
- wrapper, err := restclient.HTTPWrappersForConfig(config, upgradeRoundTripper)
- if err != nil {
- return nil, nil, err
- }
- return wrapper, upgradeRoundTripper, nil
-}
-
-// dialer implements the httpstream.Dialer interface.
-type dialer struct {
- client *http.Client
- upgrader Upgrader
- method string
- url *url.URL
-}
-
-var _ httpstream.Dialer = &dialer{}
-
-// NewDialer will create a dialer that connects to the provided URL and upgrades the connection to SPDY.
-func NewDialer(upgrader Upgrader, client *http.Client, method string, url *url.URL) httpstream.Dialer {
- return &dialer{
- client: client,
- upgrader: upgrader,
- method: method,
- url: url,
- }
-}
-
-func (d *dialer) Dial(protocols ...string) (httpstream.Connection, string, error) {
- req, err := http.NewRequest(d.method, d.url.String(), nil)
- if err != nil {
- return nil, "", fmt.Errorf("error creating request: %v", err)
- }
- return Negotiate(d.upgrader, d.client, req, protocols...)
-}
-
-// Negotiate opens a connection to a remote server and attempts to negotiate
-// a SPDY connection. Upon success, it returns the connection and the protocol selected by
-// the server. The client transport must use the upgradeRoundTripper - see RoundTripperFor.
-func Negotiate(upgrader Upgrader, client *http.Client, req *http.Request, protocols ...string) (httpstream.Connection, string, error) {
- for i := range protocols {
- req.Header.Add(httpstream.HeaderProtocolVersion, protocols[i])
- }
- resp, err := client.Do(req)
- if err != nil {
- return nil, "", fmt.Errorf("error sending request: %v", err)
- }
- defer resp.Body.Close()
- conn, err := upgrader.NewConnection(resp)
- if err != nil {
- return nil, "", err
- }
- return conn, resp.Header.Get(httpstream.HeaderProtocolVersion), nil
-}
diff --git a/vendor/k8s.io/client-go/transport/token_source.go b/vendor/k8s.io/client-go/transport/token_source.go
deleted file mode 100644
index b8cadd382..000000000
--- a/vendor/k8s.io/client-go/transport/token_source.go
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
- "fmt"
- "io/ioutil"
- "net/http"
- "strings"
- "sync"
- "time"
-
- "golang.org/x/oauth2"
- "k8s.io/klog"
-)
-
-// TokenSourceWrapTransport returns a WrapTransport that injects bearer tokens
-// authentication from an oauth2.TokenSource.
-func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) http.RoundTripper {
- return func(rt http.RoundTripper) http.RoundTripper {
- return &tokenSourceTransport{
- base: rt,
- ort: &oauth2.Transport{
- Source: ts,
- Base: rt,
- },
- }
- }
-}
-
-// NewCachedFileTokenSource returns a oauth2.TokenSource reads a token from a
-// file at a specified path and periodically reloads it.
-func NewCachedFileTokenSource(path string) oauth2.TokenSource {
- return &cachingTokenSource{
- now: time.Now,
- leeway: 10 * time.Second,
- base: &fileTokenSource{
- path: path,
- // This period was picked because it is half of the duration between when the kubelet
- // refreshes a projected service account token and when the original token expires.
- // Default token lifetime is 10 minutes, and the kubelet starts refreshing at 80% of lifetime.
- // This should induce re-reading at a frequency that works with the token volume source.
- period: time.Minute,
- },
- }
-}
-
-// NewCachedTokenSource returns a oauth2.TokenSource reads a token from a
-// designed TokenSource. The ts would provide the source of token.
-func NewCachedTokenSource(ts oauth2.TokenSource) oauth2.TokenSource {
- return &cachingTokenSource{
- now: time.Now,
- base: ts,
- }
-}
-
-type tokenSourceTransport struct {
- base http.RoundTripper
- ort http.RoundTripper
-}
-
-func (tst *tokenSourceTransport) RoundTrip(req *http.Request) (*http.Response, error) {
- // This is to allow --token to override other bearer token providers.
- if req.Header.Get("Authorization") != "" {
- return tst.base.RoundTrip(req)
- }
- return tst.ort.RoundTrip(req)
-}
-
-type fileTokenSource struct {
- path string
- period time.Duration
-}
-
-var _ = oauth2.TokenSource(&fileTokenSource{})
-
-func (ts *fileTokenSource) Token() (*oauth2.Token, error) {
- tokb, err := ioutil.ReadFile(ts.path)
- if err != nil {
- return nil, fmt.Errorf("failed to read token file %q: %v", ts.path, err)
- }
- tok := strings.TrimSpace(string(tokb))
- if len(tok) == 0 {
- return nil, fmt.Errorf("read empty token from file %q", ts.path)
- }
-
- return &oauth2.Token{
- AccessToken: tok,
- Expiry: time.Now().Add(ts.period),
- }, nil
-}
-
-type cachingTokenSource struct {
- base oauth2.TokenSource
- leeway time.Duration
-
- sync.RWMutex
- tok *oauth2.Token
-
- // for testing
- now func() time.Time
-}
-
-var _ = oauth2.TokenSource(&cachingTokenSource{})
-
-func (ts *cachingTokenSource) Token() (*oauth2.Token, error) {
- now := ts.now()
- // fast path
- ts.RLock()
- tok := ts.tok
- ts.RUnlock()
-
- if tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) {
- return tok, nil
- }
-
- // slow path
- ts.Lock()
- defer ts.Unlock()
- if tok := ts.tok; tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) {
- return tok, nil
- }
-
- tok, err := ts.base.Token()
- if err != nil {
- if ts.tok == nil {
- return nil, err
- }
- klog.Errorf("Unable to rotate token: %v", err)
- return ts.tok, nil
- }
-
- ts.tok = tok
- return tok, nil
-}
diff --git a/vendor/k8s.io/client-go/transport/transport.go b/vendor/k8s.io/client-go/transport/transport.go
deleted file mode 100644
index 2a145c971..000000000
--- a/vendor/k8s.io/client-go/transport/transport.go
+++ /dev/null
@@ -1,227 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package transport
-
-import (
- "context"
- "crypto/tls"
- "crypto/x509"
- "fmt"
- "io/ioutil"
- "net/http"
-)
-
-// New returns an http.RoundTripper that will provide the authentication
-// or transport level security defined by the provided Config.
-func New(config *Config) (http.RoundTripper, error) {
- // Set transport level security
- if config.Transport != nil && (config.HasCA() || config.HasCertAuth() || config.HasCertCallback() || config.TLS.Insecure) {
- return nil, fmt.Errorf("using a custom transport with TLS certificate options or the insecure flag is not allowed")
- }
-
- var (
- rt http.RoundTripper
- err error
- )
-
- if config.Transport != nil {
- rt = config.Transport
- } else {
- rt, err = tlsCache.get(config)
- if err != nil {
- return nil, err
- }
- }
-
- return HTTPWrappersForConfig(config, rt)
-}
-
-// TLSConfigFor returns a tls.Config that will provide the transport level security defined
-// by the provided Config. Will return nil if no transport level security is requested.
-func TLSConfigFor(c *Config) (*tls.Config, error) {
- if !(c.HasCA() || c.HasCertAuth() || c.HasCertCallback() || c.TLS.Insecure || len(c.TLS.ServerName) > 0) {
- return nil, nil
- }
- if c.HasCA() && c.TLS.Insecure {
- return nil, fmt.Errorf("specifying a root certificates file with the insecure flag is not allowed")
- }
- if err := loadTLSFiles(c); err != nil {
- return nil, err
- }
-
- tlsConfig := &tls.Config{
- // Can't use SSLv3 because of POODLE and BEAST
- // Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
- // Can't use TLSv1.1 because of RC4 cipher usage
- MinVersion: tls.VersionTLS12,
- InsecureSkipVerify: c.TLS.Insecure,
- ServerName: c.TLS.ServerName,
- }
-
- if c.HasCA() {
- tlsConfig.RootCAs = rootCertPool(c.TLS.CAData)
- }
-
- var staticCert *tls.Certificate
- if c.HasCertAuth() {
- // If key/cert were provided, verify them before setting up
- // tlsConfig.GetClientCertificate.
- cert, err := tls.X509KeyPair(c.TLS.CertData, c.TLS.KeyData)
- if err != nil {
- return nil, err
- }
- staticCert = &cert
- }
-
- if c.HasCertAuth() || c.HasCertCallback() {
- tlsConfig.GetClientCertificate = func(*tls.CertificateRequestInfo) (*tls.Certificate, error) {
- // Note: static key/cert data always take precedence over cert
- // callback.
- if staticCert != nil {
- return staticCert, nil
- }
- if c.HasCertCallback() {
- cert, err := c.TLS.GetCert()
- if err != nil {
- return nil, err
- }
- // GetCert may return empty value, meaning no cert.
- if cert != nil {
- return cert, nil
- }
- }
-
- // Both c.TLS.CertData/KeyData were unset and GetCert didn't return
- // anything. Return an empty tls.Certificate, no client cert will
- // be sent to the server.
- return &tls.Certificate{}, nil
- }
- }
-
- return tlsConfig, nil
-}
-
-// loadTLSFiles copies the data from the CertFile, KeyFile, and CAFile fields into the CertData,
-// KeyData, and CAFile fields, or returns an error. If no error is returned, all three fields are
-// either populated or were empty to start.
-func loadTLSFiles(c *Config) error {
- var err error
- c.TLS.CAData, err = dataFromSliceOrFile(c.TLS.CAData, c.TLS.CAFile)
- if err != nil {
- return err
- }
-
- c.TLS.CertData, err = dataFromSliceOrFile(c.TLS.CertData, c.TLS.CertFile)
- if err != nil {
- return err
- }
-
- c.TLS.KeyData, err = dataFromSliceOrFile(c.TLS.KeyData, c.TLS.KeyFile)
- if err != nil {
- return err
- }
- return nil
-}
-
-// dataFromSliceOrFile returns data from the slice (if non-empty), or from the file,
-// or an error if an error occurred reading the file
-func dataFromSliceOrFile(data []byte, file string) ([]byte, error) {
- if len(data) > 0 {
- return data, nil
- }
- if len(file) > 0 {
- fileData, err := ioutil.ReadFile(file)
- if err != nil {
- return []byte{}, err
- }
- return fileData, nil
- }
- return nil, nil
-}
-
-// rootCertPool returns nil if caData is empty. When passed along, this will mean "use system CAs".
-// When caData is not empty, it will be the ONLY information used in the CertPool.
-func rootCertPool(caData []byte) *x509.CertPool {
- // What we really want is a copy of x509.systemRootsPool, but that isn't exposed. It's difficult to build (see the go
- // code for a look at the platform specific insanity), so we'll use the fact that RootCAs == nil gives us the system values
- // It doesn't allow trusting either/or, but hopefully that won't be an issue
- if len(caData) == 0 {
- return nil
- }
-
- // if we have caData, use it
- certPool := x509.NewCertPool()
- certPool.AppendCertsFromPEM(caData)
- return certPool
-}
-
-// WrapperFunc wraps an http.RoundTripper when a new transport
-// is created for a client, allowing per connection behavior
-// to be injected.
-type WrapperFunc func(rt http.RoundTripper) http.RoundTripper
-
-// Wrappers accepts any number of wrappers and returns a wrapper
-// function that is the equivalent of calling each of them in order. Nil
-// values are ignored, which makes this function convenient for incrementally
-// wrapping a function.
-func Wrappers(fns ...WrapperFunc) WrapperFunc {
- if len(fns) == 0 {
- return nil
- }
- // optimize the common case of wrapping a possibly nil transport wrapper
- // with an additional wrapper
- if len(fns) == 2 && fns[0] == nil {
- return fns[1]
- }
- return func(rt http.RoundTripper) http.RoundTripper {
- base := rt
- for _, fn := range fns {
- if fn != nil {
- base = fn(base)
- }
- }
- return base
- }
-}
-
-// ContextCanceller prevents new requests after the provided context is finished.
-// err is returned when the context is closed, allowing the caller to provide a context
-// appropriate error.
-func ContextCanceller(ctx context.Context, err error) WrapperFunc {
- return func(rt http.RoundTripper) http.RoundTripper {
- return &contextCanceller{
- ctx: ctx,
- rt: rt,
- err: err,
- }
- }
-}
-
-type contextCanceller struct {
- ctx context.Context
- rt http.RoundTripper
- err error
-}
-
-func (b *contextCanceller) RoundTrip(req *http.Request) (*http.Response, error) {
- select {
- case <-b.ctx.Done():
- return nil, b.err
- default:
- return b.rt.RoundTrip(req)
- }
-}