diff options
Diffstat (limited to 'vendor/k8s.io/client-go')
69 files changed, 0 insertions, 8645 deletions
diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS deleted file mode 100644 index e0ec62deb..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -# approval on api packages bubbles to api-approvers -reviewers: -- sig-auth-authenticators-approvers -- sig-auth-authenticators-reviewers -labels: -- sig/auth - diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go deleted file mode 100644 index b99459757..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +groupName=client.authentication.k8s.io - -package clientauthentication // import "k8s.io/client-go/pkg/apis/clientauthentication" diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go deleted file mode 100644 index e4fbc3ea9..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package clientauthentication - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "client.authentication.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} - -// Kind takes an unqualified kind and returns a Group qualified GroupKind -func Kind(kind string) schema.GroupKind { - return SchemeGroupVersion.WithKind(kind).GroupKind() -} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &ExecCredential{}, - ) - return nil -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go deleted file mode 100644 index 6fb53cecf..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go +++ /dev/null @@ -1,77 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package clientauthentication - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ExecCredentials is used by exec-based plugins to communicate credentials to -// HTTP transports. -type ExecCredential struct { - metav1.TypeMeta - - // Spec holds information passed to the plugin by the transport. This contains - // request and runtime specific information, such as if the session is interactive. - Spec ExecCredentialSpec - - // Status is filled in by the plugin and holds the credentials that the transport - // should use to contact the API. - // +optional - Status *ExecCredentialStatus -} - -// ExecCredenitalSpec holds request and runtime specific information provided by -// the transport. -type ExecCredentialSpec struct { - // Response is populated when the transport encounters HTTP status codes, such as 401, - // suggesting previous credentials were invalid. - // +optional - Response *Response - - // Interactive is true when the transport detects the command is being called from an - // interactive prompt. - // +optional - Interactive bool -} - -// ExecCredentialStatus holds credentials for the transport to use. -type ExecCredentialStatus struct { - // ExpirationTimestamp indicates a time when the provided credentials expire. - // +optional - ExpirationTimestamp *metav1.Time - // Token is a bearer token used by the client for request authentication. - // +optional - Token string - // PEM-encoded client TLS certificate. - // +optional - ClientCertificateData string - // PEM-encoded client TLS private key. - // +optional - ClientKeyData string -} - -// Response defines metadata about a failed request, including HTTP status code and -// response headers. -type Response struct { - // Headers holds HTTP headers returned by the server. - Header map[string][]string - // Code is the HTTP status code returned by the server. - Code int32 -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go deleted file mode 100644 index 19ab77614..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/client-go/pkg/apis/clientauthentication -// +k8s:openapi-gen=true -// +k8s:defaulter-gen=TypeMeta - -// +groupName=client.authentication.k8s.io - -package v1alpha1 // import "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1" diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go deleted file mode 100644 index 2acd13dea..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "client.authentication.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &ExecCredential{}, - ) - metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go deleted file mode 100644 index c714e2457..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ExecCredential is used by exec-based plugins to communicate credentials to -// HTTP transports. -type ExecCredential struct { - metav1.TypeMeta `json:",inline"` - - // Spec holds information passed to the plugin by the transport. This contains - // request and runtime specific information, such as if the session is interactive. - Spec ExecCredentialSpec `json:"spec,omitempty"` - - // Status is filled in by the plugin and holds the credentials that the transport - // should use to contact the API. - // +optional - Status *ExecCredentialStatus `json:"status,omitempty"` -} - -// ExecCredenitalSpec holds request and runtime specific information provided by -// the transport. -type ExecCredentialSpec struct { - // Response is populated when the transport encounters HTTP status codes, such as 401, - // suggesting previous credentials were invalid. - // +optional - Response *Response `json:"response,omitempty"` - - // Interactive is true when the transport detects the command is being called from an - // interactive prompt. - // +optional - Interactive bool `json:"interactive,omitempty"` -} - -// ExecCredentialStatus holds credentials for the transport to use. -// -// Token and ClientKeyData are sensitive fields. This data should only be -// transmitted in-memory between client and exec plugin process. Exec plugin -// itself should at least be protected via file permissions. -type ExecCredentialStatus struct { - // ExpirationTimestamp indicates a time when the provided credentials expire. - // +optional - ExpirationTimestamp *metav1.Time `json:"expirationTimestamp,omitempty"` - // Token is a bearer token used by the client for request authentication. - Token string `json:"token,omitempty"` - // PEM-encoded client TLS certificates (including intermediates, if any). - ClientCertificateData string `json:"clientCertificateData,omitempty"` - // PEM-encoded private key for the above certificate. - ClientKeyData string `json:"clientKeyData,omitempty"` -} - -// Response defines metadata about a failed request, including HTTP status code and -// response headers. -type Response struct { - // Header holds HTTP headers returned by the server. - Header map[string][]string `json:"header,omitempty"` - // Code is the HTTP status code returned by the server. - Code int32 `json:"code,omitempty"` -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go deleted file mode 100644 index 461c20b29..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go +++ /dev/null @@ -1,176 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*ExecCredential)(nil), (*clientauthentication.ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(a.(*ExecCredential), b.(*clientauthentication.ExecCredential), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredential)(nil), (*ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(a.(*clientauthentication.ExecCredential), b.(*ExecCredential), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ExecCredentialSpec)(nil), (*clientauthentication.ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(a.(*ExecCredentialSpec), b.(*clientauthentication.ExecCredentialSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ExecCredentialStatus)(nil), (*clientauthentication.ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(a.(*ExecCredentialStatus), b.(*clientauthentication.ExecCredentialStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialStatus)(nil), (*ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(a.(*clientauthentication.ExecCredentialStatus), b.(*ExecCredentialStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*Response)(nil), (*clientauthentication.Response)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_Response_To_clientauthentication_Response(a.(*Response), b.(*clientauthentication.Response), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*clientauthentication.Response)(nil), (*Response)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_Response_To_v1alpha1_Response(a.(*clientauthentication.Response), b.(*Response), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error { - if err := Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - out.Status = (*clientauthentication.ExecCredentialStatus)(unsafe.Pointer(in.Status)) - return nil -} - -// Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential is an autogenerated conversion function. -func Convert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error { - return autoConvert_v1alpha1_ExecCredential_To_clientauthentication_ExecCredential(in, out, s) -} - -func autoConvert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error { - if err := Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - out.Status = (*ExecCredentialStatus)(unsafe.Pointer(in.Status)) - return nil -} - -// Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential is an autogenerated conversion function. -func Convert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error { - return autoConvert_clientauthentication_ExecCredential_To_v1alpha1_ExecCredential(in, out, s) -} - -func autoConvert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error { - out.Response = (*clientauthentication.Response)(unsafe.Pointer(in.Response)) - out.Interactive = in.Interactive - return nil -} - -// Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec is an autogenerated conversion function. -func Convert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error { - return autoConvert_v1alpha1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in, out, s) -} - -func autoConvert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error { - out.Response = (*Response)(unsafe.Pointer(in.Response)) - out.Interactive = in.Interactive - return nil -} - -// Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec is an autogenerated conversion function. -func Convert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error { - return autoConvert_clientauthentication_ExecCredentialSpec_To_v1alpha1_ExecCredentialSpec(in, out, s) -} - -func autoConvert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error { - out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp)) - out.Token = in.Token - out.ClientCertificateData = in.ClientCertificateData - out.ClientKeyData = in.ClientKeyData - return nil -} - -// Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus is an autogenerated conversion function. -func Convert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error { - return autoConvert_v1alpha1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in, out, s) -} - -func autoConvert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error { - out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp)) - out.Token = in.Token - out.ClientCertificateData = in.ClientCertificateData - out.ClientKeyData = in.ClientKeyData - return nil -} - -// Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus is an autogenerated conversion function. -func Convert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error { - return autoConvert_clientauthentication_ExecCredentialStatus_To_v1alpha1_ExecCredentialStatus(in, out, s) -} - -func autoConvert_v1alpha1_Response_To_clientauthentication_Response(in *Response, out *clientauthentication.Response, s conversion.Scope) error { - out.Header = *(*map[string][]string)(unsafe.Pointer(&in.Header)) - out.Code = in.Code - return nil -} - -// Convert_v1alpha1_Response_To_clientauthentication_Response is an autogenerated conversion function. -func Convert_v1alpha1_Response_To_clientauthentication_Response(in *Response, out *clientauthentication.Response, s conversion.Scope) error { - return autoConvert_v1alpha1_Response_To_clientauthentication_Response(in, out, s) -} - -func autoConvert_clientauthentication_Response_To_v1alpha1_Response(in *clientauthentication.Response, out *Response, s conversion.Scope) error { - out.Header = *(*map[string][]string)(unsafe.Pointer(&in.Header)) - out.Code = in.Code - return nil -} - -// Convert_clientauthentication_Response_To_v1alpha1_Response is an autogenerated conversion function. -func Convert_clientauthentication_Response_To_v1alpha1_Response(in *clientauthentication.Response, out *Response, s conversion.Scope) error { - return autoConvert_clientauthentication_Response_To_v1alpha1_Response(in, out, s) -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index a73d31b3f..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,128 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredential) DeepCopyInto(out *ExecCredential) { - *out = *in - out.TypeMeta = in.TypeMeta - in.Spec.DeepCopyInto(&out.Spec) - if in.Status != nil { - in, out := &in.Status, &out.Status - *out = new(ExecCredentialStatus) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredential. -func (in *ExecCredential) DeepCopy() *ExecCredential { - if in == nil { - return nil - } - out := new(ExecCredential) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ExecCredential) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) { - *out = *in - if in.Response != nil { - in, out := &in.Response, &out.Response - *out = new(Response) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialSpec. -func (in *ExecCredentialSpec) DeepCopy() *ExecCredentialSpec { - if in == nil { - return nil - } - out := new(ExecCredentialSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredentialStatus) DeepCopyInto(out *ExecCredentialStatus) { - *out = *in - if in.ExpirationTimestamp != nil { - in, out := &in.ExpirationTimestamp, &out.ExpirationTimestamp - *out = (*in).DeepCopy() - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialStatus. -func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus { - if in == nil { - return nil - } - out := new(ExecCredentialStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Response) DeepCopyInto(out *Response) { - *out = *in - if in.Header != nil { - in, out := &in.Header, &out.Header - *out = make(map[string][]string, len(*in)) - for key, val := range *in { - var outVal []string - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = make([]string, len(*in)) - copy(*out, *in) - } - (*out)[key] = outVal - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response. -func (in *Response) DeepCopy() *Response { - if in == nil { - return nil - } - out := new(Response) - in.DeepCopyInto(out) - return out -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go deleted file mode 100644 index dd621a3ac..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go +++ /dev/null @@ -1,32 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/conversion.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/conversion.go deleted file mode 100644 index f543806ac..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/conversion.go +++ /dev/null @@ -1,26 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - conversion "k8s.io/apimachinery/pkg/conversion" - clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication" -) - -func Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error { - return nil -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/doc.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/doc.go deleted file mode 100644 index 22d1c588b..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:conversion-gen=k8s.io/client-go/pkg/apis/clientauthentication -// +k8s:openapi-gen=true -// +k8s:defaulter-gen=TypeMeta - -// +groupName=client.authentication.k8s.io - -package v1beta1 // import "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/register.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/register.go deleted file mode 100644 index 0bb92f16a..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/register.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name use in this package -const GroupName = "client.authentication.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -var ( - SchemeBuilder runtime.SchemeBuilder - localSchemeBuilder = &SchemeBuilder - AddToScheme = localSchemeBuilder.AddToScheme -) - -func init() { - // We only register manually written functions here. The registration of the - // generated functions takes place in the generated files. The separation - // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) -} - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &ExecCredential{}, - ) - metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/types.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/types.go deleted file mode 100644 index d6e267452..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/types.go +++ /dev/null @@ -1,59 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ExecCredentials is used by exec-based plugins to communicate credentials to -// HTTP transports. -type ExecCredential struct { - metav1.TypeMeta `json:",inline"` - - // Spec holds information passed to the plugin by the transport. This contains - // request and runtime specific information, such as if the session is interactive. - Spec ExecCredentialSpec `json:"spec,omitempty"` - - // Status is filled in by the plugin and holds the credentials that the transport - // should use to contact the API. - // +optional - Status *ExecCredentialStatus `json:"status,omitempty"` -} - -// ExecCredenitalSpec holds request and runtime specific information provided by -// the transport. -type ExecCredentialSpec struct{} - -// ExecCredentialStatus holds credentials for the transport to use. -// -// Token and ClientKeyData are sensitive fields. This data should only be -// transmitted in-memory between client and exec plugin process. Exec plugin -// itself should at least be protected via file permissions. -type ExecCredentialStatus struct { - // ExpirationTimestamp indicates a time when the provided credentials expire. - // +optional - ExpirationTimestamp *metav1.Time `json:"expirationTimestamp,omitempty"` - // Token is a bearer token used by the client for request authentication. - Token string `json:"token,omitempty"` - // PEM-encoded client TLS certificates (including intermediates, if any). - ClientCertificateData string `json:"clientCertificateData,omitempty"` - // PEM-encoded private key for the above certificate. - ClientKeyData string `json:"clientKeyData,omitempty"` -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go deleted file mode 100644 index 94ef4b733..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go +++ /dev/null @@ -1,142 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by conversion-gen. DO NOT EDIT. - -package v1beta1 - -import ( - unsafe "unsafe" - - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - conversion "k8s.io/apimachinery/pkg/conversion" - runtime "k8s.io/apimachinery/pkg/runtime" - clientauthentication "k8s.io/client-go/pkg/apis/clientauthentication" -) - -func init() { - localSchemeBuilder.Register(RegisterConversions) -} - -// RegisterConversions adds conversion functions to the given scheme. -// Public to allow building arbitrary schemes. -func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*ExecCredential)(nil), (*clientauthentication.ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential(a.(*ExecCredential), b.(*clientauthentication.ExecCredential), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredential)(nil), (*ExecCredential)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential(a.(*clientauthentication.ExecCredential), b.(*ExecCredential), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ExecCredentialSpec)(nil), (*clientauthentication.ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(a.(*ExecCredentialSpec), b.(*clientauthentication.ExecCredentialSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*ExecCredentialStatus)(nil), (*clientauthentication.ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(a.(*ExecCredentialStatus), b.(*clientauthentication.ExecCredentialStatus), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*clientauthentication.ExecCredentialStatus)(nil), (*ExecCredentialStatus)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus(a.(*clientauthentication.ExecCredentialStatus), b.(*ExecCredentialStatus), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*clientauthentication.ExecCredentialSpec)(nil), (*ExecCredentialSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(a.(*clientauthentication.ExecCredentialSpec), b.(*ExecCredentialSpec), scope) - }); err != nil { - return err - } - return nil -} - -func autoConvert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error { - if err := Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - out.Status = (*clientauthentication.ExecCredentialStatus)(unsafe.Pointer(in.Status)) - return nil -} - -// Convert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential is an autogenerated conversion function. -func Convert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential(in *ExecCredential, out *clientauthentication.ExecCredential, s conversion.Scope) error { - return autoConvert_v1beta1_ExecCredential_To_clientauthentication_ExecCredential(in, out, s) -} - -func autoConvert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error { - if err := Convert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(&in.Spec, &out.Spec, s); err != nil { - return err - } - out.Status = (*ExecCredentialStatus)(unsafe.Pointer(in.Status)) - return nil -} - -// Convert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential is an autogenerated conversion function. -func Convert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential(in *clientauthentication.ExecCredential, out *ExecCredential, s conversion.Scope) error { - return autoConvert_clientauthentication_ExecCredential_To_v1beta1_ExecCredential(in, out, s) -} - -func autoConvert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error { - return nil -} - -// Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec is an autogenerated conversion function. -func Convert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in *ExecCredentialSpec, out *clientauthentication.ExecCredentialSpec, s conversion.Scope) error { - return autoConvert_v1beta1_ExecCredentialSpec_To_clientauthentication_ExecCredentialSpec(in, out, s) -} - -func autoConvert_clientauthentication_ExecCredentialSpec_To_v1beta1_ExecCredentialSpec(in *clientauthentication.ExecCredentialSpec, out *ExecCredentialSpec, s conversion.Scope) error { - // WARNING: in.Response requires manual conversion: does not exist in peer-type - // WARNING: in.Interactive requires manual conversion: does not exist in peer-type - return nil -} - -func autoConvert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error { - out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp)) - out.Token = in.Token - out.ClientCertificateData = in.ClientCertificateData - out.ClientKeyData = in.ClientKeyData - return nil -} - -// Convert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus is an autogenerated conversion function. -func Convert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in *ExecCredentialStatus, out *clientauthentication.ExecCredentialStatus, s conversion.Scope) error { - return autoConvert_v1beta1_ExecCredentialStatus_To_clientauthentication_ExecCredentialStatus(in, out, s) -} - -func autoConvert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error { - out.ExpirationTimestamp = (*v1.Time)(unsafe.Pointer(in.ExpirationTimestamp)) - out.Token = in.Token - out.ClientCertificateData = in.ClientCertificateData - out.ClientKeyData = in.ClientKeyData - return nil -} - -// Convert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus is an autogenerated conversion function. -func Convert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus(in *clientauthentication.ExecCredentialStatus, out *ExecCredentialStatus, s conversion.Scope) error { - return autoConvert_clientauthentication_ExecCredentialStatus_To_v1beta1_ExecCredentialStatus(in, out, s) -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index 736b8cf00..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,92 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredential) DeepCopyInto(out *ExecCredential) { - *out = *in - out.TypeMeta = in.TypeMeta - out.Spec = in.Spec - if in.Status != nil { - in, out := &in.Status, &out.Status - *out = new(ExecCredentialStatus) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredential. -func (in *ExecCredential) DeepCopy() *ExecCredential { - if in == nil { - return nil - } - out := new(ExecCredential) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ExecCredential) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialSpec. -func (in *ExecCredentialSpec) DeepCopy() *ExecCredentialSpec { - if in == nil { - return nil - } - out := new(ExecCredentialSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredentialStatus) DeepCopyInto(out *ExecCredentialStatus) { - *out = *in - if in.ExpirationTimestamp != nil { - in, out := &in.ExpirationTimestamp, &out.ExpirationTimestamp - *out = (*in).DeepCopy() - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialStatus. -func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus { - if in == nil { - return nil - } - out := new(ExecCredentialStatus) - in.DeepCopyInto(out) - return out -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.defaults.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.defaults.go deleted file mode 100644 index 73e63fc11..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.defaults.go +++ /dev/null @@ -1,32 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by defaulter-gen. DO NOT EDIT. - -package v1beta1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// RegisterDefaults adds defaulters functions to the given scheme. -// Public to allow building arbitrary schemes. -// All generated defaulters are covering - they call all nested defaulters. -func RegisterDefaults(scheme *runtime.Scheme) error { - return nil -} diff --git a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go deleted file mode 100644 index c568a6fc8..000000000 --- a/vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go +++ /dev/null @@ -1,128 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package clientauthentication - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredential) DeepCopyInto(out *ExecCredential) { - *out = *in - out.TypeMeta = in.TypeMeta - in.Spec.DeepCopyInto(&out.Spec) - if in.Status != nil { - in, out := &in.Status, &out.Status - *out = new(ExecCredentialStatus) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredential. -func (in *ExecCredential) DeepCopy() *ExecCredential { - if in == nil { - return nil - } - out := new(ExecCredential) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ExecCredential) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredentialSpec) DeepCopyInto(out *ExecCredentialSpec) { - *out = *in - if in.Response != nil { - in, out := &in.Response, &out.Response - *out = new(Response) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialSpec. -func (in *ExecCredentialSpec) DeepCopy() *ExecCredentialSpec { - if in == nil { - return nil - } - out := new(ExecCredentialSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecCredentialStatus) DeepCopyInto(out *ExecCredentialStatus) { - *out = *in - if in.ExpirationTimestamp != nil { - in, out := &in.ExpirationTimestamp, &out.ExpirationTimestamp - *out = (*in).DeepCopy() - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecCredentialStatus. -func (in *ExecCredentialStatus) DeepCopy() *ExecCredentialStatus { - if in == nil { - return nil - } - out := new(ExecCredentialStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Response) DeepCopyInto(out *Response) { - *out = *in - if in.Header != nil { - in, out := &in.Header, &out.Header - *out = make(map[string][]string, len(*in)) - for key, val := range *in { - var outVal []string - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = make([]string, len(*in)) - copy(*out, *in) - } - (*out)[key] = outVal - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response. -func (in *Response) DeepCopy() *Response { - if in == nil { - return nil - } - out := new(Response) - in.DeepCopyInto(out) - return out -} diff --git a/vendor/k8s.io/client-go/pkg/version/.gitattributes b/vendor/k8s.io/client-go/pkg/version/.gitattributes deleted file mode 100644 index 7e349eff6..000000000 --- a/vendor/k8s.io/client-go/pkg/version/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -base.go export-subst diff --git a/vendor/k8s.io/client-go/pkg/version/base.go b/vendor/k8s.io/client-go/pkg/version/base.go deleted file mode 100644 index 9b4c79f89..000000000 --- a/vendor/k8s.io/client-go/pkg/version/base.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package version - -// Base version information. -// -// This is the fallback data used when version information from git is not -// provided via go ldflags. It provides an approximation of the Kubernetes -// version for ad-hoc builds (e.g. `go build`) that cannot get the version -// information from git. -// -// If you are looking at these fields in the git tree, they look -// strange. They are modified on the fly by the build process. The -// in-tree values are dummy values used for "git archive", which also -// works for GitHub tar downloads. -// -// When releasing a new Kubernetes version, this file is updated by -// build/mark_new_version.sh to reflect the new version, and then a -// git annotated tag (using format vX.Y where X == Major version and Y -// == Minor version) is created to point to the commit that updates -// pkg/version/base.go -var ( - // TODO: Deprecate gitMajor and gitMinor, use only gitVersion - // instead. First step in deprecation, keep the fields but make - // them irrelevant. (Next we'll take it out, which may muck with - // scripts consuming the kubectl version output - but most of - // these should be looking at gitVersion already anyways.) - gitMajor string = "" // major version, always numeric - gitMinor string = "" // minor version, numeric possibly followed by "+" - - // semantic version, derived by build scripts (see - // https://git.k8s.io/community/contributors/design-proposals/release/versioning.md - // for a detailed discussion of this field) - // - // TODO: This field is still called "gitVersion" for legacy - // reasons. For prerelease versions, the build metadata on the - // semantic version is a git hash, but the version itself is no - // longer the direct output of "git describe", but a slight - // translation to be semver compliant. - - // NOTE: The $Format strings are replaced during 'git archive' thanks to the - // companion .gitattributes file containing 'export-subst' in this same - // directory. See also https://git-scm.com/docs/gitattributes - gitVersion string = "v0.0.0-master+$Format:%h$" - gitCommit string = "$Format:%H$" // sha1 from git, output of $(git rev-parse HEAD) - gitTreeState string = "" // state of git tree, either "clean" or "dirty" - - buildDate string = "1970-01-01T00:00:00Z" // build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ') -) diff --git a/vendor/k8s.io/client-go/pkg/version/def.bzl b/vendor/k8s.io/client-go/pkg/version/def.bzl deleted file mode 100644 index 9c018a4ef..000000000 --- a/vendor/k8s.io/client-go/pkg/version/def.bzl +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Implements hack/lib/version.sh's kube::version::ldflags() for Bazel. -def version_x_defs(): - # This should match the list of packages in kube::version::ldflag - stamp_pkgs = [ - "k8s.io/kubernetes/pkg/version", - # In hack/lib/version.sh, this has a vendor/ prefix. That isn't needed here? - "k8s.io/client-go/pkg/version", - ] - # This should match the list of vars in kube::version::ldflags - # It should also match the list of vars set in hack/print-workspace-status.sh. - stamp_vars = [ - "buildDate", - "gitCommit", - "gitMajor", - "gitMinor", - "gitTreeState", - "gitVersion", - ] - # Generate the cross-product. - x_defs = {} - for pkg in stamp_pkgs: - for var in stamp_vars: - x_defs["%s.%s" % (pkg, var)] = "{%s}" % var - return x_defs diff --git a/vendor/k8s.io/client-go/pkg/version/doc.go b/vendor/k8s.io/client-go/pkg/version/doc.go deleted file mode 100644 index 05e997e13..000000000 --- a/vendor/k8s.io/client-go/pkg/version/doc.go +++ /dev/null @@ -1,21 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:openapi-gen=true - -// Package version supplies version information collected at build time to -// kubernetes components. -package version // import "k8s.io/client-go/pkg/version" diff --git a/vendor/k8s.io/client-go/pkg/version/version.go b/vendor/k8s.io/client-go/pkg/version/version.go deleted file mode 100644 index 8c8350d13..000000000 --- a/vendor/k8s.io/client-go/pkg/version/version.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package version - -import ( - "fmt" - "runtime" - - apimachineryversion "k8s.io/apimachinery/pkg/version" -) - -// Get returns the overall codebase version. It's for detecting -// what code a binary was built from. -func Get() apimachineryversion.Info { - // These variables typically come from -ldflags settings and in - // their absence fallback to the settings in pkg/version/base.go - return apimachineryversion.Info{ - Major: gitMajor, - Minor: gitMinor, - GitVersion: gitVersion, - GitCommit: gitCommit, - GitTreeState: gitTreeState, - BuildDate: buildDate, - GoVersion: runtime.Version(), - Compiler: runtime.Compiler, - Platform: fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH), - } -} diff --git a/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go b/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go deleted file mode 100644 index b88902c10..000000000 --- a/vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go +++ /dev/null @@ -1,360 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package exec - -import ( - "bytes" - "context" - "crypto/tls" - "errors" - "fmt" - "io" - "net" - "net/http" - "os" - "os/exec" - "reflect" - "sync" - "time" - - "github.com/davecgh/go-spew/spew" - "golang.org/x/crypto/ssh/terminal" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/client-go/pkg/apis/clientauthentication" - "k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1" - "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" - "k8s.io/client-go/tools/clientcmd/api" - "k8s.io/client-go/transport" - "k8s.io/client-go/util/connrotation" - "k8s.io/klog" -) - -const execInfoEnv = "KUBERNETES_EXEC_INFO" - -var scheme = runtime.NewScheme() -var codecs = serializer.NewCodecFactory(scheme) - -func init() { - v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"}) - utilruntime.Must(v1alpha1.AddToScheme(scheme)) - utilruntime.Must(v1beta1.AddToScheme(scheme)) - utilruntime.Must(clientauthentication.AddToScheme(scheme)) -} - -var ( - // Since transports can be constantly re-initialized by programs like kubectl, - // keep a cache of initialized authenticators keyed by a hash of their config. - globalCache = newCache() - // The list of API versions we accept. - apiVersions = map[string]schema.GroupVersion{ - v1alpha1.SchemeGroupVersion.String(): v1alpha1.SchemeGroupVersion, - v1beta1.SchemeGroupVersion.String(): v1beta1.SchemeGroupVersion, - } -) - -func newCache() *cache { - return &cache{m: make(map[string]*Authenticator)} -} - -var spewConfig = &spew.ConfigState{DisableMethods: true, Indent: " "} - -func cacheKey(c *api.ExecConfig) string { - return spewConfig.Sprint(c) -} - -type cache struct { - mu sync.Mutex - m map[string]*Authenticator -} - -func (c *cache) get(s string) (*Authenticator, bool) { - c.mu.Lock() - defer c.mu.Unlock() - a, ok := c.m[s] - return a, ok -} - -// put inserts an authenticator into the cache. If an authenticator is already -// associated with the key, the first one is returned instead. -func (c *cache) put(s string, a *Authenticator) *Authenticator { - c.mu.Lock() - defer c.mu.Unlock() - existing, ok := c.m[s] - if ok { - return existing - } - c.m[s] = a - return a -} - -// GetAuthenticator returns an exec-based plugin for providing client credentials. -func GetAuthenticator(config *api.ExecConfig) (*Authenticator, error) { - return newAuthenticator(globalCache, config) -} - -func newAuthenticator(c *cache, config *api.ExecConfig) (*Authenticator, error) { - key := cacheKey(config) - if a, ok := c.get(key); ok { - return a, nil - } - - gv, ok := apiVersions[config.APIVersion] - if !ok { - return nil, fmt.Errorf("exec plugin: invalid apiVersion %q", config.APIVersion) - } - - a := &Authenticator{ - cmd: config.Command, - args: config.Args, - group: gv, - - stdin: os.Stdin, - stderr: os.Stderr, - interactive: terminal.IsTerminal(int(os.Stdout.Fd())), - now: time.Now, - environ: os.Environ, - } - - for _, env := range config.Env { - a.env = append(a.env, env.Name+"="+env.Value) - } - - return c.put(key, a), nil -} - -// Authenticator is a client credential provider that rotates credentials by executing a plugin. -// The plugin input and output are defined by the API group client.authentication.k8s.io. -type Authenticator struct { - // Set by the config - cmd string - args []string - group schema.GroupVersion - env []string - - // Stubbable for testing - stdin io.Reader - stderr io.Writer - interactive bool - now func() time.Time - environ func() []string - - // Cached results. - // - // The mutex also guards calling the plugin. Since the plugin could be - // interactive we want to make sure it's only called once. - mu sync.Mutex - cachedCreds *credentials - exp time.Time - - onRotate func() -} - -type credentials struct { - token string - cert *tls.Certificate -} - -// UpdateTransportConfig updates the transport.Config to use credentials -// returned by the plugin. -func (a *Authenticator) UpdateTransportConfig(c *transport.Config) error { - c.Wrap(func(rt http.RoundTripper) http.RoundTripper { - return &roundTripper{a, rt} - }) - - if c.TLS.GetCert != nil { - return errors.New("can't add TLS certificate callback: transport.Config.TLS.GetCert already set") - } - c.TLS.GetCert = a.cert - - var dial func(ctx context.Context, network, addr string) (net.Conn, error) - if c.Dial != nil { - dial = c.Dial - } else { - dial = (&net.Dialer{Timeout: 30 * time.Second, KeepAlive: 30 * time.Second}).DialContext - } - d := connrotation.NewDialer(dial) - a.onRotate = d.CloseAll - c.Dial = d.DialContext - - return nil -} - -type roundTripper struct { - a *Authenticator - base http.RoundTripper -} - -func (r *roundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - // If a user has already set credentials, use that. This makes commands like - // "kubectl get --token (token) pods" work. - if req.Header.Get("Authorization") != "" { - return r.base.RoundTrip(req) - } - - creds, err := r.a.getCreds() - if err != nil { - return nil, fmt.Errorf("getting credentials: %v", err) - } - if creds.token != "" { - req.Header.Set("Authorization", "Bearer "+creds.token) - } - - res, err := r.base.RoundTrip(req) - if err != nil { - return nil, err - } - if res.StatusCode == http.StatusUnauthorized { - resp := &clientauthentication.Response{ - Header: res.Header, - Code: int32(res.StatusCode), - } - if err := r.a.maybeRefreshCreds(creds, resp); err != nil { - klog.Errorf("refreshing credentials: %v", err) - } - } - return res, nil -} - -func (a *Authenticator) credsExpired() bool { - if a.exp.IsZero() { - return false - } - return a.now().After(a.exp) -} - -func (a *Authenticator) cert() (*tls.Certificate, error) { - creds, err := a.getCreds() - if err != nil { - return nil, err - } - return creds.cert, nil -} - -func (a *Authenticator) getCreds() (*credentials, error) { - a.mu.Lock() - defer a.mu.Unlock() - if a.cachedCreds != nil && !a.credsExpired() { - return a.cachedCreds, nil - } - - if err := a.refreshCredsLocked(nil); err != nil { - return nil, err - } - return a.cachedCreds, nil -} - -// maybeRefreshCreds executes the plugin to force a rotation of the -// credentials, unless they were rotated already. -func (a *Authenticator) maybeRefreshCreds(creds *credentials, r *clientauthentication.Response) error { - a.mu.Lock() - defer a.mu.Unlock() - - // Since we're not making a new pointer to a.cachedCreds in getCreds, no - // need to do deep comparison. - if creds != a.cachedCreds { - // Credentials already rotated. - return nil - } - - return a.refreshCredsLocked(r) -} - -// refreshCredsLocked executes the plugin and reads the credentials from -// stdout. It must be called while holding the Authenticator's mutex. -func (a *Authenticator) refreshCredsLocked(r *clientauthentication.Response) error { - cred := &clientauthentication.ExecCredential{ - Spec: clientauthentication.ExecCredentialSpec{ - Response: r, - Interactive: a.interactive, - }, - } - - env := append(a.environ(), a.env...) - if a.group == v1alpha1.SchemeGroupVersion { - // Input spec disabled for beta due to lack of use. Possibly re-enable this later if - // someone wants it back. - // - // See: https://github.com/kubernetes/kubernetes/issues/61796 - data, err := runtime.Encode(codecs.LegacyCodec(a.group), cred) - if err != nil { - return fmt.Errorf("encode ExecCredentials: %v", err) - } - env = append(env, fmt.Sprintf("%s=%s", execInfoEnv, data)) - } - - stdout := &bytes.Buffer{} - cmd := exec.Command(a.cmd, a.args...) - cmd.Env = env - cmd.Stderr = a.stderr - cmd.Stdout = stdout - if a.interactive { - cmd.Stdin = a.stdin - } - - if err := cmd.Run(); err != nil { - return fmt.Errorf("exec: %v", err) - } - - _, gvk, err := codecs.UniversalDecoder(a.group).Decode(stdout.Bytes(), nil, cred) - if err != nil { - return fmt.Errorf("decoding stdout: %v", err) - } - if gvk.Group != a.group.Group || gvk.Version != a.group.Version { - return fmt.Errorf("exec plugin is configured to use API version %s, plugin returned version %s", - a.group, schema.GroupVersion{Group: gvk.Group, Version: gvk.Version}) - } - - if cred.Status == nil { - return fmt.Errorf("exec plugin didn't return a status field") - } - if cred.Status.Token == "" && cred.Status.ClientCertificateData == "" && cred.Status.ClientKeyData == "" { - return fmt.Errorf("exec plugin didn't return a token or cert/key pair") - } - if (cred.Status.ClientCertificateData == "") != (cred.Status.ClientKeyData == "") { - return fmt.Errorf("exec plugin returned only certificate or key, not both") - } - - if cred.Status.ExpirationTimestamp != nil { - a.exp = cred.Status.ExpirationTimestamp.Time - } else { - a.exp = time.Time{} - } - - newCreds := &credentials{ - token: cred.Status.Token, - } - if cred.Status.ClientKeyData != "" && cred.Status.ClientCertificateData != "" { - cert, err := tls.X509KeyPair([]byte(cred.Status.ClientCertificateData), []byte(cred.Status.ClientKeyData)) - if err != nil { - return fmt.Errorf("failed parsing client key/certificate: %v", err) - } - newCreds.cert = &cert - } - - oldCreds := a.cachedCreds - a.cachedCreds = newCreds - // Only close all connections when TLS cert rotates. Token rotation doesn't - // need the extra noise. - if a.onRotate != nil && oldCreds != nil && !reflect.DeepEqual(oldCreds.cert, a.cachedCreds.cert) { - a.onRotate() - } - return nil -} diff --git a/vendor/k8s.io/client-go/rest/OWNERS b/vendor/k8s.io/client-go/rest/OWNERS deleted file mode 100644 index 49dabc61b..000000000 --- a/vendor/k8s.io/client-go/rest/OWNERS +++ /dev/null @@ -1,26 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: -- thockin -- smarterclayton -- caesarxuchao -- wojtek-t -- deads2k -- brendandburns -- liggitt -- nikhiljindal -- gmarek -- erictune -- sttts -- luxas -- dims -- errordeveloper -- hongchaodeng -- krousey -- resouer -- cjcullen -- rmmh -- lixiaobing10051267 -- asalkeld -- juanvallejo -- lojies diff --git a/vendor/k8s.io/client-go/rest/client.go b/vendor/k8s.io/client-go/rest/client.go deleted file mode 100644 index 927403cb2..000000000 --- a/vendor/k8s.io/client-go/rest/client.go +++ /dev/null @@ -1,258 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "fmt" - "mime" - "net/http" - "net/url" - "os" - "strconv" - "strings" - "time" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/types" - "k8s.io/client-go/util/flowcontrol" -) - -const ( - // Environment variables: Note that the duration should be long enough that the backoff - // persists for some reasonable time (i.e. 120 seconds). The typical base might be "1". - envBackoffBase = "KUBE_CLIENT_BACKOFF_BASE" - envBackoffDuration = "KUBE_CLIENT_BACKOFF_DURATION" -) - -// Interface captures the set of operations for generically interacting with Kubernetes REST apis. -type Interface interface { - GetRateLimiter() flowcontrol.RateLimiter - Verb(verb string) *Request - Post() *Request - Put() *Request - Patch(pt types.PatchType) *Request - Get() *Request - Delete() *Request - APIVersion() schema.GroupVersion -} - -// RESTClient imposes common Kubernetes API conventions on a set of resource paths. -// The baseURL is expected to point to an HTTP or HTTPS path that is the parent -// of one or more resources. The server should return a decodable API resource -// object, or an api.Status object which contains information about the reason for -// any failure. -// -// Most consumers should use client.New() to get a Kubernetes API client. -type RESTClient struct { - // base is the root URL for all invocations of the client - base *url.URL - // versionedAPIPath is a path segment connecting the base URL to the resource root - versionedAPIPath string - - // contentConfig is the information used to communicate with the server. - contentConfig ContentConfig - - // serializers contain all serializers for underlying content type. - serializers Serializers - - // creates BackoffManager that is passed to requests. - createBackoffMgr func() BackoffManager - - // TODO extract this into a wrapper interface via the RESTClient interface in kubectl. - Throttle flowcontrol.RateLimiter - - // Set specific behavior of the client. If not set http.DefaultClient will be used. - Client *http.Client -} - -type Serializers struct { - Encoder runtime.Encoder - Decoder runtime.Decoder - StreamingSerializer runtime.Serializer - Framer runtime.Framer - RenegotiatedDecoder func(contentType string, params map[string]string) (runtime.Decoder, error) -} - -// NewRESTClient creates a new RESTClient. This client performs generic REST functions -// such as Get, Put, Post, and Delete on specified paths. Codec controls encoding and -// decoding of responses from the server. -func NewRESTClient(baseURL *url.URL, versionedAPIPath string, config ContentConfig, maxQPS float32, maxBurst int, rateLimiter flowcontrol.RateLimiter, client *http.Client) (*RESTClient, error) { - base := *baseURL - if !strings.HasSuffix(base.Path, "/") { - base.Path += "/" - } - base.RawQuery = "" - base.Fragment = "" - - if config.GroupVersion == nil { - config.GroupVersion = &schema.GroupVersion{} - } - if len(config.ContentType) == 0 { - config.ContentType = "application/json" - } - serializers, err := createSerializers(config) - if err != nil { - return nil, err - } - - var throttle flowcontrol.RateLimiter - if maxQPS > 0 && rateLimiter == nil { - throttle = flowcontrol.NewTokenBucketRateLimiter(maxQPS, maxBurst) - } else if rateLimiter != nil { - throttle = rateLimiter - } - return &RESTClient{ - base: &base, - versionedAPIPath: versionedAPIPath, - contentConfig: config, - serializers: *serializers, - createBackoffMgr: readExpBackoffConfig, - Throttle: throttle, - Client: client, - }, nil -} - -// GetRateLimiter returns rate limier for a given client, or nil if it's called on a nil client -func (c *RESTClient) GetRateLimiter() flowcontrol.RateLimiter { - if c == nil { - return nil - } - return c.Throttle -} - -// readExpBackoffConfig handles the internal logic of determining what the -// backoff policy is. By default if no information is available, NoBackoff. -// TODO Generalize this see #17727 . -func readExpBackoffConfig() BackoffManager { - backoffBase := os.Getenv(envBackoffBase) - backoffDuration := os.Getenv(envBackoffDuration) - - backoffBaseInt, errBase := strconv.ParseInt(backoffBase, 10, 64) - backoffDurationInt, errDuration := strconv.ParseInt(backoffDuration, 10, 64) - if errBase != nil || errDuration != nil { - return &NoBackoff{} - } - return &URLBackoff{ - Backoff: flowcontrol.NewBackOff( - time.Duration(backoffBaseInt)*time.Second, - time.Duration(backoffDurationInt)*time.Second)} -} - -// createSerializers creates all necessary serializers for given contentType. -// TODO: the negotiated serializer passed to this method should probably return -// serializers that control decoding and versioning without this package -// being aware of the types. Depends on whether RESTClient must deal with -// generic infrastructure. -func createSerializers(config ContentConfig) (*Serializers, error) { - mediaTypes := config.NegotiatedSerializer.SupportedMediaTypes() - contentType := config.ContentType - mediaType, _, err := mime.ParseMediaType(contentType) - if err != nil { - return nil, fmt.Errorf("the content type specified in the client configuration is not recognized: %v", err) - } - info, ok := runtime.SerializerInfoForMediaType(mediaTypes, mediaType) - if !ok { - if len(contentType) != 0 || len(mediaTypes) == 0 { - return nil, fmt.Errorf("no serializers registered for %s", contentType) - } - info = mediaTypes[0] - } - - internalGV := schema.GroupVersions{ - { - Group: config.GroupVersion.Group, - Version: runtime.APIVersionInternal, - }, - // always include the legacy group as a decoding target to handle non-error `Status` return types - { - Group: "", - Version: runtime.APIVersionInternal, - }, - } - - s := &Serializers{ - Encoder: config.NegotiatedSerializer.EncoderForVersion(info.Serializer, *config.GroupVersion), - Decoder: config.NegotiatedSerializer.DecoderToVersion(info.Serializer, internalGV), - - RenegotiatedDecoder: func(contentType string, params map[string]string) (runtime.Decoder, error) { - info, ok := runtime.SerializerInfoForMediaType(mediaTypes, contentType) - if !ok { - return nil, fmt.Errorf("serializer for %s not registered", contentType) - } - return config.NegotiatedSerializer.DecoderToVersion(info.Serializer, internalGV), nil - }, - } - if info.StreamSerializer != nil { - s.StreamingSerializer = info.StreamSerializer.Serializer - s.Framer = info.StreamSerializer.Framer - } - - return s, nil -} - -// Verb begins a request with a verb (GET, POST, PUT, DELETE). -// -// Example usage of RESTClient's request building interface: -// c, err := NewRESTClient(...) -// if err != nil { ... } -// resp, err := c.Verb("GET"). -// Path("pods"). -// SelectorParam("labels", "area=staging"). -// Timeout(10*time.Second). -// Do() -// if err != nil { ... } -// list, ok := resp.(*api.PodList) -// -func (c *RESTClient) Verb(verb string) *Request { - backoff := c.createBackoffMgr() - - if c.Client == nil { - return NewRequest(nil, verb, c.base, c.versionedAPIPath, c.contentConfig, c.serializers, backoff, c.Throttle, 0) - } - return NewRequest(c.Client, verb, c.base, c.versionedAPIPath, c.contentConfig, c.serializers, backoff, c.Throttle, c.Client.Timeout) -} - -// Post begins a POST request. Short for c.Verb("POST"). -func (c *RESTClient) Post() *Request { - return c.Verb("POST") -} - -// Put begins a PUT request. Short for c.Verb("PUT"). -func (c *RESTClient) Put() *Request { - return c.Verb("PUT") -} - -// Patch begins a PATCH request. Short for c.Verb("Patch"). -func (c *RESTClient) Patch(pt types.PatchType) *Request { - return c.Verb("PATCH").SetHeader("Content-Type", string(pt)) -} - -// Get begins a GET request. Short for c.Verb("GET"). -func (c *RESTClient) Get() *Request { - return c.Verb("GET") -} - -// Delete begins a DELETE request. Short for c.Verb("DELETE"). -func (c *RESTClient) Delete() *Request { - return c.Verb("DELETE") -} - -// APIVersion returns the APIVersion this RESTClient is expected to use. -func (c *RESTClient) APIVersion() schema.GroupVersion { - return *c.contentConfig.GroupVersion -} diff --git a/vendor/k8s.io/client-go/rest/config.go b/vendor/k8s.io/client-go/rest/config.go deleted file mode 100644 index c75825ec5..000000000 --- a/vendor/k8s.io/client-go/rest/config.go +++ /dev/null @@ -1,549 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "context" - "errors" - "fmt" - "io/ioutil" - "net" - "net/http" - "os" - "path/filepath" - gruntime "runtime" - "strings" - "time" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/client-go/pkg/version" - clientcmdapi "k8s.io/client-go/tools/clientcmd/api" - "k8s.io/client-go/transport" - certutil "k8s.io/client-go/util/cert" - "k8s.io/client-go/util/flowcontrol" - "k8s.io/klog" -) - -const ( - DefaultQPS float32 = 5.0 - DefaultBurst int = 10 -) - -var ErrNotInCluster = errors.New("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined") - -// Config holds the common attributes that can be passed to a Kubernetes client on -// initialization. -type Config struct { - // Host must be a host string, a host:port pair, or a URL to the base of the apiserver. - // If a URL is given then the (optional) Path of that URL represents a prefix that must - // be appended to all request URIs used to access the apiserver. This allows a frontend - // proxy to easily relocate all of the apiserver endpoints. - Host string - // APIPath is a sub-path that points to an API root. - APIPath string - - // ContentConfig contains settings that affect how objects are transformed when - // sent to the server. - ContentConfig - - // Server requires Basic authentication - Username string - Password string - - // Server requires Bearer authentication. This client will not attempt to use - // refresh tokens for an OAuth2 flow. - // TODO: demonstrate an OAuth2 compatible client. - BearerToken string - - // Path to a file containing a BearerToken. - // If set, the contents are periodically read. - // The last successfully read value takes precedence over BearerToken. - BearerTokenFile string - - // Impersonate is the configuration that RESTClient will use for impersonation. - Impersonate ImpersonationConfig - - // Server requires plugin-specified authentication. - AuthProvider *clientcmdapi.AuthProviderConfig - - // Callback to persist config for AuthProvider. - AuthConfigPersister AuthProviderConfigPersister - - // Exec-based authentication provider. - ExecProvider *clientcmdapi.ExecConfig - - // TLSClientConfig contains settings to enable transport layer security - TLSClientConfig - - // UserAgent is an optional field that specifies the caller of this request. - UserAgent string - - // Transport may be used for custom HTTP behavior. This attribute may not - // be specified with the TLS client certificate options. Use WrapTransport - // to provide additional per-server middleware behavior. - Transport http.RoundTripper - // WrapTransport will be invoked for custom HTTP behavior after the underlying - // transport is initialized (either the transport created from TLSClientConfig, - // Transport, or http.DefaultTransport). The config may layer other RoundTrippers - // on top of the returned RoundTripper. - // - // A future release will change this field to an array. Use config.Wrap() - // instead of setting this value directly. - WrapTransport transport.WrapperFunc - - // QPS indicates the maximum QPS to the master from this client. - // If it's zero, the created RESTClient will use DefaultQPS: 5 - QPS float32 - - // Maximum burst for throttle. - // If it's zero, the created RESTClient will use DefaultBurst: 10. - Burst int - - // Rate limiter for limiting connections to the master from this client. If present overwrites QPS/Burst - RateLimiter flowcontrol.RateLimiter - - // The maximum length of time to wait before giving up on a server request. A value of zero means no timeout. - Timeout time.Duration - - // Dial specifies the dial function for creating unencrypted TCP connections. - Dial func(ctx context.Context, network, address string) (net.Conn, error) - - // Version forces a specific version to be used (if registered) - // Do we need this? - // Version string -} - -var _ fmt.Stringer = new(Config) -var _ fmt.GoStringer = new(Config) - -type sanitizedConfig *Config - -type sanitizedAuthConfigPersister struct{ AuthProviderConfigPersister } - -func (sanitizedAuthConfigPersister) GoString() string { - return "rest.AuthProviderConfigPersister(--- REDACTED ---)" -} -func (sanitizedAuthConfigPersister) String() string { - return "rest.AuthProviderConfigPersister(--- REDACTED ---)" -} - -// GoString implements fmt.GoStringer and sanitizes sensitive fields of Config -// to prevent accidental leaking via logs. -func (c *Config) GoString() string { - return c.String() -} - -// String implements fmt.Stringer and sanitizes sensitive fields of Config to -// prevent accidental leaking via logs. -func (c *Config) String() string { - if c == nil { - return "<nil>" - } - cc := sanitizedConfig(CopyConfig(c)) - // Explicitly mark non-empty credential fields as redacted. - if cc.Password != "" { - cc.Password = "--- REDACTED ---" - } - if cc.BearerToken != "" { - cc.BearerToken = "--- REDACTED ---" - } - if cc.AuthConfigPersister != nil { - cc.AuthConfigPersister = sanitizedAuthConfigPersister{cc.AuthConfigPersister} - } - - return fmt.Sprintf("%#v", cc) -} - -// ImpersonationConfig has all the available impersonation options -type ImpersonationConfig struct { - // UserName is the username to impersonate on each request. - UserName string - // Groups are the groups to impersonate on each request. - Groups []string - // Extra is a free-form field which can be used to link some authentication information - // to authorization information. This field allows you to impersonate it. - Extra map[string][]string -} - -// +k8s:deepcopy-gen=true -// TLSClientConfig contains settings to enable transport layer security -type TLSClientConfig struct { - // Server should be accessed without verifying the TLS certificate. For testing only. - Insecure bool - // ServerName is passed to the server for SNI and is used in the client to check server - // ceritificates against. If ServerName is empty, the hostname used to contact the - // server is used. - ServerName string - - // Server requires TLS client certificate authentication - CertFile string - // Server requires TLS client certificate authentication - KeyFile string - // Trusted root certificates for server - CAFile string - - // CertData holds PEM-encoded bytes (typically read from a client certificate file). - // CertData takes precedence over CertFile - CertData []byte - // KeyData holds PEM-encoded bytes (typically read from a client certificate key file). - // KeyData takes precedence over KeyFile - KeyData []byte - // CAData holds PEM-encoded bytes (typically read from a root certificates bundle). - // CAData takes precedence over CAFile - CAData []byte -} - -var _ fmt.Stringer = TLSClientConfig{} -var _ fmt.GoStringer = TLSClientConfig{} - -type sanitizedTLSClientConfig TLSClientConfig - -// GoString implements fmt.GoStringer and sanitizes sensitive fields of -// TLSClientConfig to prevent accidental leaking via logs. -func (c TLSClientConfig) GoString() string { - return c.String() -} - -// String implements fmt.Stringer and sanitizes sensitive fields of -// TLSClientConfig to prevent accidental leaking via logs. -func (c TLSClientConfig) String() string { - cc := sanitizedTLSClientConfig{ - Insecure: c.Insecure, - ServerName: c.ServerName, - CertFile: c.CertFile, - KeyFile: c.KeyFile, - CAFile: c.CAFile, - CertData: c.CertData, - KeyData: c.KeyData, - CAData: c.CAData, - } - // Explicitly mark non-empty credential fields as redacted. - if len(cc.CertData) != 0 { - cc.CertData = []byte("--- TRUNCATED ---") - } - if len(cc.KeyData) != 0 { - cc.KeyData = []byte("--- REDACTED ---") - } - return fmt.Sprintf("%#v", cc) -} - -type ContentConfig struct { - // AcceptContentTypes specifies the types the client will accept and is optional. - // If not set, ContentType will be used to define the Accept header - AcceptContentTypes string - // ContentType specifies the wire format used to communicate with the server. - // This value will be set as the Accept header on requests made to the server, and - // as the default content type on any object sent to the server. If not set, - // "application/json" is used. - ContentType string - // GroupVersion is the API version to talk to. Must be provided when initializing - // a RESTClient directly. When initializing a Client, will be set with the default - // code version. - GroupVersion *schema.GroupVersion - // NegotiatedSerializer is used for obtaining encoders and decoders for multiple - // supported media types. - NegotiatedSerializer runtime.NegotiatedSerializer -} - -// RESTClientFor returns a RESTClient that satisfies the requested attributes on a client Config -// object. Note that a RESTClient may require fields that are optional when initializing a Client. -// A RESTClient created by this method is generic - it expects to operate on an API that follows -// the Kubernetes conventions, but may not be the Kubernetes API. -func RESTClientFor(config *Config) (*RESTClient, error) { - if config.GroupVersion == nil { - return nil, fmt.Errorf("GroupVersion is required when initializing a RESTClient") - } - if config.NegotiatedSerializer == nil { - return nil, fmt.Errorf("NegotiatedSerializer is required when initializing a RESTClient") - } - qps := config.QPS - if config.QPS == 0.0 { - qps = DefaultQPS - } - burst := config.Burst - if config.Burst == 0 { - burst = DefaultBurst - } - - baseURL, versionedAPIPath, err := defaultServerUrlFor(config) - if err != nil { - return nil, err - } - - transport, err := TransportFor(config) - if err != nil { - return nil, err - } - - var httpClient *http.Client - if transport != http.DefaultTransport { - httpClient = &http.Client{Transport: transport} - if config.Timeout > 0 { - httpClient.Timeout = config.Timeout - } - } - - return NewRESTClient(baseURL, versionedAPIPath, config.ContentConfig, qps, burst, config.RateLimiter, httpClient) -} - -// UnversionedRESTClientFor is the same as RESTClientFor, except that it allows -// the config.Version to be empty. -func UnversionedRESTClientFor(config *Config) (*RESTClient, error) { - if config.NegotiatedSerializer == nil { - return nil, fmt.Errorf("NegotiatedSerializer is required when initializing a RESTClient") - } - - baseURL, versionedAPIPath, err := defaultServerUrlFor(config) - if err != nil { - return nil, err - } - - transport, err := TransportFor(config) - if err != nil { - return nil, err - } - - var httpClient *http.Client - if transport != http.DefaultTransport { - httpClient = &http.Client{Transport: transport} - if config.Timeout > 0 { - httpClient.Timeout = config.Timeout - } - } - - versionConfig := config.ContentConfig - if versionConfig.GroupVersion == nil { - v := metav1.SchemeGroupVersion - versionConfig.GroupVersion = &v - } - - return NewRESTClient(baseURL, versionedAPIPath, versionConfig, config.QPS, config.Burst, config.RateLimiter, httpClient) -} - -// SetKubernetesDefaults sets default values on the provided client config for accessing the -// Kubernetes API or returns an error if any of the defaults are impossible or invalid. -func SetKubernetesDefaults(config *Config) error { - if len(config.UserAgent) == 0 { - config.UserAgent = DefaultKubernetesUserAgent() - } - return nil -} - -// adjustCommit returns sufficient significant figures of the commit's git hash. -func adjustCommit(c string) string { - if len(c) == 0 { - return "unknown" - } - if len(c) > 7 { - return c[:7] - } - return c -} - -// adjustVersion strips "alpha", "beta", etc. from version in form -// major.minor.patch-[alpha|beta|etc]. -func adjustVersion(v string) string { - if len(v) == 0 { - return "unknown" - } - seg := strings.SplitN(v, "-", 2) - return seg[0] -} - -// adjustCommand returns the last component of the -// OS-specific command path for use in User-Agent. -func adjustCommand(p string) string { - // Unlikely, but better than returning "". - if len(p) == 0 { - return "unknown" - } - return filepath.Base(p) -} - -// buildUserAgent builds a User-Agent string from given args. -func buildUserAgent(command, version, os, arch, commit string) string { - return fmt.Sprintf( - "%s/%s (%s/%s) kubernetes/%s", command, version, os, arch, commit) -} - -// DefaultKubernetesUserAgent returns a User-Agent string built from static global vars. -func DefaultKubernetesUserAgent() string { - return buildUserAgent( - adjustCommand(os.Args[0]), - adjustVersion(version.Get().GitVersion), - gruntime.GOOS, - gruntime.GOARCH, - adjustCommit(version.Get().GitCommit)) -} - -// InClusterConfig returns a config object which uses the service account -// kubernetes gives to pods. It's intended for clients that expect to be -// running inside a pod running on kubernetes. It will return ErrNotInCluster -// if called from a process not running in a kubernetes environment. -func InClusterConfig() (*Config, error) { - const ( - tokenFile = "/var/run/secrets/kubernetes.io/serviceaccount/token" - rootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - ) - host, port := os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT") - if len(host) == 0 || len(port) == 0 { - return nil, ErrNotInCluster - } - - token, err := ioutil.ReadFile(tokenFile) - if err != nil { - return nil, err - } - - tlsClientConfig := TLSClientConfig{} - - if _, err := certutil.NewPool(rootCAFile); err != nil { - klog.Errorf("Expected to load root CA config from %s, but got err: %v", rootCAFile, err) - } else { - tlsClientConfig.CAFile = rootCAFile - } - - return &Config{ - // TODO: switch to using cluster DNS. - Host: "https://" + net.JoinHostPort(host, port), - TLSClientConfig: tlsClientConfig, - BearerToken: string(token), - BearerTokenFile: tokenFile, - }, nil -} - -// IsConfigTransportTLS returns true if and only if the provided -// config will result in a protected connection to the server when it -// is passed to restclient.RESTClientFor(). Use to determine when to -// send credentials over the wire. -// -// Note: the Insecure flag is ignored when testing for this value, so MITM attacks are -// still possible. -func IsConfigTransportTLS(config Config) bool { - baseURL, _, err := defaultServerUrlFor(&config) - if err != nil { - return false - } - return baseURL.Scheme == "https" -} - -// LoadTLSFiles copies the data from the CertFile, KeyFile, and CAFile fields into the CertData, -// KeyData, and CAFile fields, or returns an error. If no error is returned, all three fields are -// either populated or were empty to start. -func LoadTLSFiles(c *Config) error { - var err error - c.CAData, err = dataFromSliceOrFile(c.CAData, c.CAFile) - if err != nil { - return err - } - - c.CertData, err = dataFromSliceOrFile(c.CertData, c.CertFile) - if err != nil { - return err - } - - c.KeyData, err = dataFromSliceOrFile(c.KeyData, c.KeyFile) - if err != nil { - return err - } - return nil -} - -// dataFromSliceOrFile returns data from the slice (if non-empty), or from the file, -// or an error if an error occurred reading the file -func dataFromSliceOrFile(data []byte, file string) ([]byte, error) { - if len(data) > 0 { - return data, nil - } - if len(file) > 0 { - fileData, err := ioutil.ReadFile(file) - if err != nil { - return []byte{}, err - } - return fileData, nil - } - return nil, nil -} - -func AddUserAgent(config *Config, userAgent string) *Config { - fullUserAgent := DefaultKubernetesUserAgent() + "/" + userAgent - config.UserAgent = fullUserAgent - return config -} - -// AnonymousClientConfig returns a copy of the given config with all user credentials (cert/key, bearer token, and username/password) and custom transports (WrapTransport, Transport) removed -func AnonymousClientConfig(config *Config) *Config { - // copy only known safe fields - return &Config{ - Host: config.Host, - APIPath: config.APIPath, - ContentConfig: config.ContentConfig, - TLSClientConfig: TLSClientConfig{ - Insecure: config.Insecure, - ServerName: config.ServerName, - CAFile: config.TLSClientConfig.CAFile, - CAData: config.TLSClientConfig.CAData, - }, - RateLimiter: config.RateLimiter, - UserAgent: config.UserAgent, - QPS: config.QPS, - Burst: config.Burst, - Timeout: config.Timeout, - Dial: config.Dial, - } -} - -// CopyConfig returns a copy of the given config -func CopyConfig(config *Config) *Config { - return &Config{ - Host: config.Host, - APIPath: config.APIPath, - ContentConfig: config.ContentConfig, - Username: config.Username, - Password: config.Password, - BearerToken: config.BearerToken, - BearerTokenFile: config.BearerTokenFile, - Impersonate: ImpersonationConfig{ - Groups: config.Impersonate.Groups, - Extra: config.Impersonate.Extra, - UserName: config.Impersonate.UserName, - }, - AuthProvider: config.AuthProvider, - AuthConfigPersister: config.AuthConfigPersister, - ExecProvider: config.ExecProvider, - TLSClientConfig: TLSClientConfig{ - Insecure: config.TLSClientConfig.Insecure, - ServerName: config.TLSClientConfig.ServerName, - CertFile: config.TLSClientConfig.CertFile, - KeyFile: config.TLSClientConfig.KeyFile, - CAFile: config.TLSClientConfig.CAFile, - CertData: config.TLSClientConfig.CertData, - KeyData: config.TLSClientConfig.KeyData, - CAData: config.TLSClientConfig.CAData, - }, - UserAgent: config.UserAgent, - Transport: config.Transport, - WrapTransport: config.WrapTransport, - QPS: config.QPS, - Burst: config.Burst, - RateLimiter: config.RateLimiter, - Timeout: config.Timeout, - Dial: config.Dial, - } -} diff --git a/vendor/k8s.io/client-go/rest/plugin.go b/vendor/k8s.io/client-go/rest/plugin.go deleted file mode 100644 index 83ef5ae32..000000000 --- a/vendor/k8s.io/client-go/rest/plugin.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "fmt" - "net/http" - "sync" - - "k8s.io/klog" - - clientcmdapi "k8s.io/client-go/tools/clientcmd/api" -) - -type AuthProvider interface { - // WrapTransport allows the plugin to create a modified RoundTripper that - // attaches authorization headers (or other info) to requests. - WrapTransport(http.RoundTripper) http.RoundTripper - // Login allows the plugin to initialize its configuration. It must not - // require direct user interaction. - Login() error -} - -// Factory generates an AuthProvider plugin. -// clusterAddress is the address of the current cluster. -// config is the initial configuration for this plugin. -// persister allows the plugin to save updated configuration. -type Factory func(clusterAddress string, config map[string]string, persister AuthProviderConfigPersister) (AuthProvider, error) - -// AuthProviderConfigPersister allows a plugin to persist configuration info -// for just itself. -type AuthProviderConfigPersister interface { - Persist(map[string]string) error -} - -// All registered auth provider plugins. -var pluginsLock sync.Mutex -var plugins = make(map[string]Factory) - -func RegisterAuthProviderPlugin(name string, plugin Factory) error { - pluginsLock.Lock() - defer pluginsLock.Unlock() - if _, found := plugins[name]; found { - return fmt.Errorf("Auth Provider Plugin %q was registered twice", name) - } - klog.V(4).Infof("Registered Auth Provider Plugin %q", name) - plugins[name] = plugin - return nil -} - -func GetAuthProvider(clusterAddress string, apc *clientcmdapi.AuthProviderConfig, persister AuthProviderConfigPersister) (AuthProvider, error) { - pluginsLock.Lock() - defer pluginsLock.Unlock() - p, ok := plugins[apc.Name] - if !ok { - return nil, fmt.Errorf("No Auth Provider found for name %q", apc.Name) - } - return p(clusterAddress, apc.Config, persister) -} diff --git a/vendor/k8s.io/client-go/rest/request.go b/vendor/k8s.io/client-go/rest/request.go deleted file mode 100644 index 0570615fc..000000000 --- a/vendor/k8s.io/client-go/rest/request.go +++ /dev/null @@ -1,1206 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "bytes" - "context" - "encoding/hex" - "fmt" - "io" - "io/ioutil" - "mime" - "net/http" - "net/url" - "path" - "reflect" - "strconv" - "strings" - "time" - - "golang.org/x/net/http2" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/runtime/serializer/streaming" - "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/watch" - restclientwatch "k8s.io/client-go/rest/watch" - "k8s.io/client-go/tools/metrics" - "k8s.io/client-go/util/flowcontrol" - "k8s.io/klog" -) - -var ( - // longThrottleLatency defines threshold for logging requests. All requests being - // throttle for more than longThrottleLatency will be logged. - longThrottleLatency = 50 * time.Millisecond -) - -// HTTPClient is an interface for testing a request object. -type HTTPClient interface { - Do(req *http.Request) (*http.Response, error) -} - -// ResponseWrapper is an interface for getting a response. -// The response may be either accessed as a raw data (the whole output is put into memory) or as a stream. -type ResponseWrapper interface { - DoRaw() ([]byte, error) - Stream() (io.ReadCloser, error) -} - -// RequestConstructionError is returned when there's an error assembling a request. -type RequestConstructionError struct { - Err error -} - -// Error returns a textual description of 'r'. -func (r *RequestConstructionError) Error() string { - return fmt.Sprintf("request construction error: '%v'", r.Err) -} - -// Request allows for building up a request to a server in a chained fashion. -// Any errors are stored until the end of your call, so you only have to -// check once. -type Request struct { - // required - client HTTPClient - verb string - - baseURL *url.URL - content ContentConfig - serializers Serializers - - // generic components accessible via method setters - pathPrefix string - subpath string - params url.Values - headers http.Header - - // structural elements of the request that are part of the Kubernetes API conventions - namespace string - namespaceSet bool - resource string - resourceName string - subresource string - timeout time.Duration - - // output - err error - body io.Reader - - // This is only used for per-request timeouts, deadlines, and cancellations. - ctx context.Context - - backoffMgr BackoffManager - throttle flowcontrol.RateLimiter -} - -// NewRequest creates a new request helper object for accessing runtime.Objects on a server. -func NewRequest(client HTTPClient, verb string, baseURL *url.URL, versionedAPIPath string, content ContentConfig, serializers Serializers, backoff BackoffManager, throttle flowcontrol.RateLimiter, timeout time.Duration) *Request { - if backoff == nil { - klog.V(2).Infof("Not implementing request backoff strategy.") - backoff = &NoBackoff{} - } - - pathPrefix := "/" - if baseURL != nil { - pathPrefix = path.Join(pathPrefix, baseURL.Path) - } - r := &Request{ - client: client, - verb: verb, - baseURL: baseURL, - pathPrefix: path.Join(pathPrefix, versionedAPIPath), - content: content, - serializers: serializers, - backoffMgr: backoff, - throttle: throttle, - timeout: timeout, - } - switch { - case len(content.AcceptContentTypes) > 0: - r.SetHeader("Accept", content.AcceptContentTypes) - case len(content.ContentType) > 0: - r.SetHeader("Accept", content.ContentType+", */*") - } - return r -} - -// Prefix adds segments to the relative beginning to the request path. These -// items will be placed before the optional Namespace, Resource, or Name sections. -// Setting AbsPath will clear any previously set Prefix segments -func (r *Request) Prefix(segments ...string) *Request { - if r.err != nil { - return r - } - r.pathPrefix = path.Join(r.pathPrefix, path.Join(segments...)) - return r -} - -// Suffix appends segments to the end of the path. These items will be placed after the prefix and optional -// Namespace, Resource, or Name sections. -func (r *Request) Suffix(segments ...string) *Request { - if r.err != nil { - return r - } - r.subpath = path.Join(r.subpath, path.Join(segments...)) - return r -} - -// Resource sets the resource to access (<resource>/[ns/<namespace>/]<name>) -func (r *Request) Resource(resource string) *Request { - if r.err != nil { - return r - } - if len(r.resource) != 0 { - r.err = fmt.Errorf("resource already set to %q, cannot change to %q", r.resource, resource) - return r - } - if msgs := IsValidPathSegmentName(resource); len(msgs) != 0 { - r.err = fmt.Errorf("invalid resource %q: %v", resource, msgs) - return r - } - r.resource = resource - return r -} - -// BackOff sets the request's backoff manager to the one specified, -// or defaults to the stub implementation if nil is provided -func (r *Request) BackOff(manager BackoffManager) *Request { - if manager == nil { - r.backoffMgr = &NoBackoff{} - return r - } - - r.backoffMgr = manager - return r -} - -// Throttle receives a rate-limiter and sets or replaces an existing request limiter -func (r *Request) Throttle(limiter flowcontrol.RateLimiter) *Request { - r.throttle = limiter - return r -} - -// SubResource sets a sub-resource path which can be multiple segments after the resource -// name but before the suffix. -func (r *Request) SubResource(subresources ...string) *Request { - if r.err != nil { - return r - } - subresource := path.Join(subresources...) - if len(r.subresource) != 0 { - r.err = fmt.Errorf("subresource already set to %q, cannot change to %q", r.resource, subresource) - return r - } - for _, s := range subresources { - if msgs := IsValidPathSegmentName(s); len(msgs) != 0 { - r.err = fmt.Errorf("invalid subresource %q: %v", s, msgs) - return r - } - } - r.subresource = subresource - return r -} - -// Name sets the name of a resource to access (<resource>/[ns/<namespace>/]<name>) -func (r *Request) Name(resourceName string) *Request { - if r.err != nil { - return r - } - if len(resourceName) == 0 { - r.err = fmt.Errorf("resource name may not be empty") - return r - } - if len(r.resourceName) != 0 { - r.err = fmt.Errorf("resource name already set to %q, cannot change to %q", r.resourceName, resourceName) - return r - } - if msgs := IsValidPathSegmentName(resourceName); len(msgs) != 0 { - r.err = fmt.Errorf("invalid resource name %q: %v", resourceName, msgs) - return r - } - r.resourceName = resourceName - return r -} - -// Namespace applies the namespace scope to a request (<resource>/[ns/<namespace>/]<name>) -func (r *Request) Namespace(namespace string) *Request { - if r.err != nil { - return r - } - if r.namespaceSet { - r.err = fmt.Errorf("namespace already set to %q, cannot change to %q", r.namespace, namespace) - return r - } - if msgs := IsValidPathSegmentName(namespace); len(msgs) != 0 { - r.err = fmt.Errorf("invalid namespace %q: %v", namespace, msgs) - return r - } - r.namespaceSet = true - r.namespace = namespace - return r -} - -// NamespaceIfScoped is a convenience function to set a namespace if scoped is true -func (r *Request) NamespaceIfScoped(namespace string, scoped bool) *Request { - if scoped { - return r.Namespace(namespace) - } - return r -} - -// AbsPath overwrites an existing path with the segments provided. Trailing slashes are preserved -// when a single segment is passed. -func (r *Request) AbsPath(segments ...string) *Request { - if r.err != nil { - return r - } - r.pathPrefix = path.Join(r.baseURL.Path, path.Join(segments...)) - if len(segments) == 1 && (len(r.baseURL.Path) > 1 || len(segments[0]) > 1) && strings.HasSuffix(segments[0], "/") { - // preserve any trailing slashes for legacy behavior - r.pathPrefix += "/" - } - return r -} - -// RequestURI overwrites existing path and parameters with the value of the provided server relative -// URI. -func (r *Request) RequestURI(uri string) *Request { - if r.err != nil { - return r - } - locator, err := url.Parse(uri) - if err != nil { - r.err = err - return r - } - r.pathPrefix = locator.Path - if len(locator.Query()) > 0 { - if r.params == nil { - r.params = make(url.Values) - } - for k, v := range locator.Query() { - r.params[k] = v - } - } - return r -} - -// Param creates a query parameter with the given string value. -func (r *Request) Param(paramName, s string) *Request { - if r.err != nil { - return r - } - return r.setParam(paramName, s) -} - -// VersionedParams will take the provided object, serialize it to a map[string][]string using the -// implicit RESTClient API version and the default parameter codec, and then add those as parameters -// to the request. Use this to provide versioned query parameters from client libraries. -// VersionedParams will not write query parameters that have omitempty set and are empty. If a -// parameter has already been set it is appended to (Params and VersionedParams are additive). -func (r *Request) VersionedParams(obj runtime.Object, codec runtime.ParameterCodec) *Request { - return r.SpecificallyVersionedParams(obj, codec, *r.content.GroupVersion) -} - -func (r *Request) SpecificallyVersionedParams(obj runtime.Object, codec runtime.ParameterCodec, version schema.GroupVersion) *Request { - if r.err != nil { - return r - } - params, err := codec.EncodeParameters(obj, version) - if err != nil { - r.err = err - return r - } - for k, v := range params { - if r.params == nil { - r.params = make(url.Values) - } - r.params[k] = append(r.params[k], v...) - } - return r -} - -func (r *Request) setParam(paramName, value string) *Request { - if r.params == nil { - r.params = make(url.Values) - } - r.params[paramName] = append(r.params[paramName], value) - return r -} - -func (r *Request) SetHeader(key string, values ...string) *Request { - if r.headers == nil { - r.headers = http.Header{} - } - r.headers.Del(key) - for _, value := range values { - r.headers.Add(key, value) - } - return r -} - -// Timeout makes the request use the given duration as an overall timeout for the -// request. Additionally, if set passes the value as "timeout" parameter in URL. -func (r *Request) Timeout(d time.Duration) *Request { - if r.err != nil { - return r - } - r.timeout = d - return r -} - -// Body makes the request use obj as the body. Optional. -// If obj is a string, try to read a file of that name. -// If obj is a []byte, send it directly. -// If obj is an io.Reader, use it directly. -// If obj is a runtime.Object, marshal it correctly, and set Content-Type header. -// If obj is a runtime.Object and nil, do nothing. -// Otherwise, set an error. -func (r *Request) Body(obj interface{}) *Request { - if r.err != nil { - return r - } - switch t := obj.(type) { - case string: - data, err := ioutil.ReadFile(t) - if err != nil { - r.err = err - return r - } - glogBody("Request Body", data) - r.body = bytes.NewReader(data) - case []byte: - glogBody("Request Body", t) - r.body = bytes.NewReader(t) - case io.Reader: - r.body = t - case runtime.Object: - // callers may pass typed interface pointers, therefore we must check nil with reflection - if reflect.ValueOf(t).IsNil() { - return r - } - data, err := runtime.Encode(r.serializers.Encoder, t) - if err != nil { - r.err = err - return r - } - glogBody("Request Body", data) - r.body = bytes.NewReader(data) - r.SetHeader("Content-Type", r.content.ContentType) - default: - r.err = fmt.Errorf("unknown type used for body: %+v", obj) - } - return r -} - -// Context adds a context to the request. Contexts are only used for -// timeouts, deadlines, and cancellations. -func (r *Request) Context(ctx context.Context) *Request { - r.ctx = ctx - return r -} - -// URL returns the current working URL. -func (r *Request) URL() *url.URL { - p := r.pathPrefix - if r.namespaceSet && len(r.namespace) > 0 { - p = path.Join(p, "namespaces", r.namespace) - } - if len(r.resource) != 0 { - p = path.Join(p, strings.ToLower(r.resource)) - } - // Join trims trailing slashes, so preserve r.pathPrefix's trailing slash for backwards compatibility if nothing was changed - if len(r.resourceName) != 0 || len(r.subpath) != 0 || len(r.subresource) != 0 { - p = path.Join(p, r.resourceName, r.subresource, r.subpath) - } - - finalURL := &url.URL{} - if r.baseURL != nil { - *finalURL = *r.baseURL - } - finalURL.Path = p - - query := url.Values{} - for key, values := range r.params { - for _, value := range values { - query.Add(key, value) - } - } - - // timeout is handled specially here. - if r.timeout != 0 { - query.Set("timeout", r.timeout.String()) - } - finalURL.RawQuery = query.Encode() - return finalURL -} - -// finalURLTemplate is similar to URL(), but will make all specific parameter values equal -// - instead of name or namespace, "{name}" and "{namespace}" will be used, and all query -// parameters will be reset. This creates a copy of the url so as not to change the -// underlying object. -func (r Request) finalURLTemplate() url.URL { - newParams := url.Values{} - v := []string{"{value}"} - for k := range r.params { - newParams[k] = v - } - r.params = newParams - url := r.URL() - segments := strings.Split(r.URL().Path, "/") - groupIndex := 0 - index := 0 - if r.URL() != nil && r.baseURL != nil && strings.Contains(r.URL().Path, r.baseURL.Path) { - groupIndex += len(strings.Split(r.baseURL.Path, "/")) - } - if groupIndex >= len(segments) { - return *url - } - - const CoreGroupPrefix = "api" - const NamedGroupPrefix = "apis" - isCoreGroup := segments[groupIndex] == CoreGroupPrefix - isNamedGroup := segments[groupIndex] == NamedGroupPrefix - if isCoreGroup { - // checking the case of core group with /api/v1/... format - index = groupIndex + 2 - } else if isNamedGroup { - // checking the case of named group with /apis/apps/v1/... format - index = groupIndex + 3 - } else { - // this should not happen that the only two possibilities are /api... and /apis..., just want to put an - // outlet here in case more API groups are added in future if ever possible: - // https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-groups - // if a wrong API groups name is encountered, return the {prefix} for url.Path - url.Path = "/{prefix}" - url.RawQuery = "" - return *url - } - //switch segLength := len(segments) - index; segLength { - switch { - // case len(segments) - index == 1: - // resource (with no name) do nothing - case len(segments)-index == 2: - // /$RESOURCE/$NAME: replace $NAME with {name} - segments[index+1] = "{name}" - case len(segments)-index == 3: - if segments[index+2] == "finalize" || segments[index+2] == "status" { - // /$RESOURCE/$NAME/$SUBRESOURCE: replace $NAME with {name} - segments[index+1] = "{name}" - } else { - // /namespace/$NAMESPACE/$RESOURCE: replace $NAMESPACE with {namespace} - segments[index+1] = "{namespace}" - } - case len(segments)-index >= 4: - segments[index+1] = "{namespace}" - // /namespace/$NAMESPACE/$RESOURCE/$NAME: replace $NAMESPACE with {namespace}, $NAME with {name} - if segments[index+3] != "finalize" && segments[index+3] != "status" { - // /$RESOURCE/$NAME/$SUBRESOURCE: replace $NAME with {name} - segments[index+3] = "{name}" - } - } - url.Path = path.Join(segments...) - return *url -} - -func (r *Request) tryThrottle() { - now := time.Now() - if r.throttle != nil { - r.throttle.Accept() - } - if latency := time.Since(now); latency > longThrottleLatency { - klog.V(4).Infof("Throttling request took %v, request: %s:%s", latency, r.verb, r.URL().String()) - } -} - -// Watch attempts to begin watching the requested location. -// Returns a watch.Interface, or an error. -func (r *Request) Watch() (watch.Interface, error) { - return r.WatchWithSpecificDecoders( - func(body io.ReadCloser) streaming.Decoder { - framer := r.serializers.Framer.NewFrameReader(body) - return streaming.NewDecoder(framer, r.serializers.StreamingSerializer) - }, - r.serializers.Decoder, - ) -} - -// WatchWithSpecificDecoders attempts to begin watching the requested location with a *different* decoder. -// Turns out that you want one "standard" decoder for the watch event and one "personal" decoder for the content -// Returns a watch.Interface, or an error. -func (r *Request) WatchWithSpecificDecoders(wrapperDecoderFn func(io.ReadCloser) streaming.Decoder, embeddedDecoder runtime.Decoder) (watch.Interface, error) { - // We specifically don't want to rate limit watches, so we - // don't use r.throttle here. - if r.err != nil { - return nil, r.err - } - if r.serializers.Framer == nil { - return nil, fmt.Errorf("watching resources is not possible with this client (content-type: %s)", r.content.ContentType) - } - - url := r.URL().String() - req, err := http.NewRequest(r.verb, url, r.body) - if err != nil { - return nil, err - } - if r.ctx != nil { - req = req.WithContext(r.ctx) - } - req.Header = r.headers - client := r.client - if client == nil { - client = http.DefaultClient - } - r.backoffMgr.Sleep(r.backoffMgr.CalculateBackoff(r.URL())) - resp, err := client.Do(req) - updateURLMetrics(r, resp, err) - if r.baseURL != nil { - if err != nil { - r.backoffMgr.UpdateBackoff(r.baseURL, err, 0) - } else { - r.backoffMgr.UpdateBackoff(r.baseURL, err, resp.StatusCode) - } - } - if err != nil { - // The watch stream mechanism handles many common partial data errors, so closed - // connections can be retried in many cases. - if net.IsProbableEOF(err) { - return watch.NewEmptyWatch(), nil - } - return nil, err - } - if resp.StatusCode != http.StatusOK { - defer resp.Body.Close() - if result := r.transformResponse(resp, req); result.err != nil { - return nil, result.err - } - return nil, fmt.Errorf("for request %s, got status: %v", url, resp.StatusCode) - } - wrapperDecoder := wrapperDecoderFn(resp.Body) - return watch.NewStreamWatcher( - restclientwatch.NewDecoder(wrapperDecoder, embeddedDecoder), - // use 500 to indicate that the cause of the error is unknown - other error codes - // are more specific to HTTP interactions, and set a reason - errors.NewClientErrorReporter(http.StatusInternalServerError, r.verb, "ClientWatchDecoding"), - ), nil -} - -// updateURLMetrics is a convenience function for pushing metrics. -// It also handles corner cases for incomplete/invalid request data. -func updateURLMetrics(req *Request, resp *http.Response, err error) { - url := "none" - if req.baseURL != nil { - url = req.baseURL.Host - } - - // Errors can be arbitrary strings. Unbound label cardinality is not suitable for a metric - // system so we just report them as `<error>`. - if err != nil { - metrics.RequestResult.Increment("<error>", req.verb, url) - } else { - //Metrics for failure codes - metrics.RequestResult.Increment(strconv.Itoa(resp.StatusCode), req.verb, url) - } -} - -// Stream formats and executes the request, and offers streaming of the response. -// Returns io.ReadCloser which could be used for streaming of the response, or an error -// Any non-2xx http status code causes an error. If we get a non-2xx code, we try to convert the body into an APIStatus object. -// If we can, we return that as an error. Otherwise, we create an error that lists the http status and the content of the response. -func (r *Request) Stream() (io.ReadCloser, error) { - if r.err != nil { - return nil, r.err - } - - r.tryThrottle() - - url := r.URL().String() - req, err := http.NewRequest(r.verb, url, nil) - if err != nil { - return nil, err - } - if r.ctx != nil { - req = req.WithContext(r.ctx) - } - req.Header = r.headers - client := r.client - if client == nil { - client = http.DefaultClient - } - r.backoffMgr.Sleep(r.backoffMgr.CalculateBackoff(r.URL())) - resp, err := client.Do(req) - updateURLMetrics(r, resp, err) - if r.baseURL != nil { - if err != nil { - r.backoffMgr.UpdateBackoff(r.URL(), err, 0) - } else { - r.backoffMgr.UpdateBackoff(r.URL(), err, resp.StatusCode) - } - } - if err != nil { - return nil, err - } - - switch { - case (resp.StatusCode >= 200) && (resp.StatusCode < 300): - return resp.Body, nil - - default: - // ensure we close the body before returning the error - defer resp.Body.Close() - - result := r.transformResponse(resp, req) - err := result.Error() - if err == nil { - err = fmt.Errorf("%d while accessing %v: %s", result.statusCode, url, string(result.body)) - } - return nil, err - } -} - -// request connects to the server and invokes the provided function when a server response is -// received. It handles retry behavior and up front validation of requests. It will invoke -// fn at most once. It will return an error if a problem occurred prior to connecting to the -// server - the provided function is responsible for handling server errors. -func (r *Request) request(fn func(*http.Request, *http.Response)) error { - //Metrics for total request latency - start := time.Now() - defer func() { - metrics.RequestLatency.Observe(r.verb, r.finalURLTemplate(), time.Since(start)) - }() - - if r.err != nil { - klog.V(4).Infof("Error in request: %v", r.err) - return r.err - } - - // TODO: added to catch programmer errors (invoking operations with an object with an empty namespace) - if (r.verb == "GET" || r.verb == "PUT" || r.verb == "DELETE") && r.namespaceSet && len(r.resourceName) > 0 && len(r.namespace) == 0 { - return fmt.Errorf("an empty namespace may not be set when a resource name is provided") - } - if (r.verb == "POST") && r.namespaceSet && len(r.namespace) == 0 { - return fmt.Errorf("an empty namespace may not be set during creation") - } - - client := r.client - if client == nil { - client = http.DefaultClient - } - - // Right now we make about ten retry attempts if we get a Retry-After response. - maxRetries := 10 - retries := 0 - for { - url := r.URL().String() - req, err := http.NewRequest(r.verb, url, r.body) - if err != nil { - return err - } - if r.timeout > 0 { - if r.ctx == nil { - r.ctx = context.Background() - } - var cancelFn context.CancelFunc - r.ctx, cancelFn = context.WithTimeout(r.ctx, r.timeout) - defer cancelFn() - } - if r.ctx != nil { - req = req.WithContext(r.ctx) - } - req.Header = r.headers - - r.backoffMgr.Sleep(r.backoffMgr.CalculateBackoff(r.URL())) - if retries > 0 { - // We are retrying the request that we already send to apiserver - // at least once before. - // This request should also be throttled with the client-internal throttler. - r.tryThrottle() - } - resp, err := client.Do(req) - updateURLMetrics(r, resp, err) - if err != nil { - r.backoffMgr.UpdateBackoff(r.URL(), err, 0) - } else { - r.backoffMgr.UpdateBackoff(r.URL(), err, resp.StatusCode) - } - if err != nil { - // "Connection reset by peer" is usually a transient error. - // Thus in case of "GET" operations, we simply retry it. - // We are not automatically retrying "write" operations, as - // they are not idempotent. - if !net.IsConnectionReset(err) || r.verb != "GET" { - return err - } - // For the purpose of retry, we set the artificial "retry-after" response. - // TODO: Should we clean the original response if it exists? - resp = &http.Response{ - StatusCode: http.StatusInternalServerError, - Header: http.Header{"Retry-After": []string{"1"}}, - Body: ioutil.NopCloser(bytes.NewReader([]byte{})), - } - } - - done := func() bool { - // Ensure the response body is fully read and closed - // before we reconnect, so that we reuse the same TCP - // connection. - defer func() { - const maxBodySlurpSize = 2 << 10 - if resp.ContentLength <= maxBodySlurpSize { - io.Copy(ioutil.Discard, &io.LimitedReader{R: resp.Body, N: maxBodySlurpSize}) - } - resp.Body.Close() - }() - - retries++ - if seconds, wait := checkWait(resp); wait && retries < maxRetries { - if seeker, ok := r.body.(io.Seeker); ok && r.body != nil { - _, err := seeker.Seek(0, 0) - if err != nil { - klog.V(4).Infof("Could not retry request, can't Seek() back to beginning of body for %T", r.body) - fn(req, resp) - return true - } - } - - klog.V(4).Infof("Got a Retry-After %ds response for attempt %d to %v", seconds, retries, url) - r.backoffMgr.Sleep(time.Duration(seconds) * time.Second) - return false - } - fn(req, resp) - return true - }() - if done { - return nil - } - } -} - -// Do formats and executes the request. Returns a Result object for easy response -// processing. -// -// Error type: -// * If the request can't be constructed, or an error happened earlier while building its -// arguments: *RequestConstructionError -// * If the server responds with a status: *errors.StatusError or *errors.UnexpectedObjectError -// * http.Client.Do errors are returned directly. -func (r *Request) Do() Result { - r.tryThrottle() - - var result Result - err := r.request(func(req *http.Request, resp *http.Response) { - result = r.transformResponse(resp, req) - }) - if err != nil { - return Result{err: err} - } - return result -} - -// DoRaw executes the request but does not process the response body. -func (r *Request) DoRaw() ([]byte, error) { - r.tryThrottle() - - var result Result - err := r.request(func(req *http.Request, resp *http.Response) { - result.body, result.err = ioutil.ReadAll(resp.Body) - glogBody("Response Body", result.body) - if resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusPartialContent { - result.err = r.transformUnstructuredResponseError(resp, req, result.body) - } - }) - if err != nil { - return nil, err - } - return result.body, result.err -} - -// transformResponse converts an API response into a structured API object -func (r *Request) transformResponse(resp *http.Response, req *http.Request) Result { - var body []byte - if resp.Body != nil { - data, err := ioutil.ReadAll(resp.Body) - switch err.(type) { - case nil: - body = data - case http2.StreamError: - // This is trying to catch the scenario that the server may close the connection when sending the - // response body. This can be caused by server timeout due to a slow network connection. - // TODO: Add test for this. Steps may be: - // 1. client-go (or kubectl) sends a GET request. - // 2. Apiserver sends back the headers and then part of the body - // 3. Apiserver closes connection. - // 4. client-go should catch this and return an error. - klog.V(2).Infof("Stream error %#v when reading response body, may be caused by closed connection.", err) - streamErr := fmt.Errorf("Stream error when reading response body, may be caused by closed connection. Please retry. Original error: %v", err) - return Result{ - err: streamErr, - } - default: - klog.Errorf("Unexpected error when reading response body: %v", err) - unexpectedErr := fmt.Errorf("Unexpected error when reading response body. Please retry. Original error: %v", err) - return Result{ - err: unexpectedErr, - } - } - } - - glogBody("Response Body", body) - - // verify the content type is accurate - contentType := resp.Header.Get("Content-Type") - decoder := r.serializers.Decoder - if len(contentType) > 0 && (decoder == nil || (len(r.content.ContentType) > 0 && contentType != r.content.ContentType)) { - mediaType, params, err := mime.ParseMediaType(contentType) - if err != nil { - return Result{err: errors.NewInternalError(err)} - } - decoder, err = r.serializers.RenegotiatedDecoder(mediaType, params) - if err != nil { - // if we fail to negotiate a decoder, treat this as an unstructured error - switch { - case resp.StatusCode == http.StatusSwitchingProtocols: - // no-op, we've been upgraded - case resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusPartialContent: - return Result{err: r.transformUnstructuredResponseError(resp, req, body)} - } - return Result{ - body: body, - contentType: contentType, - statusCode: resp.StatusCode, - } - } - } - - switch { - case resp.StatusCode == http.StatusSwitchingProtocols: - // no-op, we've been upgraded - case resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusPartialContent: - // calculate an unstructured error from the response which the Result object may use if the caller - // did not return a structured error. - retryAfter, _ := retryAfterSeconds(resp) - err := r.newUnstructuredResponseError(body, isTextResponse(resp), resp.StatusCode, req.Method, retryAfter) - return Result{ - body: body, - contentType: contentType, - statusCode: resp.StatusCode, - decoder: decoder, - err: err, - } - } - - return Result{ - body: body, - contentType: contentType, - statusCode: resp.StatusCode, - decoder: decoder, - } -} - -// truncateBody decides if the body should be truncated, based on the glog Verbosity. -func truncateBody(body string) string { - max := 0 - switch { - case bool(klog.V(10)): - return body - case bool(klog.V(9)): - max = 10240 - case bool(klog.V(8)): - max = 1024 - } - - if len(body) <= max { - return body - } - - return body[:max] + fmt.Sprintf(" [truncated %d chars]", len(body)-max) -} - -// glogBody logs a body output that could be either JSON or protobuf. It explicitly guards against -// allocating a new string for the body output unless necessary. Uses a simple heuristic to determine -// whether the body is printable. -func glogBody(prefix string, body []byte) { - if klog.V(8) { - if bytes.IndexFunc(body, func(r rune) bool { - return r < 0x0a - }) != -1 { - klog.Infof("%s:\n%s", prefix, truncateBody(hex.Dump(body))) - } else { - klog.Infof("%s: %s", prefix, truncateBody(string(body))) - } - } -} - -// maxUnstructuredResponseTextBytes is an upper bound on how much output to include in the unstructured error. -const maxUnstructuredResponseTextBytes = 2048 - -// transformUnstructuredResponseError handles an error from the server that is not in a structured form. -// It is expected to transform any response that is not recognizable as a clear server sent error from the -// K8S API using the information provided with the request. In practice, HTTP proxies and client libraries -// introduce a level of uncertainty to the responses returned by servers that in common use result in -// unexpected responses. The rough structure is: -// -// 1. Assume the server sends you something sane - JSON + well defined error objects + proper codes -// - this is the happy path -// - when you get this output, trust what the server sends -// 2. Guard against empty fields / bodies in received JSON and attempt to cull sufficient info from them to -// generate a reasonable facsimile of the original failure. -// - Be sure to use a distinct error type or flag that allows a client to distinguish between this and error 1 above -// 3. Handle true disconnect failures / completely malformed data by moving up to a more generic client error -// 4. Distinguish between various connection failures like SSL certificates, timeouts, proxy errors, unexpected -// initial contact, the presence of mismatched body contents from posted content types -// - Give these a separate distinct error type and capture as much as possible of the original message -// -// TODO: introduce transformation of generic http.Client.Do() errors that separates 4. -func (r *Request) transformUnstructuredResponseError(resp *http.Response, req *http.Request, body []byte) error { - if body == nil && resp.Body != nil { - if data, err := ioutil.ReadAll(&io.LimitedReader{R: resp.Body, N: maxUnstructuredResponseTextBytes}); err == nil { - body = data - } - } - retryAfter, _ := retryAfterSeconds(resp) - return r.newUnstructuredResponseError(body, isTextResponse(resp), resp.StatusCode, req.Method, retryAfter) -} - -// newUnstructuredResponseError instantiates the appropriate generic error for the provided input. It also logs the body. -func (r *Request) newUnstructuredResponseError(body []byte, isTextResponse bool, statusCode int, method string, retryAfter int) error { - // cap the amount of output we create - if len(body) > maxUnstructuredResponseTextBytes { - body = body[:maxUnstructuredResponseTextBytes] - } - - message := "unknown" - if isTextResponse { - message = strings.TrimSpace(string(body)) - } - var groupResource schema.GroupResource - if len(r.resource) > 0 { - groupResource.Group = r.content.GroupVersion.Group - groupResource.Resource = r.resource - } - return errors.NewGenericServerResponse( - statusCode, - method, - groupResource, - r.resourceName, - message, - retryAfter, - true, - ) -} - -// isTextResponse returns true if the response appears to be a textual media type. -func isTextResponse(resp *http.Response) bool { - contentType := resp.Header.Get("Content-Type") - if len(contentType) == 0 { - return true - } - media, _, err := mime.ParseMediaType(contentType) - if err != nil { - return false - } - return strings.HasPrefix(media, "text/") -} - -// checkWait returns true along with a number of seconds if the server instructed us to wait -// before retrying. -func checkWait(resp *http.Response) (int, bool) { - switch r := resp.StatusCode; { - // any 500 error code and 429 can trigger a wait - case r == http.StatusTooManyRequests, r >= 500: - default: - return 0, false - } - i, ok := retryAfterSeconds(resp) - return i, ok -} - -// retryAfterSeconds returns the value of the Retry-After header and true, or 0 and false if -// the header was missing or not a valid number. -func retryAfterSeconds(resp *http.Response) (int, bool) { - if h := resp.Header.Get("Retry-After"); len(h) > 0 { - if i, err := strconv.Atoi(h); err == nil { - return i, true - } - } - return 0, false -} - -// Result contains the result of calling Request.Do(). -type Result struct { - body []byte - contentType string - err error - statusCode int - - decoder runtime.Decoder -} - -// Raw returns the raw result. -func (r Result) Raw() ([]byte, error) { - return r.body, r.err -} - -// Get returns the result as an object, which means it passes through the decoder. -// If the returned object is of type Status and has .Status != StatusSuccess, the -// additional information in Status will be used to enrich the error. -func (r Result) Get() (runtime.Object, error) { - if r.err != nil { - // Check whether the result has a Status object in the body and prefer that. - return nil, r.Error() - } - if r.decoder == nil { - return nil, fmt.Errorf("serializer for %s doesn't exist", r.contentType) - } - - // decode, but if the result is Status return that as an error instead. - out, _, err := r.decoder.Decode(r.body, nil, nil) - if err != nil { - return nil, err - } - switch t := out.(type) { - case *metav1.Status: - // any status besides StatusSuccess is considered an error. - if t.Status != metav1.StatusSuccess { - return nil, errors.FromObject(t) - } - } - return out, nil -} - -// StatusCode returns the HTTP status code of the request. (Only valid if no -// error was returned.) -func (r Result) StatusCode(statusCode *int) Result { - *statusCode = r.statusCode - return r -} - -// Into stores the result into obj, if possible. If obj is nil it is ignored. -// If the returned object is of type Status and has .Status != StatusSuccess, the -// additional information in Status will be used to enrich the error. -func (r Result) Into(obj runtime.Object) error { - if r.err != nil { - // Check whether the result has a Status object in the body and prefer that. - return r.Error() - } - if r.decoder == nil { - return fmt.Errorf("serializer for %s doesn't exist", r.contentType) - } - if len(r.body) == 0 { - return fmt.Errorf("0-length response with status code: %d and content type: %s", - r.statusCode, r.contentType) - } - - out, _, err := r.decoder.Decode(r.body, nil, obj) - if err != nil || out == obj { - return err - } - // if a different object is returned, see if it is Status and avoid double decoding - // the object. - switch t := out.(type) { - case *metav1.Status: - // any status besides StatusSuccess is considered an error. - if t.Status != metav1.StatusSuccess { - return errors.FromObject(t) - } - } - return nil -} - -// WasCreated updates the provided bool pointer to whether the server returned -// 201 created or a different response. -func (r Result) WasCreated(wasCreated *bool) Result { - *wasCreated = r.statusCode == http.StatusCreated - return r -} - -// Error returns the error executing the request, nil if no error occurred. -// If the returned object is of type Status and has Status != StatusSuccess, the -// additional information in Status will be used to enrich the error. -// See the Request.Do() comment for what errors you might get. -func (r Result) Error() error { - // if we have received an unexpected server error, and we have a body and decoder, we can try to extract - // a Status object. - if r.err == nil || !errors.IsUnexpectedServerError(r.err) || len(r.body) == 0 || r.decoder == nil { - return r.err - } - - // attempt to convert the body into a Status object - // to be backwards compatible with old servers that do not return a version, default to "v1" - out, _, err := r.decoder.Decode(r.body, &schema.GroupVersionKind{Version: "v1"}, nil) - if err != nil { - klog.V(5).Infof("body was not decodable (unable to check for Status): %v", err) - return r.err - } - switch t := out.(type) { - case *metav1.Status: - // because we default the kind, we *must* check for StatusFailure - if t.Status == metav1.StatusFailure { - return errors.FromObject(t) - } - } - return r.err -} - -// NameMayNotBe specifies strings that cannot be used as names specified as path segments (like the REST API or etcd store) -var NameMayNotBe = []string{".", ".."} - -// NameMayNotContain specifies substrings that cannot be used in names specified as path segments (like the REST API or etcd store) -var NameMayNotContain = []string{"/", "%"} - -// IsValidPathSegmentName validates the name can be safely encoded as a path segment -func IsValidPathSegmentName(name string) []string { - for _, illegalName := range NameMayNotBe { - if name == illegalName { - return []string{fmt.Sprintf(`may not be '%s'`, illegalName)} - } - } - - var errors []string - for _, illegalContent := range NameMayNotContain { - if strings.Contains(name, illegalContent) { - errors = append(errors, fmt.Sprintf(`may not contain '%s'`, illegalContent)) - } - } - - return errors -} - -// IsValidPathSegmentPrefix validates the name can be used as a prefix for a name which will be encoded as a path segment -// It does not check for exact matches with disallowed names, since an arbitrary suffix might make the name valid -func IsValidPathSegmentPrefix(name string) []string { - var errors []string - for _, illegalContent := range NameMayNotContain { - if strings.Contains(name, illegalContent) { - errors = append(errors, fmt.Sprintf(`may not contain '%s'`, illegalContent)) - } - } - - return errors -} - -// ValidatePathSegmentName validates the name can be safely encoded as a path segment -func ValidatePathSegmentName(name string, prefix bool) []string { - if prefix { - return IsValidPathSegmentPrefix(name) - } - return IsValidPathSegmentName(name) -} diff --git a/vendor/k8s.io/client-go/rest/transport.go b/vendor/k8s.io/client-go/rest/transport.go deleted file mode 100644 index de33ecbfc..000000000 --- a/vendor/k8s.io/client-go/rest/transport.go +++ /dev/null @@ -1,118 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "crypto/tls" - "errors" - "net/http" - - "k8s.io/client-go/plugin/pkg/client/auth/exec" - "k8s.io/client-go/transport" -) - -// TLSConfigFor returns a tls.Config that will provide the transport level security defined -// by the provided Config. Will return nil if no transport level security is requested. -func TLSConfigFor(config *Config) (*tls.Config, error) { - cfg, err := config.TransportConfig() - if err != nil { - return nil, err - } - return transport.TLSConfigFor(cfg) -} - -// TransportFor returns an http.RoundTripper that will provide the authentication -// or transport level security defined by the provided Config. Will return the -// default http.DefaultTransport if no special case behavior is needed. -func TransportFor(config *Config) (http.RoundTripper, error) { - cfg, err := config.TransportConfig() - if err != nil { - return nil, err - } - return transport.New(cfg) -} - -// HTTPWrappersForConfig wraps a round tripper with any relevant layered behavior from the -// config. Exposed to allow more clients that need HTTP-like behavior but then must hijack -// the underlying connection (like WebSocket or HTTP2 clients). Pure HTTP clients should use -// the higher level TransportFor or RESTClientFor methods. -func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTripper, error) { - cfg, err := config.TransportConfig() - if err != nil { - return nil, err - } - return transport.HTTPWrappersForConfig(cfg, rt) -} - -// TransportConfig converts a client config to an appropriate transport config. -func (c *Config) TransportConfig() (*transport.Config, error) { - conf := &transport.Config{ - UserAgent: c.UserAgent, - Transport: c.Transport, - WrapTransport: c.WrapTransport, - TLS: transport.TLSConfig{ - Insecure: c.Insecure, - ServerName: c.ServerName, - CAFile: c.CAFile, - CAData: c.CAData, - CertFile: c.CertFile, - CertData: c.CertData, - KeyFile: c.KeyFile, - KeyData: c.KeyData, - }, - Username: c.Username, - Password: c.Password, - BearerToken: c.BearerToken, - BearerTokenFile: c.BearerTokenFile, - Impersonate: transport.ImpersonationConfig{ - UserName: c.Impersonate.UserName, - Groups: c.Impersonate.Groups, - Extra: c.Impersonate.Extra, - }, - Dial: c.Dial, - } - - if c.ExecProvider != nil && c.AuthProvider != nil { - return nil, errors.New("execProvider and authProvider cannot be used in combination") - } - - if c.ExecProvider != nil { - provider, err := exec.GetAuthenticator(c.ExecProvider) - if err != nil { - return nil, err - } - if err := provider.UpdateTransportConfig(conf); err != nil { - return nil, err - } - } - if c.AuthProvider != nil { - provider, err := GetAuthProvider(c.Host, c.AuthProvider, c.AuthConfigPersister) - if err != nil { - return nil, err - } - conf.Wrap(provider.WrapTransport) - } - return conf, nil -} - -// Wrap adds a transport middleware function that will give the caller -// an opportunity to wrap the underlying http.RoundTripper prior to the -// first API call being made. The provided function is invoked after any -// existing transport wrappers are invoked. -func (c *Config) Wrap(fn transport.WrapperFunc) { - c.WrapTransport = transport.Wrappers(c.WrapTransport, fn) -} diff --git a/vendor/k8s.io/client-go/rest/url_utils.go b/vendor/k8s.io/client-go/rest/url_utils.go deleted file mode 100644 index a56d1838d..000000000 --- a/vendor/k8s.io/client-go/rest/url_utils.go +++ /dev/null @@ -1,97 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "fmt" - "net/url" - "path" - - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// DefaultServerURL converts a host, host:port, or URL string to the default base server API path -// to use with a Client at a given API version following the standard conventions for a -// Kubernetes API. -func DefaultServerURL(host, apiPath string, groupVersion schema.GroupVersion, defaultTLS bool) (*url.URL, string, error) { - if host == "" { - return nil, "", fmt.Errorf("host must be a URL or a host:port pair") - } - base := host - hostURL, err := url.Parse(base) - if err != nil || hostURL.Scheme == "" || hostURL.Host == "" { - scheme := "http://" - if defaultTLS { - scheme = "https://" - } - hostURL, err = url.Parse(scheme + base) - if err != nil { - return nil, "", err - } - if hostURL.Path != "" && hostURL.Path != "/" { - return nil, "", fmt.Errorf("host must be a URL or a host:port pair: %q", base) - } - } - - // hostURL.Path is optional; a non-empty Path is treated as a prefix that is to be applied to - // all URIs used to access the host. this is useful when there's a proxy in front of the - // apiserver that has relocated the apiserver endpoints, forwarding all requests from, for - // example, /a/b/c to the apiserver. in this case the Path should be /a/b/c. - // - // if running without a frontend proxy (that changes the location of the apiserver), then - // hostURL.Path should be blank. - // - // versionedAPIPath, a path relative to baseURL.Path, points to a versioned API base - versionedAPIPath := DefaultVersionedAPIPath(apiPath, groupVersion) - - return hostURL, versionedAPIPath, nil -} - -// DefaultVersionedAPIPathFor constructs the default path for the given group version, assuming the given -// API path, following the standard conventions of the Kubernetes API. -func DefaultVersionedAPIPath(apiPath string, groupVersion schema.GroupVersion) string { - versionedAPIPath := path.Join("/", apiPath) - - // Add the version to the end of the path - if len(groupVersion.Group) > 0 { - versionedAPIPath = path.Join(versionedAPIPath, groupVersion.Group, groupVersion.Version) - - } else { - versionedAPIPath = path.Join(versionedAPIPath, groupVersion.Version) - } - - return versionedAPIPath -} - -// defaultServerUrlFor is shared between IsConfigTransportTLS and RESTClientFor. It -// requires Host and Version to be set prior to being called. -func defaultServerUrlFor(config *Config) (*url.URL, string, error) { - // TODO: move the default to secure when the apiserver supports TLS by default - // config.Insecure is taken to mean "I want HTTPS but don't bother checking the certs against a CA." - hasCA := len(config.CAFile) != 0 || len(config.CAData) != 0 - hasCert := len(config.CertFile) != 0 || len(config.CertData) != 0 - defaultTLS := hasCA || hasCert || config.Insecure - host := config.Host - if host == "" { - host = "localhost" - } - - if config.GroupVersion != nil { - return DefaultServerURL(host, config.APIPath, *config.GroupVersion, defaultTLS) - } - return DefaultServerURL(host, config.APIPath, schema.GroupVersion{}, defaultTLS) -} diff --git a/vendor/k8s.io/client-go/rest/urlbackoff.go b/vendor/k8s.io/client-go/rest/urlbackoff.go deleted file mode 100644 index d00e42f86..000000000 --- a/vendor/k8s.io/client-go/rest/urlbackoff.go +++ /dev/null @@ -1,107 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rest - -import ( - "net/url" - "time" - - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/client-go/util/flowcontrol" - "k8s.io/klog" -) - -// Set of resp. Codes that we backoff for. -// In general these should be errors that indicate a server is overloaded. -// These shouldn't be configured by any user, we set them based on conventions -// described in -var serverIsOverloadedSet = sets.NewInt(429) -var maxResponseCode = 499 - -type BackoffManager interface { - UpdateBackoff(actualUrl *url.URL, err error, responseCode int) - CalculateBackoff(actualUrl *url.URL) time.Duration - Sleep(d time.Duration) -} - -// URLBackoff struct implements the semantics on top of Backoff which -// we need for URL specific exponential backoff. -type URLBackoff struct { - // Uses backoff as underlying implementation. - Backoff *flowcontrol.Backoff -} - -// NoBackoff is a stub implementation, can be used for mocking or else as a default. -type NoBackoff struct { -} - -func (n *NoBackoff) UpdateBackoff(actualUrl *url.URL, err error, responseCode int) { - // do nothing. -} - -func (n *NoBackoff) CalculateBackoff(actualUrl *url.URL) time.Duration { - return 0 * time.Second -} - -func (n *NoBackoff) Sleep(d time.Duration) { - time.Sleep(d) -} - -// Disable makes the backoff trivial, i.e., sets it to zero. This might be used -// by tests which want to run 1000s of mock requests without slowing down. -func (b *URLBackoff) Disable() { - klog.V(4).Infof("Disabling backoff strategy") - b.Backoff = flowcontrol.NewBackOff(0*time.Second, 0*time.Second) -} - -// baseUrlKey returns the key which urls will be mapped to. -// For example, 127.0.0.1:8080/api/v2/abcde -> 127.0.0.1:8080. -func (b *URLBackoff) baseUrlKey(rawurl *url.URL) string { - // Simple implementation for now, just the host. - // We may backoff specific paths (i.e. "pods") differentially - // in the future. - host, err := url.Parse(rawurl.String()) - if err != nil { - klog.V(4).Infof("Error extracting url: %v", rawurl) - panic("bad url!") - } - return host.Host -} - -// UpdateBackoff updates backoff metadata -func (b *URLBackoff) UpdateBackoff(actualUrl *url.URL, err error, responseCode int) { - // range for retry counts that we store is [0,13] - if responseCode > maxResponseCode || serverIsOverloadedSet.Has(responseCode) { - b.Backoff.Next(b.baseUrlKey(actualUrl), b.Backoff.Clock.Now()) - return - } else if responseCode >= 300 || err != nil { - klog.V(4).Infof("Client is returning errors: code %v, error %v", responseCode, err) - } - - //If we got this far, there is no backoff required for this URL anymore. - b.Backoff.Reset(b.baseUrlKey(actualUrl)) -} - -// CalculateBackoff takes a url and back's off exponentially, -// based on its knowledge of existing failures. -func (b *URLBackoff) CalculateBackoff(actualUrl *url.URL) time.Duration { - return b.Backoff.Get(b.baseUrlKey(actualUrl)) -} - -func (b *URLBackoff) Sleep(d time.Duration) { - b.Backoff.Clock.Sleep(d) -} diff --git a/vendor/k8s.io/client-go/rest/watch/decoder.go b/vendor/k8s.io/client-go/rest/watch/decoder.go deleted file mode 100644 index e95c020b2..000000000 --- a/vendor/k8s.io/client-go/rest/watch/decoder.go +++ /dev/null @@ -1,72 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package versioned - -import ( - "fmt" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer/streaming" - "k8s.io/apimachinery/pkg/watch" -) - -// Decoder implements the watch.Decoder interface for io.ReadClosers that -// have contents which consist of a series of watchEvent objects encoded -// with the given streaming decoder. The internal objects will be then -// decoded by the embedded decoder. -type Decoder struct { - decoder streaming.Decoder - embeddedDecoder runtime.Decoder -} - -// NewDecoder creates an Decoder for the given writer and codec. -func NewDecoder(decoder streaming.Decoder, embeddedDecoder runtime.Decoder) *Decoder { - return &Decoder{ - decoder: decoder, - embeddedDecoder: embeddedDecoder, - } -} - -// Decode blocks until it can return the next object in the reader. Returns an error -// if the reader is closed or an object can't be decoded. -func (d *Decoder) Decode() (watch.EventType, runtime.Object, error) { - var got metav1.WatchEvent - res, _, err := d.decoder.Decode(nil, &got) - if err != nil { - return "", nil, err - } - if res != &got { - return "", nil, fmt.Errorf("unable to decode to metav1.Event") - } - switch got.Type { - case string(watch.Added), string(watch.Modified), string(watch.Deleted), string(watch.Error), string(watch.Bookmark): - default: - return "", nil, fmt.Errorf("got invalid watch event type: %v", got.Type) - } - - obj, err := runtime.Decode(d.embeddedDecoder, got.Object.Raw) - if err != nil { - return "", nil, fmt.Errorf("unable to decode watch event: %v", err) - } - return watch.EventType(got.Type), obj, nil -} - -// Close closes the underlying r. -func (d *Decoder) Close() { - d.decoder.Close() -} diff --git a/vendor/k8s.io/client-go/rest/watch/encoder.go b/vendor/k8s.io/client-go/rest/watch/encoder.go deleted file mode 100644 index e55aa12d9..000000000 --- a/vendor/k8s.io/client-go/rest/watch/encoder.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package versioned - -import ( - "encoding/json" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer/streaming" - "k8s.io/apimachinery/pkg/watch" -) - -// Encoder serializes watch.Events into io.Writer. The internal objects -// are encoded using embedded encoder, and the outer Event is serialized -// using encoder. -// TODO: this type is only used by tests -type Encoder struct { - encoder streaming.Encoder - embeddedEncoder runtime.Encoder -} - -func NewEncoder(encoder streaming.Encoder, embeddedEncoder runtime.Encoder) *Encoder { - return &Encoder{ - encoder: encoder, - embeddedEncoder: embeddedEncoder, - } -} - -// Encode writes an event to the writer. Returns an error -// if the writer is closed or an object can't be encoded. -func (e *Encoder) Encode(event *watch.Event) error { - data, err := runtime.Encode(e.embeddedEncoder, event.Object) - if err != nil { - return err - } - // FIXME: get rid of json.RawMessage. - return e.encoder.Encode(&metav1.WatchEvent{ - Type: string(event.Type), - Object: runtime.RawExtension{Raw: json.RawMessage(data)}, - }) -} diff --git a/vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go deleted file mode 100644 index c1ab45f33..000000000 --- a/vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go +++ /dev/null @@ -1,52 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package rest - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSClientConfig) DeepCopyInto(out *TLSClientConfig) { - *out = *in - if in.CertData != nil { - in, out := &in.CertData, &out.CertData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.KeyData != nil { - in, out := &in.KeyData, &out.KeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.CAData != nil { - in, out := &in.CAData, &out.CAData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSClientConfig. -func (in *TLSClientConfig) DeepCopy() *TLSClientConfig { - if in == nil { - return nil - } - out := new(TLSClientConfig) - in.DeepCopyInto(out) - return out -} diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/doc.go b/vendor/k8s.io/client-go/tools/clientcmd/api/doc.go deleted file mode 100644 index 5871575a6..000000000 --- a/vendor/k8s.io/client-go/tools/clientcmd/api/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package - -package api diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go b/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go deleted file mode 100644 index 65a36936b..000000000 --- a/vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go +++ /dev/null @@ -1,188 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package api - -import ( - "encoding/base64" - "errors" - "fmt" - "io/ioutil" - "os" - "path" - "path/filepath" -) - -func init() { - sDec, _ := base64.StdEncoding.DecodeString("REDACTED+") - redactedBytes = []byte(string(sDec)) - sDec, _ = base64.StdEncoding.DecodeString("DATA+OMITTED") - dataOmittedBytes = []byte(string(sDec)) -} - -// IsConfigEmpty returns true if the config is empty. -func IsConfigEmpty(config *Config) bool { - return len(config.AuthInfos) == 0 && len(config.Clusters) == 0 && len(config.Contexts) == 0 && - len(config.CurrentContext) == 0 && - len(config.Preferences.Extensions) == 0 && !config.Preferences.Colors && - len(config.Extensions) == 0 -} - -// MinifyConfig read the current context and uses that to keep only the relevant pieces of config -// This is useful for making secrets based on kubeconfig files -func MinifyConfig(config *Config) error { - if len(config.CurrentContext) == 0 { - return errors.New("current-context must exist in order to minify") - } - - currContext, exists := config.Contexts[config.CurrentContext] - if !exists { - return fmt.Errorf("cannot locate context %v", config.CurrentContext) - } - - newContexts := map[string]*Context{} - newContexts[config.CurrentContext] = currContext - - newClusters := map[string]*Cluster{} - if len(currContext.Cluster) > 0 { - if _, exists := config.Clusters[currContext.Cluster]; !exists { - return fmt.Errorf("cannot locate cluster %v", currContext.Cluster) - } - - newClusters[currContext.Cluster] = config.Clusters[currContext.Cluster] - } - - newAuthInfos := map[string]*AuthInfo{} - if len(currContext.AuthInfo) > 0 { - if _, exists := config.AuthInfos[currContext.AuthInfo]; !exists { - return fmt.Errorf("cannot locate user %v", currContext.AuthInfo) - } - - newAuthInfos[currContext.AuthInfo] = config.AuthInfos[currContext.AuthInfo] - } - - config.AuthInfos = newAuthInfos - config.Clusters = newClusters - config.Contexts = newContexts - - return nil -} - -var ( - redactedBytes []byte - dataOmittedBytes []byte -) - -// Flatten redacts raw data entries from the config object for a human-readable view. -func ShortenConfig(config *Config) { - // trick json encoder into printing a human readable string in the raw data - // by base64 decoding what we want to print. Relies on implementation of - // http://golang.org/pkg/encoding/json/#Marshal using base64 to encode []byte - for key, authInfo := range config.AuthInfos { - if len(authInfo.ClientKeyData) > 0 { - authInfo.ClientKeyData = redactedBytes - } - if len(authInfo.ClientCertificateData) > 0 { - authInfo.ClientCertificateData = redactedBytes - } - config.AuthInfos[key] = authInfo - } - for key, cluster := range config.Clusters { - if len(cluster.CertificateAuthorityData) > 0 { - cluster.CertificateAuthorityData = dataOmittedBytes - } - config.Clusters[key] = cluster - } -} - -// Flatten changes the config object into a self contained config (useful for making secrets) -func FlattenConfig(config *Config) error { - for key, authInfo := range config.AuthInfos { - baseDir, err := MakeAbs(path.Dir(authInfo.LocationOfOrigin), "") - if err != nil { - return err - } - - if err := FlattenContent(&authInfo.ClientCertificate, &authInfo.ClientCertificateData, baseDir); err != nil { - return err - } - if err := FlattenContent(&authInfo.ClientKey, &authInfo.ClientKeyData, baseDir); err != nil { - return err - } - - config.AuthInfos[key] = authInfo - } - for key, cluster := range config.Clusters { - baseDir, err := MakeAbs(path.Dir(cluster.LocationOfOrigin), "") - if err != nil { - return err - } - - if err := FlattenContent(&cluster.CertificateAuthority, &cluster.CertificateAuthorityData, baseDir); err != nil { - return err - } - - config.Clusters[key] = cluster - } - - return nil -} - -func FlattenContent(path *string, contents *[]byte, baseDir string) error { - if len(*path) != 0 { - if len(*contents) > 0 { - return errors.New("cannot have values for both path and contents") - } - - var err error - absPath := ResolvePath(*path, baseDir) - *contents, err = ioutil.ReadFile(absPath) - if err != nil { - return err - } - - *path = "" - } - - return nil -} - -// ResolvePath returns the path as an absolute paths, relative to the given base directory -func ResolvePath(path string, base string) string { - // Don't resolve empty paths - if len(path) > 0 { - // Don't resolve absolute paths - if !filepath.IsAbs(path) { - return filepath.Join(base, path) - } - } - - return path -} - -func MakeAbs(path, base string) (string, error) { - if filepath.IsAbs(path) { - return path, nil - } - if len(base) == 0 { - cwd, err := os.Getwd() - if err != nil { - return "", err - } - base = cwd - } - return filepath.Join(base, path), nil -} diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/register.go b/vendor/k8s.io/client-go/tools/clientcmd/api/register.go deleted file mode 100644 index 2eec3881c..000000000 --- a/vendor/k8s.io/client-go/tools/clientcmd/api/register.go +++ /dev/null @@ -1,46 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package api - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// SchemeGroupVersion is group version used to register these objects -// TODO this should be in the "kubeconfig" group -var SchemeGroupVersion = schema.GroupVersion{Group: "", Version: runtime.APIVersionInternal} - -var ( - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - AddToScheme = SchemeBuilder.AddToScheme -) - -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &Config{}, - ) - return nil -} - -func (obj *Config) GetObjectKind() schema.ObjectKind { return obj } -func (obj *Config) SetGroupVersionKind(gvk schema.GroupVersionKind) { - obj.APIVersion, obj.Kind = gvk.ToAPIVersionAndKind() -} -func (obj *Config) GroupVersionKind() schema.GroupVersionKind { - return schema.FromAPIVersionAndKind(obj.APIVersion, obj.Kind) -} diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go b/vendor/k8s.io/client-go/tools/clientcmd/api/types.go deleted file mode 100644 index 990a440c6..000000000 --- a/vendor/k8s.io/client-go/tools/clientcmd/api/types.go +++ /dev/null @@ -1,262 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package api - -import ( - "fmt" - - "k8s.io/apimachinery/pkg/runtime" -) - -// Where possible, json tags match the cli argument names. -// Top level config objects and all values required for proper functioning are not "omitempty". Any truly optional piece of config is allowed to be omitted. - -// Config holds the information needed to build connect to remote kubernetes clusters as a given user -// IMPORTANT if you add fields to this struct, please update IsConfigEmpty() -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -type Config struct { - // Legacy field from pkg/api/types.go TypeMeta. - // TODO(jlowdermilk): remove this after eliminating downstream dependencies. - // +optional - Kind string `json:"kind,omitempty"` - // Legacy field from pkg/api/types.go TypeMeta. - // TODO(jlowdermilk): remove this after eliminating downstream dependencies. - // +optional - APIVersion string `json:"apiVersion,omitempty"` - // Preferences holds general information to be use for cli interactions - Preferences Preferences `json:"preferences"` - // Clusters is a map of referencable names to cluster configs - Clusters map[string]*Cluster `json:"clusters"` - // AuthInfos is a map of referencable names to user configs - AuthInfos map[string]*AuthInfo `json:"users"` - // Contexts is a map of referencable names to context configs - Contexts map[string]*Context `json:"contexts"` - // CurrentContext is the name of the context that you would like to use by default - CurrentContext string `json:"current-context"` - // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields - // +optional - Extensions map[string]runtime.Object `json:"extensions,omitempty"` -} - -// IMPORTANT if you add fields to this struct, please update IsConfigEmpty() -type Preferences struct { - // +optional - Colors bool `json:"colors,omitempty"` - // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields - // +optional - Extensions map[string]runtime.Object `json:"extensions,omitempty"` -} - -// Cluster contains information about how to communicate with a kubernetes cluster -type Cluster struct { - // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized. - LocationOfOrigin string - // Server is the address of the kubernetes cluster (https://hostname:port). - Server string `json:"server"` - // InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure. - // +optional - InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify,omitempty"` - // CertificateAuthority is the path to a cert file for the certificate authority. - // +optional - CertificateAuthority string `json:"certificate-authority,omitempty"` - // CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority - // +optional - CertificateAuthorityData []byte `json:"certificate-authority-data,omitempty"` - // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields - // +optional - Extensions map[string]runtime.Object `json:"extensions,omitempty"` -} - -// AuthInfo contains information that describes identity information. This is use to tell the kubernetes cluster who you are. -type AuthInfo struct { - // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized. - LocationOfOrigin string - // ClientCertificate is the path to a client cert file for TLS. - // +optional - ClientCertificate string `json:"client-certificate,omitempty"` - // ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate - // +optional - ClientCertificateData []byte `json:"client-certificate-data,omitempty"` - // ClientKey is the path to a client key file for TLS. - // +optional - ClientKey string `json:"client-key,omitempty"` - // ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey - // +optional - ClientKeyData []byte `json:"client-key-data,omitempty"` - // Token is the bearer token for authentication to the kubernetes cluster. - // +optional - Token string `json:"token,omitempty"` - // TokenFile is a pointer to a file that contains a bearer token (as described above). If both Token and TokenFile are present, Token takes precedence. - // +optional - TokenFile string `json:"tokenFile,omitempty"` - // Impersonate is the username to act-as. - // +optional - Impersonate string `json:"act-as,omitempty"` - // ImpersonateGroups is the groups to imperonate. - // +optional - ImpersonateGroups []string `json:"act-as-groups,omitempty"` - // ImpersonateUserExtra contains additional information for impersonated user. - // +optional - ImpersonateUserExtra map[string][]string `json:"act-as-user-extra,omitempty"` - // Username is the username for basic authentication to the kubernetes cluster. - // +optional - Username string `json:"username,omitempty"` - // Password is the password for basic authentication to the kubernetes cluster. - // +optional - Password string `json:"password,omitempty"` - // AuthProvider specifies a custom authentication plugin for the kubernetes cluster. - // +optional - AuthProvider *AuthProviderConfig `json:"auth-provider,omitempty"` - // Exec specifies a custom exec-based authentication plugin for the kubernetes cluster. - // +optional - Exec *ExecConfig `json:"exec,omitempty"` - // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields - // +optional - Extensions map[string]runtime.Object `json:"extensions,omitempty"` -} - -// Context is a tuple of references to a cluster (how do I communicate with a kubernetes cluster), a user (how do I identify myself), and a namespace (what subset of resources do I want to work with) -type Context struct { - // LocationOfOrigin indicates where this object came from. It is used for round tripping config post-merge, but never serialized. - LocationOfOrigin string - // Cluster is the name of the cluster for this context - Cluster string `json:"cluster"` - // AuthInfo is the name of the authInfo for this context - AuthInfo string `json:"user"` - // Namespace is the default namespace to use on unspecified requests - // +optional - Namespace string `json:"namespace,omitempty"` - // Extensions holds additional information. This is useful for extenders so that reads and writes don't clobber unknown fields - // +optional - Extensions map[string]runtime.Object `json:"extensions,omitempty"` -} - -// AuthProviderConfig holds the configuration for a specified auth provider. -type AuthProviderConfig struct { - Name string `json:"name"` - // +optional - Config map[string]string `json:"config,omitempty"` -} - -var _ fmt.Stringer = new(AuthProviderConfig) -var _ fmt.GoStringer = new(AuthProviderConfig) - -// GoString implements fmt.GoStringer and sanitizes sensitive fields of -// AuthProviderConfig to prevent accidental leaking via logs. -func (c AuthProviderConfig) GoString() string { - return c.String() -} - -// String implements fmt.Stringer and sanitizes sensitive fields of -// AuthProviderConfig to prevent accidental leaking via logs. -func (c AuthProviderConfig) String() string { - cfg := "<nil>" - if c.Config != nil { - cfg = "--- REDACTED ---" - } - return fmt.Sprintf("api.AuthProviderConfig{Name: %q, Config: map[string]string{%s}}", c.Name, cfg) -} - -// ExecConfig specifies a command to provide client credentials. The command is exec'd -// and outputs structured stdout holding credentials. -// -// See the client.authentiction.k8s.io API group for specifications of the exact input -// and output format -type ExecConfig struct { - // Command to execute. - Command string `json:"command"` - // Arguments to pass to the command when executing it. - // +optional - Args []string `json:"args"` - // Env defines additional environment variables to expose to the process. These - // are unioned with the host's environment, as well as variables client-go uses - // to pass argument to the plugin. - // +optional - Env []ExecEnvVar `json:"env"` - - // Preferred input version of the ExecInfo. The returned ExecCredentials MUST use - // the same encoding version as the input. - APIVersion string `json:"apiVersion,omitempty"` -} - -var _ fmt.Stringer = new(ExecConfig) -var _ fmt.GoStringer = new(ExecConfig) - -// GoString implements fmt.GoStringer and sanitizes sensitive fields of -// ExecConfig to prevent accidental leaking via logs. -func (c ExecConfig) GoString() string { - return c.String() -} - -// String implements fmt.Stringer and sanitizes sensitive fields of ExecConfig -// to prevent accidental leaking via logs. -func (c ExecConfig) String() string { - var args []string - if len(c.Args) > 0 { - args = []string{"--- REDACTED ---"} - } - env := "[]ExecEnvVar(nil)" - if len(c.Env) > 0 { - env = "[]ExecEnvVar{--- REDACTED ---}" - } - return fmt.Sprintf("api.AuthProviderConfig{Command: %q, Args: %#v, Env: %s, APIVersion: %q}", c.Command, args, env, c.APIVersion) -} - -// ExecEnvVar is used for setting environment variables when executing an exec-based -// credential plugin. -type ExecEnvVar struct { - Name string `json:"name"` - Value string `json:"value"` -} - -// NewConfig is a convenience function that returns a new Config object with non-nil maps -func NewConfig() *Config { - return &Config{ - Preferences: *NewPreferences(), - Clusters: make(map[string]*Cluster), - AuthInfos: make(map[string]*AuthInfo), - Contexts: make(map[string]*Context), - Extensions: make(map[string]runtime.Object), - } -} - -// NewContext is a convenience function that returns a new Context -// object with non-nil maps -func NewContext() *Context { - return &Context{Extensions: make(map[string]runtime.Object)} -} - -// NewCluster is a convenience function that returns a new Cluster -// object with non-nil maps -func NewCluster() *Cluster { - return &Cluster{Extensions: make(map[string]runtime.Object)} -} - -// NewAuthInfo is a convenience function that returns a new AuthInfo -// object with non-nil maps -func NewAuthInfo() *AuthInfo { - return &AuthInfo{ - Extensions: make(map[string]runtime.Object), - ImpersonateUserExtra: make(map[string][]string), - } -} - -// NewPreferences is a convenience function that returns a new -// Preferences object with non-nil maps -func NewPreferences() *Preferences { - return &Preferences{Extensions: make(map[string]runtime.Object)} -} diff --git a/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go b/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go deleted file mode 100644 index 3240a7a98..000000000 --- a/vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go +++ /dev/null @@ -1,324 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package api - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AuthInfo) DeepCopyInto(out *AuthInfo) { - *out = *in - if in.ClientCertificateData != nil { - in, out := &in.ClientCertificateData, &out.ClientCertificateData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.ClientKeyData != nil { - in, out := &in.ClientKeyData, &out.ClientKeyData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.ImpersonateGroups != nil { - in, out := &in.ImpersonateGroups, &out.ImpersonateGroups - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ImpersonateUserExtra != nil { - in, out := &in.ImpersonateUserExtra, &out.ImpersonateUserExtra - *out = make(map[string][]string, len(*in)) - for key, val := range *in { - var outVal []string - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = make([]string, len(*in)) - copy(*out, *in) - } - (*out)[key] = outVal - } - } - if in.AuthProvider != nil { - in, out := &in.AuthProvider, &out.AuthProvider - *out = new(AuthProviderConfig) - (*in).DeepCopyInto(*out) - } - if in.Exec != nil { - in, out := &in.Exec, &out.Exec - *out = new(ExecConfig) - (*in).DeepCopyInto(*out) - } - if in.Extensions != nil { - in, out := &in.Extensions, &out.Extensions - *out = make(map[string]runtime.Object, len(*in)) - for key, val := range *in { - if val == nil { - (*out)[key] = nil - } else { - (*out)[key] = val.DeepCopyObject() - } - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthInfo. -func (in *AuthInfo) DeepCopy() *AuthInfo { - if in == nil { - return nil - } - out := new(AuthInfo) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AuthProviderConfig) DeepCopyInto(out *AuthProviderConfig) { - *out = *in - if in.Config != nil { - in, out := &in.Config, &out.Config - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthProviderConfig. -func (in *AuthProviderConfig) DeepCopy() *AuthProviderConfig { - if in == nil { - return nil - } - out := new(AuthProviderConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Cluster) DeepCopyInto(out *Cluster) { - *out = *in - if in.CertificateAuthorityData != nil { - in, out := &in.CertificateAuthorityData, &out.CertificateAuthorityData - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.Extensions != nil { - in, out := &in.Extensions, &out.Extensions - *out = make(map[string]runtime.Object, len(*in)) - for key, val := range *in { - if val == nil { - (*out)[key] = nil - } else { - (*out)[key] = val.DeepCopyObject() - } - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cluster. -func (in *Cluster) DeepCopy() *Cluster { - if in == nil { - return nil - } - out := new(Cluster) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Config) DeepCopyInto(out *Config) { - *out = *in - in.Preferences.DeepCopyInto(&out.Preferences) - if in.Clusters != nil { - in, out := &in.Clusters, &out.Clusters - *out = make(map[string]*Cluster, len(*in)) - for key, val := range *in { - var outVal *Cluster - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = new(Cluster) - (*in).DeepCopyInto(*out) - } - (*out)[key] = outVal - } - } - if in.AuthInfos != nil { - in, out := &in.AuthInfos, &out.AuthInfos - *out = make(map[string]*AuthInfo, len(*in)) - for key, val := range *in { - var outVal *AuthInfo - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = new(AuthInfo) - (*in).DeepCopyInto(*out) - } - (*out)[key] = outVal - } - } - if in.Contexts != nil { - in, out := &in.Contexts, &out.Contexts - *out = make(map[string]*Context, len(*in)) - for key, val := range *in { - var outVal *Context - if val == nil { - (*out)[key] = nil - } else { - in, out := &val, &outVal - *out = new(Context) - (*in).DeepCopyInto(*out) - } - (*out)[key] = outVal - } - } - if in.Extensions != nil { - in, out := &in.Extensions, &out.Extensions - *out = make(map[string]runtime.Object, len(*in)) - for key, val := range *in { - if val == nil { - (*out)[key] = nil - } else { - (*out)[key] = val.DeepCopyObject() - } - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Config. -func (in *Config) DeepCopy() *Config { - if in == nil { - return nil - } - out := new(Config) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Config) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Context) DeepCopyInto(out *Context) { - *out = *in - if in.Extensions != nil { - in, out := &in.Extensions, &out.Extensions - *out = make(map[string]runtime.Object, len(*in)) - for key, val := range *in { - if val == nil { - (*out)[key] = nil - } else { - (*out)[key] = val.DeepCopyObject() - } - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Context. -func (in *Context) DeepCopy() *Context { - if in == nil { - return nil - } - out := new(Context) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecConfig) DeepCopyInto(out *ExecConfig) { - *out = *in - if in.Args != nil { - in, out := &in.Args, &out.Args - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Env != nil { - in, out := &in.Env, &out.Env - *out = make([]ExecEnvVar, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecConfig. -func (in *ExecConfig) DeepCopy() *ExecConfig { - if in == nil { - return nil - } - out := new(ExecConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ExecEnvVar) DeepCopyInto(out *ExecEnvVar) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecEnvVar. -func (in *ExecEnvVar) DeepCopy() *ExecEnvVar { - if in == nil { - return nil - } - out := new(ExecEnvVar) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Preferences) DeepCopyInto(out *Preferences) { - *out = *in - if in.Extensions != nil { - in, out := &in.Extensions, &out.Extensions - *out = make(map[string]runtime.Object, len(*in)) - for key, val := range *in { - if val == nil { - (*out)[key] = nil - } else { - (*out)[key] = val.DeepCopyObject() - } - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Preferences. -func (in *Preferences) DeepCopy() *Preferences { - if in == nil { - return nil - } - out := new(Preferences) - in.DeepCopyInto(out) - return out -} diff --git a/vendor/k8s.io/client-go/tools/metrics/OWNERS b/vendor/k8s.io/client-go/tools/metrics/OWNERS deleted file mode 100644 index f150be536..000000000 --- a/vendor/k8s.io/client-go/tools/metrics/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: -- wojtek-t -- eparis -- krousey -- jayunit100 -- fgrzadkowski -- tmrts diff --git a/vendor/k8s.io/client-go/tools/metrics/metrics.go b/vendor/k8s.io/client-go/tools/metrics/metrics.go deleted file mode 100644 index a01306c65..000000000 --- a/vendor/k8s.io/client-go/tools/metrics/metrics.go +++ /dev/null @@ -1,61 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package metrics provides abstractions for registering which metrics -// to record. -package metrics - -import ( - "net/url" - "sync" - "time" -) - -var registerMetrics sync.Once - -// LatencyMetric observes client latency partitioned by verb and url. -type LatencyMetric interface { - Observe(verb string, u url.URL, latency time.Duration) -} - -// ResultMetric counts response codes partitioned by method and host. -type ResultMetric interface { - Increment(code string, method string, host string) -} - -var ( - // RequestLatency is the latency metric that rest clients will update. - RequestLatency LatencyMetric = noopLatency{} - // RequestResult is the result metric that rest clients will update. - RequestResult ResultMetric = noopResult{} -) - -// Register registers metrics for the rest client to use. This can -// only be called once. -func Register(lm LatencyMetric, rm ResultMetric) { - registerMetrics.Do(func() { - RequestLatency = lm - RequestResult = rm - }) -} - -type noopLatency struct{} - -func (noopLatency) Observe(string, url.URL, time.Duration) {} - -type noopResult struct{} - -func (noopResult) Increment(string, string, string) {} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/doc.go b/vendor/k8s.io/client-go/tools/remotecommand/doc.go deleted file mode 100644 index ac06a9cd3..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/doc.go +++ /dev/null @@ -1,20 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package remotecommand adds support for executing commands in containers, -// with support for separate stdin, stdout, and stderr streams, as well as -// TTY. -package remotecommand // import "k8s.io/client-go/tools/remotecommand" diff --git a/vendor/k8s.io/client-go/tools/remotecommand/errorstream.go b/vendor/k8s.io/client-go/tools/remotecommand/errorstream.go deleted file mode 100644 index 360276b65..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/errorstream.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "fmt" - "io" - "io/ioutil" - - "k8s.io/apimachinery/pkg/util/runtime" -) - -// errorStreamDecoder interprets the data on the error channel and creates a go error object from it. -type errorStreamDecoder interface { - decode(message []byte) error -} - -// watchErrorStream watches the errorStream for remote command error data, -// decodes it with the given errorStreamDecoder, sends the decoded error (or nil if the remote -// command exited successfully) to the returned error channel, and closes it. -// This function returns immediately. -func watchErrorStream(errorStream io.Reader, d errorStreamDecoder) chan error { - errorChan := make(chan error) - - go func() { - defer runtime.HandleCrash() - - message, err := ioutil.ReadAll(errorStream) - switch { - case err != nil && err != io.EOF: - errorChan <- fmt.Errorf("error reading from error stream: %s", err) - case len(message) > 0: - errorChan <- d.decode(message) - default: - errorChan <- nil - } - close(errorChan) - }() - - return errorChan -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/reader.go b/vendor/k8s.io/client-go/tools/remotecommand/reader.go deleted file mode 100644 index d1f1be34c..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/reader.go +++ /dev/null @@ -1,41 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "io" -) - -// readerWrapper delegates to an io.Reader so that only the io.Reader interface is implemented, -// to keep io.Copy from doing things we don't want when copying from the reader to the data stream. -// -// If the Stdin io.Reader provided to remotecommand implements a WriteTo function (like bytes.Buffer does[1]), -// io.Copy calls that method[2] to attempt to write the entire buffer to the stream in one call. -// That results in an oversized call to spdystream.Stream#Write [3], -// which results in a single oversized data frame[4] that is too large. -// -// [1] https://golang.org/pkg/bytes/#Buffer.WriteTo -// [2] https://golang.org/pkg/io/#Copy -// [3] https://github.com/kubernetes/kubernetes/blob/90295640ef87db9daa0144c5617afe889e7992b2/vendor/github.com/docker/spdystream/stream.go#L66-L73 -// [4] https://github.com/kubernetes/kubernetes/blob/90295640ef87db9daa0144c5617afe889e7992b2/vendor/github.com/docker/spdystream/spdy/write.go#L302-L304 -type readerWrapper struct { - reader io.Reader -} - -func (r readerWrapper) Read(p []byte) (int, error) { - return r.reader.Read(p) -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go b/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go deleted file mode 100644 index 892d8d105..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go +++ /dev/null @@ -1,142 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "fmt" - "io" - "net/http" - "net/url" - - "k8s.io/klog" - - "k8s.io/apimachinery/pkg/util/httpstream" - "k8s.io/apimachinery/pkg/util/remotecommand" - restclient "k8s.io/client-go/rest" - spdy "k8s.io/client-go/transport/spdy" -) - -// StreamOptions holds information pertaining to the current streaming session: -// input/output streams, if the client is requesting a TTY, and a terminal size queue to -// support terminal resizing. -type StreamOptions struct { - Stdin io.Reader - Stdout io.Writer - Stderr io.Writer - Tty bool - TerminalSizeQueue TerminalSizeQueue -} - -// Executor is an interface for transporting shell-style streams. -type Executor interface { - // Stream initiates the transport of the standard shell streams. It will transport any - // non-nil stream to a remote system, and return an error if a problem occurs. If tty - // is set, the stderr stream is not used (raw TTY manages stdout and stderr over the - // stdout stream). - Stream(options StreamOptions) error -} - -type streamCreator interface { - CreateStream(headers http.Header) (httpstream.Stream, error) -} - -type streamProtocolHandler interface { - stream(conn streamCreator) error -} - -// streamExecutor handles transporting standard shell streams over an httpstream connection. -type streamExecutor struct { - upgrader spdy.Upgrader - transport http.RoundTripper - - method string - url *url.URL - protocols []string -} - -// NewSPDYExecutor connects to the provided server and upgrades the connection to -// multiplexed bidirectional streams. -func NewSPDYExecutor(config *restclient.Config, method string, url *url.URL) (Executor, error) { - wrapper, upgradeRoundTripper, err := spdy.RoundTripperFor(config) - if err != nil { - return nil, err - } - return NewSPDYExecutorForTransports(wrapper, upgradeRoundTripper, method, url) -} - -// NewSPDYExecutorForTransports connects to the provided server using the given transport, -// upgrades the response using the given upgrader to multiplexed bidirectional streams. -func NewSPDYExecutorForTransports(transport http.RoundTripper, upgrader spdy.Upgrader, method string, url *url.URL) (Executor, error) { - return NewSPDYExecutorForProtocols( - transport, upgrader, method, url, - remotecommand.StreamProtocolV4Name, - remotecommand.StreamProtocolV3Name, - remotecommand.StreamProtocolV2Name, - remotecommand.StreamProtocolV1Name, - ) -} - -// NewSPDYExecutorForProtocols connects to the provided server and upgrades the connection to -// multiplexed bidirectional streams using only the provided protocols. Exposed for testing, most -// callers should use NewSPDYExecutor or NewSPDYExecutorForTransports. -func NewSPDYExecutorForProtocols(transport http.RoundTripper, upgrader spdy.Upgrader, method string, url *url.URL, protocols ...string) (Executor, error) { - return &streamExecutor{ - upgrader: upgrader, - transport: transport, - method: method, - url: url, - protocols: protocols, - }, nil -} - -// Stream opens a protocol streamer to the server and streams until a client closes -// the connection or the server disconnects. -func (e *streamExecutor) Stream(options StreamOptions) error { - req, err := http.NewRequest(e.method, e.url.String(), nil) - if err != nil { - return fmt.Errorf("error creating request: %v", err) - } - - conn, protocol, err := spdy.Negotiate( - e.upgrader, - &http.Client{Transport: e.transport}, - req, - e.protocols..., - ) - if err != nil { - return err - } - defer conn.Close() - - var streamer streamProtocolHandler - - switch protocol { - case remotecommand.StreamProtocolV4Name: - streamer = newStreamProtocolV4(options) - case remotecommand.StreamProtocolV3Name: - streamer = newStreamProtocolV3(options) - case remotecommand.StreamProtocolV2Name: - streamer = newStreamProtocolV2(options) - case "": - klog.V(4).Infof("The server did not negotiate a streaming protocol version. Falling back to %s", remotecommand.StreamProtocolV1Name) - fallthrough - case remotecommand.StreamProtocolV1Name: - streamer = newStreamProtocolV1(options) - } - - return streamer.stream(conn) -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/resize.go b/vendor/k8s.io/client-go/tools/remotecommand/resize.go deleted file mode 100644 index c838f21ba..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/resize.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -// TerminalSize and TerminalSizeQueue was a part of k8s.io/kubernetes/pkg/util/term -// and were moved in order to decouple client from other term dependencies - -// TerminalSize represents the width and height of a terminal. -type TerminalSize struct { - Width uint16 - Height uint16 -} - -// TerminalSizeQueue is capable of returning terminal resize events as they occur. -type TerminalSizeQueue interface { - // Next returns the new terminal size after the terminal has been resized. It returns nil when - // monitoring has been stopped. - Next() *TerminalSize -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v1.go b/vendor/k8s.io/client-go/tools/remotecommand/v1.go deleted file mode 100644 index 4120f1f5f..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/v1.go +++ /dev/null @@ -1,160 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "fmt" - "io" - "io/ioutil" - "net/http" - - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/httpstream" - "k8s.io/klog" -) - -// streamProtocolV1 implements the first version of the streaming exec & attach -// protocol. This version has some bugs, such as not being able to detect when -// non-interactive stdin data has ended. See http://issues.k8s.io/13394 and -// http://issues.k8s.io/13395 for more details. -type streamProtocolV1 struct { - StreamOptions - - errorStream httpstream.Stream - remoteStdin httpstream.Stream - remoteStdout httpstream.Stream - remoteStderr httpstream.Stream -} - -var _ streamProtocolHandler = &streamProtocolV1{} - -func newStreamProtocolV1(options StreamOptions) streamProtocolHandler { - return &streamProtocolV1{ - StreamOptions: options, - } -} - -func (p *streamProtocolV1) stream(conn streamCreator) error { - doneChan := make(chan struct{}, 2) - errorChan := make(chan error) - - cp := func(s string, dst io.Writer, src io.Reader) { - klog.V(6).Infof("Copying %s", s) - defer klog.V(6).Infof("Done copying %s", s) - if _, err := io.Copy(dst, src); err != nil && err != io.EOF { - klog.Errorf("Error copying %s: %v", s, err) - } - if s == v1.StreamTypeStdout || s == v1.StreamTypeStderr { - doneChan <- struct{}{} - } - } - - // set up all the streams first - var err error - headers := http.Header{} - headers.Set(v1.StreamType, v1.StreamTypeError) - p.errorStream, err = conn.CreateStream(headers) - if err != nil { - return err - } - defer p.errorStream.Reset() - - // Create all the streams first, then start the copy goroutines. The server doesn't start its copy - // goroutines until it's received all of the streams. If the client creates the stdin stream and - // immediately begins copying stdin data to the server, it's possible to overwhelm and wedge the - // spdy frame handler in the server so that it is full of unprocessed frames. The frames aren't - // getting processed because the server hasn't started its copying, and it won't do that until it - // gets all the streams. By creating all the streams first, we ensure that the server is ready to - // process data before the client starts sending any. See https://issues.k8s.io/16373 for more info. - if p.Stdin != nil { - headers.Set(v1.StreamType, v1.StreamTypeStdin) - p.remoteStdin, err = conn.CreateStream(headers) - if err != nil { - return err - } - defer p.remoteStdin.Reset() - } - - if p.Stdout != nil { - headers.Set(v1.StreamType, v1.StreamTypeStdout) - p.remoteStdout, err = conn.CreateStream(headers) - if err != nil { - return err - } - defer p.remoteStdout.Reset() - } - - if p.Stderr != nil && !p.Tty { - headers.Set(v1.StreamType, v1.StreamTypeStderr) - p.remoteStderr, err = conn.CreateStream(headers) - if err != nil { - return err - } - defer p.remoteStderr.Reset() - } - - // now that all the streams have been created, proceed with reading & copying - - // always read from errorStream - go func() { - message, err := ioutil.ReadAll(p.errorStream) - if err != nil && err != io.EOF { - errorChan <- fmt.Errorf("Error reading from error stream: %s", err) - return - } - if len(message) > 0 { - errorChan <- fmt.Errorf("Error executing remote command: %s", message) - return - } - }() - - if p.Stdin != nil { - // TODO this goroutine will never exit cleanly (the io.Copy never unblocks) - // because stdin is not closed until the process exits. If we try to call - // stdin.Close(), it returns no error but doesn't unblock the copy. It will - // exit when the process exits, instead. - go cp(v1.StreamTypeStdin, p.remoteStdin, readerWrapper{p.Stdin}) - } - - waitCount := 0 - completedStreams := 0 - - if p.Stdout != nil { - waitCount++ - go cp(v1.StreamTypeStdout, p.Stdout, p.remoteStdout) - } - - if p.Stderr != nil && !p.Tty { - waitCount++ - go cp(v1.StreamTypeStderr, p.Stderr, p.remoteStderr) - } - -Loop: - for { - select { - case <-doneChan: - completedStreams++ - if completedStreams == waitCount { - break Loop - } - case err := <-errorChan: - return err - } - } - - return nil -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v2.go b/vendor/k8s.io/client-go/tools/remotecommand/v2.go deleted file mode 100644 index 4b0001502..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/v2.go +++ /dev/null @@ -1,195 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "fmt" - "io" - "io/ioutil" - "net/http" - "sync" - - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/runtime" -) - -// streamProtocolV2 implements version 2 of the streaming protocol for attach -// and exec. The original streaming protocol was metav1. As a result, this -// version is referred to as version 2, even though it is the first actual -// numbered version. -type streamProtocolV2 struct { - StreamOptions - - errorStream io.Reader - remoteStdin io.ReadWriteCloser - remoteStdout io.Reader - remoteStderr io.Reader -} - -var _ streamProtocolHandler = &streamProtocolV2{} - -func newStreamProtocolV2(options StreamOptions) streamProtocolHandler { - return &streamProtocolV2{ - StreamOptions: options, - } -} - -func (p *streamProtocolV2) createStreams(conn streamCreator) error { - var err error - headers := http.Header{} - - // set up error stream - headers.Set(v1.StreamType, v1.StreamTypeError) - p.errorStream, err = conn.CreateStream(headers) - if err != nil { - return err - } - - // set up stdin stream - if p.Stdin != nil { - headers.Set(v1.StreamType, v1.StreamTypeStdin) - p.remoteStdin, err = conn.CreateStream(headers) - if err != nil { - return err - } - } - - // set up stdout stream - if p.Stdout != nil { - headers.Set(v1.StreamType, v1.StreamTypeStdout) - p.remoteStdout, err = conn.CreateStream(headers) - if err != nil { - return err - } - } - - // set up stderr stream - if p.Stderr != nil && !p.Tty { - headers.Set(v1.StreamType, v1.StreamTypeStderr) - p.remoteStderr, err = conn.CreateStream(headers) - if err != nil { - return err - } - } - return nil -} - -func (p *streamProtocolV2) copyStdin() { - if p.Stdin != nil { - var once sync.Once - - // copy from client's stdin to container's stdin - go func() { - defer runtime.HandleCrash() - - // if p.stdin is noninteractive, p.g. `echo abc | kubectl exec -i <pod> -- cat`, make sure - // we close remoteStdin as soon as the copy from p.stdin to remoteStdin finishes. Otherwise - // the executed command will remain running. - defer once.Do(func() { p.remoteStdin.Close() }) - - if _, err := io.Copy(p.remoteStdin, readerWrapper{p.Stdin}); err != nil { - runtime.HandleError(err) - } - }() - - // read from remoteStdin until the stream is closed. this is essential to - // be able to exit interactive sessions cleanly and not leak goroutines or - // hang the client's terminal. - // - // TODO we aren't using go-dockerclient any more; revisit this to determine if it's still - // required by engine-api. - // - // go-dockerclient's current hijack implementation - // (https://github.com/fsouza/go-dockerclient/blob/89f3d56d93788dfe85f864a44f85d9738fca0670/client.go#L564) - // waits for all three streams (stdin/stdout/stderr) to finish copying - // before returning. When hijack finishes copying stdout/stderr, it calls - // Close() on its side of remoteStdin, which allows this copy to complete. - // When that happens, we must Close() on our side of remoteStdin, to - // allow the copy in hijack to complete, and hijack to return. - go func() { - defer runtime.HandleCrash() - defer once.Do(func() { p.remoteStdin.Close() }) - - // this "copy" doesn't actually read anything - it's just here to wait for - // the server to close remoteStdin. - if _, err := io.Copy(ioutil.Discard, p.remoteStdin); err != nil { - runtime.HandleError(err) - } - }() - } -} - -func (p *streamProtocolV2) copyStdout(wg *sync.WaitGroup) { - if p.Stdout == nil { - return - } - - wg.Add(1) - go func() { - defer runtime.HandleCrash() - defer wg.Done() - - if _, err := io.Copy(p.Stdout, p.remoteStdout); err != nil { - runtime.HandleError(err) - } - }() -} - -func (p *streamProtocolV2) copyStderr(wg *sync.WaitGroup) { - if p.Stderr == nil || p.Tty { - return - } - - wg.Add(1) - go func() { - defer runtime.HandleCrash() - defer wg.Done() - - if _, err := io.Copy(p.Stderr, p.remoteStderr); err != nil { - runtime.HandleError(err) - } - }() -} - -func (p *streamProtocolV2) stream(conn streamCreator) error { - if err := p.createStreams(conn); err != nil { - return err - } - - // now that all the streams have been created, proceed with reading & copying - - errorChan := watchErrorStream(p.errorStream, &errorDecoderV2{}) - - p.copyStdin() - - var wg sync.WaitGroup - p.copyStdout(&wg) - p.copyStderr(&wg) - - // we're waiting for stdout/stderr to finish copying - wg.Wait() - - // waits for errorStream to finish reading with an error or nil - return <-errorChan -} - -// errorDecoderV2 interprets the error channel data as plain text. -type errorDecoderV2 struct{} - -func (d *errorDecoderV2) decode(message []byte) error { - return fmt.Errorf("error executing remote command: %s", message) -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v3.go b/vendor/k8s.io/client-go/tools/remotecommand/v3.go deleted file mode 100644 index 846dd24a5..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/v3.go +++ /dev/null @@ -1,111 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "encoding/json" - "io" - "net/http" - "sync" - - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/runtime" -) - -// streamProtocolV3 implements version 3 of the streaming protocol for attach -// and exec. This version adds support for resizing the container's terminal. -type streamProtocolV3 struct { - *streamProtocolV2 - - resizeStream io.Writer -} - -var _ streamProtocolHandler = &streamProtocolV3{} - -func newStreamProtocolV3(options StreamOptions) streamProtocolHandler { - return &streamProtocolV3{ - streamProtocolV2: newStreamProtocolV2(options).(*streamProtocolV2), - } -} - -func (p *streamProtocolV3) createStreams(conn streamCreator) error { - // set up the streams from v2 - if err := p.streamProtocolV2.createStreams(conn); err != nil { - return err - } - - // set up resize stream - if p.Tty { - headers := http.Header{} - headers.Set(v1.StreamType, v1.StreamTypeResize) - var err error - p.resizeStream, err = conn.CreateStream(headers) - if err != nil { - return err - } - } - - return nil -} - -func (p *streamProtocolV3) handleResizes() { - if p.resizeStream == nil || p.TerminalSizeQueue == nil { - return - } - go func() { - defer runtime.HandleCrash() - - encoder := json.NewEncoder(p.resizeStream) - for { - size := p.TerminalSizeQueue.Next() - if size == nil { - return - } - if err := encoder.Encode(&size); err != nil { - runtime.HandleError(err) - } - } - }() -} - -func (p *streamProtocolV3) stream(conn streamCreator) error { - if err := p.createStreams(conn); err != nil { - return err - } - - // now that all the streams have been created, proceed with reading & copying - - errorChan := watchErrorStream(p.errorStream, &errorDecoderV3{}) - - p.handleResizes() - - p.copyStdin() - - var wg sync.WaitGroup - p.copyStdout(&wg) - p.copyStderr(&wg) - - // we're waiting for stdout/stderr to finish copying - wg.Wait() - - // waits for errorStream to finish reading with an error or nil - return <-errorChan -} - -type errorDecoderV3 struct { - errorDecoderV2 -} diff --git a/vendor/k8s.io/client-go/tools/remotecommand/v4.go b/vendor/k8s.io/client-go/tools/remotecommand/v4.go deleted file mode 100644 index 69ca934a0..000000000 --- a/vendor/k8s.io/client-go/tools/remotecommand/v4.go +++ /dev/null @@ -1,119 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package remotecommand - -import ( - "encoding/json" - "errors" - "fmt" - "strconv" - "sync" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/remotecommand" - "k8s.io/client-go/util/exec" -) - -// streamProtocolV4 implements version 4 of the streaming protocol for attach -// and exec. This version adds support for exit codes on the error stream through -// the use of metav1.Status instead of plain text messages. -type streamProtocolV4 struct { - *streamProtocolV3 -} - -var _ streamProtocolHandler = &streamProtocolV4{} - -func newStreamProtocolV4(options StreamOptions) streamProtocolHandler { - return &streamProtocolV4{ - streamProtocolV3: newStreamProtocolV3(options).(*streamProtocolV3), - } -} - -func (p *streamProtocolV4) createStreams(conn streamCreator) error { - return p.streamProtocolV3.createStreams(conn) -} - -func (p *streamProtocolV4) handleResizes() { - p.streamProtocolV3.handleResizes() -} - -func (p *streamProtocolV4) stream(conn streamCreator) error { - if err := p.createStreams(conn); err != nil { - return err - } - - // now that all the streams have been created, proceed with reading & copying - - errorChan := watchErrorStream(p.errorStream, &errorDecoderV4{}) - - p.handleResizes() - - p.copyStdin() - - var wg sync.WaitGroup - p.copyStdout(&wg) - p.copyStderr(&wg) - - // we're waiting for stdout/stderr to finish copying - wg.Wait() - - // waits for errorStream to finish reading with an error or nil - return <-errorChan -} - -// errorDecoderV4 interprets the json-marshaled metav1.Status on the error channel -// and creates an exec.ExitError from it. -type errorDecoderV4 struct{} - -func (d *errorDecoderV4) decode(message []byte) error { - status := metav1.Status{} - err := json.Unmarshal(message, &status) - if err != nil { - return fmt.Errorf("error stream protocol error: %v in %q", err, string(message)) - } - switch status.Status { - case metav1.StatusSuccess: - return nil - case metav1.StatusFailure: - if status.Reason == remotecommand.NonZeroExitCodeReason { - if status.Details == nil { - return errors.New("error stream protocol error: details must be set") - } - for i := range status.Details.Causes { - c := &status.Details.Causes[i] - if c.Type != remotecommand.ExitCodeCauseType { - continue - } - - rc, err := strconv.ParseUint(c.Message, 10, 8) - if err != nil { - return fmt.Errorf("error stream protocol error: invalid exit code value %q", c.Message) - } - return exec.CodeExitError{ - Err: fmt.Errorf("command terminated with exit code %d", rc), - Code: int(rc), - } - } - - return fmt.Errorf("error stream protocol error: no %s cause given", remotecommand.ExitCodeCauseType) - } - default: - return errors.New("error stream protocol error: unknown error") - } - - return fmt.Errorf(status.Message) -} diff --git a/vendor/k8s.io/client-go/transport/OWNERS b/vendor/k8s.io/client-go/transport/OWNERS deleted file mode 100644 index a52176903..000000000 --- a/vendor/k8s.io/client-go/transport/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -reviewers: -- smarterclayton -- wojtek-t -- deads2k -- liggitt -- krousey -- caesarxuchao diff --git a/vendor/k8s.io/client-go/transport/cache.go b/vendor/k8s.io/client-go/transport/cache.go deleted file mode 100644 index 7cffe2a5f..000000000 --- a/vendor/k8s.io/client-go/transport/cache.go +++ /dev/null @@ -1,117 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package transport - -import ( - "fmt" - "net" - "net/http" - "sync" - "time" - - utilnet "k8s.io/apimachinery/pkg/util/net" -) - -// TlsTransportCache caches TLS http.RoundTrippers different configurations. The -// same RoundTripper will be returned for configs with identical TLS options If -// the config has no custom TLS options, http.DefaultTransport is returned. -type tlsTransportCache struct { - mu sync.Mutex - transports map[tlsCacheKey]*http.Transport -} - -const idleConnsPerHost = 25 - -var tlsCache = &tlsTransportCache{transports: make(map[tlsCacheKey]*http.Transport)} - -type tlsCacheKey struct { - insecure bool - caData string - certData string - keyData string - getCert string - serverName string - dial string -} - -func (t tlsCacheKey) String() string { - keyText := "<none>" - if len(t.keyData) > 0 { - keyText = "<redacted>" - } - return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, getCert: %s, serverName:%s, dial:%s", t.insecure, t.caData, t.certData, keyText, t.getCert, t.serverName, t.dial) -} - -func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) { - key, err := tlsConfigKey(config) - if err != nil { - return nil, err - } - - // Ensure we only create a single transport for the given TLS options - c.mu.Lock() - defer c.mu.Unlock() - - // See if we already have a custom transport for this config - if t, ok := c.transports[key]; ok { - return t, nil - } - - // Get the TLS options for this client config - tlsConfig, err := TLSConfigFor(config) - if err != nil { - return nil, err - } - // The options didn't require a custom TLS config - if tlsConfig == nil && config.Dial == nil { - return http.DefaultTransport, nil - } - - dial := config.Dial - if dial == nil { - dial = (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - }).DialContext - } - // Cache a single transport for these options - c.transports[key] = utilnet.SetTransportDefaults(&http.Transport{ - Proxy: http.ProxyFromEnvironment, - TLSHandshakeTimeout: 10 * time.Second, - TLSClientConfig: tlsConfig, - MaxIdleConnsPerHost: idleConnsPerHost, - DialContext: dial, - }) - return c.transports[key], nil -} - -// tlsConfigKey returns a unique key for tls.Config objects returned from TLSConfigFor -func tlsConfigKey(c *Config) (tlsCacheKey, error) { - // Make sure ca/key/cert content is loaded - if err := loadTLSFiles(c); err != nil { - return tlsCacheKey{}, err - } - return tlsCacheKey{ - insecure: c.TLS.Insecure, - caData: string(c.TLS.CAData), - certData: string(c.TLS.CertData), - keyData: string(c.TLS.KeyData), - getCert: fmt.Sprintf("%p", c.TLS.GetCert), - serverName: c.TLS.ServerName, - dial: fmt.Sprintf("%p", c.Dial), - }, nil -} diff --git a/vendor/k8s.io/client-go/transport/config.go b/vendor/k8s.io/client-go/transport/config.go deleted file mode 100644 index 5de0a2cb1..000000000 --- a/vendor/k8s.io/client-go/transport/config.go +++ /dev/null @@ -1,126 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package transport - -import ( - "context" - "crypto/tls" - "net" - "net/http" -) - -// Config holds various options for establishing a transport. -type Config struct { - // UserAgent is an optional field that specifies the caller of this - // request. - UserAgent string - - // The base TLS configuration for this transport. - TLS TLSConfig - - // Username and password for basic authentication - Username string - Password string - - // Bearer token for authentication - BearerToken string - - // Path to a file containing a BearerToken. - // If set, the contents are periodically read. - // The last successfully read value takes precedence over BearerToken. - BearerTokenFile string - - // Impersonate is the config that this Config will impersonate using - Impersonate ImpersonationConfig - - // Transport may be used for custom HTTP behavior. This attribute may - // not be specified with the TLS client certificate options. Use - // WrapTransport for most client level operations. - Transport http.RoundTripper - - // WrapTransport will be invoked for custom HTTP behavior after the - // underlying transport is initialized (either the transport created - // from TLSClientConfig, Transport, or http.DefaultTransport). The - // config may layer other RoundTrippers on top of the returned - // RoundTripper. - // - // A future release will change this field to an array. Use config.Wrap() - // instead of setting this value directly. - WrapTransport WrapperFunc - - // Dial specifies the dial function for creating unencrypted TCP connections. - Dial func(ctx context.Context, network, address string) (net.Conn, error) -} - -// ImpersonationConfig has all the available impersonation options -type ImpersonationConfig struct { - // UserName matches user.Info.GetName() - UserName string - // Groups matches user.Info.GetGroups() - Groups []string - // Extra matches user.Info.GetExtra() - Extra map[string][]string -} - -// HasCA returns whether the configuration has a certificate authority or not. -func (c *Config) HasCA() bool { - return len(c.TLS.CAData) > 0 || len(c.TLS.CAFile) > 0 -} - -// HasBasicAuth returns whether the configuration has basic authentication or not. -func (c *Config) HasBasicAuth() bool { - return len(c.Username) != 0 -} - -// HasTokenAuth returns whether the configuration has token authentication or not. -func (c *Config) HasTokenAuth() bool { - return len(c.BearerToken) != 0 || len(c.BearerTokenFile) != 0 -} - -// HasCertAuth returns whether the configuration has certificate authentication or not. -func (c *Config) HasCertAuth() bool { - return (len(c.TLS.CertData) != 0 || len(c.TLS.CertFile) != 0) && (len(c.TLS.KeyData) != 0 || len(c.TLS.KeyFile) != 0) -} - -// HasCertCallbacks returns whether the configuration has certificate callback or not. -func (c *Config) HasCertCallback() bool { - return c.TLS.GetCert != nil -} - -// Wrap adds a transport middleware function that will give the caller -// an opportunity to wrap the underlying http.RoundTripper prior to the -// first API call being made. The provided function is invoked after any -// existing transport wrappers are invoked. -func (c *Config) Wrap(fn WrapperFunc) { - c.WrapTransport = Wrappers(c.WrapTransport, fn) -} - -// TLSConfig holds the information needed to set up a TLS transport. -type TLSConfig struct { - CAFile string // Path of the PEM-encoded server trusted root certificates. - CertFile string // Path of the PEM-encoded client certificate. - KeyFile string // Path of the PEM-encoded client key. - - Insecure bool // Server should be accessed without verifying the certificate. For testing only. - ServerName string // Override for the server name passed to the server for SNI and used to verify certificates. - - CAData []byte // Bytes of the PEM-encoded server trusted root certificates. Supercedes CAFile. - CertData []byte // Bytes of the PEM-encoded client certificate. Supercedes CertFile. - KeyData []byte // Bytes of the PEM-encoded client key. Supercedes KeyFile. - - GetCert func() (*tls.Certificate, error) // Callback that returns a TLS client certificate. CertData, CertFile, KeyData and KeyFile supercede this field. -} diff --git a/vendor/k8s.io/client-go/transport/round_trippers.go b/vendor/k8s.io/client-go/transport/round_trippers.go deleted file mode 100644 index 117a9c8c4..000000000 --- a/vendor/k8s.io/client-go/transport/round_trippers.go +++ /dev/null @@ -1,564 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package transport - -import ( - "fmt" - "net/http" - "strings" - "time" - - "golang.org/x/oauth2" - "k8s.io/klog" - - utilnet "k8s.io/apimachinery/pkg/util/net" -) - -// HTTPWrappersForConfig wraps a round tripper with any relevant layered -// behavior from the config. Exposed to allow more clients that need HTTP-like -// behavior but then must hijack the underlying connection (like WebSocket or -// HTTP2 clients). Pure HTTP clients should use the RoundTripper returned from -// New. -func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTripper, error) { - if config.WrapTransport != nil { - rt = config.WrapTransport(rt) - } - - rt = DebugWrappers(rt) - - // Set authentication wrappers - switch { - case config.HasBasicAuth() && config.HasTokenAuth(): - return nil, fmt.Errorf("username/password or bearer token may be set, but not both") - case config.HasTokenAuth(): - var err error - rt, err = NewBearerAuthWithRefreshRoundTripper(config.BearerToken, config.BearerTokenFile, rt) - if err != nil { - return nil, err - } - case config.HasBasicAuth(): - rt = NewBasicAuthRoundTripper(config.Username, config.Password, rt) - } - if len(config.UserAgent) > 0 { - rt = NewUserAgentRoundTripper(config.UserAgent, rt) - } - if len(config.Impersonate.UserName) > 0 || - len(config.Impersonate.Groups) > 0 || - len(config.Impersonate.Extra) > 0 { - rt = NewImpersonatingRoundTripper(config.Impersonate, rt) - } - return rt, nil -} - -// DebugWrappers wraps a round tripper and logs based on the current log level. -func DebugWrappers(rt http.RoundTripper) http.RoundTripper { - switch { - case bool(klog.V(9)): - rt = newDebuggingRoundTripper(rt, debugCurlCommand, debugURLTiming, debugResponseHeaders) - case bool(klog.V(8)): - rt = newDebuggingRoundTripper(rt, debugJustURL, debugRequestHeaders, debugResponseStatus, debugResponseHeaders) - case bool(klog.V(7)): - rt = newDebuggingRoundTripper(rt, debugJustURL, debugRequestHeaders, debugResponseStatus) - case bool(klog.V(6)): - rt = newDebuggingRoundTripper(rt, debugURLTiming) - } - - return rt -} - -type requestCanceler interface { - CancelRequest(*http.Request) -} - -type authProxyRoundTripper struct { - username string - groups []string - extra map[string][]string - - rt http.RoundTripper -} - -// NewAuthProxyRoundTripper provides a roundtripper which will add auth proxy fields to requests for -// authentication terminating proxy cases -// assuming you pull the user from the context: -// username is the user.Info.GetName() of the user -// groups is the user.Info.GetGroups() of the user -// extra is the user.Info.GetExtra() of the user -// extra can contain any additional information that the authenticator -// thought was interesting, for example authorization scopes. -// In order to faithfully round-trip through an impersonation flow, these keys -// MUST be lowercase. -func NewAuthProxyRoundTripper(username string, groups []string, extra map[string][]string, rt http.RoundTripper) http.RoundTripper { - return &authProxyRoundTripper{ - username: username, - groups: groups, - extra: extra, - rt: rt, - } -} - -func (rt *authProxyRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - req = utilnet.CloneRequest(req) - SetAuthProxyHeaders(req, rt.username, rt.groups, rt.extra) - - return rt.rt.RoundTrip(req) -} - -// SetAuthProxyHeaders stomps the auth proxy header fields. It mutates its argument. -func SetAuthProxyHeaders(req *http.Request, username string, groups []string, extra map[string][]string) { - req.Header.Del("X-Remote-User") - req.Header.Del("X-Remote-Group") - for key := range req.Header { - if strings.HasPrefix(strings.ToLower(key), strings.ToLower("X-Remote-Extra-")) { - req.Header.Del(key) - } - } - - req.Header.Set("X-Remote-User", username) - for _, group := range groups { - req.Header.Add("X-Remote-Group", group) - } - for key, values := range extra { - for _, value := range values { - req.Header.Add("X-Remote-Extra-"+headerKeyEscape(key), value) - } - } -} - -func (rt *authProxyRoundTripper) CancelRequest(req *http.Request) { - if canceler, ok := rt.rt.(requestCanceler); ok { - canceler.CancelRequest(req) - } else { - klog.Errorf("CancelRequest not implemented by %T", rt.rt) - } -} - -func (rt *authProxyRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt } - -type userAgentRoundTripper struct { - agent string - rt http.RoundTripper -} - -func NewUserAgentRoundTripper(agent string, rt http.RoundTripper) http.RoundTripper { - return &userAgentRoundTripper{agent, rt} -} - -func (rt *userAgentRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - if len(req.Header.Get("User-Agent")) != 0 { - return rt.rt.RoundTrip(req) - } - req = utilnet.CloneRequest(req) - req.Header.Set("User-Agent", rt.agent) - return rt.rt.RoundTrip(req) -} - -func (rt *userAgentRoundTripper) CancelRequest(req *http.Request) { - if canceler, ok := rt.rt.(requestCanceler); ok { - canceler.CancelRequest(req) - } else { - klog.Errorf("CancelRequest not implemented by %T", rt.rt) - } -} - -func (rt *userAgentRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt } - -type basicAuthRoundTripper struct { - username string - password string - rt http.RoundTripper -} - -// NewBasicAuthRoundTripper will apply a BASIC auth authorization header to a -// request unless it has already been set. -func NewBasicAuthRoundTripper(username, password string, rt http.RoundTripper) http.RoundTripper { - return &basicAuthRoundTripper{username, password, rt} -} - -func (rt *basicAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - if len(req.Header.Get("Authorization")) != 0 { - return rt.rt.RoundTrip(req) - } - req = utilnet.CloneRequest(req) - req.SetBasicAuth(rt.username, rt.password) - return rt.rt.RoundTrip(req) -} - -func (rt *basicAuthRoundTripper) CancelRequest(req *http.Request) { - if canceler, ok := rt.rt.(requestCanceler); ok { - canceler.CancelRequest(req) - } else { - klog.Errorf("CancelRequest not implemented by %T", rt.rt) - } -} - -func (rt *basicAuthRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt } - -// These correspond to the headers used in pkg/apis/authentication. We don't want the package dependency, -// but you must not change the values. -const ( - // ImpersonateUserHeader is used to impersonate a particular user during an API server request - ImpersonateUserHeader = "Impersonate-User" - - // ImpersonateGroupHeader is used to impersonate a particular group during an API server request. - // It can be repeated multiplied times for multiple groups. - ImpersonateGroupHeader = "Impersonate-Group" - - // ImpersonateUserExtraHeaderPrefix is a prefix for a header used to impersonate an entry in the - // extra map[string][]string for user.Info. The key for the `extra` map is suffix. - // The same key can be repeated multiple times to have multiple elements in the slice under a single key. - // For instance: - // Impersonate-Extra-Foo: one - // Impersonate-Extra-Foo: two - // results in extra["Foo"] = []string{"one", "two"} - ImpersonateUserExtraHeaderPrefix = "Impersonate-Extra-" -) - -type impersonatingRoundTripper struct { - impersonate ImpersonationConfig - delegate http.RoundTripper -} - -// NewImpersonatingRoundTripper will add an Act-As header to a request unless it has already been set. -func NewImpersonatingRoundTripper(impersonate ImpersonationConfig, delegate http.RoundTripper) http.RoundTripper { - return &impersonatingRoundTripper{impersonate, delegate} -} - -func (rt *impersonatingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - // use the user header as marker for the rest. - if len(req.Header.Get(ImpersonateUserHeader)) != 0 { - return rt.delegate.RoundTrip(req) - } - req = utilnet.CloneRequest(req) - req.Header.Set(ImpersonateUserHeader, rt.impersonate.UserName) - - for _, group := range rt.impersonate.Groups { - req.Header.Add(ImpersonateGroupHeader, group) - } - for k, vv := range rt.impersonate.Extra { - for _, v := range vv { - req.Header.Add(ImpersonateUserExtraHeaderPrefix+headerKeyEscape(k), v) - } - } - - return rt.delegate.RoundTrip(req) -} - -func (rt *impersonatingRoundTripper) CancelRequest(req *http.Request) { - if canceler, ok := rt.delegate.(requestCanceler); ok { - canceler.CancelRequest(req) - } else { - klog.Errorf("CancelRequest not implemented by %T", rt.delegate) - } -} - -func (rt *impersonatingRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.delegate } - -type bearerAuthRoundTripper struct { - bearer string - source oauth2.TokenSource - rt http.RoundTripper -} - -// NewBearerAuthRoundTripper adds the provided bearer token to a request -// unless the authorization header has already been set. -func NewBearerAuthRoundTripper(bearer string, rt http.RoundTripper) http.RoundTripper { - return &bearerAuthRoundTripper{bearer, nil, rt} -} - -// NewBearerAuthRoundTripper adds the provided bearer token to a request -// unless the authorization header has already been set. -// If tokenFile is non-empty, it is periodically read, -// and the last successfully read content is used as the bearer token. -// If tokenFile is non-empty and bearer is empty, the tokenFile is read -// immediately to populate the initial bearer token. -func NewBearerAuthWithRefreshRoundTripper(bearer string, tokenFile string, rt http.RoundTripper) (http.RoundTripper, error) { - if len(tokenFile) == 0 { - return &bearerAuthRoundTripper{bearer, nil, rt}, nil - } - source := NewCachedFileTokenSource(tokenFile) - if len(bearer) == 0 { - token, err := source.Token() - if err != nil { - return nil, err - } - bearer = token.AccessToken - } - return &bearerAuthRoundTripper{bearer, source, rt}, nil -} - -func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - if len(req.Header.Get("Authorization")) != 0 { - return rt.rt.RoundTrip(req) - } - - req = utilnet.CloneRequest(req) - token := rt.bearer - if rt.source != nil { - if refreshedToken, err := rt.source.Token(); err == nil { - token = refreshedToken.AccessToken - } - } - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) - return rt.rt.RoundTrip(req) -} - -func (rt *bearerAuthRoundTripper) CancelRequest(req *http.Request) { - if canceler, ok := rt.rt.(requestCanceler); ok { - canceler.CancelRequest(req) - } else { - klog.Errorf("CancelRequest not implemented by %T", rt.rt) - } -} - -func (rt *bearerAuthRoundTripper) WrappedRoundTripper() http.RoundTripper { return rt.rt } - -// requestInfo keeps track of information about a request/response combination -type requestInfo struct { - RequestHeaders http.Header - RequestVerb string - RequestURL string - - ResponseStatus string - ResponseHeaders http.Header - ResponseErr error - - Duration time.Duration -} - -// newRequestInfo creates a new RequestInfo based on an http request -func newRequestInfo(req *http.Request) *requestInfo { - return &requestInfo{ - RequestURL: req.URL.String(), - RequestVerb: req.Method, - RequestHeaders: req.Header, - } -} - -// complete adds information about the response to the requestInfo -func (r *requestInfo) complete(response *http.Response, err error) { - if err != nil { - r.ResponseErr = err - return - } - r.ResponseStatus = response.Status - r.ResponseHeaders = response.Header -} - -// toCurl returns a string that can be run as a command in a terminal (minus the body) -func (r *requestInfo) toCurl() string { - headers := "" - for key, values := range r.RequestHeaders { - for _, value := range values { - headers += fmt.Sprintf(` -H %q`, fmt.Sprintf("%s: %s", key, value)) - } - } - - return fmt.Sprintf("curl -k -v -X%s %s '%s'", r.RequestVerb, headers, r.RequestURL) -} - -// debuggingRoundTripper will display information about the requests passing -// through it based on what is configured -type debuggingRoundTripper struct { - delegatedRoundTripper http.RoundTripper - - levels map[debugLevel]bool -} - -type debugLevel int - -const ( - debugJustURL debugLevel = iota - debugURLTiming - debugCurlCommand - debugRequestHeaders - debugResponseStatus - debugResponseHeaders -) - -func newDebuggingRoundTripper(rt http.RoundTripper, levels ...debugLevel) *debuggingRoundTripper { - drt := &debuggingRoundTripper{ - delegatedRoundTripper: rt, - levels: make(map[debugLevel]bool, len(levels)), - } - for _, v := range levels { - drt.levels[v] = true - } - return drt -} - -func (rt *debuggingRoundTripper) CancelRequest(req *http.Request) { - if canceler, ok := rt.delegatedRoundTripper.(requestCanceler); ok { - canceler.CancelRequest(req) - } else { - klog.Errorf("CancelRequest not implemented by %T", rt.delegatedRoundTripper) - } -} - -func (rt *debuggingRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { - reqInfo := newRequestInfo(req) - - if rt.levels[debugJustURL] { - klog.Infof("%s %s", reqInfo.RequestVerb, reqInfo.RequestURL) - } - if rt.levels[debugCurlCommand] { - klog.Infof("%s", reqInfo.toCurl()) - - } - if rt.levels[debugRequestHeaders] { - klog.Infof("Request Headers:") - for key, values := range reqInfo.RequestHeaders { - for _, value := range values { - klog.Infof(" %s: %s", key, value) - } - } - } - - startTime := time.Now() - response, err := rt.delegatedRoundTripper.RoundTrip(req) - reqInfo.Duration = time.Since(startTime) - - reqInfo.complete(response, err) - - if rt.levels[debugURLTiming] { - klog.Infof("%s %s %s in %d milliseconds", reqInfo.RequestVerb, reqInfo.RequestURL, reqInfo.ResponseStatus, reqInfo.Duration.Nanoseconds()/int64(time.Millisecond)) - } - if rt.levels[debugResponseStatus] { - klog.Infof("Response Status: %s in %d milliseconds", reqInfo.ResponseStatus, reqInfo.Duration.Nanoseconds()/int64(time.Millisecond)) - } - if rt.levels[debugResponseHeaders] { - klog.Infof("Response Headers:") - for key, values := range reqInfo.ResponseHeaders { - for _, value := range values { - klog.Infof(" %s: %s", key, value) - } - } - } - - return response, err -} - -func (rt *debuggingRoundTripper) WrappedRoundTripper() http.RoundTripper { - return rt.delegatedRoundTripper -} - -func legalHeaderByte(b byte) bool { - return int(b) < len(legalHeaderKeyBytes) && legalHeaderKeyBytes[b] -} - -func shouldEscape(b byte) bool { - // url.PathUnescape() returns an error if any '%' is not followed by two - // hexadecimal digits, so we'll intentionally encode it. - return !legalHeaderByte(b) || b == '%' -} - -func headerKeyEscape(key string) string { - buf := strings.Builder{} - for i := 0; i < len(key); i++ { - b := key[i] - if shouldEscape(b) { - // %-encode bytes that should be escaped: - // https://tools.ietf.org/html/rfc3986#section-2.1 - fmt.Fprintf(&buf, "%%%02X", b) - continue - } - buf.WriteByte(b) - } - return buf.String() -} - -// legalHeaderKeyBytes was copied from net/http/lex.go's isTokenTable. -// See https://httpwg.github.io/specs/rfc7230.html#rule.token.separators -var legalHeaderKeyBytes = [127]bool{ - '%': true, - '!': true, - '#': true, - '$': true, - '&': true, - '\'': true, - '*': true, - '+': true, - '-': true, - '.': true, - '0': true, - '1': true, - '2': true, - '3': true, - '4': true, - '5': true, - '6': true, - '7': true, - '8': true, - '9': true, - 'A': true, - 'B': true, - 'C': true, - 'D': true, - 'E': true, - 'F': true, - 'G': true, - 'H': true, - 'I': true, - 'J': true, - 'K': true, - 'L': true, - 'M': true, - 'N': true, - 'O': true, - 'P': true, - 'Q': true, - 'R': true, - 'S': true, - 'T': true, - 'U': true, - 'W': true, - 'V': true, - 'X': true, - 'Y': true, - 'Z': true, - '^': true, - '_': true, - '`': true, - 'a': true, - 'b': true, - 'c': true, - 'd': true, - 'e': true, - 'f': true, - 'g': true, - 'h': true, - 'i': true, - 'j': true, - 'k': true, - 'l': true, - 'm': true, - 'n': true, - 'o': true, - 'p': true, - 'q': true, - 'r': true, - 's': true, - 't': true, - 'u': true, - 'v': true, - 'w': true, - 'x': true, - 'y': true, - 'z': true, - '|': true, - '~': true, -} diff --git a/vendor/k8s.io/client-go/transport/spdy/spdy.go b/vendor/k8s.io/client-go/transport/spdy/spdy.go deleted file mode 100644 index 53cc7ee18..000000000 --- a/vendor/k8s.io/client-go/transport/spdy/spdy.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package spdy - -import ( - "fmt" - "net/http" - "net/url" - - "k8s.io/apimachinery/pkg/util/httpstream" - "k8s.io/apimachinery/pkg/util/httpstream/spdy" - restclient "k8s.io/client-go/rest" -) - -// Upgrader validates a response from the server after a SPDY upgrade. -type Upgrader interface { - // NewConnection validates the response and creates a new Connection. - NewConnection(resp *http.Response) (httpstream.Connection, error) -} - -// RoundTripperFor returns a round tripper and upgrader to use with SPDY. -func RoundTripperFor(config *restclient.Config) (http.RoundTripper, Upgrader, error) { - tlsConfig, err := restclient.TLSConfigFor(config) - if err != nil { - return nil, nil, err - } - upgradeRoundTripper := spdy.NewRoundTripper(tlsConfig, true, false) - wrapper, err := restclient.HTTPWrappersForConfig(config, upgradeRoundTripper) - if err != nil { - return nil, nil, err - } - return wrapper, upgradeRoundTripper, nil -} - -// dialer implements the httpstream.Dialer interface. -type dialer struct { - client *http.Client - upgrader Upgrader - method string - url *url.URL -} - -var _ httpstream.Dialer = &dialer{} - -// NewDialer will create a dialer that connects to the provided URL and upgrades the connection to SPDY. -func NewDialer(upgrader Upgrader, client *http.Client, method string, url *url.URL) httpstream.Dialer { - return &dialer{ - client: client, - upgrader: upgrader, - method: method, - url: url, - } -} - -func (d *dialer) Dial(protocols ...string) (httpstream.Connection, string, error) { - req, err := http.NewRequest(d.method, d.url.String(), nil) - if err != nil { - return nil, "", fmt.Errorf("error creating request: %v", err) - } - return Negotiate(d.upgrader, d.client, req, protocols...) -} - -// Negotiate opens a connection to a remote server and attempts to negotiate -// a SPDY connection. Upon success, it returns the connection and the protocol selected by -// the server. The client transport must use the upgradeRoundTripper - see RoundTripperFor. -func Negotiate(upgrader Upgrader, client *http.Client, req *http.Request, protocols ...string) (httpstream.Connection, string, error) { - for i := range protocols { - req.Header.Add(httpstream.HeaderProtocolVersion, protocols[i]) - } - resp, err := client.Do(req) - if err != nil { - return nil, "", fmt.Errorf("error sending request: %v", err) - } - defer resp.Body.Close() - conn, err := upgrader.NewConnection(resp) - if err != nil { - return nil, "", err - } - return conn, resp.Header.Get(httpstream.HeaderProtocolVersion), nil -} diff --git a/vendor/k8s.io/client-go/transport/token_source.go b/vendor/k8s.io/client-go/transport/token_source.go deleted file mode 100644 index b8cadd382..000000000 --- a/vendor/k8s.io/client-go/transport/token_source.go +++ /dev/null @@ -1,149 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package transport - -import ( - "fmt" - "io/ioutil" - "net/http" - "strings" - "sync" - "time" - - "golang.org/x/oauth2" - "k8s.io/klog" -) - -// TokenSourceWrapTransport returns a WrapTransport that injects bearer tokens -// authentication from an oauth2.TokenSource. -func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) http.RoundTripper { - return func(rt http.RoundTripper) http.RoundTripper { - return &tokenSourceTransport{ - base: rt, - ort: &oauth2.Transport{ - Source: ts, - Base: rt, - }, - } - } -} - -// NewCachedFileTokenSource returns a oauth2.TokenSource reads a token from a -// file at a specified path and periodically reloads it. -func NewCachedFileTokenSource(path string) oauth2.TokenSource { - return &cachingTokenSource{ - now: time.Now, - leeway: 10 * time.Second, - base: &fileTokenSource{ - path: path, - // This period was picked because it is half of the duration between when the kubelet - // refreshes a projected service account token and when the original token expires. - // Default token lifetime is 10 minutes, and the kubelet starts refreshing at 80% of lifetime. - // This should induce re-reading at a frequency that works with the token volume source. - period: time.Minute, - }, - } -} - -// NewCachedTokenSource returns a oauth2.TokenSource reads a token from a -// designed TokenSource. The ts would provide the source of token. -func NewCachedTokenSource(ts oauth2.TokenSource) oauth2.TokenSource { - return &cachingTokenSource{ - now: time.Now, - base: ts, - } -} - -type tokenSourceTransport struct { - base http.RoundTripper - ort http.RoundTripper -} - -func (tst *tokenSourceTransport) RoundTrip(req *http.Request) (*http.Response, error) { - // This is to allow --token to override other bearer token providers. - if req.Header.Get("Authorization") != "" { - return tst.base.RoundTrip(req) - } - return tst.ort.RoundTrip(req) -} - -type fileTokenSource struct { - path string - period time.Duration -} - -var _ = oauth2.TokenSource(&fileTokenSource{}) - -func (ts *fileTokenSource) Token() (*oauth2.Token, error) { - tokb, err := ioutil.ReadFile(ts.path) - if err != nil { - return nil, fmt.Errorf("failed to read token file %q: %v", ts.path, err) - } - tok := strings.TrimSpace(string(tokb)) - if len(tok) == 0 { - return nil, fmt.Errorf("read empty token from file %q", ts.path) - } - - return &oauth2.Token{ - AccessToken: tok, - Expiry: time.Now().Add(ts.period), - }, nil -} - -type cachingTokenSource struct { - base oauth2.TokenSource - leeway time.Duration - - sync.RWMutex - tok *oauth2.Token - - // for testing - now func() time.Time -} - -var _ = oauth2.TokenSource(&cachingTokenSource{}) - -func (ts *cachingTokenSource) Token() (*oauth2.Token, error) { - now := ts.now() - // fast path - ts.RLock() - tok := ts.tok - ts.RUnlock() - - if tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) { - return tok, nil - } - - // slow path - ts.Lock() - defer ts.Unlock() - if tok := ts.tok; tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) { - return tok, nil - } - - tok, err := ts.base.Token() - if err != nil { - if ts.tok == nil { - return nil, err - } - klog.Errorf("Unable to rotate token: %v", err) - return ts.tok, nil - } - - ts.tok = tok - return tok, nil -} diff --git a/vendor/k8s.io/client-go/transport/transport.go b/vendor/k8s.io/client-go/transport/transport.go deleted file mode 100644 index 2a145c971..000000000 --- a/vendor/k8s.io/client-go/transport/transport.go +++ /dev/null @@ -1,227 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package transport - -import ( - "context" - "crypto/tls" - "crypto/x509" - "fmt" - "io/ioutil" - "net/http" -) - -// New returns an http.RoundTripper that will provide the authentication -// or transport level security defined by the provided Config. -func New(config *Config) (http.RoundTripper, error) { - // Set transport level security - if config.Transport != nil && (config.HasCA() || config.HasCertAuth() || config.HasCertCallback() || config.TLS.Insecure) { - return nil, fmt.Errorf("using a custom transport with TLS certificate options or the insecure flag is not allowed") - } - - var ( - rt http.RoundTripper - err error - ) - - if config.Transport != nil { - rt = config.Transport - } else { - rt, err = tlsCache.get(config) - if err != nil { - return nil, err - } - } - - return HTTPWrappersForConfig(config, rt) -} - -// TLSConfigFor returns a tls.Config that will provide the transport level security defined -// by the provided Config. Will return nil if no transport level security is requested. -func TLSConfigFor(c *Config) (*tls.Config, error) { - if !(c.HasCA() || c.HasCertAuth() || c.HasCertCallback() || c.TLS.Insecure || len(c.TLS.ServerName) > 0) { - return nil, nil - } - if c.HasCA() && c.TLS.Insecure { - return nil, fmt.Errorf("specifying a root certificates file with the insecure flag is not allowed") - } - if err := loadTLSFiles(c); err != nil { - return nil, err - } - - tlsConfig := &tls.Config{ - // Can't use SSLv3 because of POODLE and BEAST - // Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher - // Can't use TLSv1.1 because of RC4 cipher usage - MinVersion: tls.VersionTLS12, - InsecureSkipVerify: c.TLS.Insecure, - ServerName: c.TLS.ServerName, - } - - if c.HasCA() { - tlsConfig.RootCAs = rootCertPool(c.TLS.CAData) - } - - var staticCert *tls.Certificate - if c.HasCertAuth() { - // If key/cert were provided, verify them before setting up - // tlsConfig.GetClientCertificate. - cert, err := tls.X509KeyPair(c.TLS.CertData, c.TLS.KeyData) - if err != nil { - return nil, err - } - staticCert = &cert - } - - if c.HasCertAuth() || c.HasCertCallback() { - tlsConfig.GetClientCertificate = func(*tls.CertificateRequestInfo) (*tls.Certificate, error) { - // Note: static key/cert data always take precedence over cert - // callback. - if staticCert != nil { - return staticCert, nil - } - if c.HasCertCallback() { - cert, err := c.TLS.GetCert() - if err != nil { - return nil, err - } - // GetCert may return empty value, meaning no cert. - if cert != nil { - return cert, nil - } - } - - // Both c.TLS.CertData/KeyData were unset and GetCert didn't return - // anything. Return an empty tls.Certificate, no client cert will - // be sent to the server. - return &tls.Certificate{}, nil - } - } - - return tlsConfig, nil -} - -// loadTLSFiles copies the data from the CertFile, KeyFile, and CAFile fields into the CertData, -// KeyData, and CAFile fields, or returns an error. If no error is returned, all three fields are -// either populated or were empty to start. -func loadTLSFiles(c *Config) error { - var err error - c.TLS.CAData, err = dataFromSliceOrFile(c.TLS.CAData, c.TLS.CAFile) - if err != nil { - return err - } - - c.TLS.CertData, err = dataFromSliceOrFile(c.TLS.CertData, c.TLS.CertFile) - if err != nil { - return err - } - - c.TLS.KeyData, err = dataFromSliceOrFile(c.TLS.KeyData, c.TLS.KeyFile) - if err != nil { - return err - } - return nil -} - -// dataFromSliceOrFile returns data from the slice (if non-empty), or from the file, -// or an error if an error occurred reading the file -func dataFromSliceOrFile(data []byte, file string) ([]byte, error) { - if len(data) > 0 { - return data, nil - } - if len(file) > 0 { - fileData, err := ioutil.ReadFile(file) - if err != nil { - return []byte{}, err - } - return fileData, nil - } - return nil, nil -} - -// rootCertPool returns nil if caData is empty. When passed along, this will mean "use system CAs". -// When caData is not empty, it will be the ONLY information used in the CertPool. -func rootCertPool(caData []byte) *x509.CertPool { - // What we really want is a copy of x509.systemRootsPool, but that isn't exposed. It's difficult to build (see the go - // code for a look at the platform specific insanity), so we'll use the fact that RootCAs == nil gives us the system values - // It doesn't allow trusting either/or, but hopefully that won't be an issue - if len(caData) == 0 { - return nil - } - - // if we have caData, use it - certPool := x509.NewCertPool() - certPool.AppendCertsFromPEM(caData) - return certPool -} - -// WrapperFunc wraps an http.RoundTripper when a new transport -// is created for a client, allowing per connection behavior -// to be injected. -type WrapperFunc func(rt http.RoundTripper) http.RoundTripper - -// Wrappers accepts any number of wrappers and returns a wrapper -// function that is the equivalent of calling each of them in order. Nil -// values are ignored, which makes this function convenient for incrementally -// wrapping a function. -func Wrappers(fns ...WrapperFunc) WrapperFunc { - if len(fns) == 0 { - return nil - } - // optimize the common case of wrapping a possibly nil transport wrapper - // with an additional wrapper - if len(fns) == 2 && fns[0] == nil { - return fns[1] - } - return func(rt http.RoundTripper) http.RoundTripper { - base := rt - for _, fn := range fns { - if fn != nil { - base = fn(base) - } - } - return base - } -} - -// ContextCanceller prevents new requests after the provided context is finished. -// err is returned when the context is closed, allowing the caller to provide a context -// appropriate error. -func ContextCanceller(ctx context.Context, err error) WrapperFunc { - return func(rt http.RoundTripper) http.RoundTripper { - return &contextCanceller{ - ctx: ctx, - rt: rt, - err: err, - } - } -} - -type contextCanceller struct { - ctx context.Context - rt http.RoundTripper - err error -} - -func (b *contextCanceller) RoundTrip(req *http.Request) (*http.Response, error) { - select { - case <-b.ctx.Done(): - return nil, b.err - default: - return b.rt.RoundTrip(req) - } -} diff --git a/vendor/k8s.io/client-go/util/cert/OWNERS b/vendor/k8s.io/client-go/util/cert/OWNERS deleted file mode 100644 index 3cf036438..000000000 --- a/vendor/k8s.io/client-go/util/cert/OWNERS +++ /dev/null @@ -1,9 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: -- sig-auth-certificates-approvers -reviewers: -- sig-auth-certificates-reviewers -labels: -- sig/auth - diff --git a/vendor/k8s.io/client-go/util/cert/cert.go b/vendor/k8s.io/client-go/util/cert/cert.go deleted file mode 100644 index 9fd097af5..000000000 --- a/vendor/k8s.io/client-go/util/cert/cert.go +++ /dev/null @@ -1,206 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cert - -import ( - "bytes" - "crypto" - cryptorand "crypto/rand" - "crypto/rsa" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "fmt" - "io/ioutil" - "math/big" - "net" - "path" - "strings" - "time" - - "k8s.io/client-go/util/keyutil" -) - -const duration365d = time.Hour * 24 * 365 - -// Config contains the basic fields required for creating a certificate -type Config struct { - CommonName string - Organization []string - AltNames AltNames - Usages []x509.ExtKeyUsage -} - -// AltNames contains the domain names and IP addresses that will be added -// to the API Server's x509 certificate SubAltNames field. The values will -// be passed directly to the x509.Certificate object. -type AltNames struct { - DNSNames []string - IPs []net.IP -} - -// NewSelfSignedCACert creates a CA certificate -func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) { - now := time.Now() - tmpl := x509.Certificate{ - SerialNumber: new(big.Int).SetInt64(0), - Subject: pkix.Name{ - CommonName: cfg.CommonName, - Organization: cfg.Organization, - }, - NotBefore: now.UTC(), - NotAfter: now.Add(duration365d * 10).UTC(), - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, - BasicConstraintsValid: true, - IsCA: true, - } - - certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &tmpl, &tmpl, key.Public(), key) - if err != nil { - return nil, err - } - return x509.ParseCertificate(certDERBytes) -} - -// GenerateSelfSignedCertKey creates a self-signed certificate and key for the given host. -// Host may be an IP or a DNS name -// You may also specify additional subject alt names (either ip or dns names) for the certificate. -func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error) { - return GenerateSelfSignedCertKeyWithFixtures(host, alternateIPs, alternateDNS, "") -} - -// GenerateSelfSignedCertKeyWithFixtures creates a self-signed certificate and key for the given host. -// Host may be an IP or a DNS name. You may also specify additional subject alt names (either ip or dns names) -// for the certificate. -// -// If fixtureDirectory is non-empty, it is a directory path which can contain pre-generated certs. The format is: -// <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.crt -// <host>_<ip>-<ip>_<alternateDNS>-<alternateDNS>.key -// Certs/keys not existing in that directory are created. -func GenerateSelfSignedCertKeyWithFixtures(host string, alternateIPs []net.IP, alternateDNS []string, fixtureDirectory string) ([]byte, []byte, error) { - validFrom := time.Now().Add(-time.Hour) // valid an hour earlier to avoid flakes due to clock skew - maxAge := time.Hour * 24 * 365 // one year self-signed certs - - baseName := fmt.Sprintf("%s_%s_%s", host, strings.Join(ipsToStrings(alternateIPs), "-"), strings.Join(alternateDNS, "-")) - certFixturePath := path.Join(fixtureDirectory, baseName+".crt") - keyFixturePath := path.Join(fixtureDirectory, baseName+".key") - if len(fixtureDirectory) > 0 { - cert, err := ioutil.ReadFile(certFixturePath) - if err == nil { - key, err := ioutil.ReadFile(keyFixturePath) - if err == nil { - return cert, key, nil - } - return nil, nil, fmt.Errorf("cert %s can be read, but key %s cannot: %v", certFixturePath, keyFixturePath, err) - } - maxAge = 100 * time.Hour * 24 * 365 // 100 years fixtures - } - - caKey, err := rsa.GenerateKey(cryptorand.Reader, 2048) - if err != nil { - return nil, nil, err - } - - caTemplate := x509.Certificate{ - SerialNumber: big.NewInt(1), - Subject: pkix.Name{ - CommonName: fmt.Sprintf("%s-ca@%d", host, time.Now().Unix()), - }, - NotBefore: validFrom, - NotAfter: validFrom.Add(maxAge), - - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, - BasicConstraintsValid: true, - IsCA: true, - } - - caDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &caTemplate, &caTemplate, &caKey.PublicKey, caKey) - if err != nil { - return nil, nil, err - } - - caCertificate, err := x509.ParseCertificate(caDERBytes) - if err != nil { - return nil, nil, err - } - - priv, err := rsa.GenerateKey(cryptorand.Reader, 2048) - if err != nil { - return nil, nil, err - } - - template := x509.Certificate{ - SerialNumber: big.NewInt(2), - Subject: pkix.Name{ - CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()), - }, - NotBefore: validFrom, - NotAfter: validFrom.Add(maxAge), - - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - BasicConstraintsValid: true, - } - - if ip := net.ParseIP(host); ip != nil { - template.IPAddresses = append(template.IPAddresses, ip) - } else { - template.DNSNames = append(template.DNSNames, host) - } - - template.IPAddresses = append(template.IPAddresses, alternateIPs...) - template.DNSNames = append(template.DNSNames, alternateDNS...) - - derBytes, err := x509.CreateCertificate(cryptorand.Reader, &template, caCertificate, &priv.PublicKey, caKey) - if err != nil { - return nil, nil, err - } - - // Generate cert, followed by ca - certBuffer := bytes.Buffer{} - if err := pem.Encode(&certBuffer, &pem.Block{Type: CertificateBlockType, Bytes: derBytes}); err != nil { - return nil, nil, err - } - if err := pem.Encode(&certBuffer, &pem.Block{Type: CertificateBlockType, Bytes: caDERBytes}); err != nil { - return nil, nil, err - } - - // Generate key - keyBuffer := bytes.Buffer{} - if err := pem.Encode(&keyBuffer, &pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(priv)}); err != nil { - return nil, nil, err - } - - if len(fixtureDirectory) > 0 { - if err := ioutil.WriteFile(certFixturePath, certBuffer.Bytes(), 0644); err != nil { - return nil, nil, fmt.Errorf("failed to write cert fixture to %s: %v", certFixturePath, err) - } - if err := ioutil.WriteFile(keyFixturePath, keyBuffer.Bytes(), 0644); err != nil { - return nil, nil, fmt.Errorf("failed to write key fixture to %s: %v", certFixturePath, err) - } - } - - return certBuffer.Bytes(), keyBuffer.Bytes(), nil -} - -func ipsToStrings(ips []net.IP) []string { - ss := make([]string, 0, len(ips)) - for _, ip := range ips { - ss = append(ss, ip.String()) - } - return ss -} diff --git a/vendor/k8s.io/client-go/util/cert/csr.go b/vendor/k8s.io/client-go/util/cert/csr.go deleted file mode 100644 index 39a6751f7..000000000 --- a/vendor/k8s.io/client-go/util/cert/csr.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cert - -import ( - cryptorand "crypto/rand" - "crypto/rsa" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "net" -) - -// MakeCSR generates a PEM-encoded CSR using the supplied private key, subject, and SANs. -// All key types that are implemented via crypto.Signer are supported (This includes *rsa.PrivateKey and *ecdsa.PrivateKey.) -func MakeCSR(privateKey interface{}, subject *pkix.Name, dnsSANs []string, ipSANs []net.IP) (csr []byte, err error) { - template := &x509.CertificateRequest{ - Subject: *subject, - DNSNames: dnsSANs, - IPAddresses: ipSANs, - } - - return MakeCSRFromTemplate(privateKey, template) -} - -// MakeCSRFromTemplate generates a PEM-encoded CSR using the supplied private -// key and certificate request as a template. All key types that are -// implemented via crypto.Signer are supported (This includes *rsa.PrivateKey -// and *ecdsa.PrivateKey.) -func MakeCSRFromTemplate(privateKey interface{}, template *x509.CertificateRequest) ([]byte, error) { - t := *template - t.SignatureAlgorithm = sigType(privateKey) - - csrDER, err := x509.CreateCertificateRequest(cryptorand.Reader, &t, privateKey) - if err != nil { - return nil, err - } - - csrPemBlock := &pem.Block{ - Type: CertificateRequestBlockType, - Bytes: csrDER, - } - - return pem.EncodeToMemory(csrPemBlock), nil -} - -func sigType(privateKey interface{}) x509.SignatureAlgorithm { - // Customize the signature for RSA keys, depending on the key size - if privateKey, ok := privateKey.(*rsa.PrivateKey); ok { - keySize := privateKey.N.BitLen() - switch { - case keySize >= 4096: - return x509.SHA512WithRSA - case keySize >= 3072: - return x509.SHA384WithRSA - default: - return x509.SHA256WithRSA - } - } - return x509.UnknownSignatureAlgorithm -} diff --git a/vendor/k8s.io/client-go/util/cert/io.go b/vendor/k8s.io/client-go/util/cert/io.go deleted file mode 100644 index 5efb24894..000000000 --- a/vendor/k8s.io/client-go/util/cert/io.go +++ /dev/null @@ -1,98 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cert - -import ( - "crypto/x509" - "fmt" - "io/ioutil" - "os" - "path/filepath" -) - -// CanReadCertAndKey returns true if the certificate and key files already exists, -// otherwise returns false. If lost one of cert and key, returns error. -func CanReadCertAndKey(certPath, keyPath string) (bool, error) { - certReadable := canReadFile(certPath) - keyReadable := canReadFile(keyPath) - - if certReadable == false && keyReadable == false { - return false, nil - } - - if certReadable == false { - return false, fmt.Errorf("error reading %s, certificate and key must be supplied as a pair", certPath) - } - - if keyReadable == false { - return false, fmt.Errorf("error reading %s, certificate and key must be supplied as a pair", keyPath) - } - - return true, nil -} - -// If the file represented by path exists and -// readable, returns true otherwise returns false. -func canReadFile(path string) bool { - f, err := os.Open(path) - if err != nil { - return false - } - - defer f.Close() - - return true -} - -// WriteCert writes the pem-encoded certificate data to certPath. -// The certificate file will be created with file mode 0644. -// If the certificate file already exists, it will be overwritten. -// The parent directory of the certPath will be created as needed with file mode 0755. -func WriteCert(certPath string, data []byte) error { - if err := os.MkdirAll(filepath.Dir(certPath), os.FileMode(0755)); err != nil { - return err - } - return ioutil.WriteFile(certPath, data, os.FileMode(0644)) -} - -// NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file. -// Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates -func NewPool(filename string) (*x509.CertPool, error) { - certs, err := CertsFromFile(filename) - if err != nil { - return nil, err - } - pool := x509.NewCertPool() - for _, cert := range certs { - pool.AddCert(cert) - } - return pool, nil -} - -// CertsFromFile returns the x509.Certificates contained in the given PEM-encoded file. -// Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates -func CertsFromFile(file string) ([]*x509.Certificate, error) { - pemBlock, err := ioutil.ReadFile(file) - if err != nil { - return nil, err - } - certs, err := ParseCertsPEM(pemBlock) - if err != nil { - return nil, fmt.Errorf("error reading %s: %s", file, err) - } - return certs, nil -} diff --git a/vendor/k8s.io/client-go/util/cert/pem.go b/vendor/k8s.io/client-go/util/cert/pem.go deleted file mode 100644 index 9185e2e22..000000000 --- a/vendor/k8s.io/client-go/util/cert/pem.go +++ /dev/null @@ -1,61 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package cert - -import ( - "crypto/x509" - "encoding/pem" - "errors" -) - -const ( - // CertificateBlockType is a possible value for pem.Block.Type. - CertificateBlockType = "CERTIFICATE" - // CertificateRequestBlockType is a possible value for pem.Block.Type. - CertificateRequestBlockType = "CERTIFICATE REQUEST" -) - -// ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array -// Returns an error if a certificate could not be parsed, or if the data does not contain any certificates -func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error) { - ok := false - certs := []*x509.Certificate{} - for len(pemCerts) > 0 { - var block *pem.Block - block, pemCerts = pem.Decode(pemCerts) - if block == nil { - break - } - // Only use PEM "CERTIFICATE" blocks without extra headers - if block.Type != CertificateBlockType || len(block.Headers) != 0 { - continue - } - - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return certs, err - } - - certs = append(certs, cert) - ok = true - } - - if !ok { - return certs, errors.New("data does not contain any valid RSA or ECDSA certificates") - } - return certs, nil -} diff --git a/vendor/k8s.io/client-go/util/connrotation/connrotation.go b/vendor/k8s.io/client-go/util/connrotation/connrotation.go deleted file mode 100644 index 235a9e019..000000000 --- a/vendor/k8s.io/client-go/util/connrotation/connrotation.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package connrotation implements a connection dialer that tracks and can close -// all created connections. -// -// This is used for credential rotation of long-lived connections, when there's -// no way to re-authenticate on a live connection. -package connrotation - -import ( - "context" - "net" - "sync" -) - -// DialFunc is a shorthand for signature of net.DialContext. -type DialFunc func(ctx context.Context, network, address string) (net.Conn, error) - -// Dialer opens connections through Dial and tracks them. -type Dialer struct { - dial DialFunc - - mu sync.Mutex - conns map[*closableConn]struct{} -} - -// NewDialer creates a new Dialer instance. -// -// If dial is not nil, it will be used to create new underlying connections. -// Otherwise net.DialContext is used. -func NewDialer(dial DialFunc) *Dialer { - return &Dialer{ - dial: dial, - conns: make(map[*closableConn]struct{}), - } -} - -// CloseAll forcibly closes all tracked connections. -// -// Note: new connections may get created before CloseAll returns. -func (d *Dialer) CloseAll() { - d.mu.Lock() - conns := d.conns - d.conns = make(map[*closableConn]struct{}) - d.mu.Unlock() - - for conn := range conns { - conn.Close() - } -} - -// Dial creates a new tracked connection. -func (d *Dialer) Dial(network, address string) (net.Conn, error) { - return d.DialContext(context.Background(), network, address) -} - -// DialContext creates a new tracked connection. -func (d *Dialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) { - conn, err := d.dial(ctx, network, address) - if err != nil { - return nil, err - } - - closable := &closableConn{Conn: conn} - - // Start tracking the connection - d.mu.Lock() - d.conns[closable] = struct{}{} - d.mu.Unlock() - - // When the connection is closed, remove it from the map. This will - // be no-op if the connection isn't in the map, e.g. if CloseAll() - // is called. - closable.onClose = func() { - d.mu.Lock() - delete(d.conns, closable) - d.mu.Unlock() - } - - return closable, nil -} - -type closableConn struct { - onClose func() - net.Conn -} - -func (c *closableConn) Close() error { - go c.onClose() - return c.Conn.Close() -} diff --git a/vendor/k8s.io/client-go/util/exec/exec.go b/vendor/k8s.io/client-go/util/exec/exec.go deleted file mode 100644 index d170badb6..000000000 --- a/vendor/k8s.io/client-go/util/exec/exec.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package exec - -// ExitError is an interface that presents an API similar to os.ProcessState, which is -// what ExitError from os/exec is. This is designed to make testing a bit easier and -// probably loses some of the cross-platform properties of the underlying library. -type ExitError interface { - String() string - Error() string - Exited() bool - ExitStatus() int -} - -// CodeExitError is an implementation of ExitError consisting of an error object -// and an exit code (the upper bits of os.exec.ExitStatus). -type CodeExitError struct { - Err error - Code int -} - -var _ ExitError = CodeExitError{} - -func (e CodeExitError) Error() string { - return e.Err.Error() -} - -func (e CodeExitError) String() string { - return e.Err.Error() -} - -func (e CodeExitError) Exited() bool { - return true -} - -func (e CodeExitError) ExitStatus() int { - return e.Code -} diff --git a/vendor/k8s.io/client-go/util/flowcontrol/backoff.go b/vendor/k8s.io/client-go/util/flowcontrol/backoff.go deleted file mode 100644 index 39cd72f95..000000000 --- a/vendor/k8s.io/client-go/util/flowcontrol/backoff.go +++ /dev/null @@ -1,149 +0,0 @@ -/* -Copyright 2015 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - "sync" - "time" - - "k8s.io/apimachinery/pkg/util/clock" - "k8s.io/utils/integer" -) - -type backoffEntry struct { - backoff time.Duration - lastUpdate time.Time -} - -type Backoff struct { - sync.Mutex - Clock clock.Clock - defaultDuration time.Duration - maxDuration time.Duration - perItemBackoff map[string]*backoffEntry -} - -func NewFakeBackOff(initial, max time.Duration, tc *clock.FakeClock) *Backoff { - return &Backoff{ - perItemBackoff: map[string]*backoffEntry{}, - Clock: tc, - defaultDuration: initial, - maxDuration: max, - } -} - -func NewBackOff(initial, max time.Duration) *Backoff { - return &Backoff{ - perItemBackoff: map[string]*backoffEntry{}, - Clock: clock.RealClock{}, - defaultDuration: initial, - maxDuration: max, - } -} - -// Get the current backoff Duration -func (p *Backoff) Get(id string) time.Duration { - p.Lock() - defer p.Unlock() - var delay time.Duration - entry, ok := p.perItemBackoff[id] - if ok { - delay = entry.backoff - } - return delay -} - -// move backoff to the next mark, capping at maxDuration -func (p *Backoff) Next(id string, eventTime time.Time) { - p.Lock() - defer p.Unlock() - entry, ok := p.perItemBackoff[id] - if !ok || hasExpired(eventTime, entry.lastUpdate, p.maxDuration) { - entry = p.initEntryUnsafe(id) - } else { - delay := entry.backoff * 2 // exponential - entry.backoff = time.Duration(integer.Int64Min(int64(delay), int64(p.maxDuration))) - } - entry.lastUpdate = p.Clock.Now() -} - -// Reset forces clearing of all backoff data for a given key. -func (p *Backoff) Reset(id string) { - p.Lock() - defer p.Unlock() - delete(p.perItemBackoff, id) -} - -// Returns True if the elapsed time since eventTime is smaller than the current backoff window -func (p *Backoff) IsInBackOffSince(id string, eventTime time.Time) bool { - p.Lock() - defer p.Unlock() - entry, ok := p.perItemBackoff[id] - if !ok { - return false - } - if hasExpired(eventTime, entry.lastUpdate, p.maxDuration) { - return false - } - return p.Clock.Since(eventTime) < entry.backoff -} - -// Returns True if time since lastupdate is less than the current backoff window. -func (p *Backoff) IsInBackOffSinceUpdate(id string, eventTime time.Time) bool { - p.Lock() - defer p.Unlock() - entry, ok := p.perItemBackoff[id] - if !ok { - return false - } - if hasExpired(eventTime, entry.lastUpdate, p.maxDuration) { - return false - } - return eventTime.Sub(entry.lastUpdate) < entry.backoff -} - -// Garbage collect records that have aged past maxDuration. Backoff users are expected -// to invoke this periodically. -func (p *Backoff) GC() { - p.Lock() - defer p.Unlock() - now := p.Clock.Now() - for id, entry := range p.perItemBackoff { - if now.Sub(entry.lastUpdate) > p.maxDuration*2 { - // GC when entry has not been updated for 2*maxDuration - delete(p.perItemBackoff, id) - } - } -} - -func (p *Backoff) DeleteEntry(id string) { - p.Lock() - defer p.Unlock() - delete(p.perItemBackoff, id) -} - -// Take a lock on *Backoff, before calling initEntryUnsafe -func (p *Backoff) initEntryUnsafe(id string) *backoffEntry { - entry := &backoffEntry{backoff: p.defaultDuration} - p.perItemBackoff[id] = entry - return entry -} - -// After 2*maxDuration we restart the backoff factor to the beginning -func hasExpired(eventTime time.Time, lastUpdate time.Time, maxDuration time.Duration) bool { - return eventTime.Sub(lastUpdate) > maxDuration*2 // consider stable if it's ok for twice the maxDuration -} diff --git a/vendor/k8s.io/client-go/util/flowcontrol/throttle.go b/vendor/k8s.io/client-go/util/flowcontrol/throttle.go deleted file mode 100644 index e671c044d..000000000 --- a/vendor/k8s.io/client-go/util/flowcontrol/throttle.go +++ /dev/null @@ -1,143 +0,0 @@ -/* -Copyright 2014 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package flowcontrol - -import ( - "sync" - "time" - - "golang.org/x/time/rate" -) - -type RateLimiter interface { - // TryAccept returns true if a token is taken immediately. Otherwise, - // it returns false. - TryAccept() bool - // Accept returns once a token becomes available. - Accept() - // Stop stops the rate limiter, subsequent calls to CanAccept will return false - Stop() - // QPS returns QPS of this rate limiter - QPS() float32 -} - -type tokenBucketRateLimiter struct { - limiter *rate.Limiter - clock Clock - qps float32 -} - -// NewTokenBucketRateLimiter creates a rate limiter which implements a token bucket approach. -// The rate limiter allows bursts of up to 'burst' to exceed the QPS, while still maintaining a -// smoothed qps rate of 'qps'. -// The bucket is initially filled with 'burst' tokens, and refills at a rate of 'qps'. -// The maximum number of tokens in the bucket is capped at 'burst'. -func NewTokenBucketRateLimiter(qps float32, burst int) RateLimiter { - limiter := rate.NewLimiter(rate.Limit(qps), burst) - return newTokenBucketRateLimiter(limiter, realClock{}, qps) -} - -// An injectable, mockable clock interface. -type Clock interface { - Now() time.Time - Sleep(time.Duration) -} - -type realClock struct{} - -func (realClock) Now() time.Time { - return time.Now() -} -func (realClock) Sleep(d time.Duration) { - time.Sleep(d) -} - -// NewTokenBucketRateLimiterWithClock is identical to NewTokenBucketRateLimiter -// but allows an injectable clock, for testing. -func NewTokenBucketRateLimiterWithClock(qps float32, burst int, c Clock) RateLimiter { - limiter := rate.NewLimiter(rate.Limit(qps), burst) - return newTokenBucketRateLimiter(limiter, c, qps) -} - -func newTokenBucketRateLimiter(limiter *rate.Limiter, c Clock, qps float32) RateLimiter { - return &tokenBucketRateLimiter{ - limiter: limiter, - clock: c, - qps: qps, - } -} - -func (t *tokenBucketRateLimiter) TryAccept() bool { - return t.limiter.AllowN(t.clock.Now(), 1) -} - -// Accept will block until a token becomes available -func (t *tokenBucketRateLimiter) Accept() { - now := t.clock.Now() - t.clock.Sleep(t.limiter.ReserveN(now, 1).DelayFrom(now)) -} - -func (t *tokenBucketRateLimiter) Stop() { -} - -func (t *tokenBucketRateLimiter) QPS() float32 { - return t.qps -} - -type fakeAlwaysRateLimiter struct{} - -func NewFakeAlwaysRateLimiter() RateLimiter { - return &fakeAlwaysRateLimiter{} -} - -func (t *fakeAlwaysRateLimiter) TryAccept() bool { - return true -} - -func (t *fakeAlwaysRateLimiter) Stop() {} - -func (t *fakeAlwaysRateLimiter) Accept() {} - -func (t *fakeAlwaysRateLimiter) QPS() float32 { - return 1 -} - -type fakeNeverRateLimiter struct { - wg sync.WaitGroup -} - -func NewFakeNeverRateLimiter() RateLimiter { - rl := fakeNeverRateLimiter{} - rl.wg.Add(1) - return &rl -} - -func (t *fakeNeverRateLimiter) TryAccept() bool { - return false -} - -func (t *fakeNeverRateLimiter) Stop() { - t.wg.Done() -} - -func (t *fakeNeverRateLimiter) Accept() { - t.wg.Wait() -} - -func (t *fakeNeverRateLimiter) QPS() float32 { - return 1 -} diff --git a/vendor/k8s.io/client-go/util/keyutil/OWNERS b/vendor/k8s.io/client-go/util/keyutil/OWNERS deleted file mode 100644 index 470b7a1c9..000000000 --- a/vendor/k8s.io/client-go/util/keyutil/OWNERS +++ /dev/null @@ -1,7 +0,0 @@ -approvers: -- sig-auth-certificates-approvers -reviewers: -- sig-auth-certificates-reviewers -labels: -- sig/auth - diff --git a/vendor/k8s.io/client-go/util/keyutil/key.go b/vendor/k8s.io/client-go/util/keyutil/key.go deleted file mode 100644 index 83c2c6254..000000000 --- a/vendor/k8s.io/client-go/util/keyutil/key.go +++ /dev/null @@ -1,323 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package keyutil contains utilities for managing public/private key pairs. -package keyutil - -import ( - "crypto" - "crypto/ecdsa" - "crypto/elliptic" - cryptorand "crypto/rand" - "crypto/rsa" - "crypto/x509" - "encoding/pem" - "fmt" - "io/ioutil" - "os" - "path/filepath" -) - -const ( - // ECPrivateKeyBlockType is a possible value for pem.Block.Type. - ECPrivateKeyBlockType = "EC PRIVATE KEY" - // RSAPrivateKeyBlockType is a possible value for pem.Block.Type. - RSAPrivateKeyBlockType = "RSA PRIVATE KEY" - // PrivateKeyBlockType is a possible value for pem.Block.Type. - PrivateKeyBlockType = "PRIVATE KEY" - // PublicKeyBlockType is a possible value for pem.Block.Type. - PublicKeyBlockType = "PUBLIC KEY" -) - -// MakeEllipticPrivateKeyPEM creates an ECDSA private key -func MakeEllipticPrivateKeyPEM() ([]byte, error) { - privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader) - if err != nil { - return nil, err - } - - derBytes, err := x509.MarshalECPrivateKey(privateKey) - if err != nil { - return nil, err - } - - privateKeyPemBlock := &pem.Block{ - Type: ECPrivateKeyBlockType, - Bytes: derBytes, - } - return pem.EncodeToMemory(privateKeyPemBlock), nil -} - -// WriteKey writes the pem-encoded key data to keyPath. -// The key file will be created with file mode 0600. -// If the key file already exists, it will be overwritten. -// The parent directory of the keyPath will be created as needed with file mode 0755. -func WriteKey(keyPath string, data []byte) error { - if err := os.MkdirAll(filepath.Dir(keyPath), os.FileMode(0755)); err != nil { - return err - } - return ioutil.WriteFile(keyPath, data, os.FileMode(0600)) -} - -// LoadOrGenerateKeyFile looks for a key in the file at the given path. If it -// can't find one, it will generate a new key and store it there. -func LoadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error) { - loadedData, err := ioutil.ReadFile(keyPath) - // Call verifyKeyData to ensure the file wasn't empty/corrupt. - if err == nil && verifyKeyData(loadedData) { - return loadedData, false, err - } - if !os.IsNotExist(err) { - return nil, false, fmt.Errorf("error loading key from %s: %v", keyPath, err) - } - - generatedData, err := MakeEllipticPrivateKeyPEM() - if err != nil { - return nil, false, fmt.Errorf("error generating key: %v", err) - } - if err := WriteKey(keyPath, generatedData); err != nil { - return nil, false, fmt.Errorf("error writing key to %s: %v", keyPath, err) - } - return generatedData, true, nil -} - -// MarshalPrivateKeyToPEM converts a known private key type of RSA or ECDSA to -// a PEM encoded block or returns an error. -func MarshalPrivateKeyToPEM(privateKey crypto.PrivateKey) ([]byte, error) { - switch t := privateKey.(type) { - case *ecdsa.PrivateKey: - derBytes, err := x509.MarshalECPrivateKey(t) - if err != nil { - return nil, err - } - block := &pem.Block{ - Type: ECPrivateKeyBlockType, - Bytes: derBytes, - } - return pem.EncodeToMemory(block), nil - case *rsa.PrivateKey: - block := &pem.Block{ - Type: RSAPrivateKeyBlockType, - Bytes: x509.MarshalPKCS1PrivateKey(t), - } - return pem.EncodeToMemory(block), nil - default: - return nil, fmt.Errorf("private key is not a recognized type: %T", privateKey) - } -} - -// PrivateKeyFromFile returns the private key in rsa.PrivateKey or ecdsa.PrivateKey format from a given PEM-encoded file. -// Returns an error if the file could not be read or if the private key could not be parsed. -func PrivateKeyFromFile(file string) (interface{}, error) { - data, err := ioutil.ReadFile(file) - if err != nil { - return nil, err - } - key, err := ParsePrivateKeyPEM(data) - if err != nil { - return nil, fmt.Errorf("error reading private key file %s: %v", file, err) - } - return key, nil -} - -// PublicKeysFromFile returns the public keys in rsa.PublicKey or ecdsa.PublicKey format from a given PEM-encoded file. -// Reads public keys from both public and private key files. -func PublicKeysFromFile(file string) ([]interface{}, error) { - data, err := ioutil.ReadFile(file) - if err != nil { - return nil, err - } - keys, err := ParsePublicKeysPEM(data) - if err != nil { - return nil, fmt.Errorf("error reading public key file %s: %v", file, err) - } - return keys, nil -} - -// verifyKeyData returns true if the provided data appears to be a valid private key. -func verifyKeyData(data []byte) bool { - if len(data) == 0 { - return false - } - _, err := ParsePrivateKeyPEM(data) - return err == nil -} - -// ParsePrivateKeyPEM returns a private key parsed from a PEM block in the supplied data. -// Recognizes PEM blocks for "EC PRIVATE KEY", "RSA PRIVATE KEY", or "PRIVATE KEY" -func ParsePrivateKeyPEM(keyData []byte) (interface{}, error) { - var privateKeyPemBlock *pem.Block - for { - privateKeyPemBlock, keyData = pem.Decode(keyData) - if privateKeyPemBlock == nil { - break - } - - switch privateKeyPemBlock.Type { - case ECPrivateKeyBlockType: - // ECDSA Private Key in ASN.1 format - if key, err := x509.ParseECPrivateKey(privateKeyPemBlock.Bytes); err == nil { - return key, nil - } - case RSAPrivateKeyBlockType: - // RSA Private Key in PKCS#1 format - if key, err := x509.ParsePKCS1PrivateKey(privateKeyPemBlock.Bytes); err == nil { - return key, nil - } - case PrivateKeyBlockType: - // RSA or ECDSA Private Key in unencrypted PKCS#8 format - if key, err := x509.ParsePKCS8PrivateKey(privateKeyPemBlock.Bytes); err == nil { - return key, nil - } - } - - // tolerate non-key PEM blocks for compatibility with things like "EC PARAMETERS" blocks - // originally, only the first PEM block was parsed and expected to be a key block - } - - // we read all the PEM blocks and didn't recognize one - return nil, fmt.Errorf("data does not contain a valid RSA or ECDSA private key") -} - -// ParsePublicKeysPEM is a helper function for reading an array of rsa.PublicKey or ecdsa.PublicKey from a PEM-encoded byte array. -// Reads public keys from both public and private key files. -func ParsePublicKeysPEM(keyData []byte) ([]interface{}, error) { - var block *pem.Block - keys := []interface{}{} - for { - // read the next block - block, keyData = pem.Decode(keyData) - if block == nil { - break - } - - // test block against parsing functions - if privateKey, err := parseRSAPrivateKey(block.Bytes); err == nil { - keys = append(keys, &privateKey.PublicKey) - continue - } - if publicKey, err := parseRSAPublicKey(block.Bytes); err == nil { - keys = append(keys, publicKey) - continue - } - if privateKey, err := parseECPrivateKey(block.Bytes); err == nil { - keys = append(keys, &privateKey.PublicKey) - continue - } - if publicKey, err := parseECPublicKey(block.Bytes); err == nil { - keys = append(keys, publicKey) - continue - } - - // tolerate non-key PEM blocks for backwards compatibility - // originally, only the first PEM block was parsed and expected to be a key block - } - - if len(keys) == 0 { - return nil, fmt.Errorf("data does not contain any valid RSA or ECDSA public keys") - } - return keys, nil -} - -// parseRSAPublicKey parses a single RSA public key from the provided data -func parseRSAPublicKey(data []byte) (*rsa.PublicKey, error) { - var err error - - // Parse the key - var parsedKey interface{} - if parsedKey, err = x509.ParsePKIXPublicKey(data); err != nil { - if cert, err := x509.ParseCertificate(data); err == nil { - parsedKey = cert.PublicKey - } else { - return nil, err - } - } - - // Test if parsed key is an RSA Public Key - var pubKey *rsa.PublicKey - var ok bool - if pubKey, ok = parsedKey.(*rsa.PublicKey); !ok { - return nil, fmt.Errorf("data doesn't contain valid RSA Public Key") - } - - return pubKey, nil -} - -// parseRSAPrivateKey parses a single RSA private key from the provided data -func parseRSAPrivateKey(data []byte) (*rsa.PrivateKey, error) { - var err error - - // Parse the key - var parsedKey interface{} - if parsedKey, err = x509.ParsePKCS1PrivateKey(data); err != nil { - if parsedKey, err = x509.ParsePKCS8PrivateKey(data); err != nil { - return nil, err - } - } - - // Test if parsed key is an RSA Private Key - var privKey *rsa.PrivateKey - var ok bool - if privKey, ok = parsedKey.(*rsa.PrivateKey); !ok { - return nil, fmt.Errorf("data doesn't contain valid RSA Private Key") - } - - return privKey, nil -} - -// parseECPublicKey parses a single ECDSA public key from the provided data -func parseECPublicKey(data []byte) (*ecdsa.PublicKey, error) { - var err error - - // Parse the key - var parsedKey interface{} - if parsedKey, err = x509.ParsePKIXPublicKey(data); err != nil { - if cert, err := x509.ParseCertificate(data); err == nil { - parsedKey = cert.PublicKey - } else { - return nil, err - } - } - - // Test if parsed key is an ECDSA Public Key - var pubKey *ecdsa.PublicKey - var ok bool - if pubKey, ok = parsedKey.(*ecdsa.PublicKey); !ok { - return nil, fmt.Errorf("data doesn't contain valid ECDSA Public Key") - } - - return pubKey, nil -} - -// parseECPrivateKey parses a single ECDSA private key from the provided data -func parseECPrivateKey(data []byte) (*ecdsa.PrivateKey, error) { - var err error - - // Parse the key - var parsedKey interface{} - if parsedKey, err = x509.ParseECPrivateKey(data); err != nil { - return nil, err - } - - // Test if parsed key is an ECDSA Private Key - var privKey *ecdsa.PrivateKey - var ok bool - if privKey, ok = parsedKey.(*ecdsa.PrivateKey); !ok { - return nil, fmt.Errorf("data doesn't contain valid ECDSA Private Key") - } - - return privKey, nil -} |