vendor dependencies

2026-04-07 10:17:51 +00:00 · 2019-04-24 11:06:03 +02:00 · 2019-04-24 11:06:03 +02:00 · 72abf135d6
commit 72abf135d6
parent 604208ef4f
1156 changed files with 78178 additions and 105799 deletions
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/doc.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/doc.go
@ -17,7 +17,7 @@ limitations under the License.
 // +k8s:deepcopy-gen=package
 // +k8s:conversion-gen=k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission
 // +k8s:defaulter-gen=TypeMeta
+// +groupName=apiserver.config.k8s.io

 // Package v1alpha1 is the v1alpha1 version of the API.
-// +groupName=apiserver.config.k8s.io
 package v1alpha1
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.conversion.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1/zz_generated.conversion.go
@ -32,11 +32,18 @@ func init() {

 // RegisterConversions adds conversion functions to the given scheme.
 // Public to allow building arbitrary schemes.
-func RegisterConversions(scheme *runtime.Scheme) error {
-	return scheme.AddGeneratedConversionFuncs(
-		Convert_v1alpha1_WebhookAdmission_To_webhookadmission_WebhookAdmission,
-		Convert_webhookadmission_WebhookAdmission_To_v1alpha1_WebhookAdmission,
-	)
+func RegisterConversions(s *runtime.Scheme) error {
+	if err := s.AddGeneratedConversionFunc((*WebhookAdmission)(nil), (*webhookadmission.WebhookAdmission)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha1_WebhookAdmission_To_webhookadmission_WebhookAdmission(a.(*WebhookAdmission), b.(*webhookadmission.WebhookAdmission), scope)
+	}); err != nil {
+		return err
+	}
+	if err := s.AddGeneratedConversionFunc((*webhookadmission.WebhookAdmission)(nil), (*WebhookAdmission)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_webhookadmission_WebhookAdmission_To_v1alpha1_WebhookAdmission(a.(*webhookadmission.WebhookAdmission), b.(*WebhookAdmission), scope)
+	}); err != nil {
+		return err
+	}
+	return nil
 }

 func autoConvert_v1alpha1_WebhookAdmission_To_webhookadmission_WebhookAdmission(in *WebhookAdmission, out *webhookadmission.WebhookAdmission, s conversion.Scope) error {
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/authentication.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/authentication.go
@ -1,175 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package config
-
-import (
-	"fmt"
-	"io/ioutil"
-	"strings"
-	"time"
-
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
-	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
-)
-
-// AuthenticationInfoResolverWrapper can be used to inject Dial function to the
-// rest.Config generated by the resolver.
-type AuthenticationInfoResolverWrapper func(AuthenticationInfoResolver) AuthenticationInfoResolver
-
-// AuthenticationInfoResolver builds rest.Config base on the server or service
-// name and service namespace.
-type AuthenticationInfoResolver interface {
-	// ClientConfigFor builds rest.Config based on the server.
-	ClientConfigFor(server string) (*rest.Config, error)
-	// ClientConfigForService builds rest.Config based on the serviceName and
-	// serviceNamespace.
-	ClientConfigForService(serviceName, serviceNamespace string) (*rest.Config, error)
-}
-
-// AuthenticationInfoResolverDelegator implements AuthenticationInfoResolver.
-type AuthenticationInfoResolverDelegator struct {
-	ClientConfigForFunc        func(server string) (*rest.Config, error)
-	ClientConfigForServiceFunc func(serviceName, serviceNamespace string) (*rest.Config, error)
-}
-
-func (a *AuthenticationInfoResolverDelegator) ClientConfigFor(server string) (*rest.Config, error) {
-	return a.ClientConfigForFunc(server)
-}
-
-func (a *AuthenticationInfoResolverDelegator) ClientConfigForService(serviceName, serviceNamespace string) (*rest.Config, error) {
-	return a.ClientConfigForServiceFunc(serviceName, serviceNamespace)
-}
-
-type defaultAuthenticationInfoResolver struct {
-	kubeconfig clientcmdapi.Config
-}
-
-// NewDefaultAuthenticationInfoResolver generates an AuthenticationInfoResolver
-// that builds rest.Config based on the kubeconfig file. kubeconfigFile is the
-// path to the kubeconfig.
-func NewDefaultAuthenticationInfoResolver(kubeconfigFile string) (AuthenticationInfoResolver, error) {
-	if len(kubeconfigFile) == 0 {
-		return &defaultAuthenticationInfoResolver{}, nil
-	}
-
-	loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
-	loadingRules.ExplicitPath = kubeconfigFile
-	loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{})
-	clientConfig, err := loader.RawConfig()
-	if err != nil {
-		return nil, err
-	}
-
-	return &defaultAuthenticationInfoResolver{kubeconfig: clientConfig}, nil
-}
-
-func (c *defaultAuthenticationInfoResolver) ClientConfigFor(server string) (*rest.Config, error) {
-	return c.clientConfig(server)
-}
-
-func (c *defaultAuthenticationInfoResolver) ClientConfigForService(serviceName, serviceNamespace string) (*rest.Config, error) {
-	return c.clientConfig(serviceName + "." + serviceNamespace + ".svc")
-}
-
-func (c *defaultAuthenticationInfoResolver) clientConfig(target string) (*rest.Config, error) {
-	// exact match
-	if authConfig, ok := c.kubeconfig.AuthInfos[target]; ok {
-		return restConfigFromKubeconfig(authConfig)
-	}
-
-	// star prefixed match
-	serverSteps := strings.Split(target, ".")
-	for i := 1; i < len(serverSteps); i++ {
-		nickName := "*." + strings.Join(serverSteps[i:], ".")
-		if authConfig, ok := c.kubeconfig.AuthInfos[nickName]; ok {
-			return restConfigFromKubeconfig(authConfig)
-		}
-	}
-
-	// if we're trying to hit the kube-apiserver and there wasn't an explicit config, use the in-cluster config
-	if target == "kubernetes.default.svc" {
-		// if we can find an in-cluster-config use that.  If we can't, fall through.
-		inClusterConfig, err := rest.InClusterConfig()
-		if err == nil {
-			return setGlobalDefaults(inClusterConfig), nil
-		}
-	}
-
-	// star (default) match
-	if authConfig, ok := c.kubeconfig.AuthInfos["*"]; ok {
-		return restConfigFromKubeconfig(authConfig)
-	}
-
-	// use the current context from the kubeconfig if possible
-	if len(c.kubeconfig.CurrentContext) > 0 {
-		if currContext, ok := c.kubeconfig.Contexts[c.kubeconfig.CurrentContext]; ok {
-			if len(currContext.AuthInfo) > 0 {
-				if currAuth, ok := c.kubeconfig.AuthInfos[currContext.AuthInfo]; ok {
-					return restConfigFromKubeconfig(currAuth)
-				}
-			}
-		}
-	}
-
-	// anonymous
-	return setGlobalDefaults(&rest.Config{}), nil
-}
-
-func restConfigFromKubeconfig(configAuthInfo *clientcmdapi.AuthInfo) (*rest.Config, error) {
-	config := &rest.Config{}
-
-	// blindly overwrite existing values based on precedence
-	if len(configAuthInfo.Token) > 0 {
-		config.BearerToken = configAuthInfo.Token
-	} else if len(configAuthInfo.TokenFile) > 0 {
-		tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile)
-		if err != nil {
-			return nil, err
-		}
-		config.BearerToken = string(tokenBytes)
-	}
-	if len(configAuthInfo.Impersonate) > 0 {
-		config.Impersonate = rest.ImpersonationConfig{
-			UserName: configAuthInfo.Impersonate,
-			Groups:   configAuthInfo.ImpersonateGroups,
-			Extra:    configAuthInfo.ImpersonateUserExtra,
-		}
-	}
-	if len(configAuthInfo.ClientCertificate) > 0 || len(configAuthInfo.ClientCertificateData) > 0 {
-		config.CertFile = configAuthInfo.ClientCertificate
-		config.CertData = configAuthInfo.ClientCertificateData
-		config.KeyFile = configAuthInfo.ClientKey
-		config.KeyData = configAuthInfo.ClientKeyData
-	}
-	if len(configAuthInfo.Username) > 0 || len(configAuthInfo.Password) > 0 {
-		config.Username = configAuthInfo.Username
-		config.Password = configAuthInfo.Password
-	}
-	if configAuthInfo.AuthProvider != nil {
-		return nil, fmt.Errorf("auth provider not supported")
-	}
-
-	return setGlobalDefaults(config), nil
-}
-
-func setGlobalDefaults(config *rest.Config) *rest.Config {
-	config.UserAgent = "kube-apiserver-admission"
-	config.Timeout = 30 * time.Second
-
-	return config
-}
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/client.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/client.go
@ -1,187 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package config
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net"
-	"net/url"
-
-	lru "github.com/hashicorp/golang-lru"
-	admissionv1beta1 "k8s.io/api/admission/v1beta1"
-	"k8s.io/api/admissionregistration/v1beta1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
-	utilerrors "k8s.io/apimachinery/pkg/util/errors"
-	webhookerrors "k8s.io/apiserver/pkg/admission/plugin/webhook/errors"
-	"k8s.io/client-go/rest"
-)
-
-const (
-	defaultCacheSize = 200
-)
-
-var (
-	ErrNeedServiceOrURL = errors.New("webhook configuration must have either service or URL")
-)
-
-// ClientManager builds REST clients to talk to webhooks. It caches the clients
-// to avoid duplicate creation.
-type ClientManager struct {
-	authInfoResolver     AuthenticationInfoResolver
-	serviceResolver      ServiceResolver
-	negotiatedSerializer runtime.NegotiatedSerializer
-	cache                *lru.Cache
-}
-
-// NewClientManager creates a clientManager.
-func NewClientManager() (ClientManager, error) {
-	cache, err := lru.New(defaultCacheSize)
-	if err != nil {
-		return ClientManager{}, err
-	}
-	admissionScheme := runtime.NewScheme()
-	admissionv1beta1.AddToScheme(admissionScheme)
-	return ClientManager{
-		cache: cache,
-		negotiatedSerializer: serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{
-			Serializer: serializer.NewCodecFactory(admissionScheme).LegacyCodec(admissionv1beta1.SchemeGroupVersion),
-		}),
-	}, nil
-}
-
-// SetAuthenticationInfoResolverWrapper sets the
-// AuthenticationInfoResolverWrapper.
-func (cm *ClientManager) SetAuthenticationInfoResolverWrapper(wrapper AuthenticationInfoResolverWrapper) {
-	if wrapper != nil {
-		cm.authInfoResolver = wrapper(cm.authInfoResolver)
-	}
-}
-
-// SetAuthenticationInfoResolver sets the AuthenticationInfoResolver.
-func (cm *ClientManager) SetAuthenticationInfoResolver(resolver AuthenticationInfoResolver) {
-	cm.authInfoResolver = resolver
-}
-
-// SetServiceResolver sets the ServiceResolver.
-func (cm *ClientManager) SetServiceResolver(sr ServiceResolver) {
-	if sr != nil {
-		cm.serviceResolver = sr
-	}
-}
-
-// Validate checks if ClientManager is properly set up.
-func (cm *ClientManager) Validate() error {
-	var errs []error
-	if cm.negotiatedSerializer == nil {
-		errs = append(errs, fmt.Errorf("the clientManager requires a negotiatedSerializer"))
-	}
-	if cm.serviceResolver == nil {
-		errs = append(errs, fmt.Errorf("the clientManager requires a serviceResolver"))
-	}
-	if cm.authInfoResolver == nil {
-		errs = append(errs, fmt.Errorf("the clientManager requires an authInfoResolver"))
-	}
-	return utilerrors.NewAggregate(errs)
-}
-
-// HookClient get a RESTClient from the cache, or constructs one based on the
-// webhook configuration.
-func (cm *ClientManager) HookClient(h *v1beta1.Webhook) (*rest.RESTClient, error) {
-	cacheKey, err := json.Marshal(h.ClientConfig)
-	if err != nil {
-		return nil, err
-	}
-	if client, ok := cm.cache.Get(string(cacheKey)); ok {
-		return client.(*rest.RESTClient), nil
-	}
-
-	complete := func(cfg *rest.Config) (*rest.RESTClient, error) {
-		// Combine CAData from the config with any existing CA bundle provided
-		if len(cfg.TLSClientConfig.CAData) > 0 {
-			cfg.TLSClientConfig.CAData = append(cfg.TLSClientConfig.CAData, '\n')
-		}
-		cfg.TLSClientConfig.CAData = append(cfg.TLSClientConfig.CAData, h.ClientConfig.CABundle...)
-
-		cfg.ContentConfig.NegotiatedSerializer = cm.negotiatedSerializer
-		cfg.ContentConfig.ContentType = runtime.ContentTypeJSON
-		client, err := rest.UnversionedRESTClientFor(cfg)
-		if err == nil {
-			cm.cache.Add(string(cacheKey), client)
-		}
-		return client, err
-	}
-
-	if svc := h.ClientConfig.Service; svc != nil {
-		restConfig, err := cm.authInfoResolver.ClientConfigForService(svc.Name, svc.Namespace)
-		if err != nil {
-			return nil, err
-		}
-		cfg := rest.CopyConfig(restConfig)
-		serverName := svc.Name + "." + svc.Namespace + ".svc"
-		host := serverName + ":443"
-		cfg.Host = "https://" + host
-		if svc.Path != nil {
-			cfg.APIPath = *svc.Path
-		}
-		// Set the server name if not already set
-		if len(cfg.TLSClientConfig.ServerName) == 0 {
-			cfg.TLSClientConfig.ServerName = serverName
-		}
-
-		delegateDialer := cfg.Dial
-		if delegateDialer == nil {
-			var d net.Dialer
-			delegateDialer = d.DialContext
-		}
-		cfg.Dial = func(ctx context.Context, network, addr string) (net.Conn, error) {
-			if addr == host {
-				u, err := cm.serviceResolver.ResolveEndpoint(svc.Namespace, svc.Name)
-				if err != nil {
-					return nil, err
-				}
-				addr = u.Host
-			}
-			return delegateDialer(ctx, network, addr)
-		}
-
-		return complete(cfg)
-	}
-
-	if h.ClientConfig.URL == nil {
-		return nil, &webhookerrors.ErrCallingWebhook{WebhookName: h.Name, Reason: ErrNeedServiceOrURL}
-	}
-
-	u, err := url.Parse(*h.ClientConfig.URL)
-	if err != nil {
-		return nil, &webhookerrors.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("Unparsable URL: %v", err)}
-	}
-
-	restConfig, err := cm.authInfoResolver.ClientConfigFor(u.Host)
-	if err != nil {
-		return nil, err
-	}
-
-	cfg := rest.CopyConfig(restConfig)
-	cfg.Host = u.Scheme + "://" + u.Host
-	cfg.APIPath = u.Path
-
-	return complete(cfg)
-}
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/kubeconfig.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/kubeconfig.go
@ -24,6 +24,7 @@ import (

 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission"
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/config/apis/webhookadmission/v1alpha1"
@ -35,8 +36,8 @@ var (
 )

 func init() {
-	webhookadmission.AddToScheme(scheme)
-	v1alpha1.AddToScheme(scheme)
+	utilruntime.Must(webhookadmission.AddToScheme(scheme))
+	utilruntime.Must(v1alpha1.AddToScheme(scheme))
 }

 // LoadConfig extract the KubeConfigFile from configFile
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/serviceresolver.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/config/serviceresolver.go
@ -1,45 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package config
-
-import (
-	"errors"
-	"fmt"
-	"net/url"
-)
-
-// ServiceResolver knows how to convert a service reference into an actual location.
-type ServiceResolver interface {
-	ResolveEndpoint(namespace, name string) (*url.URL, error)
-}
-
-type defaultServiceResolver struct{}
-
-func NewDefaultServiceResolver() ServiceResolver {
-	return &defaultServiceResolver{}
-}
-
-// ResolveEndpoint constructs a service URL from a given namespace and name
-// note that the name and namespace are required and by default all created addresses use HTTPS scheme.
-// for example:
-//  name=ross namespace=andromeda resolves to https://ross.andromeda.svc:443
-func (sr defaultServiceResolver) ResolveEndpoint(namespace, name string) (*url.URL, error) {
-	if len(name) == 0 || len(namespace) == 0 {
-		return nil, errors.New("cannot resolve an empty service name or namespace")
-	}
-	return &url.URL{Scheme: "https", Host: fmt.Sprintf("%s.%s.svc:443", name, namespace)}, nil
-}