kubernetes-sigs/prometheus-adapter
1
0
Fork 1
mirror of https://github.com/kubernetes-sigs/prometheus-adapter.git synced 2026-04-07 10:17:51 +00:00
Code Issues Projects Releases Packages Activity Actions

vendor: revendor

Browse source
This commit is contained in:
Sergiusz Urbaniak 2020-12-14 12:43:28 +01:00
parent 269295a414
commit 9f0440be0f
No known key found for this signature in database
GPG key ID: 44E6612519E13C39
669 changed files with 58447 additions and 20021 deletions
Download patch file Download diff file Expand all files Collapse all files

2
vendor/k8s.io/apiserver/pkg/authentication/request/bearertoken/bearertoken.go generated vendored
View file

@ -39,7 +39,7 @@ func (a *Authenticator) AuthenticateRequest(req *http.Request) (*authenticator.R
if auth == "" {
return nil, false, nil
}
parts := strings.Split(auth, " ")
parts := strings.SplitN(auth, " ", 3)
if len(parts) < 2 || strings.ToLower(parts[0]) != "bearer" {
return nil, false, nil
}

29
vendor/k8s.io/apiserver/pkg/authentication/request/x509/x509.go generated vendored
View file

@ -19,8 +19,10 @@ package x509
import (
"crypto/x509"
"crypto/x509/pkix"
"encoding/hex"
"fmt"
"net/http"
"strings"
"time"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
@ -82,6 +84,27 @@ func (f UserConversionFunc) User(chain []*x509.Certificate) (*authenticator.Resp
return f(chain)
}
func columnSeparatedHex(d []byte) string {
h := strings.ToUpper(hex.EncodeToString(d))
var sb strings.Builder
for i, r := range h {
sb.WriteRune(r)
if i%2 == 1 && i != len(h)-1 {
sb.WriteRune(':')
}
}
return sb.String()
}
func certificateIdentifier(c *x509.Certificate) string {
return fmt.Sprintf(
"SN=%d, SKID=%s, AKID=%s",
c.SerialNumber,
columnSeparatedHex(c.SubjectKeyId),
columnSeparatedHex(c.AuthorityKeyId),
)
}
// VerifyOptionFunc is function which provides a shallow copy of the VerifyOptions to the authenticator. This allows
// for cases where the options (particularly the CAs) can change. If the bool is false, then the returned VerifyOptions
// are ignored and the authenticator will express "no opinion". This allows a clear signal for cases where a CertPool
@ -129,7 +152,11 @@ func (a *Authenticator) AuthenticateRequest(req *http.Request) (*authenticator.R
clientCertificateExpirationHistogram.Observe(remaining.Seconds())
chains, err := req.TLS.PeerCertificates[0].Verify(optsCopy)
if err != nil {
return nil, false, err
return nil, false, fmt.Errorf(
"verifying certificate %s failed: %w",
certificateIdentifier(req.TLS.PeerCertificates[0]),
err,
)
}
var errlist []error