Fresh dep ensure

2025-06-14 18:53:35 +00:00 · 2018-11-26 13:23:56 -05:00
parent 93cb8a04d7
commit 407478ab9a
9016 changed files with 551394 additions and 279685 deletions
--- a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/BUILD
@ -16,22 +16,24 @@ go_library(
        "//build/visible_to:pkg_kubectl_cmd_auth_CONSUMERS",
    ],
    deps = [
-        "//pkg/apis/authorization:go_default_library",
-        "//pkg/client/clientset_generated/internalclientset/typed/authorization/internalversion:go_default_library",
-        "//pkg/kubectl/cmd/templates:go_default_library",
        "//pkg/kubectl/cmd/util:go_default_library",
-        "//pkg/kubectl/genericclioptions:go_default_library",
-        "//pkg/kubectl/genericclioptions/printers:go_default_library",
-        "//pkg/kubectl/genericclioptions/resource:go_default_library",
        "//pkg/kubectl/scheme:go_default_library",
+        "//pkg/kubectl/util/templates:go_default_library",
        "//pkg/registry/rbac/reconciliation:go_default_library",
-        "//vendor/github.com/golang/glog:go_default_library",
+        "//staging/src/k8s.io/api/authorization/v1:go_default_library",
+        "//staging/src/k8s.io/api/rbac/v1:go_default_library",
+        "//staging/src/k8s.io/api/rbac/v1alpha1:go_default_library",
+        "//staging/src/k8s.io/api/rbac/v1beta1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/api/meta:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//staging/src/k8s.io/cli-runtime/pkg/genericclioptions:go_default_library",
+        "//staging/src/k8s.io/cli-runtime/pkg/genericclioptions/printers:go_default_library",
+        "//staging/src/k8s.io/cli-runtime/pkg/genericclioptions/resource:go_default_library",
+        "//staging/src/k8s.io/client-go/kubernetes/typed/authorization/v1:go_default_library",
+        "//staging/src/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",
+        "//staging/src/k8s.io/client-go/kubernetes/typed/rbac/v1:go_default_library",
        "//vendor/github.com/spf13/cobra:go_default_library",
-        "//vendor/k8s.io/api/rbac/v1:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/api/meta:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
-        "//vendor/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",
-        "//vendor/k8s.io/client-go/kubernetes/typed/rbac/v1:go_default_library",
+        "//vendor/k8s.io/klog:go_default_library",
    ],
 )

@ -55,10 +57,10 @@ go_test(
    srcs = ["cani_test.go"],
    embed = [":go_default_library"],
    deps = [
-        "//pkg/api/legacyscheme:go_default_library",
        "//pkg/kubectl/cmd/testing:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
-        "//vendor/k8s.io/client-go/rest:go_default_library",
-        "//vendor/k8s.io/client-go/rest/fake:go_default_library",
+        "//pkg/kubectl/scheme:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//staging/src/k8s.io/client-go/rest:go_default_library",
+        "//staging/src/k8s.io/client-go/rest/fake:go_default_library",
    ],
 )
--- a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/OWNERS
+++ b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/OWNERS
@ -0,0 +1,7 @@
+approvers:
+- sig-auth-authorizers-approvers
+reviewers:
+- sig-auth-authorizers-reviewers
+labels:
+- sig/auth
+
--- a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/auth.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/auth.go
@ -18,7 +18,7 @@ package auth

 import (
 	"github.com/spf13/cobra"
-	"k8s.io/kubernetes/pkg/kubectl/genericclioptions"
+	"k8s.io/cli-runtime/pkg/genericclioptions"

 	cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
 )
--- a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/cani.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/cani.go
@ -24,14 +24,14 @@ import (
 	"strings"

 	"github.com/spf13/cobra"
-	"k8s.io/kubernetes/pkg/kubectl/genericclioptions"

+	authorizationv1 "k8s.io/api/authorization/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	authorizationapi "k8s.io/kubernetes/pkg/apis/authorization"
-	internalauthorizationclient "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/authorization/internalversion"
-	"k8s.io/kubernetes/pkg/kubectl/cmd/templates"
+	"k8s.io/cli-runtime/pkg/genericclioptions"
+	authorizationv1client "k8s.io/client-go/kubernetes/typed/authorization/v1"
 	cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
+	"k8s.io/kubernetes/pkg/kubectl/util/templates"
 )

 // CanIOptions is the start of the data required to perform the operation.  As new fields are added, add them here instead of
@ -40,7 +40,7 @@ type CanIOptions struct {
 	AllNamespaces bool
 	Quiet         bool
 	Namespace     string
-	SelfSARClient internalauthorizationclient.SelfSubjectAccessReviewsGetter
+	SelfSARClient authorizationv1client.SelfSubjectAccessReviewsGetter

 	Verb           string
 	Resource       schema.GroupVersionResource
@ -86,11 +86,11 @@ func NewCmdCanI(f cmdutil.Factory, streams genericclioptions.IOStreams) *cobra.C
 	}

 	cmd := &cobra.Command{
-		Use: "can-i VERB [TYPE | TYPE/NAME | NONRESOURCEURL]",
+		Use:                   "can-i VERB [TYPE | TYPE/NAME | NONRESOURCEURL]",
 		DisableFlagsInUseLine: true,
-		Short:   "Check whether an action is allowed",
-		Long:    canILong,
-		Example: canIExample,
+		Short:                 "Check whether an action is allowed",
+		Long:                  canILong,
+		Example:               canIExample,
 		Run: func(cmd *cobra.Command, args []string) {
 			cmdutil.CheckErr(o.Complete(f, args))
 			cmdutil.CheckErr(o.Validate())
@ -138,11 +138,11 @@ func (o *CanIOptions) Complete(f cmdutil.Factory, args []string) error {
 	}

 	var err error
-	client, err := f.ClientSet()
+	client, err := f.KubernetesClientSet()
 	if err != nil {
 		return err
 	}
-	o.SelfSARClient = client.Authorization()
+	o.SelfSARClient = client.AuthorizationV1()

 	o.Namespace = ""
 	if !o.AllNamespaces {
@ -168,11 +168,11 @@ func (o *CanIOptions) Validate() error {
 }

 func (o *CanIOptions) RunAccessCheck() (bool, error) {
-	var sar *authorizationapi.SelfSubjectAccessReview
+	var sar *authorizationv1.SelfSubjectAccessReview
 	if o.NonResourceURL == "" {
-		sar = &authorizationapi.SelfSubjectAccessReview{
-			Spec: authorizationapi.SelfSubjectAccessReviewSpec{
-				ResourceAttributes: &authorizationapi.ResourceAttributes{
+		sar = &authorizationv1.SelfSubjectAccessReview{
+			Spec: authorizationv1.SelfSubjectAccessReviewSpec{
+				ResourceAttributes: &authorizationv1.ResourceAttributes{
 					Namespace:   o.Namespace,
 					Verb:        o.Verb,
 					Group:       o.Resource.Group,
@ -183,9 +183,9 @@ func (o *CanIOptions) RunAccessCheck() (bool, error) {
 			},
 		}
 	} else {
-		sar = &authorizationapi.SelfSubjectAccessReview{
-			Spec: authorizationapi.SelfSubjectAccessReviewSpec{
-				NonResourceAttributes: &authorizationapi.NonResourceAttributes{
+		sar = &authorizationv1.SelfSubjectAccessReview{
+			Spec: authorizationv1.SelfSubjectAccessReviewSpec{
+				NonResourceAttributes: &authorizationv1.NonResourceAttributes{
 					Verb: o.Verb,
 					Path: o.NonResourceURL,
 				},
--- a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/cani_test.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/cani_test.go
@ -27,8 +27,8 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	restclient "k8s.io/client-go/rest"
 	"k8s.io/client-go/rest/fake"
-	"k8s.io/kubernetes/pkg/api/legacyscheme"
 	cmdtesting "k8s.io/kubernetes/pkg/kubectl/cmd/testing"
+	"k8s.io/kubernetes/pkg/kubectl/scheme"
 )

 func TestRunAccessCheck(t *testing.T) {
@ -124,7 +124,7 @@ func TestRunAccessCheck(t *testing.T) {
 			tf := cmdtesting.NewTestFactory().WithNamespace("test")
 			defer tf.Cleanup()

-			ns := legacyscheme.Codecs
+			ns := scheme.Codecs

 			tf.Client = &fake.RESTClient{
 				GroupVersion:         schema.GroupVersion{Group: "", Version: "v1"},
--- a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/reconcile.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/auth/reconcile.go
@ -18,28 +18,33 @@ package auth

 import (
 	"errors"
+	"fmt"

-	"github.com/golang/glog"
 	"github.com/spf13/cobra"
+	"k8s.io/klog"

 	rbacv1 "k8s.io/api/rbac/v1"
+	rbacv1alpha1 "k8s.io/api/rbac/v1alpha1"
+	rbacv1beta1 "k8s.io/api/rbac/v1beta1"
+	"k8s.io/cli-runtime/pkg/genericclioptions"
+	"k8s.io/cli-runtime/pkg/genericclioptions/printers"
+	"k8s.io/cli-runtime/pkg/genericclioptions/resource"
 	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
 	rbacv1client "k8s.io/client-go/kubernetes/typed/rbac/v1"
-	"k8s.io/kubernetes/pkg/kubectl/cmd/templates"
 	cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
-	"k8s.io/kubernetes/pkg/kubectl/genericclioptions"
-	"k8s.io/kubernetes/pkg/kubectl/genericclioptions/printers"
-	"k8s.io/kubernetes/pkg/kubectl/genericclioptions/resource"
 	"k8s.io/kubernetes/pkg/kubectl/scheme"
+	"k8s.io/kubernetes/pkg/kubectl/util/templates"
 	"k8s.io/kubernetes/pkg/registry/rbac/reconciliation"
 )

 // ReconcileOptions is the start of the data required to perform the operation.  As new fields are added, add them here instead of
 // referencing the cmd.Flags()
 type ReconcileOptions struct {
-	PrintFlags      *genericclioptions.PrintFlags
-	FilenameOptions *resource.FilenameOptions
-	DryRun          bool
+	PrintFlags             *genericclioptions.PrintFlags
+	FilenameOptions        *resource.FilenameOptions
+	DryRun                 bool
+	RemoveExtraPermissions bool
+	RemoveExtraSubjects    bool

 	Visitor         resource.Visitor
 	RBACClient      rbacv1client.RbacV1Interface
@ -73,11 +78,11 @@ func NewCmdReconcile(f cmdutil.Factory, streams genericclioptions.IOStreams) *co
 	o := NewReconcileOptions(streams)

 	cmd := &cobra.Command{
-		Use: "reconcile -f FILENAME",
+		Use:                   "reconcile -f FILENAME",
 		DisableFlagsInUseLine: true,
-		Short:   "Reconciles rules for RBAC Role, RoleBinding, ClusterRole, and ClusterRole binding objects",
-		Long:    reconcileLong,
-		Example: reconcileExample,
+		Short:                 "Reconciles rules for RBAC Role, RoleBinding, ClusterRole, and ClusterRole binding objects",
+		Long:                  reconcileLong,
+		Example:               reconcileExample,
 		Run: func(cmd *cobra.Command, args []string) {
 			cmdutil.CheckErr(o.Complete(cmd, f, args))
 			cmdutil.CheckErr(o.Validate())
@ -89,6 +94,8 @@ func NewCmdReconcile(f cmdutil.Factory, streams genericclioptions.IOStreams) *co

 	cmdutil.AddFilenameOptionFlags(cmd, o.FilenameOptions, "identifying the resource to reconcile.")
 	cmd.Flags().BoolVar(&o.DryRun, "dry-run", o.DryRun, "If true, display results but do not submit changes")
+	cmd.Flags().BoolVar(&o.RemoveExtraPermissions, "remove-extra-permissions", o.RemoveExtraPermissions, "If true, removes extra permissions added to roles")
+	cmd.Flags().BoolVar(&o.RemoveExtraSubjects, "remove-extra-subjects", o.RemoveExtraSubjects, "If true, removes extra subjects added to rolebindings")
 	cmd.MarkFlagRequired("filename")

 	return cmd
@ -174,8 +181,8 @@ func (o *ReconcileOptions) RunReconcile() error {
 		case *rbacv1.Role:
 			reconcileOptions := reconciliation.ReconcileRoleOptions{
 				Confirm:                !o.DryRun,
-				RemoveExtraPermissions: false,
-				Role: reconciliation.RoleRuleOwner{Role: t},
+				RemoveExtraPermissions: o.RemoveExtraPermissions,
+				Role:                   reconciliation.RoleRuleOwner{Role: t},
 				Client: reconciliation.RoleModifier{
 					NamespaceClient: o.NamespaceClient.Namespaces(),
 					Client:          o.RBACClient,
@ -190,8 +197,8 @@ func (o *ReconcileOptions) RunReconcile() error {
 		case *rbacv1.ClusterRole:
 			reconcileOptions := reconciliation.ReconcileRoleOptions{
 				Confirm:                !o.DryRun,
-				RemoveExtraPermissions: false,
-				Role: reconciliation.ClusterRoleRuleOwner{ClusterRole: t},
+				RemoveExtraPermissions: o.RemoveExtraPermissions,
+				Role:                   reconciliation.ClusterRoleRuleOwner{ClusterRole: t},
 				Client: reconciliation.ClusterRoleModifier{
 					Client: o.RBACClient.ClusterRoles(),
 				},
@ -205,7 +212,7 @@ func (o *ReconcileOptions) RunReconcile() error {
 		case *rbacv1.RoleBinding:
 			reconcileOptions := reconciliation.ReconcileRoleBindingOptions{
 				Confirm:             !o.DryRun,
-				RemoveExtraSubjects: false,
+				RemoveExtraSubjects: o.RemoveExtraSubjects,
 				RoleBinding:         reconciliation.RoleBindingAdapter{RoleBinding: t},
 				Client: reconciliation.RoleBindingClientAdapter{
 					Client:          o.RBACClient,
@ -221,7 +228,7 @@ func (o *ReconcileOptions) RunReconcile() error {
 		case *rbacv1.ClusterRoleBinding:
 			reconcileOptions := reconciliation.ReconcileRoleBindingOptions{
 				Confirm:             !o.DryRun,
-				RemoveExtraSubjects: false,
+				RemoveExtraSubjects: o.RemoveExtraSubjects,
 				RoleBinding:         reconciliation.ClusterRoleBindingAdapter{ClusterRoleBinding: t},
 				Client: reconciliation.ClusterRoleBindingClientAdapter{
 					Client: o.RBACClient.ClusterRoleBindings(),
@ -233,8 +240,18 @@ func (o *ReconcileOptions) RunReconcile() error {
 			}
 			o.PrintObject(result.RoleBinding.GetObject(), o.Out)

+		case *rbacv1beta1.Role,
+			*rbacv1beta1.RoleBinding,
+			*rbacv1beta1.ClusterRole,
+			*rbacv1beta1.ClusterRoleBinding,
+			*rbacv1alpha1.Role,
+			*rbacv1alpha1.RoleBinding,
+			*rbacv1alpha1.ClusterRole,
+			*rbacv1alpha1.ClusterRoleBinding:
+			return fmt.Errorf("only rbac.authorization.k8s.io/v1 is supported: not %T", t)
+
 		default:
-			glog.V(1).Infof("skipping %#v", info.Object.GetObjectKind())
+			klog.V(1).Infof("skipping %#v", info.Object.GetObjectKind())
 			// skip ignored resources
 		}