Fresh dep ensure

2025-06-14 02:43:36 +00:00 · 2018-11-26 13:23:56 -05:00
parent 93cb8a04d7
commit 407478ab9a
9016 changed files with 551394 additions and 279685 deletions
--- a/vendor/k8s.io/kubernetes/pkg/registry/authentication/OWNERS
+++ b/vendor/k8s.io/kubernetes/pkg/registry/authentication/OWNERS
@ -1,2 +1,7 @@
+approvers:
+- sig-auth-authenticators-approvers
 reviewers:
- deads2k
+- sig-auth-authenticators-reviewers
+labels:
+- sig/auth
+
--- a/vendor/k8s.io/kubernetes/pkg/registry/authentication/rest/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/registry/authentication/rest/BUILD
@ -13,13 +13,13 @@ go_library(
        "//pkg/api/legacyscheme:go_default_library",
        "//pkg/apis/authentication:go_default_library",
        "//pkg/registry/authentication/tokenreview:go_default_library",
-        "//vendor/k8s.io/api/authentication/v1:go_default_library",
-        "//vendor/k8s.io/api/authentication/v1beta1:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/server:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/server/storage:go_default_library",
+        "//staging/src/k8s.io/api/authentication/v1:go_default_library",
+        "//staging/src/k8s.io/api/authentication/v1beta1:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/registry/generic:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/registry/rest:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/server:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/server/storage:go_default_library",
    ],
 )

--- a/vendor/k8s.io/kubernetes/pkg/registry/authentication/rest/storage_authentication.go
+++ b/vendor/k8s.io/kubernetes/pkg/registry/authentication/rest/storage_authentication.go
@ -31,6 +31,7 @@ import (

 type RESTStorageProvider struct {
 	Authenticator authenticator.Request
+	APIAudiences  authenticator.Audiences
 }

 func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, bool) {
@ -56,7 +57,7 @@ func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource serverstorag
 func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage {
 	storage := map[string]rest.Storage{}
 	// tokenreviews
-	tokenReviewStorage := tokenreview.NewREST(p.Authenticator)
+	tokenReviewStorage := tokenreview.NewREST(p.Authenticator, p.APIAudiences)
 	storage["tokenreviews"] = tokenReviewStorage

 	return storage
@ -65,7 +66,7 @@ func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorag
 func (p RESTStorageProvider) v1Storage(apiResourceConfigSource serverstorage.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage {
 	storage := map[string]rest.Storage{}
 	// tokenreviews
-	tokenReviewStorage := tokenreview.NewREST(p.Authenticator)
+	tokenReviewStorage := tokenreview.NewREST(p.Authenticator, p.APIAudiences)
 	storage["tokenreviews"] = tokenReviewStorage

 	return storage
--- a/vendor/k8s.io/kubernetes/pkg/registry/authentication/tokenreview/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/registry/authentication/tokenreview/BUILD
@ -11,11 +11,13 @@ go_library(
    importpath = "k8s.io/kubernetes/pkg/registry/authentication/tokenreview",
    deps = [
        "//pkg/apis/authentication:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/registry/rest:go_default_library",
+        "//vendor/k8s.io/klog:go_default_library",
    ],
 )

--- a/vendor/k8s.io/kubernetes/pkg/registry/authentication/tokenreview/storage.go
+++ b/vendor/k8s.io/kubernetes/pkg/registry/authentication/tokenreview/storage.go
@ -18,23 +18,32 @@ package tokenreview

 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/http"

 	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
 	"k8s.io/apiserver/pkg/registry/rest"
+	"k8s.io/klog"
 	"k8s.io/kubernetes/pkg/apis/authentication"
 )

+var badAuthenticatorAuds = apierrors.NewInternalError(errors.New("error validating audiences"))
+
 type REST struct {
 	tokenAuthenticator authenticator.Request
+	apiAudiences       []string
 }

-func NewREST(tokenAuthenticator authenticator.Request) *REST {
-	return &REST{tokenAuthenticator: tokenAuthenticator}
+func NewREST(tokenAuthenticator authenticator.Request, apiAudiences []string) *REST {
+	return &REST{
+		tokenAuthenticator: tokenAuthenticator,
+		apiAudiences:       apiAudiences,
+	}
 }

 func (r *REST) NamespaceScoped() bool {
@ -45,7 +54,7 @@ func (r *REST) New() runtime.Object {
 	return &authentication.TokenReview{}
 }

-func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, includeUninitialized bool) (runtime.Object, error) {
+func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation rest.ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error) {
 	tokenReview, ok := obj.(*authentication.TokenReview)
 	if !ok {
 		return nil, apierrors.NewBadRequest(fmt.Sprintf("not a TokenReview: %#v", obj))
@ -67,21 +76,36 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation
 	fakeReq := &http.Request{Header: http.Header{}}
 	fakeReq.Header.Add("Authorization", "Bearer "+tokenReview.Spec.Token)

-	tokenUser, ok, err := r.tokenAuthenticator.AuthenticateRequest(fakeReq)
+	auds := tokenReview.Spec.Audiences
+	if len(auds) == 0 {
+		auds = r.apiAudiences
+	}
+	if len(auds) > 0 {
+		fakeReq = fakeReq.WithContext(authenticator.WithAudiences(fakeReq.Context(), auds))
+	}
+
+	resp, ok, err := r.tokenAuthenticator.AuthenticateRequest(fakeReq)
 	tokenReview.Status.Authenticated = ok
 	if err != nil {
 		tokenReview.Status.Error = err.Error()
 	}
-	if tokenUser != nil {
+
+	if len(auds) > 0 && resp != nil && len(authenticator.Audiences(auds).Intersect(resp.Audiences)) == 0 {
+		klog.Errorf("error validating audience. want=%q got=%q", auds, resp.Audiences)
+		return nil, badAuthenticatorAuds
+	}
+
+	if resp != nil && resp.User != nil {
 		tokenReview.Status.User = authentication.UserInfo{
-			Username: tokenUser.GetName(),
-			UID:      tokenUser.GetUID(),
-			Groups:   tokenUser.GetGroups(),
+			Username: resp.User.GetName(),
+			UID:      resp.User.GetUID(),
+			Groups:   resp.User.GetGroups(),
 			Extra:    map[string]authentication.ExtraValue{},
 		}
-		for k, v := range tokenUser.GetExtra() {
+		for k, v := range resp.User.GetExtra() {
 			tokenReview.Status.User.Extra[k] = authentication.ExtraValue(v)
 		}
+		tokenReview.Status.Audiences = resp.Audiences
 	}

 	return tokenReview, nil