mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-09 16:00:22 +00:00
rebase: bump k8s.io/kubernetes from 1.25.0 to 1.25.3
Bumps [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes) from 1.25.0 to 1.25.3. - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](https://github.com/kubernetes/kubernetes/compare/v1.25.0...v1.25.3) --- updated-dependencies: - dependency-name: k8s.io/kubernetes dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
parent
10550c87f6
commit
7b663279bf
72
go.mod
72
go.mod
@ -27,21 +27,21 @@ require (
|
||||
github.com/pkg/xattr v0.4.7
|
||||
github.com/prometheus/client_golang v1.12.2
|
||||
github.com/stretchr/testify v1.8.1
|
||||
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
|
||||
golang.org/x/crypto v0.1.0
|
||||
golang.org/x/net v0.1.0
|
||||
golang.org/x/sys v0.1.0
|
||||
google.golang.org/grpc v1.49.0
|
||||
google.golang.org/protobuf v1.28.0
|
||||
k8s.io/api v0.25.0
|
||||
k8s.io/apimachinery v0.25.0
|
||||
k8s.io/api v0.25.3
|
||||
k8s.io/apimachinery v0.25.3
|
||||
k8s.io/client-go v12.0.0+incompatible
|
||||
k8s.io/cloud-provider v0.25.0
|
||||
k8s.io/cloud-provider v0.25.3
|
||||
k8s.io/klog/v2 v2.80.1
|
||||
//
|
||||
// when updating k8s.io/kubernetes, make sure to update the replace section too
|
||||
//
|
||||
k8s.io/kubernetes v1.25.0
|
||||
k8s.io/mount-utils v0.25.0
|
||||
k8s.io/kubernetes v1.25.3
|
||||
k8s.io/mount-utils v0.25.3
|
||||
k8s.io/pod-security-admission v0.0.0
|
||||
k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
|
||||
sigs.k8s.io/controller-runtime v0.11.0-beta.0.0.20211208212546-f236f0345ad2
|
||||
@ -161,14 +161,14 @@ require (
|
||||
gopkg.in/square/go-jose.v2 v2.5.1 // indirect
|
||||
gopkg.in/yaml.v2 v2.4.0 // indirect
|
||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||
k8s.io/apiextensions-apiserver v0.25.0 // indirect
|
||||
k8s.io/apiserver v0.25.0 // indirect
|
||||
k8s.io/component-base v0.25.0 // indirect
|
||||
k8s.io/component-helpers v0.25.0 // indirect
|
||||
k8s.io/apiextensions-apiserver v0.25.3 // indirect
|
||||
k8s.io/apiserver v0.25.3 // indirect
|
||||
k8s.io/component-base v0.25.3 // indirect
|
||||
k8s.io/component-helpers v0.25.3 // indirect
|
||||
k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
|
||||
k8s.io/kubectl v0.0.0 // indirect
|
||||
k8s.io/kubelet v0.0.0 // indirect
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32 // indirect
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.33 // indirect
|
||||
sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
|
||||
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
|
||||
sigs.k8s.io/yaml v1.3.0 // indirect
|
||||
@ -183,31 +183,31 @@ replace (
|
||||
//
|
||||
// k8s.io/kubernetes depends on these k8s.io packages, but unversioned
|
||||
//
|
||||
k8s.io/api => k8s.io/api v0.25.0
|
||||
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.25.0
|
||||
k8s.io/apimachinery => k8s.io/apimachinery v0.25.0
|
||||
k8s.io/apiserver => k8s.io/apiserver v0.25.0
|
||||
k8s.io/cli-runtime => k8s.io/cli-runtime v0.25.0
|
||||
k8s.io/client-go => k8s.io/client-go v0.25.0
|
||||
k8s.io/cloud-provider => k8s.io/cloud-provider v0.25.0
|
||||
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.25.0
|
||||
k8s.io/code-generator => k8s.io/code-generator v0.25.0
|
||||
k8s.io/component-base => k8s.io/component-base v0.25.0
|
||||
k8s.io/component-helpers => k8s.io/component-helpers v0.25.0
|
||||
k8s.io/controller-manager => k8s.io/controller-manager v0.25.0
|
||||
k8s.io/cri-api => k8s.io/cri-api v0.25.0
|
||||
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.25.0
|
||||
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.25.0
|
||||
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.25.0
|
||||
k8s.io/kube-proxy => k8s.io/kube-proxy v0.25.0
|
||||
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.25.0
|
||||
k8s.io/kubectl => k8s.io/kubectl v0.25.0
|
||||
k8s.io/kubelet => k8s.io/kubelet v0.25.0
|
||||
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.25.0
|
||||
k8s.io/metrics => k8s.io/metrics v0.25.0
|
||||
k8s.io/mount-utils => k8s.io/mount-utils v0.25.0-alpha.3.0.20220801203918-ff562e546084
|
||||
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.25.0
|
||||
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.25.0
|
||||
k8s.io/api => k8s.io/api v0.25.3
|
||||
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.25.3
|
||||
k8s.io/apimachinery => k8s.io/apimachinery v0.25.3
|
||||
k8s.io/apiserver => k8s.io/apiserver v0.25.3
|
||||
k8s.io/cli-runtime => k8s.io/cli-runtime v0.25.3
|
||||
k8s.io/client-go => k8s.io/client-go v0.25.3
|
||||
k8s.io/cloud-provider => k8s.io/cloud-provider v0.25.3
|
||||
k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.25.3
|
||||
k8s.io/code-generator => k8s.io/code-generator v0.25.3
|
||||
k8s.io/component-base => k8s.io/component-base v0.25.3
|
||||
k8s.io/component-helpers => k8s.io/component-helpers v0.25.3
|
||||
k8s.io/controller-manager => k8s.io/controller-manager v0.25.3
|
||||
k8s.io/cri-api => k8s.io/cri-api v0.25.3
|
||||
k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.25.3
|
||||
k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.25.3
|
||||
k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.25.3
|
||||
k8s.io/kube-proxy => k8s.io/kube-proxy v0.25.3
|
||||
k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.25.3
|
||||
k8s.io/kubectl => k8s.io/kubectl v0.25.3
|
||||
k8s.io/kubelet => k8s.io/kubelet v0.25.3
|
||||
k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.25.3
|
||||
k8s.io/metrics => k8s.io/metrics v0.25.3
|
||||
k8s.io/mount-utils => k8s.io/mount-utils v0.25.3
|
||||
k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.25.3
|
||||
k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.25.3
|
||||
// layeh.com seems to be misbehaving
|
||||
layeh.com/radius => github.com/layeh/radius v0.0.0-20190322222518-890bc1058917
|
||||
)
|
||||
|
89
go.sum
89
go.sum
@ -447,7 +447,6 @@ github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzw
|
||||
github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
|
||||
github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
|
||||
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
@ -484,7 +483,7 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
|
||||
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
|
||||
github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=
|
||||
github.com/google/cadvisor v0.45.0/go.mod h1:vsMT3Uv2XjQ8M7WUtKARV74mU/HN64C4XtM1bJhUKcU=
|
||||
github.com/google/cel-go v0.12.4/go.mod h1:Av7CU6r6X3YmcHR9GXqVDaEJYfEtSxl6wvIjUQTriCw=
|
||||
github.com/google/cel-go v0.12.5/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw=
|
||||
github.com/google/fscrypt v0.3.3 h1:qwx9OCR/xZE68VGr/r0/yugFhlGpIOGsH9JHrttP7vc=
|
||||
github.com/google/fscrypt v0.3.3/go.mod h1:H1JHtH8BVe0dYNhzx1Ztkn3azQ0OBdoOmM828vEWAXc=
|
||||
github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54=
|
||||
@ -1231,8 +1230,9 @@ go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0
|
||||
go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
|
||||
go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
|
||||
go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
|
||||
go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
|
||||
go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
|
||||
go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk=
|
||||
go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo=
|
||||
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
|
||||
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
|
||||
go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
|
||||
@ -1268,7 +1268,6 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y
|
||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38=
|
||||
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
|
||||
golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
|
||||
@ -1867,28 +1866,28 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
|
||||
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
|
||||
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
|
||||
k8s.io/api v0.25.0 h1:H+Q4ma2U/ww0iGB78ijZx6DRByPz6/733jIuFpX70e0=
|
||||
k8s.io/api v0.25.0/go.mod h1:ttceV1GyV1i1rnmvzT3BST08N6nGt+dudGrquzVQWPk=
|
||||
k8s.io/apiextensions-apiserver v0.25.0 h1:CJ9zlyXAbq0FIW8CD7HHyozCMBpDSiH7EdrSTCZcZFY=
|
||||
k8s.io/apiextensions-apiserver v0.25.0/go.mod h1:3pAjZiN4zw7R8aZC5gR0y3/vCkGlAjCazcg1me8iB/E=
|
||||
k8s.io/apimachinery v0.25.0 h1:MlP0r6+3XbkUG2itd6vp3oxbtdQLQI94fD5gCS+gnoU=
|
||||
k8s.io/apimachinery v0.25.0/go.mod h1:qMx9eAk0sZQGsXGu86fab8tZdffHbwUfsvzqKn4mfB0=
|
||||
k8s.io/apiserver v0.25.0 h1:8kl2ifbNffD440MyvHtPaIz1mw4mGKVgWqM0nL+oyu4=
|
||||
k8s.io/apiserver v0.25.0/go.mod h1:BKwsE+PTC+aZK+6OJQDPr0v6uS91/HWxX7evElAH6xo=
|
||||
k8s.io/cli-runtime v0.25.0/go.mod h1:bHOI5ZZInRHhbq12OdUiYZQN8ml8aKZLwQgt9QlLINw=
|
||||
k8s.io/client-go v0.25.0 h1:CVWIaCETLMBNiTUta3d5nzRbXvY5Hy9Dpl+VvREpu5E=
|
||||
k8s.io/client-go v0.25.0/go.mod h1:lxykvypVfKilxhTklov0wz1FoaUZ8X4EwbhS6rpRfN8=
|
||||
k8s.io/cloud-provider v0.25.0 h1:ONX5BON6f1Mxa2GWvPyKn+QsZXaLauPUte7MZxfWUro=
|
||||
k8s.io/cloud-provider v0.25.0/go.mod h1:afVfVCIYOUER914WmSp0QpAtJn12gv4qu9NMT4XBxZo=
|
||||
k8s.io/cluster-bootstrap v0.25.0/go.mod h1:x/TCtY3EiuR/rODkA3SvVQT3uSssQLf9cXcmSjdDTe0=
|
||||
k8s.io/code-generator v0.25.0/go.mod h1:B6jZgI3DvDFAualltPitbYMQ74NjaCFxum3YeKZZ+3w=
|
||||
k8s.io/component-base v0.25.0 h1:haVKlLkPCFZhkcqB6WCvpVxftrg6+FK5x1ZuaIDaQ5Y=
|
||||
k8s.io/component-base v0.25.0/go.mod h1:F2Sumv9CnbBlqrpdf7rKZTmmd2meJq0HizeyY/yAFxk=
|
||||
k8s.io/component-helpers v0.25.0 h1:vNzYfqnVXj7f+CPksduKVv2Z9kC+IDsOs9yaOyxZrj0=
|
||||
k8s.io/component-helpers v0.25.0/go.mod h1:auaFj2bvb5Zmy0mLk4WJNmwP0w4e7Zk+/Tu9FFBGA20=
|
||||
k8s.io/controller-manager v0.25.0/go.mod h1:QElCivPrZ64NP1Y976pkgyViZUqn6UcvjlXHiAAUGd0=
|
||||
k8s.io/cri-api v0.25.0/go.mod h1:J1rAyQkSJ2Q6I+aBMOVgg2/cbbebso6FNa0UagiR0kc=
|
||||
k8s.io/csi-translation-lib v0.25.0/go.mod h1:Wb80CDywP4753F6wWkIyOuJIQtQAbhgw985veSgAn/4=
|
||||
k8s.io/api v0.25.3 h1:Q1v5UFfYe87vi5H7NU0p4RXC26PPMT8KOpr1TLQbCMQ=
|
||||
k8s.io/api v0.25.3/go.mod h1:o42gKscFrEVjHdQnyRenACrMtbuJsVdP+WVjqejfzmI=
|
||||
k8s.io/apiextensions-apiserver v0.25.3 h1:bfI4KS31w2f9WM1KLGwnwuVlW3RSRPuIsfNF/3HzR0k=
|
||||
k8s.io/apiextensions-apiserver v0.25.3/go.mod h1:ZJqwpCkxIx9itilmZek7JgfUAM0dnTsA48I4krPqRmo=
|
||||
k8s.io/apimachinery v0.25.3 h1:7o9ium4uyUOM76t6aunP0nZuex7gDf8VGwkR5RcJnQc=
|
||||
k8s.io/apimachinery v0.25.3/go.mod h1:jaF9C/iPNM1FuLl7Zuy5b9v+n35HGSh6AQ4HYRkCqwo=
|
||||
k8s.io/apiserver v0.25.3 h1:m7+xGuG5+KYAnEsqaFtDyWMkmMMEOFYlu+NlWv5qSBI=
|
||||
k8s.io/apiserver v0.25.3/go.mod h1:9bT47iM2fzRuhICJpM/RcQR9sqDDfZ7Yw60h0p3JW08=
|
||||
k8s.io/cli-runtime v0.25.3/go.mod h1:InHHsjkyW5hQsILJGpGjeruiDZT/R0OkROQgD6GzxO4=
|
||||
k8s.io/client-go v0.25.3 h1:oB4Dyl8d6UbfDHD8Bv8evKylzs3BXzzufLiO27xuPs0=
|
||||
k8s.io/client-go v0.25.3/go.mod h1:t39LPczAIMwycjcXkVc+CB+PZV69jQuNx4um5ORDjQA=
|
||||
k8s.io/cloud-provider v0.25.3 h1:1X1BKXm0fp8/ZkaQKNDyWqgh6t7m9O5MDSbO9OA4muk=
|
||||
k8s.io/cloud-provider v0.25.3/go.mod h1:P7TjzjbkqW3C0NAT1bNEZrZRifNNBVhrTb+iHRjfFz0=
|
||||
k8s.io/cluster-bootstrap v0.25.3/go.mod h1:C5NZX+WE7v/hEyUfMj2sjQfKHsOVAYLrSFLtPspVljM=
|
||||
k8s.io/code-generator v0.25.3/go.mod h1:9F5fuVZOMWRme7MYj2YT3L9ropPWPokd9VRhVyD3+0w=
|
||||
k8s.io/component-base v0.25.3 h1:UrsxciGdrCY03ULT1h/S/gXFCOPnLhUVwSyx+hM/zq4=
|
||||
k8s.io/component-base v0.25.3/go.mod h1:WYoS8L+IlTZgU7rhAl5Ctpw0WdMxDfCC5dkxcEFa/TI=
|
||||
k8s.io/component-helpers v0.25.3 h1:Ldwi2U50KohMVDKBcVT3zDpIOKFP4bPEy/4Dj4NsoYU=
|
||||
k8s.io/component-helpers v0.25.3/go.mod h1:yu9zgPm9pf5jpmUzOZA9PMHY16Eu8ymt8AnSL0Xwbgw=
|
||||
k8s.io/controller-manager v0.25.3/go.mod h1:lWiZbjFw3joeiIVpscVfKywrAde4GE8Z84i5MIpEQMw=
|
||||
k8s.io/cri-api v0.25.3/go.mod h1:riC/P0yOGUf2K1735wW+CXs1aY2ctBgePtnnoFLd0dU=
|
||||
k8s.io/csi-translation-lib v0.25.3/go.mod h1:hrosK8ufTX5fz1CJO79EfPPkuLZWvaxEb4tovbcv/AU=
|
||||
k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
|
||||
k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
|
||||
k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
|
||||
@ -1902,28 +1901,28 @@ k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
|
||||
k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
|
||||
k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
|
||||
k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
|
||||
k8s.io/kube-aggregator v0.25.0/go.mod h1:dfdl4aQkleiWK/U++UDLdDC8g2rsonhkB23zzUeBCgM=
|
||||
k8s.io/kube-controller-manager v0.25.0/go.mod h1:SjL1hKSG2z9wajnvjRHZv1zOsdDHjmbZd1ykmaYO6J8=
|
||||
k8s.io/kube-aggregator v0.25.3/go.mod h1:w87nqmzJMf7S73FRYcnexqfYW0AFiLJiCkvVCwM3feE=
|
||||
k8s.io/kube-controller-manager v0.25.3/go.mod h1:InfGO/O9vIPxpbgd0gUK22xVDsaGnJAUsATzwKk6BNg=
|
||||
k8s.io/kube-openapi v0.0.0-20180731170545-e3762e86a74c/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc=
|
||||
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
|
||||
k8s.io/kube-openapi v0.0.0-20220401212409-b28bf2818661/go.mod h1:daOouuuwd9JXpv1L7Y34iV3yf6nxzipkKMWWlqlvK9M=
|
||||
k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA=
|
||||
k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
|
||||
k8s.io/kube-proxy v0.25.0/go.mod h1:uHv1HwMVDYgl1pU2PTDKLRlxtNOf4z2M5YPYC6NP1CU=
|
||||
k8s.io/kube-scheduler v0.25.0/go.mod h1:cwiyJeImgFbhmbnImzvuhbiJayNngRNEe3FJkZDPw9Y=
|
||||
k8s.io/kubectl v0.25.0 h1:/Wn1cFqo8ik3iee1EvpxYre3bkWsGLXzLQI6uCCAkQc=
|
||||
k8s.io/kubectl v0.25.0/go.mod h1:n16ULWsOl2jmQpzt2o7Dud1t4o0+Y186ICb4O+GwKAU=
|
||||
k8s.io/kubelet v0.25.0 h1:eTS5B1u1o63ndExAHKLJytzz/GBy86ROcxYtu0VK3RA=
|
||||
k8s.io/kubelet v0.25.0/go.mod h1:J6aQxrZdSsGPrskYrhZdEn6PCnGha+GNvF0g9aWfQnw=
|
||||
k8s.io/kubernetes v1.25.0 h1:NwTRyLrdXTORd5V7DLlUltxDbl/KZjYDiRgwI+pBYGE=
|
||||
k8s.io/kubernetes v1.25.0/go.mod h1:UdtILd5Zg1vGZvShiO1EYOqmjzM2kZOG1hzwQnM5JxY=
|
||||
k8s.io/legacy-cloud-providers v0.25.0/go.mod h1:bnmUgHHeBmK3M9JgQzu+ne6UCUVURDzkpF0Y7VeypVE=
|
||||
k8s.io/metrics v0.25.0/go.mod h1:HZZrbhuRX+fsDcRc3u59o2FbrKhqD67IGnoFECNmovc=
|
||||
k8s.io/mount-utils v0.25.0-alpha.3.0.20220801203918-ff562e546084 h1:MBVsRiLUuVn8PX7je4jjBfHfRs65QwEtgM//Te1mFpQ=
|
||||
k8s.io/mount-utils v0.25.0-alpha.3.0.20220801203918-ff562e546084/go.mod h1:dHX0bJ3b1Mvh/OHsBV9r559Mdrf5Lcjxyoc7FHUtnBg=
|
||||
k8s.io/pod-security-admission v0.25.0 h1:Sceq45pO7E7RTaYAr3Br94ZMDISJIngvXXcAfcZJufk=
|
||||
k8s.io/pod-security-admission v0.25.0/go.mod h1:b/UC586Th2LijoNV+ssyyAryUvmaTrEWms5ZzBEkVsA=
|
||||
k8s.io/sample-apiserver v0.25.0/go.mod h1:Wyy/yKmXCrWLcc+082Vsn6fxAuwraRw5FQpekHg3go8=
|
||||
k8s.io/kube-proxy v0.25.3/go.mod h1:A/aOKVIY+tivIHk/i6hEF6IyLSDHKGooLnedg4dBJa8=
|
||||
k8s.io/kube-scheduler v0.25.3/go.mod h1:0EKmWTnwNaHnmWwan4bABGQm4XyYpc146XyFWX4ey5E=
|
||||
k8s.io/kubectl v0.25.3 h1:HnWJziEtmsm4JaJiKT33kG0kadx68MXxUE8UEbXnN4U=
|
||||
k8s.io/kubectl v0.25.3/go.mod h1:glU7PiVj/R6Ud4A9FJdTcJjyzOtCJyc0eO7Mrbh3jlI=
|
||||
k8s.io/kubelet v0.25.3 h1:PjT3Xo0VL1BpRilBpZrRN8pSy6w5pGQ0YDQQeQWSHvQ=
|
||||
k8s.io/kubelet v0.25.3/go.mod h1:YopVc6vLhveZb22I7AzcoWPap+t3/KJKqRZDa2MZmyE=
|
||||
k8s.io/kubernetes v1.25.3 h1:Ljx/Ew9+dt7rN9ob3V+N/aoDy7nDSbmr35IbYGRTyqE=
|
||||
k8s.io/kubernetes v1.25.3/go.mod h1:lvEY+3iJhh+sGIK1LorGkI56rW0eLGsfalnp68wQwYU=
|
||||
k8s.io/legacy-cloud-providers v0.25.3/go.mod h1:0l3ulE+R3UXrVSfevmLvKSqJluRX/ABedGLGfpYf9t0=
|
||||
k8s.io/metrics v0.25.3/go.mod h1:5j5FKJb8RHsb3Q2PLsD/p1mLiA1fTrl+a62Les+KDhc=
|
||||
k8s.io/mount-utils v0.25.3 h1:Eb4MDClmozX3Vrz4ZtoG0bQ/pGhT5gyo28p3f+0r9EE=
|
||||
k8s.io/mount-utils v0.25.3/go.mod h1:odpFnGwJfFjN3SRnjfGS0902ubcj/W6hDOrNDmSSINo=
|
||||
k8s.io/pod-security-admission v0.25.3 h1:2HnXWKUIDSez2sWtvxeGgGVUFvYnJJHutL4AI1MIuwk=
|
||||
k8s.io/pod-security-admission v0.25.3/go.mod h1:xSaLkcMPD6cGKrZ//ZUrCNs0BewZzQdOEcC9LuXBGR4=
|
||||
k8s.io/sample-apiserver v0.25.3/go.mod h1:olYnTnro/u7rnn7dlKEceKb9ivx05tfIubBKefSPeVw=
|
||||
k8s.io/system-validators v1.7.0/go.mod h1:gP1Ky+R9wtrSiFbrpEPwWMeYz9yqyy1S/KOh0Vci7WI=
|
||||
k8s.io/utils v0.0.0-20190506122338-8fab8cb257d5/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
|
||||
k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
|
||||
@ -1941,8 +1940,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
|
||||
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
|
||||
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
|
||||
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32 h1:2WjukG7txtEsbXsSKWtTibCdsyYAhcu6KFnttyDdZOQ=
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.33 h1:LYqFq+6Cj2D0gFfrJvL7iElD4ET6ir3VDdhDdTK7rgc=
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.33/go.mod h1:soWkSNf2tZC7aMibXEqVhCd73GOY5fJikn8qbdzemB0=
|
||||
sigs.k8s.io/controller-runtime v0.2.2/go.mod h1:9dyohw3ZtoXQuV1e766PHUn+cmrRCIcBh6XIMFNMZ+I=
|
||||
sigs.k8s.io/controller-runtime v0.11.0-beta.0.0.20211208212546-f236f0345ad2 h1:+ReKrjTrd57mtAU19BJkxSAaWRIQkFlaWcO6dGFVP1g=
|
||||
sigs.k8s.io/controller-runtime v0.11.0-beta.0.0.20211208212546-f236f0345ad2/go.mod h1:KKwLiTooNGu+JmLZGn9Sl3Gjmfj66eMbCQznLP5zcqA=
|
||||
|
3
vendor/golang.org/x/crypto/AUTHORS
generated
vendored
3
vendor/golang.org/x/crypto/AUTHORS
generated
vendored
@ -1,3 +0,0 @@
|
||||
# This source code refers to The Go Authors for copyright purposes.
|
||||
# The master list of authors is in the main Go distribution,
|
||||
# visible at https://tip.golang.org/AUTHORS.
|
3
vendor/golang.org/x/crypto/CONTRIBUTORS
generated
vendored
3
vendor/golang.org/x/crypto/CONTRIBUTORS
generated
vendored
@ -1,3 +0,0 @@
|
||||
# This source code was written by the Go contributors.
|
||||
# The master list of contributors is in the main Go distribution,
|
||||
# visible at https://tip.golang.org/CONTRIBUTORS.
|
10
vendor/golang.org/x/crypto/argon2/argon2.go
generated
vendored
10
vendor/golang.org/x/crypto/argon2/argon2.go
generated
vendored
@ -11,8 +11,7 @@
|
||||
// If you aren't sure which function you need, use Argon2id (IDKey) and
|
||||
// the parameter recommendations for your scenario.
|
||||
//
|
||||
//
|
||||
// Argon2i
|
||||
// # Argon2i
|
||||
//
|
||||
// Argon2i (implemented by Key) is the side-channel resistant version of Argon2.
|
||||
// It uses data-independent memory access, which is preferred for password
|
||||
@ -21,8 +20,7 @@
|
||||
// parameters (taken from [2]) for non-interactive operations are time=3 and to
|
||||
// use the maximum available memory.
|
||||
//
|
||||
//
|
||||
// Argon2id
|
||||
// # Argon2id
|
||||
//
|
||||
// Argon2id (implemented by IDKey) is a hybrid version of Argon2 combining
|
||||
// Argon2i and Argon2d. It uses data-independent memory access for the first
|
||||
@ -59,7 +57,7 @@ const (
|
||||
// For example, you can get a derived key for e.g. AES-256 (which needs a
|
||||
// 32-byte key) by doing:
|
||||
//
|
||||
// key := argon2.Key([]byte("some password"), salt, 3, 32*1024, 4, 32)
|
||||
// key := argon2.Key([]byte("some password"), salt, 3, 32*1024, 4, 32)
|
||||
//
|
||||
// The draft RFC recommends[2] time=3, and memory=32*1024 is a sensible number.
|
||||
// If using that amount of memory (32 MB) is not possible in some contexts then
|
||||
@ -83,7 +81,7 @@ func Key(password, salt []byte, time, memory uint32, threads uint8, keyLen uint3
|
||||
// For example, you can get a derived key for e.g. AES-256 (which needs a
|
||||
// 32-byte key) by doing:
|
||||
//
|
||||
// key := argon2.IDKey([]byte("some password"), salt, 1, 64*1024, 4, 32)
|
||||
// key := argon2.IDKey([]byte("some password"), salt, 1, 64*1024, 4, 32)
|
||||
//
|
||||
// The draft RFC recommends[2] time=1, and memory=64*1024 is a sensible number.
|
||||
// If using that amount of memory (64 MB) is not possible in some contexts then
|
||||
|
4
vendor/golang.org/x/crypto/chacha20/chacha_generic.go
generated
vendored
4
vendor/golang.org/x/crypto/chacha20/chacha_generic.go
generated
vendored
@ -12,7 +12,7 @@ import (
|
||||
"errors"
|
||||
"math/bits"
|
||||
|
||||
"golang.org/x/crypto/internal/subtle"
|
||||
"golang.org/x/crypto/internal/alias"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -189,7 +189,7 @@ func (s *Cipher) XORKeyStream(dst, src []byte) {
|
||||
panic("chacha20: output smaller than input")
|
||||
}
|
||||
dst = dst[:len(src)]
|
||||
if subtle.InexactOverlap(dst, src) {
|
||||
if alias.InexactOverlap(dst, src) {
|
||||
panic("chacha20: invalid buffer overlap")
|
||||
}
|
||||
|
||||
|
1
vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
generated
vendored
1
vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
generated
vendored
@ -15,6 +15,7 @@ const bufSize = 256
|
||||
|
||||
// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
|
||||
// be called when the vector facility is available. Implementation in asm_s390x.s.
|
||||
//
|
||||
//go:noescape
|
||||
func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
|
||||
|
||||
|
19
vendor/golang.org/x/crypto/cryptobyte/builder.go
generated
vendored
19
vendor/golang.org/x/crypto/cryptobyte/builder.go
generated
vendored
@ -95,6 +95,11 @@ func (b *Builder) AddUint32(v uint32) {
|
||||
b.add(byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
|
||||
}
|
||||
|
||||
// AddUint64 appends a big-endian, 64-bit value to the byte string.
|
||||
func (b *Builder) AddUint64(v uint64) {
|
||||
b.add(byte(v>>56), byte(v>>48), byte(v>>40), byte(v>>32), byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
|
||||
}
|
||||
|
||||
// AddBytes appends a sequence of bytes to the byte string.
|
||||
func (b *Builder) AddBytes(v []byte) {
|
||||
b.add(v...)
|
||||
@ -106,13 +111,13 @@ func (b *Builder) AddBytes(v []byte) {
|
||||
// supplied to them. The child builder passed to the continuation can be used
|
||||
// to build the content of the length-prefixed sequence. For example:
|
||||
//
|
||||
// parent := cryptobyte.NewBuilder()
|
||||
// parent.AddUint8LengthPrefixed(func (child *Builder) {
|
||||
// child.AddUint8(42)
|
||||
// child.AddUint8LengthPrefixed(func (grandchild *Builder) {
|
||||
// grandchild.AddUint8(5)
|
||||
// })
|
||||
// })
|
||||
// parent := cryptobyte.NewBuilder()
|
||||
// parent.AddUint8LengthPrefixed(func (child *Builder) {
|
||||
// child.AddUint8(42)
|
||||
// child.AddUint8LengthPrefixed(func (grandchild *Builder) {
|
||||
// grandchild.AddUint8(5)
|
||||
// })
|
||||
// })
|
||||
//
|
||||
// It is an error to write more bytes to the child than allowed by the reserved
|
||||
// length prefix. After the continuation returns, the child must be considered
|
||||
|
11
vendor/golang.org/x/crypto/cryptobyte/string.go
generated
vendored
11
vendor/golang.org/x/crypto/cryptobyte/string.go
generated
vendored
@ -81,6 +81,17 @@ func (s *String) ReadUint32(out *uint32) bool {
|
||||
return true
|
||||
}
|
||||
|
||||
// ReadUint64 decodes a big-endian, 64-bit value into out and advances over it.
|
||||
// It reports whether the read was successful.
|
||||
func (s *String) ReadUint64(out *uint64) bool {
|
||||
v := s.read(8)
|
||||
if v == nil {
|
||||
return false
|
||||
}
|
||||
*out = uint64(v[0])<<56 | uint64(v[1])<<48 | uint64(v[2])<<40 | uint64(v[3])<<32 | uint64(v[4])<<24 | uint64(v[5])<<16 | uint64(v[6])<<8 | uint64(v[7])
|
||||
return true
|
||||
}
|
||||
|
||||
func (s *String) readUnsigned(out *uint32, length int) bool {
|
||||
v := s.read(length)
|
||||
if v == nil {
|
||||
|
9
vendor/golang.org/x/crypto/curve25519/curve25519.go
generated
vendored
9
vendor/golang.org/x/crypto/curve25519/curve25519.go
generated
vendored
@ -9,7 +9,8 @@ package curve25519 // import "golang.org/x/crypto/curve25519"
|
||||
|
||||
import (
|
||||
"crypto/subtle"
|
||||
"fmt"
|
||||
"errors"
|
||||
"strconv"
|
||||
|
||||
"golang.org/x/crypto/curve25519/internal/field"
|
||||
)
|
||||
@ -124,10 +125,10 @@ func X25519(scalar, point []byte) ([]byte, error) {
|
||||
func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
|
||||
var in [32]byte
|
||||
if l := len(scalar); l != 32 {
|
||||
return nil, fmt.Errorf("bad scalar length: %d, expected %d", l, 32)
|
||||
return nil, errors.New("bad scalar length: " + strconv.Itoa(l) + ", expected 32")
|
||||
}
|
||||
if l := len(point); l != 32 {
|
||||
return nil, fmt.Errorf("bad point length: %d, expected %d", l, 32)
|
||||
return nil, errors.New("bad point length: " + strconv.Itoa(l) + ", expected 32")
|
||||
}
|
||||
copy(in[:], scalar)
|
||||
if &point[0] == &Basepoint[0] {
|
||||
@ -138,7 +139,7 @@ func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
|
||||
copy(base[:], point)
|
||||
ScalarMult(dst, &in, &base)
|
||||
if subtle.ConstantTimeCompare(dst[:], zero[:]) == 1 {
|
||||
return nil, fmt.Errorf("bad input point: low order point")
|
||||
return nil, errors.New("bad input point: low order point")
|
||||
}
|
||||
}
|
||||
return dst[:], nil
|
||||
|
3
vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go
generated
vendored
3
vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go
generated
vendored
@ -1,13 +1,16 @@
|
||||
// Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.
|
||||
|
||||
//go:build amd64 && gc && !purego
|
||||
// +build amd64,gc,!purego
|
||||
|
||||
package field
|
||||
|
||||
// feMul sets out = a * b. It works like feMulGeneric.
|
||||
//
|
||||
//go:noescape
|
||||
func feMul(out *Element, a *Element, b *Element)
|
||||
|
||||
// feSquare sets out = a * a. It works like feSquareGeneric.
|
||||
//
|
||||
//go:noescape
|
||||
func feSquare(out *Element, a *Element)
|
||||
|
@ -5,9 +5,8 @@
|
||||
//go:build !purego
|
||||
// +build !purego
|
||||
|
||||
// Package subtle implements functions that are often useful in cryptographic
|
||||
// code but require careful thought to use correctly.
|
||||
package subtle // import "golang.org/x/crypto/internal/subtle"
|
||||
// Package alias implements memory aliasing tests.
|
||||
package alias
|
||||
|
||||
import "unsafe"
|
||||
|
@ -5,9 +5,8 @@
|
||||
//go:build purego
|
||||
// +build purego
|
||||
|
||||
// Package subtle implements functions that are often useful in cryptographic
|
||||
// code but require careful thought to use correctly.
|
||||
package subtle // import "golang.org/x/crypto/internal/subtle"
|
||||
// Package alias implements memory aliasing tests.
|
||||
package alias
|
||||
|
||||
// This is the Google App Engine standard variant based on reflect
|
||||
// because the unsafe package and cgo are disallowed.
|
5
vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go
generated
vendored
5
vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go
generated
vendored
@ -136,7 +136,7 @@ func shiftRightBy2(a uint128) uint128 {
|
||||
// updateGeneric absorbs msg into the state.h accumulator. For each chunk m of
|
||||
// 128 bits of message, it computes
|
||||
//
|
||||
// h₊ = (h + m) * r mod 2¹³⁰ - 5
|
||||
// h₊ = (h + m) * r mod 2¹³⁰ - 5
|
||||
//
|
||||
// If the msg length is not a multiple of TagSize, it assumes the last
|
||||
// incomplete chunk is the final one.
|
||||
@ -278,8 +278,7 @@ const (
|
||||
|
||||
// finalize completes the modular reduction of h and computes
|
||||
//
|
||||
// out = h + s mod 2¹²⁸
|
||||
//
|
||||
// out = h + s mod 2¹²⁸
|
||||
func finalize(out *[TagSize]byte, h *[3]uint64, s *[2]uint64) {
|
||||
h0, h1, h2 := h[0], h[1], h[2]
|
||||
|
||||
|
1
vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
generated
vendored
1
vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
generated
vendored
@ -14,6 +14,7 @@ import (
|
||||
// updateVX is an assembly implementation of Poly1305 that uses vector
|
||||
// instructions. It must only be called if the vector facility (vx) is
|
||||
// available.
|
||||
//
|
||||
//go:noescape
|
||||
func updateVX(state *macState, msg []byte)
|
||||
|
||||
|
2
vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
generated
vendored
2
vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
generated
vendored
@ -32,7 +32,7 @@ import (
|
||||
// can get a derived key for e.g. AES-256 (which needs a 32-byte key) by
|
||||
// doing:
|
||||
//
|
||||
// dk := pbkdf2.Key([]byte("some password"), salt, 4096, 32, sha1.New)
|
||||
// dk := pbkdf2.Key([]byte("some password"), salt, 4096, 32, sha1.New)
|
||||
//
|
||||
// Remember to get a good random salt. At least 8 bytes is recommended by the
|
||||
// RFC.
|
||||
|
2
vendor/golang.org/x/crypto/scrypt/scrypt.go
generated
vendored
2
vendor/golang.org/x/crypto/scrypt/scrypt.go
generated
vendored
@ -186,7 +186,7 @@ func smix(b []byte, r, N int, v, xy []uint32) {
|
||||
// For example, you can get a derived key for e.g. AES-256 (which needs a
|
||||
// 32-byte key) by doing:
|
||||
//
|
||||
// dk, err := scrypt.Key([]byte("some password"), salt, 32768, 8, 1, 32)
|
||||
// dk, err := scrypt.Key([]byte("some password"), salt, 32768, 8, 1, 32)
|
||||
//
|
||||
// The recommended parameters for interactive logins as of 2017 are N=32768, r=8
|
||||
// and p=1. The parameters N, r, and p should be increased as memory latency and
|
||||
|
4
vendor/golang.org/x/crypto/ssh/certs.go
generated
vendored
4
vendor/golang.org/x/crypto/ssh/certs.go
generated
vendored
@ -251,7 +251,7 @@ type algorithmOpenSSHCertSigner struct {
|
||||
// private key is held by signer. It returns an error if the public key in cert
|
||||
// doesn't match the key used by signer.
|
||||
func NewCertSigner(cert *Certificate, signer Signer) (Signer, error) {
|
||||
if bytes.Compare(cert.Key.Marshal(), signer.PublicKey().Marshal()) != 0 {
|
||||
if !bytes.Equal(cert.Key.Marshal(), signer.PublicKey().Marshal()) {
|
||||
return nil, errors.New("ssh: signer and cert have different public key")
|
||||
}
|
||||
|
||||
@ -460,6 +460,8 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
|
||||
|
||||
// certKeyAlgoNames is a mapping from known certificate algorithm names to the
|
||||
// corresponding public key signature algorithm.
|
||||
//
|
||||
// This map must be kept in sync with the one in agent/client.go.
|
||||
var certKeyAlgoNames = map[string]string{
|
||||
CertAlgoRSAv01: KeyAlgoRSA,
|
||||
CertAlgoRSASHA256v01: KeyAlgoRSASHA256,
|
||||
|
13
vendor/golang.org/x/crypto/ssh/cipher.go
generated
vendored
13
vendor/golang.org/x/crypto/ssh/cipher.go
generated
vendored
@ -15,7 +15,6 @@ import (
|
||||
"fmt"
|
||||
"hash"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
|
||||
"golang.org/x/crypto/chacha20"
|
||||
"golang.org/x/crypto/internal/poly1305"
|
||||
@ -97,13 +96,13 @@ func streamCipherMode(skip int, createFunc func(key, iv []byte) (cipher.Stream,
|
||||
// are not supported and will not be negotiated, even if explicitly requested in
|
||||
// ClientConfig.Crypto.Ciphers.
|
||||
var cipherModes = map[string]*cipherMode{
|
||||
// Ciphers from RFC4344, which introduced many CTR-based ciphers. Algorithms
|
||||
// Ciphers from RFC 4344, which introduced many CTR-based ciphers. Algorithms
|
||||
// are defined in the order specified in the RFC.
|
||||
"aes128-ctr": {16, aes.BlockSize, streamCipherMode(0, newAESCTR)},
|
||||
"aes192-ctr": {24, aes.BlockSize, streamCipherMode(0, newAESCTR)},
|
||||
"aes256-ctr": {32, aes.BlockSize, streamCipherMode(0, newAESCTR)},
|
||||
|
||||
// Ciphers from RFC4345, which introduces security-improved arcfour ciphers.
|
||||
// Ciphers from RFC 4345, which introduces security-improved arcfour ciphers.
|
||||
// They are defined in the order specified in the RFC.
|
||||
"arcfour128": {16, 0, streamCipherMode(1536, newRC4)},
|
||||
"arcfour256": {32, 0, streamCipherMode(1536, newRC4)},
|
||||
@ -111,7 +110,7 @@ var cipherModes = map[string]*cipherMode{
|
||||
// Cipher defined in RFC 4253, which describes SSH Transport Layer Protocol.
|
||||
// Note that this cipher is not safe, as stated in RFC 4253: "Arcfour (and
|
||||
// RC4) has problems with weak keys, and should be used with caution."
|
||||
// RFC4345 introduces improved versions of Arcfour.
|
||||
// RFC 4345 introduces improved versions of Arcfour.
|
||||
"arcfour": {16, 0, streamCipherMode(0, newRC4)},
|
||||
|
||||
// AEAD ciphers
|
||||
@ -497,7 +496,7 @@ func (c *cbcCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error)
|
||||
// data, to make distinguishing between
|
||||
// failing MAC and failing length check more
|
||||
// difficult.
|
||||
io.CopyN(ioutil.Discard, r, int64(c.oracleCamouflage))
|
||||
io.CopyN(io.Discard, r, int64(c.oracleCamouflage))
|
||||
}
|
||||
}
|
||||
return p, err
|
||||
@ -640,9 +639,9 @@ const chacha20Poly1305ID = "chacha20-poly1305@openssh.com"
|
||||
// chacha20Poly1305Cipher implements the chacha20-poly1305@openssh.com
|
||||
// AEAD, which is described here:
|
||||
//
|
||||
// https://tools.ietf.org/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00
|
||||
// https://tools.ietf.org/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00
|
||||
//
|
||||
// the methods here also implement padding, which RFC4253 Section 6
|
||||
// the methods here also implement padding, which RFC 4253 Section 6
|
||||
// also requires of stream ciphers.
|
||||
type chacha20Poly1305Cipher struct {
|
||||
lengthKey [32]byte
|
||||
|
4
vendor/golang.org/x/crypto/ssh/common.go
generated
vendored
4
vendor/golang.org/x/crypto/ssh/common.go
generated
vendored
@ -149,7 +149,7 @@ type directionAlgorithms struct {
|
||||
|
||||
// rekeyBytes returns a rekeying intervals in bytes.
|
||||
func (a *directionAlgorithms) rekeyBytes() int64 {
|
||||
// According to RFC4344 block ciphers should rekey after
|
||||
// According to RFC 4344 block ciphers should rekey after
|
||||
// 2^(BLOCKSIZE/4) blocks. For all AES flavors BLOCKSIZE is
|
||||
// 128.
|
||||
switch a.Cipher {
|
||||
@ -158,7 +158,7 @@ func (a *directionAlgorithms) rekeyBytes() int64 {
|
||||
|
||||
}
|
||||
|
||||
// For others, stick with RFC4253 recommendation to rekey after 1 Gb of data.
|
||||
// For others, stick with RFC 4253 recommendation to rekey after 1 Gb of data.
|
||||
return 1 << 30
|
||||
}
|
||||
|
||||
|
2
vendor/golang.org/x/crypto/ssh/connection.go
generated
vendored
2
vendor/golang.org/x/crypto/ssh/connection.go
generated
vendored
@ -52,7 +52,7 @@ type Conn interface {
|
||||
|
||||
// SendRequest sends a global request, and returns the
|
||||
// reply. If wantReply is true, it returns the response status
|
||||
// and payload. See also RFC4254, section 4.
|
||||
// and payload. See also RFC 4254, section 4.
|
||||
SendRequest(name string, wantReply bool, payload []byte) (bool, []byte, error)
|
||||
|
||||
// OpenChannel tries to open an channel. If the request is
|
||||
|
5
vendor/golang.org/x/crypto/ssh/doc.go
generated
vendored
5
vendor/golang.org/x/crypto/ssh/doc.go
generated
vendored
@ -12,8 +12,9 @@ the multiplexed nature of SSH is exposed to users that wish to support
|
||||
others.
|
||||
|
||||
References:
|
||||
[PROTOCOL.certkeys]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD
|
||||
[SSH-PARAMETERS]: http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xml#ssh-parameters-1
|
||||
|
||||
[PROTOCOL.certkeys]: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD
|
||||
[SSH-PARAMETERS]: http://www.iana.org/assignments/ssh-parameters/ssh-parameters.xml#ssh-parameters-1
|
||||
|
||||
This package does not fall under the stability promise of the Go language itself,
|
||||
so its API may be changed when pressing needs arise.
|
||||
|
10
vendor/golang.org/x/crypto/ssh/handshake.go
generated
vendored
10
vendor/golang.org/x/crypto/ssh/handshake.go
generated
vendored
@ -479,10 +479,12 @@ func (t *handshakeTransport) sendKexInit() error {
|
||||
|
||||
// As a client we opt in to receiving SSH_MSG_EXT_INFO so we know what
|
||||
// algorithms the server supports for public key authentication. See RFC
|
||||
// 8303, Section 2.1.
|
||||
msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+1)
|
||||
msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...)
|
||||
msg.KexAlgos = append(msg.KexAlgos, "ext-info-c")
|
||||
// 8308, Section 2.1.
|
||||
if firstKeyExchange := t.sessionID == nil; firstKeyExchange {
|
||||
msg.KexAlgos = make([]string, 0, len(t.config.KeyExchanges)+1)
|
||||
msg.KexAlgos = append(msg.KexAlgos, t.config.KeyExchanges...)
|
||||
msg.KexAlgos = append(msg.KexAlgos, "ext-info-c")
|
||||
}
|
||||
}
|
||||
|
||||
packet := Marshal(msg)
|
||||
|
2
vendor/golang.org/x/crypto/ssh/keys.go
generated
vendored
2
vendor/golang.org/x/crypto/ssh/keys.go
generated
vendored
@ -184,7 +184,7 @@ func ParseKnownHosts(in []byte) (marker string, hosts []string, pubKey PublicKey
|
||||
return "", nil, nil, "", nil, io.EOF
|
||||
}
|
||||
|
||||
// ParseAuthorizedKeys parses a public key from an authorized_keys
|
||||
// ParseAuthorizedKey parses a public key from an authorized_keys
|
||||
// file used in OpenSSH according to the sshd(8) manual page.
|
||||
func ParseAuthorizedKey(in []byte) (out PublicKey, comment string, options []string, rest []byte, err error) {
|
||||
for len(in) > 0 {
|
||||
|
14
vendor/golang.org/x/crypto/ssh/server.go
generated
vendored
14
vendor/golang.org/x/crypto/ssh/server.go
generated
vendored
@ -68,8 +68,16 @@ type ServerConfig struct {
|
||||
|
||||
// NoClientAuth is true if clients are allowed to connect without
|
||||
// authenticating.
|
||||
// To determine NoClientAuth at runtime, set NoClientAuth to true
|
||||
// and the optional NoClientAuthCallback to a non-nil value.
|
||||
NoClientAuth bool
|
||||
|
||||
// NoClientAuthCallback, if non-nil, is called when a user
|
||||
// attempts to authenticate with auth method "none".
|
||||
// NoClientAuth must also be set to true for this be used, or
|
||||
// this func is unused.
|
||||
NoClientAuthCallback func(ConnMetadata) (*Permissions, error)
|
||||
|
||||
// MaxAuthTries specifies the maximum number of authentication attempts
|
||||
// permitted per connection. If set to a negative number, the number of
|
||||
// attempts are unlimited. If set to zero, the number of attempts are limited
|
||||
@ -455,7 +463,11 @@ userAuthLoop:
|
||||
switch userAuthReq.Method {
|
||||
case "none":
|
||||
if config.NoClientAuth {
|
||||
authErr = nil
|
||||
if config.NoClientAuthCallback != nil {
|
||||
perms, authErr = config.NoClientAuthCallback(s)
|
||||
} else {
|
||||
authErr = nil
|
||||
}
|
||||
}
|
||||
|
||||
// allow initial attempt of 'none' without penalty
|
||||
|
7
vendor/golang.org/x/crypto/ssh/session.go
generated
vendored
7
vendor/golang.org/x/crypto/ssh/session.go
generated
vendored
@ -13,7 +13,6 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"sync"
|
||||
)
|
||||
|
||||
@ -124,7 +123,7 @@ type Session struct {
|
||||
// output and error.
|
||||
//
|
||||
// If either is nil, Run connects the corresponding file
|
||||
// descriptor to an instance of ioutil.Discard. There is a
|
||||
// descriptor to an instance of io.Discard. There is a
|
||||
// fixed amount of buffering that is shared for the two streams.
|
||||
// If either blocks it may eventually cause the remote
|
||||
// command to block.
|
||||
@ -506,7 +505,7 @@ func (s *Session) stdout() {
|
||||
return
|
||||
}
|
||||
if s.Stdout == nil {
|
||||
s.Stdout = ioutil.Discard
|
||||
s.Stdout = io.Discard
|
||||
}
|
||||
s.copyFuncs = append(s.copyFuncs, func() error {
|
||||
_, err := io.Copy(s.Stdout, s.ch)
|
||||
@ -519,7 +518,7 @@ func (s *Session) stderr() {
|
||||
return
|
||||
}
|
||||
if s.Stderr == nil {
|
||||
s.Stderr = ioutil.Discard
|
||||
s.Stderr = io.Discard
|
||||
}
|
||||
s.copyFuncs = append(s.copyFuncs, func() error {
|
||||
_, err := io.Copy(s.Stderr, s.ch.Stderr())
|
||||
|
30
vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
generated
vendored
30
vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
generated
vendored
@ -199,14 +199,18 @@ func newAuthenticator(c *cache, isTerminalFunc func(int) bool, config *api.ExecC
|
||||
now: time.Now,
|
||||
environ: os.Environ,
|
||||
|
||||
defaultDialer: defaultDialer,
|
||||
connTracker: connTracker,
|
||||
connTracker: connTracker,
|
||||
}
|
||||
|
||||
for _, env := range config.Env {
|
||||
a.env = append(a.env, env.Name+"="+env.Value)
|
||||
}
|
||||
|
||||
// these functions are made comparable and stored in the cache so that repeated clientset
|
||||
// construction with the same rest.Config results in a single TLS cache and Authenticator
|
||||
a.getCert = &transport.GetCertHolder{GetCert: a.cert}
|
||||
a.dial = &transport.DialHolder{Dial: defaultDialer.DialContext}
|
||||
|
||||
return c.put(key, a), nil
|
||||
}
|
||||
|
||||
@ -261,8 +265,6 @@ type Authenticator struct {
|
||||
now func() time.Time
|
||||
environ func() []string
|
||||
|
||||
// defaultDialer is used for clients which don't specify a custom dialer
|
||||
defaultDialer *connrotation.Dialer
|
||||
// connTracker tracks all connections opened that we need to close when rotating a client certificate
|
||||
connTracker *connrotation.ConnectionTracker
|
||||
|
||||
@ -273,6 +275,12 @@ type Authenticator struct {
|
||||
mu sync.Mutex
|
||||
cachedCreds *credentials
|
||||
exp time.Time
|
||||
|
||||
// getCert makes Authenticator.cert comparable to support TLS config caching
|
||||
getCert *transport.GetCertHolder
|
||||
// dial is used for clients which do not specify a custom dialer
|
||||
// it is comparable to support TLS config caching
|
||||
dial *transport.DialHolder
|
||||
}
|
||||
|
||||
type credentials struct {
|
||||
@ -300,18 +308,20 @@ func (a *Authenticator) UpdateTransportConfig(c *transport.Config) error {
|
||||
if c.HasCertCallback() {
|
||||
return errors.New("can't add TLS certificate callback: transport.Config.TLS.GetCert already set")
|
||||
}
|
||||
c.TLS.GetCert = a.cert
|
||||
c.TLS.GetCert = a.getCert.GetCert
|
||||
c.TLS.GetCertHolder = a.getCert // comparable for TLS config caching
|
||||
|
||||
var d *connrotation.Dialer
|
||||
if c.Dial != nil {
|
||||
// if c has a custom dialer, we have to wrap it
|
||||
d = connrotation.NewDialerWithTracker(c.Dial, a.connTracker)
|
||||
// TLS config caching is not supported for this config
|
||||
d := connrotation.NewDialerWithTracker(c.Dial, a.connTracker)
|
||||
c.Dial = d.DialContext
|
||||
c.DialHolder = nil
|
||||
} else {
|
||||
d = a.defaultDialer
|
||||
c.Dial = a.dial.Dial
|
||||
c.DialHolder = a.dial // comparable for TLS config caching
|
||||
}
|
||||
|
||||
c.Dial = d.DialContext
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
85
vendor/k8s.io/client-go/rest/request.go
generated
vendored
85
vendor/k8s.io/client-go/rest/request.go
generated
vendored
@ -508,6 +508,87 @@ func (r *Request) URL() *url.URL {
|
||||
return finalURL
|
||||
}
|
||||
|
||||
// finalURLTemplate is similar to URL(), but will make all specific parameter values equal
|
||||
// - instead of name or namespace, "{name}" and "{namespace}" will be used, and all query
|
||||
// parameters will be reset. This creates a copy of the url so as not to change the
|
||||
// underlying object.
|
||||
func (r Request) finalURLTemplate() url.URL {
|
||||
newParams := url.Values{}
|
||||
v := []string{"{value}"}
|
||||
for k := range r.params {
|
||||
newParams[k] = v
|
||||
}
|
||||
r.params = newParams
|
||||
u := r.URL()
|
||||
if u == nil {
|
||||
return url.URL{}
|
||||
}
|
||||
|
||||
segments := strings.Split(u.Path, "/")
|
||||
groupIndex := 0
|
||||
index := 0
|
||||
trimmedBasePath := ""
|
||||
if r.c.base != nil && strings.Contains(u.Path, r.c.base.Path) {
|
||||
p := strings.TrimPrefix(u.Path, r.c.base.Path)
|
||||
if !strings.HasPrefix(p, "/") {
|
||||
p = "/" + p
|
||||
}
|
||||
// store the base path that we have trimmed so we can append it
|
||||
// before returning the URL
|
||||
trimmedBasePath = r.c.base.Path
|
||||
segments = strings.Split(p, "/")
|
||||
groupIndex = 1
|
||||
}
|
||||
if len(segments) <= 2 {
|
||||
return *u
|
||||
}
|
||||
|
||||
const CoreGroupPrefix = "api"
|
||||
const NamedGroupPrefix = "apis"
|
||||
isCoreGroup := segments[groupIndex] == CoreGroupPrefix
|
||||
isNamedGroup := segments[groupIndex] == NamedGroupPrefix
|
||||
if isCoreGroup {
|
||||
// checking the case of core group with /api/v1/... format
|
||||
index = groupIndex + 2
|
||||
} else if isNamedGroup {
|
||||
// checking the case of named group with /apis/apps/v1/... format
|
||||
index = groupIndex + 3
|
||||
} else {
|
||||
// this should not happen that the only two possibilities are /api... and /apis..., just want to put an
|
||||
// outlet here in case more API groups are added in future if ever possible:
|
||||
// https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-groups
|
||||
// if a wrong API groups name is encountered, return the {prefix} for url.Path
|
||||
u.Path = "/{prefix}"
|
||||
u.RawQuery = ""
|
||||
return *u
|
||||
}
|
||||
// switch segLength := len(segments) - index; segLength {
|
||||
switch {
|
||||
// case len(segments) - index == 1:
|
||||
// resource (with no name) do nothing
|
||||
case len(segments)-index == 2:
|
||||
// /$RESOURCE/$NAME: replace $NAME with {name}
|
||||
segments[index+1] = "{name}"
|
||||
case len(segments)-index == 3:
|
||||
if segments[index+2] == "finalize" || segments[index+2] == "status" {
|
||||
// /$RESOURCE/$NAME/$SUBRESOURCE: replace $NAME with {name}
|
||||
segments[index+1] = "{name}"
|
||||
} else {
|
||||
// /namespace/$NAMESPACE/$RESOURCE: replace $NAMESPACE with {namespace}
|
||||
segments[index+1] = "{namespace}"
|
||||
}
|
||||
case len(segments)-index >= 4:
|
||||
segments[index+1] = "{namespace}"
|
||||
// /namespace/$NAMESPACE/$RESOURCE/$NAME: replace $NAMESPACE with {namespace}, $NAME with {name}
|
||||
if segments[index+3] != "finalize" && segments[index+3] != "status" {
|
||||
// /$RESOURCE/$NAME/$SUBRESOURCE: replace $NAME with {name}
|
||||
segments[index+3] = "{name}"
|
||||
}
|
||||
}
|
||||
u.Path = path.Join(trimmedBasePath, path.Join(segments...))
|
||||
return *u
|
||||
}
|
||||
|
||||
func (r *Request) tryThrottleWithInfo(ctx context.Context, retryInfo string) error {
|
||||
if r.rateLimiter == nil {
|
||||
return nil
|
||||
@ -537,7 +618,7 @@ func (r *Request) tryThrottleWithInfo(ctx context.Context, retryInfo string) err
|
||||
// but we use a throttled logger to prevent spamming.
|
||||
globalThrottledLogger.Infof("%s", message)
|
||||
}
|
||||
metrics.RateLimiterLatency.Observe(ctx, r.verb, *r.URL(), latency)
|
||||
metrics.RateLimiterLatency.Observe(ctx, r.verb, r.finalURLTemplate(), latency)
|
||||
|
||||
return err
|
||||
}
|
||||
@ -826,7 +907,7 @@ func (r *Request) request(ctx context.Context, fn func(*http.Request, *http.Resp
|
||||
// Metrics for total request latency
|
||||
start := time.Now()
|
||||
defer func() {
|
||||
metrics.RequestLatency.Observe(ctx, r.verb, *r.URL(), time.Since(start))
|
||||
metrics.RequestLatency.Observe(ctx, r.verb, r.finalURLTemplate(), time.Since(start))
|
||||
}()
|
||||
|
||||
if r.err != nil {
|
||||
|
25
vendor/k8s.io/client-go/transport/cache.go
generated
vendored
25
vendor/k8s.io/client-go/transport/cache.go
generated
vendored
@ -17,6 +17,7 @@ limitations under the License.
|
||||
package transport
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
@ -55,6 +56,9 @@ type tlsCacheKey struct {
|
||||
serverName string
|
||||
nextProtos string
|
||||
disableCompression bool
|
||||
// these functions are wrapped to allow them to be used as map keys
|
||||
getCert *GetCertHolder
|
||||
dial *DialHolder
|
||||
}
|
||||
|
||||
func (t tlsCacheKey) String() string {
|
||||
@ -62,7 +66,8 @@ func (t tlsCacheKey) String() string {
|
||||
if len(t.keyData) > 0 {
|
||||
keyText = "<redacted>"
|
||||
}
|
||||
return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, serverName:%s, disableCompression:%t", t.insecure, t.caData, t.certData, keyText, t.serverName, t.disableCompression)
|
||||
return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, serverName:%s, disableCompression:%t, getCert:%p, dial:%p",
|
||||
t.insecure, t.caData, t.certData, keyText, t.serverName, t.disableCompression, t.getCert, t.dial)
|
||||
}
|
||||
|
||||
func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
|
||||
@ -92,8 +97,10 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) {
|
||||
return http.DefaultTransport, nil
|
||||
}
|
||||
|
||||
dial := config.Dial
|
||||
if dial == nil {
|
||||
var dial func(ctx context.Context, network, address string) (net.Conn, error)
|
||||
if config.Dial != nil {
|
||||
dial = config.Dial
|
||||
} else {
|
||||
dial = (&net.Dialer{
|
||||
Timeout: 30 * time.Second,
|
||||
KeepAlive: 30 * time.Second,
|
||||
@ -138,10 +145,18 @@ func tlsConfigKey(c *Config) (tlsCacheKey, bool, error) {
|
||||
return tlsCacheKey{}, false, err
|
||||
}
|
||||
|
||||
if c.TLS.GetCert != nil || c.Dial != nil || c.Proxy != nil {
|
||||
if c.Proxy != nil {
|
||||
// cannot determine equality for functions
|
||||
return tlsCacheKey{}, false, nil
|
||||
}
|
||||
if c.Dial != nil && c.DialHolder == nil {
|
||||
// cannot determine equality for dial function that doesn't have non-nil DialHolder set as well
|
||||
return tlsCacheKey{}, false, nil
|
||||
}
|
||||
if c.TLS.GetCert != nil && c.TLS.GetCertHolder == nil {
|
||||
// cannot determine equality for getCert function that doesn't have non-nil GetCertHolder set as well
|
||||
return tlsCacheKey{}, false, nil
|
||||
}
|
||||
|
||||
k := tlsCacheKey{
|
||||
insecure: c.TLS.Insecure,
|
||||
@ -149,6 +164,8 @@ func tlsConfigKey(c *Config) (tlsCacheKey, bool, error) {
|
||||
serverName: c.TLS.ServerName,
|
||||
nextProtos: strings.Join(c.TLS.NextProtos, ","),
|
||||
disableCompression: c.DisableCompression,
|
||||
getCert: c.TLS.GetCertHolder,
|
||||
dial: c.DialHolder,
|
||||
}
|
||||
|
||||
if c.TLS.ReloadTLSFiles {
|
||||
|
21
vendor/k8s.io/client-go/transport/config.go
generated
vendored
21
vendor/k8s.io/client-go/transport/config.go
generated
vendored
@ -68,7 +68,11 @@ type Config struct {
|
||||
WrapTransport WrapperFunc
|
||||
|
||||
// Dial specifies the dial function for creating unencrypted TCP connections.
|
||||
// If specified, this transport will be non-cacheable unless DialHolder is also set.
|
||||
Dial func(ctx context.Context, network, address string) (net.Conn, error)
|
||||
// DialHolder can be populated to make transport configs cacheable.
|
||||
// If specified, DialHolder.Dial must be equal to Dial.
|
||||
DialHolder *DialHolder
|
||||
|
||||
// Proxy is the proxy func to be used for all requests made by this
|
||||
// transport. If Proxy is nil, http.ProxyFromEnvironment is used. If Proxy
|
||||
@ -78,6 +82,11 @@ type Config struct {
|
||||
Proxy func(*http.Request) (*url.URL, error)
|
||||
}
|
||||
|
||||
// DialHolder is used to make the wrapped function comparable so that it can be used as a map key.
|
||||
type DialHolder struct {
|
||||
Dial func(ctx context.Context, network, address string) (net.Conn, error)
|
||||
}
|
||||
|
||||
// ImpersonationConfig has all the available impersonation options
|
||||
type ImpersonationConfig struct {
|
||||
// UserName matches user.Info.GetName()
|
||||
@ -143,5 +152,15 @@ type TLSConfig struct {
|
||||
// To use only http/1.1, set to ["http/1.1"].
|
||||
NextProtos []string
|
||||
|
||||
GetCert func() (*tls.Certificate, error) // Callback that returns a TLS client certificate. CertData, CertFile, KeyData and KeyFile supercede this field.
|
||||
// Callback that returns a TLS client certificate. CertData, CertFile, KeyData and KeyFile supercede this field.
|
||||
// If specified, this transport is non-cacheable unless CertHolder is populated.
|
||||
GetCert func() (*tls.Certificate, error)
|
||||
// CertHolder can be populated to make transport configs that set GetCert cacheable.
|
||||
// If set, CertHolder.GetCert must be equal to GetCert.
|
||||
GetCertHolder *GetCertHolder
|
||||
}
|
||||
|
||||
// GetCertHolder is used to make the wrapped function comparable so that it can be used as a map key.
|
||||
type GetCertHolder struct {
|
||||
GetCert func() (*tls.Certificate, error)
|
||||
}
|
||||
|
25
vendor/k8s.io/client-go/transport/transport.go
generated
vendored
25
vendor/k8s.io/client-go/transport/transport.go
generated
vendored
@ -24,6 +24,7 @@ import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"reflect"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
@ -39,6 +40,10 @@ func New(config *Config) (http.RoundTripper, error) {
|
||||
return nil, fmt.Errorf("using a custom transport with TLS certificate options or the insecure flag is not allowed")
|
||||
}
|
||||
|
||||
if !isValidHolders(config) {
|
||||
return nil, fmt.Errorf("misconfigured holder for dialer or cert callback")
|
||||
}
|
||||
|
||||
var (
|
||||
rt http.RoundTripper
|
||||
err error
|
||||
@ -56,6 +61,26 @@ func New(config *Config) (http.RoundTripper, error) {
|
||||
return HTTPWrappersForConfig(config, rt)
|
||||
}
|
||||
|
||||
func isValidHolders(config *Config) bool {
|
||||
if config.TLS.GetCertHolder != nil {
|
||||
if config.TLS.GetCertHolder.GetCert == nil ||
|
||||
config.TLS.GetCert == nil ||
|
||||
reflect.ValueOf(config.TLS.GetCertHolder.GetCert).Pointer() != reflect.ValueOf(config.TLS.GetCert).Pointer() {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
if config.DialHolder != nil {
|
||||
if config.DialHolder.Dial == nil ||
|
||||
config.Dial == nil ||
|
||||
reflect.ValueOf(config.DialHolder.Dial).Pointer() != reflect.ValueOf(config.Dial).Pointer() {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
// TLSConfigFor returns a tls.Config that will provide the transport level security defined
|
||||
// by the provided Config. Will return nil if no transport level security is requested.
|
||||
func TLSConfigFor(c *Config) (*tls.Config, error) {
|
||||
|
13
vendor/k8s.io/kubernetes/pkg/apis/core/validation/events.go
generated
vendored
13
vendor/k8s.io/kubernetes/pkg/apis/core/validation/events.go
generated
vendored
@ -95,7 +95,18 @@ func ValidateEventUpdate(newEvent, oldEvent *core.Event, requestVersion schema.G
|
||||
allErrs = append(allErrs, ValidateImmutableField(newEvent.Count, oldEvent.Count, field.NewPath("count"))...)
|
||||
allErrs = append(allErrs, ValidateImmutableField(newEvent.Reason, oldEvent.Reason, field.NewPath("reason"))...)
|
||||
allErrs = append(allErrs, ValidateImmutableField(newEvent.Type, oldEvent.Type, field.NewPath("type"))...)
|
||||
allErrs = append(allErrs, ValidateImmutableField(newEvent.EventTime, oldEvent.EventTime, field.NewPath("eventTime"))...)
|
||||
|
||||
// Disallow changes to eventTime greater than microsecond-level precision.
|
||||
// Tolerating sub-microsecond changes is required to tolerate updates
|
||||
// from clients that correctly truncate to microsecond-precision when serializing,
|
||||
// or from clients built with incorrect nanosecond-precision protobuf serialization.
|
||||
// See https://github.com/kubernetes/kubernetes/issues/111928
|
||||
newTruncated := newEvent.EventTime.Truncate(time.Microsecond).UTC()
|
||||
oldTruncated := oldEvent.EventTime.Truncate(time.Microsecond).UTC()
|
||||
if newTruncated != oldTruncated {
|
||||
allErrs = append(allErrs, ValidateImmutableField(newEvent.EventTime, oldEvent.EventTime, field.NewPath("eventTime"))...)
|
||||
}
|
||||
|
||||
allErrs = append(allErrs, ValidateImmutableField(newEvent.Action, oldEvent.Action, field.NewPath("action"))...)
|
||||
allErrs = append(allErrs, ValidateImmutableField(newEvent.Related, oldEvent.Related, field.NewPath("related"))...)
|
||||
allErrs = append(allErrs, ValidateImmutableField(newEvent.ReportingController, oldEvent.ReportingController, field.NewPath("reportingController"))...)
|
||||
|
3
vendor/k8s.io/kubernetes/pkg/features/kube_features.go
generated
vendored
3
vendor/k8s.io/kubernetes/pkg/features/kube_features.go
generated
vendored
@ -533,7 +533,6 @@ const (
|
||||
|
||||
// owner: @RobertKrawitz
|
||||
// alpha: v1.15
|
||||
// beta: v1.25
|
||||
//
|
||||
// Allow use of filesystems for ephemeral storage monitoring.
|
||||
// Only applies if LocalStorageCapacityIsolation is set.
|
||||
@ -1033,7 +1032,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
|
||||
|
||||
LocalStorageCapacityIsolation: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27
|
||||
|
||||
LocalStorageCapacityIsolationFSQuotaMonitoring: {Default: true, PreRelease: featuregate.Beta},
|
||||
LocalStorageCapacityIsolationFSQuotaMonitoring: {Default: false, PreRelease: featuregate.Alpha},
|
||||
|
||||
LogarithmicScaleDown: {Default: true, PreRelease: featuregate.Beta},
|
||||
|
||||
|
84
vendor/modules.txt
vendored
84
vendor/modules.txt
vendored
@ -606,7 +606,7 @@ go.uber.org/zap/internal/bufferpool
|
||||
go.uber.org/zap/internal/color
|
||||
go.uber.org/zap/internal/exit
|
||||
go.uber.org/zap/zapcore
|
||||
# golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
|
||||
# golang.org/x/crypto v0.1.0
|
||||
## explicit; go 1.17
|
||||
golang.org/x/crypto/argon2
|
||||
golang.org/x/crypto/blake2b
|
||||
@ -618,8 +618,8 @@ golang.org/x/crypto/curve25519
|
||||
golang.org/x/crypto/curve25519/internal/field
|
||||
golang.org/x/crypto/ed25519
|
||||
golang.org/x/crypto/hkdf
|
||||
golang.org/x/crypto/internal/alias
|
||||
golang.org/x/crypto/internal/poly1305
|
||||
golang.org/x/crypto/internal/subtle
|
||||
golang.org/x/crypto/pbkdf2
|
||||
golang.org/x/crypto/scrypt
|
||||
golang.org/x/crypto/ssh
|
||||
@ -805,7 +805,7 @@ gopkg.in/yaml.v2
|
||||
# gopkg.in/yaml.v3 v3.0.1
|
||||
## explicit
|
||||
gopkg.in/yaml.v3
|
||||
# k8s.io/api v0.25.0 => k8s.io/api v0.25.0
|
||||
# k8s.io/api v0.25.3 => k8s.io/api v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/api/admission/v1
|
||||
k8s.io/api/admission/v1beta1
|
||||
@ -855,11 +855,11 @@ k8s.io/api/scheduling/v1beta1
|
||||
k8s.io/api/storage/v1
|
||||
k8s.io/api/storage/v1alpha1
|
||||
k8s.io/api/storage/v1beta1
|
||||
# k8s.io/apiextensions-apiserver v0.25.0 => k8s.io/apiextensions-apiserver v0.25.0
|
||||
# k8s.io/apiextensions-apiserver v0.25.3 => k8s.io/apiextensions-apiserver v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
|
||||
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
|
||||
# k8s.io/apimachinery v0.25.0 => k8s.io/apimachinery v0.25.0
|
||||
# k8s.io/apimachinery v0.25.3 => k8s.io/apimachinery v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/apimachinery/pkg/api/equality
|
||||
k8s.io/apimachinery/pkg/api/errors
|
||||
@ -915,7 +915,7 @@ k8s.io/apimachinery/pkg/watch
|
||||
k8s.io/apimachinery/third_party/forked/golang/json
|
||||
k8s.io/apimachinery/third_party/forked/golang/netutil
|
||||
k8s.io/apimachinery/third_party/forked/golang/reflect
|
||||
# k8s.io/apiserver v0.25.0 => k8s.io/apiserver v0.25.0
|
||||
# k8s.io/apiserver v0.25.3 => k8s.io/apiserver v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/apiserver/pkg/admission
|
||||
k8s.io/apiserver/pkg/admission/configuration
|
||||
@ -953,7 +953,7 @@ k8s.io/apiserver/pkg/util/feature
|
||||
k8s.io/apiserver/pkg/util/webhook
|
||||
k8s.io/apiserver/pkg/util/x509metrics
|
||||
k8s.io/apiserver/pkg/warning
|
||||
# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.25.0
|
||||
# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/client-go/applyconfigurations/admissionregistration/v1
|
||||
k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1
|
||||
@ -1201,12 +1201,12 @@ k8s.io/client-go/util/homedir
|
||||
k8s.io/client-go/util/keyutil
|
||||
k8s.io/client-go/util/retry
|
||||
k8s.io/client-go/util/workqueue
|
||||
# k8s.io/cloud-provider v0.25.0 => k8s.io/cloud-provider v0.25.0
|
||||
# k8s.io/cloud-provider v0.25.3 => k8s.io/cloud-provider v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/cloud-provider
|
||||
k8s.io/cloud-provider/volume
|
||||
k8s.io/cloud-provider/volume/helpers
|
||||
# k8s.io/component-base v0.25.0 => k8s.io/component-base v0.25.0
|
||||
# k8s.io/component-base v0.25.3 => k8s.io/component-base v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/component-base/cli/flag
|
||||
k8s.io/component-base/config
|
||||
@ -1220,7 +1220,7 @@ k8s.io/component-base/metrics/testutil
|
||||
k8s.io/component-base/tracing
|
||||
k8s.io/component-base/tracing/api/v1
|
||||
k8s.io/component-base/version
|
||||
# k8s.io/component-helpers v0.25.0 => k8s.io/component-helpers v0.25.0
|
||||
# k8s.io/component-helpers v0.25.3 => k8s.io/component-helpers v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/component-helpers/node/util/sysctl
|
||||
k8s.io/component-helpers/scheduling/corev1
|
||||
@ -1246,14 +1246,14 @@ k8s.io/kube-openapi/pkg/schemamutation
|
||||
k8s.io/kube-openapi/pkg/spec3
|
||||
k8s.io/kube-openapi/pkg/util/proto
|
||||
k8s.io/kube-openapi/pkg/validation/spec
|
||||
# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.25.0
|
||||
# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/kubectl/pkg/scale
|
||||
k8s.io/kubectl/pkg/util/podutils
|
||||
# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.25.0
|
||||
# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/kubelet/pkg/apis/stats/v1alpha1
|
||||
# k8s.io/kubernetes v1.25.0
|
||||
# k8s.io/kubernetes v1.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/kubernetes/pkg/api/legacyscheme
|
||||
k8s.io/kubernetes/pkg/api/service
|
||||
@ -1316,10 +1316,10 @@ k8s.io/kubernetes/test/e2e/storage/utils
|
||||
k8s.io/kubernetes/test/e2e/testing-manifests
|
||||
k8s.io/kubernetes/test/utils
|
||||
k8s.io/kubernetes/test/utils/image
|
||||
# k8s.io/mount-utils v0.25.0 => k8s.io/mount-utils v0.25.0-alpha.3.0.20220801203918-ff562e546084
|
||||
## explicit; go 1.18
|
||||
# k8s.io/mount-utils v0.25.3 => k8s.io/mount-utils v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/mount-utils
|
||||
# k8s.io/pod-security-admission v0.0.0 => k8s.io/pod-security-admission v0.25.0
|
||||
# k8s.io/pod-security-admission v0.0.0 => k8s.io/pod-security-admission v0.25.3
|
||||
## explicit; go 1.19
|
||||
k8s.io/pod-security-admission/api
|
||||
k8s.io/pod-security-admission/policy
|
||||
@ -1342,7 +1342,7 @@ k8s.io/utils/pointer
|
||||
k8s.io/utils/strings
|
||||
k8s.io/utils/strings/slices
|
||||
k8s.io/utils/trace
|
||||
# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.32
|
||||
# sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.33
|
||||
## explicit; go 1.17
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client
|
||||
sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client
|
||||
@ -1401,29 +1401,29 @@ sigs.k8s.io/yaml
|
||||
# github.com/golang/protobuf => github.com/golang/protobuf v1.4.3
|
||||
# github.com/portworx/sched-ops => github.com/portworx/sched-ops v0.20.4-openstorage-rc3
|
||||
# gomodules.xyz/jsonpatch/v2 => github.com/gomodules/jsonpatch/v2 v2.2.0
|
||||
# k8s.io/api => k8s.io/api v0.25.0
|
||||
# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.25.0
|
||||
# k8s.io/apimachinery => k8s.io/apimachinery v0.25.0
|
||||
# k8s.io/apiserver => k8s.io/apiserver v0.25.0
|
||||
# k8s.io/cli-runtime => k8s.io/cli-runtime v0.25.0
|
||||
# k8s.io/client-go => k8s.io/client-go v0.25.0
|
||||
# k8s.io/cloud-provider => k8s.io/cloud-provider v0.25.0
|
||||
# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.25.0
|
||||
# k8s.io/code-generator => k8s.io/code-generator v0.25.0
|
||||
# k8s.io/component-base => k8s.io/component-base v0.25.0
|
||||
# k8s.io/component-helpers => k8s.io/component-helpers v0.25.0
|
||||
# k8s.io/controller-manager => k8s.io/controller-manager v0.25.0
|
||||
# k8s.io/cri-api => k8s.io/cri-api v0.25.0
|
||||
# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.25.0
|
||||
# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.25.0
|
||||
# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.25.0
|
||||
# k8s.io/kube-proxy => k8s.io/kube-proxy v0.25.0
|
||||
# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.25.0
|
||||
# k8s.io/kubectl => k8s.io/kubectl v0.25.0
|
||||
# k8s.io/kubelet => k8s.io/kubelet v0.25.0
|
||||
# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.25.0
|
||||
# k8s.io/metrics => k8s.io/metrics v0.25.0
|
||||
# k8s.io/mount-utils => k8s.io/mount-utils v0.25.0-alpha.3.0.20220801203918-ff562e546084
|
||||
# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.25.0
|
||||
# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.25.0
|
||||
# k8s.io/api => k8s.io/api v0.25.3
|
||||
# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.25.3
|
||||
# k8s.io/apimachinery => k8s.io/apimachinery v0.25.3
|
||||
# k8s.io/apiserver => k8s.io/apiserver v0.25.3
|
||||
# k8s.io/cli-runtime => k8s.io/cli-runtime v0.25.3
|
||||
# k8s.io/client-go => k8s.io/client-go v0.25.3
|
||||
# k8s.io/cloud-provider => k8s.io/cloud-provider v0.25.3
|
||||
# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.25.3
|
||||
# k8s.io/code-generator => k8s.io/code-generator v0.25.3
|
||||
# k8s.io/component-base => k8s.io/component-base v0.25.3
|
||||
# k8s.io/component-helpers => k8s.io/component-helpers v0.25.3
|
||||
# k8s.io/controller-manager => k8s.io/controller-manager v0.25.3
|
||||
# k8s.io/cri-api => k8s.io/cri-api v0.25.3
|
||||
# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.25.3
|
||||
# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.25.3
|
||||
# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.25.3
|
||||
# k8s.io/kube-proxy => k8s.io/kube-proxy v0.25.3
|
||||
# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.25.3
|
||||
# k8s.io/kubectl => k8s.io/kubectl v0.25.3
|
||||
# k8s.io/kubelet => k8s.io/kubelet v0.25.3
|
||||
# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.25.3
|
||||
# k8s.io/metrics => k8s.io/metrics v0.25.3
|
||||
# k8s.io/mount-utils => k8s.io/mount-utils v0.25.3
|
||||
# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.25.3
|
||||
# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.25.3
|
||||
# layeh.com/radius => github.com/layeh/radius v0.0.0-20190322222518-890bc1058917
|
||||
|
347
vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go
generated
vendored
347
vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/client.go
generated
vendored
@ -24,6 +24,7 @@ import (
|
||||
"math/rand"
|
||||
"net"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
"time"
|
||||
|
||||
"google.golang.org/grpc"
|
||||
@ -36,10 +37,13 @@ type Tunnel interface {
|
||||
// Dial connects to the address on the named network, similar to
|
||||
// what net.Dial does. The only supported protocol is tcp.
|
||||
DialContext(requestCtx context.Context, protocol, address string) (net.Conn, error)
|
||||
// Done returns a channel that is closed when the tunnel is no longer serving any connections,
|
||||
// and can no longer be used.
|
||||
Done() <-chan struct{}
|
||||
}
|
||||
|
||||
type dialResult struct {
|
||||
err string
|
||||
err *dialFailure
|
||||
connid int64
|
||||
}
|
||||
|
||||
@ -50,17 +54,83 @@ type pendingDial struct {
|
||||
cancelCh <-chan struct{}
|
||||
}
|
||||
|
||||
// TODO: Replace with a generic implementation once it is safe to assume the client is built with go1.18+
|
||||
type pendingDialManager struct {
|
||||
pendingDials map[int64]pendingDial
|
||||
mutex sync.RWMutex
|
||||
}
|
||||
|
||||
func (p *pendingDialManager) add(dialID int64, pd pendingDial) {
|
||||
p.mutex.Lock()
|
||||
defer p.mutex.Unlock()
|
||||
p.pendingDials[dialID] = pd
|
||||
}
|
||||
|
||||
func (p *pendingDialManager) remove(dialID int64) {
|
||||
p.mutex.Lock()
|
||||
defer p.mutex.Unlock()
|
||||
delete(p.pendingDials, dialID)
|
||||
}
|
||||
|
||||
func (p *pendingDialManager) get(dialID int64) (pendingDial, bool) {
|
||||
p.mutex.RLock()
|
||||
defer p.mutex.RUnlock()
|
||||
pd, ok := p.pendingDials[dialID]
|
||||
return pd, ok
|
||||
}
|
||||
|
||||
// TODO: Replace with a generic implementation once it is safe to assume the client is built with go1.18+
|
||||
type connectionManager struct {
|
||||
conns map[int64]*conn
|
||||
mutex sync.RWMutex
|
||||
}
|
||||
|
||||
func (cm *connectionManager) add(connID int64, c *conn) {
|
||||
cm.mutex.Lock()
|
||||
defer cm.mutex.Unlock()
|
||||
cm.conns[connID] = c
|
||||
}
|
||||
|
||||
func (cm *connectionManager) remove(connID int64) {
|
||||
cm.mutex.Lock()
|
||||
defer cm.mutex.Unlock()
|
||||
delete(cm.conns, connID)
|
||||
}
|
||||
|
||||
func (cm *connectionManager) get(connID int64) (*conn, bool) {
|
||||
cm.mutex.RLock()
|
||||
defer cm.mutex.RUnlock()
|
||||
c, ok := cm.conns[connID]
|
||||
return c, ok
|
||||
}
|
||||
|
||||
func (cm *connectionManager) closeAll() {
|
||||
cm.mutex.Lock()
|
||||
defer cm.mutex.Unlock()
|
||||
for _, conn := range cm.conns {
|
||||
close(conn.readCh)
|
||||
}
|
||||
}
|
||||
|
||||
// grpcTunnel implements Tunnel
|
||||
type grpcTunnel struct {
|
||||
stream client.ProxyService_ProxyClient
|
||||
pendingDial map[int64]pendingDial
|
||||
conns map[int64]*conn
|
||||
pendingDialLock sync.RWMutex
|
||||
connsLock sync.RWMutex
|
||||
stream client.ProxyService_ProxyClient
|
||||
clientConn clientConn
|
||||
pendingDial pendingDialManager
|
||||
conns connectionManager
|
||||
|
||||
// The tunnel will be closed if the caller fails to read via conn.Read()
|
||||
// more than readTimeoutSeconds after a packet has been received.
|
||||
readTimeoutSeconds int
|
||||
|
||||
// The done channel is closed after the tunnel has cleaned up all connections and is no longer
|
||||
// serving.
|
||||
done chan struct{}
|
||||
|
||||
// closing is an atomic bool represented as a 0 or 1, and set to true when the tunnel is being closed.
|
||||
// closing should only be accessed through atomic methods.
|
||||
// TODO: switch this to an atomic.Bool once the client is exclusively buit with go1.19+
|
||||
closing uint32
|
||||
}
|
||||
|
||||
type clientConn interface {
|
||||
@ -99,35 +169,39 @@ func CreateSingleUseGrpcTunnelWithContext(createCtx, tunnelCtx context.Context,
|
||||
return nil, err
|
||||
}
|
||||
|
||||
tunnel := &grpcTunnel{
|
||||
stream: stream,
|
||||
pendingDial: make(map[int64]pendingDial),
|
||||
conns: make(map[int64]*conn),
|
||||
readTimeoutSeconds: 10,
|
||||
}
|
||||
tunnel := newUnstartedTunnel(stream, c)
|
||||
|
||||
go tunnel.serve(tunnelCtx, c)
|
||||
go tunnel.serve(tunnelCtx)
|
||||
|
||||
return tunnel, nil
|
||||
}
|
||||
|
||||
func (t *grpcTunnel) serve(tunnelCtx context.Context, c clientConn) {
|
||||
func newUnstartedTunnel(stream client.ProxyService_ProxyClient, c clientConn) *grpcTunnel {
|
||||
return &grpcTunnel{
|
||||
stream: stream,
|
||||
clientConn: c,
|
||||
pendingDial: pendingDialManager{pendingDials: make(map[int64]pendingDial)},
|
||||
conns: connectionManager{conns: make(map[int64]*conn)},
|
||||
readTimeoutSeconds: 10,
|
||||
done: make(chan struct{}),
|
||||
}
|
||||
}
|
||||
|
||||
func (t *grpcTunnel) serve(tunnelCtx context.Context) {
|
||||
defer func() {
|
||||
c.Close()
|
||||
t.clientConn.Close()
|
||||
|
||||
// A connection in t.conns after serve() returns means
|
||||
// we never received a CLOSE_RSP for it, so we need to
|
||||
// close any channels remaining for these connections.
|
||||
t.connsLock.Lock()
|
||||
for _, conn := range t.conns {
|
||||
close(conn.readCh)
|
||||
}
|
||||
t.connsLock.Unlock()
|
||||
t.conns.closeAll()
|
||||
|
||||
close(t.done)
|
||||
}()
|
||||
|
||||
for {
|
||||
pkt, err := t.stream.Recv()
|
||||
if err == io.EOF {
|
||||
if err == io.EOF || t.isClosing() {
|
||||
return
|
||||
}
|
||||
if err != nil || pkt == nil {
|
||||
@ -140,34 +214,35 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context, c clientConn) {
|
||||
switch pkt.Type {
|
||||
case client.PacketType_DIAL_RSP:
|
||||
resp := pkt.GetDialResponse()
|
||||
t.pendingDialLock.RLock()
|
||||
pendingDial, ok := t.pendingDial[resp.Random]
|
||||
t.pendingDialLock.RUnlock()
|
||||
pendingDial, ok := t.pendingDial.get(resp.Random)
|
||||
|
||||
if !ok {
|
||||
// If the DIAL_RSP does not match a pending dial, it means one of two things:
|
||||
// 1. There was a second DIAL_RSP for the connection request (this is very unlikely but possible)
|
||||
// 2. grpcTunnel.DialContext() returned early due to a dial timeout or the client canceling the context
|
||||
//
|
||||
// In either scenario, we should return here and close the tunnel as it is no longer needed.
|
||||
klog.V(1).InfoS("DialResp not recognized; dropped", "connectionID", resp.ConnectID, "dialID", resp.Random)
|
||||
return
|
||||
} else {
|
||||
result := dialResult{
|
||||
err: resp.Error,
|
||||
connid: resp.ConnectID,
|
||||
}
|
||||
select {
|
||||
// try to send to the result channel
|
||||
case pendingDial.resultCh <- result:
|
||||
// unblock if the cancel channel is closed
|
||||
case <-pendingDial.cancelCh:
|
||||
// If there are no readers of the pending dial channel above, it means one of two things:
|
||||
// 1. There was a second DIAL_RSP for the connection request (this is very unlikely but possible)
|
||||
// 2. grpcTunnel.DialContext() returned early due to a dial timeout or the client canceling the context
|
||||
//
|
||||
// In either scenario, we should return here as this tunnel is no longer needed.
|
||||
klog.V(1).InfoS("Pending dial has been cancelled; dropped", "connectionID", resp.ConnectID, "dialID", resp.Random)
|
||||
return
|
||||
case <-tunnelCtx.Done():
|
||||
klog.V(1).InfoS("Tunnel has been closed; dropped", "connectionID", resp.ConnectID, "dialID", resp.Random)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
result := dialResult{connid: resp.ConnectID}
|
||||
if resp.Error != "" {
|
||||
result.err = &dialFailure{resp.Error, DialFailureEndpoint}
|
||||
}
|
||||
select {
|
||||
// try to send to the result channel
|
||||
case pendingDial.resultCh <- result:
|
||||
// unblock if the cancel channel is closed
|
||||
case <-pendingDial.cancelCh:
|
||||
// Note: this condition can only be hit by a race condition where the
|
||||
// DialContext() returns early (timeout) after the pendingDial is already
|
||||
// fetched here, but before the result is sent.
|
||||
klog.V(1).InfoS("Pending dial has been cancelled; dropped", "connectionID", resp.ConnectID, "dialID", resp.Random)
|
||||
return
|
||||
case <-tunnelCtx.Done():
|
||||
klog.V(1).InfoS("Tunnel has been closed; dropped", "connectionID", resp.ConnectID, "dialID", resp.Random)
|
||||
return
|
||||
}
|
||||
|
||||
if resp.Error != "" {
|
||||
@ -175,43 +250,65 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context, c clientConn) {
|
||||
return
|
||||
}
|
||||
|
||||
case client.PacketType_DIAL_CLS:
|
||||
resp := pkt.GetCloseDial()
|
||||
pendingDial, ok := t.pendingDial.get(resp.Random)
|
||||
|
||||
if !ok {
|
||||
// If the DIAL_CLS does not match a pending dial, it means one of two things:
|
||||
// 1. There was a DIAL_CLS receieved after a DIAL_RSP (unlikely but possible)
|
||||
// 2. grpcTunnel.DialContext() returned early due to a dial timeout or the client canceling the context
|
||||
//
|
||||
// In either scenario, we should return here and close the tunnel as it is no longer needed.
|
||||
klog.V(1).InfoS("DIAL_CLS after dial finished", "dialID", resp.Random)
|
||||
} else {
|
||||
result := dialResult{
|
||||
err: &dialFailure{"dial closed", DialFailureDialClosed},
|
||||
}
|
||||
select {
|
||||
case pendingDial.resultCh <- result:
|
||||
case <-pendingDial.cancelCh:
|
||||
// Note: this condition can only be hit by a race condition where the
|
||||
// DialContext() returns early (timeout) after the pendingDial is already
|
||||
// fetched here, but before the result is sent.
|
||||
case <-tunnelCtx.Done():
|
||||
}
|
||||
}
|
||||
return // Stop serving & close the tunnel.
|
||||
|
||||
case client.PacketType_DATA:
|
||||
resp := pkt.GetData()
|
||||
// TODO: flow control
|
||||
t.connsLock.RLock()
|
||||
conn, ok := t.conns[resp.ConnectID]
|
||||
t.connsLock.RUnlock()
|
||||
conn, ok := t.conns.get(resp.ConnectID)
|
||||
|
||||
if ok {
|
||||
timer := time.NewTimer((time.Duration)(t.readTimeoutSeconds) * time.Second)
|
||||
select {
|
||||
case conn.readCh <- resp.Data:
|
||||
timer.Stop()
|
||||
case <-timer.C:
|
||||
klog.ErrorS(fmt.Errorf("timeout"), "readTimeout has been reached, the grpc connection to the proxy server will be closed", "connectionID", conn.connID, "readTimeoutSeconds", t.readTimeoutSeconds)
|
||||
return
|
||||
case <-tunnelCtx.Done():
|
||||
klog.V(1).InfoS("Tunnel has been closed, the grpc connection to the proxy server will be closed", "connectionID", conn.connID)
|
||||
}
|
||||
} else {
|
||||
klog.V(1).InfoS("connection not recognized", "connectionID", resp.ConnectID)
|
||||
if !ok {
|
||||
klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID)
|
||||
continue
|
||||
}
|
||||
timer := time.NewTimer((time.Duration)(t.readTimeoutSeconds) * time.Second)
|
||||
select {
|
||||
case conn.readCh <- resp.Data:
|
||||
timer.Stop()
|
||||
case <-timer.C:
|
||||
klog.ErrorS(fmt.Errorf("timeout"), "readTimeout has been reached, the grpc connection to the proxy server will be closed", "connectionID", conn.connID, "readTimeoutSeconds", t.readTimeoutSeconds)
|
||||
return
|
||||
case <-tunnelCtx.Done():
|
||||
klog.V(1).InfoS("Tunnel has been closed, the grpc connection to the proxy server will be closed", "connectionID", conn.connID)
|
||||
}
|
||||
|
||||
case client.PacketType_CLOSE_RSP:
|
||||
resp := pkt.GetCloseResponse()
|
||||
t.connsLock.RLock()
|
||||
conn, ok := t.conns[resp.ConnectID]
|
||||
t.connsLock.RUnlock()
|
||||
conn, ok := t.conns.get(resp.ConnectID)
|
||||
|
||||
if ok {
|
||||
close(conn.readCh)
|
||||
conn.closeCh <- resp.Error
|
||||
close(conn.closeCh)
|
||||
t.connsLock.Lock()
|
||||
delete(t.conns, resp.ConnectID)
|
||||
t.connsLock.Unlock()
|
||||
return
|
||||
if !ok {
|
||||
klog.V(1).InfoS("Connection not recognized", "connectionID", resp.ConnectID)
|
||||
continue
|
||||
}
|
||||
klog.V(1).InfoS("connection not recognized", "connectionID", resp.ConnectID)
|
||||
close(conn.readCh)
|
||||
conn.closeCh <- resp.Error
|
||||
close(conn.closeCh)
|
||||
t.conns.remove(resp.ConnectID)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -219,6 +316,12 @@ func (t *grpcTunnel) serve(tunnelCtx context.Context, c clientConn) {
|
||||
// Dial connects to the address on the named network, similar to
|
||||
// what net.Dial does. The only supported protocol is tcp.
|
||||
func (t *grpcTunnel) DialContext(requestCtx context.Context, protocol, address string) (net.Conn, error) {
|
||||
select {
|
||||
case <-t.done:
|
||||
return nil, errors.New("tunnel is closed")
|
||||
default: // Tunnel is open, carry on.
|
||||
}
|
||||
|
||||
if protocol != "tcp" {
|
||||
return nil, errors.New("protocol not supported")
|
||||
}
|
||||
@ -232,14 +335,8 @@ func (t *grpcTunnel) DialContext(requestCtx context.Context, protocol, address s
|
||||
// This channel MUST NOT be buffered. The sender needs to know when we are not receiving things, so they can abort.
|
||||
resCh := make(chan dialResult)
|
||||
|
||||
t.pendingDialLock.Lock()
|
||||
t.pendingDial[random] = pendingDial{resultCh: resCh, cancelCh: cancelCh}
|
||||
t.pendingDialLock.Unlock()
|
||||
defer func() {
|
||||
t.pendingDialLock.Lock()
|
||||
delete(t.pendingDial, random)
|
||||
t.pendingDialLock.Unlock()
|
||||
}()
|
||||
t.pendingDial.add(random, pendingDial{resultCh: resCh, cancelCh: cancelCh})
|
||||
defer t.pendingDial.remove(random)
|
||||
|
||||
req := &client.Packet{
|
||||
Type: client.PacketType_DIAL_REQ,
|
||||
@ -260,26 +357,98 @@ func (t *grpcTunnel) DialContext(requestCtx context.Context, protocol, address s
|
||||
|
||||
klog.V(5).Infoln("DIAL_REQ sent to proxy server")
|
||||
|
||||
c := &conn{stream: t.stream, random: random}
|
||||
c := &conn{
|
||||
stream: t.stream,
|
||||
random: random,
|
||||
closeTunnel: t.closeTunnel,
|
||||
}
|
||||
|
||||
select {
|
||||
case res := <-resCh:
|
||||
if res.err != "" {
|
||||
return nil, errors.New(res.err)
|
||||
if res.err != nil {
|
||||
return nil, res.err
|
||||
}
|
||||
c.connID = res.connid
|
||||
c.readCh = make(chan []byte, 10)
|
||||
c.closeCh = make(chan string, 1)
|
||||
t.connsLock.Lock()
|
||||
t.conns[res.connid] = c
|
||||
t.connsLock.Unlock()
|
||||
t.conns.add(res.connid, c)
|
||||
case <-time.After(30 * time.Second):
|
||||
klog.V(5).InfoS("Timed out waiting for DialResp", "dialID", random)
|
||||
return nil, errors.New("dial timeout, backstop")
|
||||
go t.closeDial(random)
|
||||
return nil, &dialFailure{"dial timeout, backstop", DialFailureTimeout}
|
||||
case <-requestCtx.Done():
|
||||
klog.V(5).InfoS("Context canceled waiting for DialResp", "ctxErr", requestCtx.Err(), "dialID", random)
|
||||
return nil, errors.New("dial timeout, context")
|
||||
go t.closeDial(random)
|
||||
return nil, &dialFailure{"dial timeout, context", DialFailureContext}
|
||||
case <-t.done:
|
||||
klog.V(5).InfoS("Tunnel closed while waiting for DialResp", "dialID", random)
|
||||
return nil, &dialFailure{"tunnel closed", DialFailureTunnelClosed}
|
||||
}
|
||||
|
||||
return c, nil
|
||||
}
|
||||
|
||||
func (t *grpcTunnel) Done() <-chan struct{} {
|
||||
return t.done
|
||||
}
|
||||
|
||||
// Send a best-effort DIAL_CLS request for the given dial ID.
|
||||
func (t *grpcTunnel) closeDial(dialID int64) {
|
||||
req := &client.Packet{
|
||||
Type: client.PacketType_DIAL_CLS,
|
||||
Payload: &client.Packet_CloseDial{
|
||||
CloseDial: &client.CloseDial{
|
||||
Random: dialID,
|
||||
},
|
||||
},
|
||||
}
|
||||
if err := t.stream.Send(req); err != nil {
|
||||
klog.V(5).InfoS("Failed to send DIAL_CLS", "err", err, "dialID", dialID)
|
||||
}
|
||||
t.closeTunnel()
|
||||
}
|
||||
|
||||
func (t *grpcTunnel) closeTunnel() {
|
||||
atomic.StoreUint32(&t.closing, 1)
|
||||
t.clientConn.Close()
|
||||
}
|
||||
|
||||
func (t *grpcTunnel) isClosing() bool {
|
||||
return atomic.LoadUint32(&t.closing) != 0
|
||||
}
|
||||
|
||||
func GetDialFailureReason(err error) (isDialFailure bool, reason DialFailureReason) {
|
||||
var df *dialFailure
|
||||
if errors.As(err, &df) {
|
||||
return true, df.reason
|
||||
}
|
||||
return false, DialFailureUnknown
|
||||
}
|
||||
|
||||
type dialFailure struct {
|
||||
msg string
|
||||
reason DialFailureReason
|
||||
}
|
||||
|
||||
func (df *dialFailure) Error() string {
|
||||
return df.msg
|
||||
}
|
||||
|
||||
type DialFailureReason string
|
||||
|
||||
const (
|
||||
DialFailureUnknown DialFailureReason = "unknown"
|
||||
// DialFailureTimeout indicates the hard 30 second timeout was hit.
|
||||
DialFailureTimeout DialFailureReason = "timeout"
|
||||
// DialFailureContext indicates that the context was cancelled or reached it's deadline before
|
||||
// the dial response was returned.
|
||||
DialFailureContext DialFailureReason = "context"
|
||||
// DialFailureEndpoint indicates that the konnectivity-agent was unable to reach the backend endpoint.
|
||||
DialFailureEndpoint DialFailureReason = "endpoint"
|
||||
// DialFailureDialClosed indicates that the client received a CloseDial response, indicating the
|
||||
// connection was closed before the dial could complete.
|
||||
DialFailureDialClosed DialFailureReason = "dialclosed"
|
||||
// DialFailureTunnelClosed indicates that the client connection was closed before the dial could
|
||||
// complete.
|
||||
DialFailureTunnelClosed DialFailureReason = "tunnelclosed"
|
||||
)
|
||||
|
7
vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go
generated
vendored
7
vendor/sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client/conn.go
generated
vendored
@ -41,6 +41,9 @@ type conn struct {
|
||||
readCh chan []byte
|
||||
closeCh chan string
|
||||
rdata []byte
|
||||
|
||||
// closeTunnel is an optional callback to close the underlying grpc connection.
|
||||
closeTunnel func()
|
||||
}
|
||||
|
||||
var _ net.Conn = &conn{}
|
||||
@ -116,6 +119,10 @@ func (c *conn) SetWriteDeadline(t time.Time) error {
|
||||
// proxy service to notify remote to drop the connection.
|
||||
func (c *conn) Close() error {
|
||||
klog.V(4).Infoln("closing connection")
|
||||
if c.closeTunnel != nil {
|
||||
defer c.closeTunnel()
|
||||
}
|
||||
|
||||
var req *client.Packet
|
||||
if c.connID != 0 {
|
||||
req = &client.Packet{
|
||||
|
Loading…
Reference in New Issue
Block a user