rebase: update K8s packages to v0.32.1

Update K8s packages in go.mod to v0.32.1 Signed-off-by: Praveen M <m.praveen@ibm.com>
2025-06-13 10:33:35 +00:00 · 2025-01-16 09:41:46 +05:30
parent 5aef21ea4e
commit 7eb99fc6c9
2442 changed files with 273386 additions and 47788 deletions
--- a/vendor/k8s.io/client-go/transport/cache_go118.go
+++ b/vendor/k8s.io/client-go/transport/cache_go118.go
@ -18,7 +18,29 @@ limitations under the License.

 package transport

+// this is just to make the "unused" linter rule happy
+var _ = isCacheKeyComparable[tlsCacheKey]
+
 // assert at compile time that tlsCacheKey is comparable in a way that will never panic at runtime.
-var _ = isComparable[tlsCacheKey]
+//
+// Golang 1.20 introduced an exception to type constraints that allows comparable, but not
+// necessarily strictly comparable type arguments to satisfy the `comparable` type constraint,
+// thus allowing interfaces to fulfil the `comparable` constraint.
+// However, by definition, "A comparison of two interface values with identical
+// dynamic types causes a run-time panic if that type is not comparable".
+//
+// We want to make sure that comparing two `tlsCacheKey` elements won't cause a
+// runtime panic. In order to do that, we'll force the `tlsCacheKey` to be strictly
+// comparable, thus making it impossible for it to contain interfaces.
+// To assert strict comparability, we'll use another definition: "Type
+// parameters are comparable if they are strictly comparable".
+// Below, we first construct a type parameter from the `tlsCacheKey` type so that
+// we can then push this type parameter to a comparable check, thus checking these
+// are strictly comparable.
+//
+// Original suggestion from https://github.com/golang/go/issues/56548#issuecomment-1317673963
+func isCacheKeyComparable[K tlsCacheKey]() {
+	_ = isComparable[K]
+}

 func isComparable[T comparable]() {}
--- a/vendor/k8s.io/client-go/transport/round_trippers.go
+++ b/vendor/k8s.io/client-go/transport/round_trippers.go
@ -86,6 +86,7 @@ func DebugWrappers(rt http.RoundTripper) http.RoundTripper {

 type authProxyRoundTripper struct {
 	username string
+	uid      string
 	groups   []string
 	extra    map[string][]string

@ -98,15 +99,17 @@ var _ utilnet.RoundTripperWrapper = &authProxyRoundTripper{}
 // authentication terminating proxy cases
 // assuming you pull the user from the context:
 // username is the user.Info.GetName() of the user
+// uid is the user.Info.GetUID() of the user
 // groups is the user.Info.GetGroups() of the user
 // extra is the user.Info.GetExtra() of the user
 // extra can contain any additional information that the authenticator
 // thought was interesting, for example authorization scopes.
 // In order to faithfully round-trip through an impersonation flow, these keys
 // MUST be lowercase.
-func NewAuthProxyRoundTripper(username string, groups []string, extra map[string][]string, rt http.RoundTripper) http.RoundTripper {
+func NewAuthProxyRoundTripper(username, uid string, groups []string, extra map[string][]string, rt http.RoundTripper) http.RoundTripper {
 	return &authProxyRoundTripper{
 		username: username,
+		uid:      uid,
 		groups:   groups,
 		extra:    extra,
 		rt:       rt,
@ -115,14 +118,15 @@ func NewAuthProxyRoundTripper(username string, groups []string, extra map[string

 func (rt *authProxyRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
 	req = utilnet.CloneRequest(req)
-	SetAuthProxyHeaders(req, rt.username, rt.groups, rt.extra)
+	SetAuthProxyHeaders(req, rt.username, rt.uid, rt.groups, rt.extra)

 	return rt.rt.RoundTrip(req)
 }

 // SetAuthProxyHeaders stomps the auth proxy header fields.  It mutates its argument.
-func SetAuthProxyHeaders(req *http.Request, username string, groups []string, extra map[string][]string) {
+func SetAuthProxyHeaders(req *http.Request, username, uid string, groups []string, extra map[string][]string) {
 	req.Header.Del("X-Remote-User")
+	req.Header.Del("X-Remote-Uid")
 	req.Header.Del("X-Remote-Group")
 	for key := range req.Header {
 		if strings.HasPrefix(strings.ToLower(key), strings.ToLower("X-Remote-Extra-")) {
@ -131,6 +135,9 @@ func SetAuthProxyHeaders(req *http.Request, username string, groups []string, ex
 	}

 	req.Header.Set("X-Remote-User", username)
+	if len(uid) > 0 {
+		req.Header.Set("X-Remote-Uid", uid)
+	}
 	for _, group := range groups {
 		req.Header.Add("X-Remote-Group", group)
 	}
--- a/vendor/k8s.io/client-go/transport/websocket/roundtripper.go
+++ b/vendor/k8s.io/client-go/transport/websocket/roundtripper.go
@ -20,11 +20,17 @@ import (
 	"crypto/tls"
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
+	"strings"

 	gwebsocket "github.com/gorilla/websocket"

+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
 	"k8s.io/apimachinery/pkg/util/httpstream"
 	"k8s.io/apimachinery/pkg/util/httpstream/wsstream"
 	utilnet "k8s.io/apimachinery/pkg/util/net"
@ -37,6 +43,17 @@ var (
 	_ http.RoundTripper             = &RoundTripper{}
 )

+var (
+	statusScheme = runtime.NewScheme()
+	statusCodecs = serializer.NewCodecFactory(statusScheme)
+)
+
+func init() {
+	statusScheme.AddUnversionedTypes(metav1.SchemeGroupVersion,
+		&metav1.Status{},
+	)
+}
+
 // ConnectionHolder defines functions for structure providing
 // access to the websocket connection.
 type ConnectionHolder interface {
@ -110,12 +127,33 @@ func (rt *RoundTripper) RoundTrip(request *http.Request) (retResp *http.Response
 	}
 	wsConn, resp, err := dialer.DialContext(request.Context(), request.URL.String(), request.Header)
 	if err != nil {
+		// BadHandshake error becomes an "UpgradeFailureError" (used for streaming fallback).
 		if errors.Is(err, gwebsocket.ErrBadHandshake) {
-			// Enhance the error message with the response status if possible.
+			cause := err
+			// Enhance the error message with the error response if possible.
 			if resp != nil && len(resp.Status) > 0 {
-				err = fmt.Errorf("%w (%s)", err, resp.Status)
+				defer resp.Body.Close()                         //nolint:errcheck
+				cause = fmt.Errorf("%w (%s)", err, resp.Status) // Always add the response status
+				responseError := ""
+				responseErrorBytes, readErr := io.ReadAll(io.LimitReader(resp.Body, 64*1024))
+				if readErr != nil {
+					cause = fmt.Errorf("%w: unable to read error from server response", cause)
+				} else {
+					// If returned error can be decoded as "metav1.Status", return a "StatusError".
+					responseError = strings.TrimSpace(string(responseErrorBytes))
+					if len(responseError) > 0 {
+						if obj, _, decodeErr := statusCodecs.UniversalDecoder().Decode(responseErrorBytes, nil, &metav1.Status{}); decodeErr == nil {
+							if status, ok := obj.(*metav1.Status); ok {
+								cause = &apierrors.StatusError{ErrStatus: *status}
+							}
+						} else {
+							// Otherwise, append the responseError string.
+							cause = fmt.Errorf("%w: %s", cause, responseError)
+						}
+					}
+				}
 			}
-			return nil, &httpstream.UpgradeFailureError{Cause: err}
+			return nil, &httpstream.UpgradeFailureError{Cause: cause}
 		}
 		return nil, err
 	}