vendor update for CSI 0.3.0

2025-06-13 02:33:34 +00:00 · 2018-07-18 16:47:22 +02:00
parent 6f484f92fc
commit 8ea659f0d5
6810 changed files with 438061 additions and 193861 deletions
--- a/vendor/k8s.io/kubernetes/pkg/controller/certificates/approver/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/controller/certificates/approver/BUILD
@ -28,10 +28,8 @@ go_library(
    deps = [
        "//pkg/apis/certificates/v1beta1:go_default_library",
        "//pkg/controller/certificates:go_default_library",
-        "//pkg/features:go_default_library",
        "//vendor/k8s.io/api/authorization/v1beta1:go_default_library",
        "//vendor/k8s.io/api/certificates/v1beta1:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/util/feature:go_default_library",
        "//vendor/k8s.io/client-go/informers/certificates/v1beta1:go_default_library",
        "//vendor/k8s.io/client-go/kubernetes:go_default_library",
    ],
--- a/vendor/k8s.io/kubernetes/pkg/controller/certificates/approver/sarapprove.go
+++ b/vendor/k8s.io/kubernetes/pkg/controller/certificates/approver/sarapprove.go
@ -25,12 +25,10 @@ import (

 	authorization "k8s.io/api/authorization/v1beta1"
 	capi "k8s.io/api/certificates/v1beta1"
-	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	certificatesinformers "k8s.io/client-go/informers/certificates/v1beta1"
 	clientset "k8s.io/client-go/kubernetes"
 	k8s_certificates_v1beta1 "k8s.io/kubernetes/pkg/apis/certificates/v1beta1"
 	"k8s.io/kubernetes/pkg/controller/certificates"
-	"k8s.io/kubernetes/pkg/features"
 )

 type csrRecognizer struct {
@ -69,13 +67,6 @@ func recognizers() []csrRecognizer {
 			successMessage: "Auto approving kubelet client certificate after SubjectAccessReview.",
 		},
 	}
-	if utilfeature.DefaultFeatureGate.Enabled(features.RotateKubeletServerCertificate) {
-		recognizers = append(recognizers, csrRecognizer{
-			recognize:      isSelfNodeServerCert,
-			permission:     authorization.ResourceAttributes{Group: "certificates.k8s.io", Resource: "certificatesigningrequests", Verb: "create", Subresource: "selfnodeserver"},
-			successMessage: "Auto approving self kubelet server certificate after SubjectAccessReview.",
-		})
-	}
 	return recognizers
 }

@ -201,28 +192,3 @@ func isSelfNodeClientCert(csr *capi.CertificateSigningRequest, x509cr *x509.Cert
 	}
 	return true
 }
-
-var kubeletServerUsages = []capi.KeyUsage{
-	capi.UsageKeyEncipherment,
-	capi.UsageDigitalSignature,
-	capi.UsageServerAuth,
-}
-
-func isSelfNodeServerCert(csr *capi.CertificateSigningRequest, x509cr *x509.CertificateRequest) bool {
-	if !reflect.DeepEqual([]string{"system:nodes"}, x509cr.Subject.Organization) {
-		return false
-	}
-	if len(x509cr.DNSNames) == 0 || len(x509cr.IPAddresses) == 0 {
-		return false
-	}
-	if !hasExactUsages(csr, kubeletServerUsages) {
-		return false
-	}
-	if !strings.HasPrefix(x509cr.Subject.CommonName, "system:node:") {
-		return false
-	}
-	if csr.Spec.Username != x509cr.Subject.CommonName {
-		return false
-	}
-	return true
-}
--- a/vendor/k8s.io/kubernetes/pkg/controller/certificates/approver/sarapprove_test.go
+++ b/vendor/k8s.io/kubernetes/pkg/controller/certificates/approver/sarapprove_test.go
@ -187,77 +187,6 @@ func TestHandle(t *testing.T) {
 	}
 }

-func TestSelfNodeServerCertRecognizer(t *testing.T) {
-	defaultCSR := csrBuilder{
-		cn:        "system:node:foo",
-		orgs:      []string{"system:nodes"},
-		requestor: "system:node:foo",
-		usages: []capi.KeyUsage{
-			capi.UsageKeyEncipherment,
-			capi.UsageDigitalSignature,
-			capi.UsageServerAuth,
-		},
-		dns: []string{"node"},
-		ips: []net.IP{net.ParseIP("192.168.0.1")},
-	}
-
-	testCases := []struct {
-		description     string
-		csrBuilder      csrBuilder
-		expectedOutcome bool
-	}{
-		{
-			description:     "Success - all requirements met",
-			csrBuilder:      defaultCSR,
-			expectedOutcome: true,
-		},
-		{
-			description: "No organization",
-			csrBuilder: func(b csrBuilder) csrBuilder {
-				b.orgs = []string{}
-				return b
-			}(defaultCSR),
-			expectedOutcome: false,
-		},
-		{
-			description: "Wrong organization",
-			csrBuilder: func(b csrBuilder) csrBuilder {
-				b.orgs = append(b.orgs, "new-org")
-				return b
-			}(defaultCSR),
-			expectedOutcome: false,
-		},
-		{
-			description: "Wrong usages",
-			csrBuilder: func(b csrBuilder) csrBuilder {
-				b.usages = []capi.KeyUsage{}
-				return b
-			}(defaultCSR),
-			expectedOutcome: false,
-		},
-		{
-			description: "Wrong common name",
-			csrBuilder: func(b csrBuilder) csrBuilder {
-				b.cn = "wrong-common-name"
-				return b
-			}(defaultCSR),
-			expectedOutcome: false,
-		},
-	}
-	for _, tc := range testCases {
-		t.Run(tc.description, func(t *testing.T) {
-			csr := makeFancyTestCsr(tc.csrBuilder)
-			x509cr, err := k8s_certificates_v1beta1.ParseCSR(csr)
-			if err != nil {
-				t.Errorf("unexpected err: %v", err)
-			}
-			if isSelfNodeServerCert(csr, x509cr) != tc.expectedOutcome {
-				t.Errorf("expected recognized to be %v", tc.expectedOutcome)
-			}
-		})
-	}
-}
-
 func TestRecognizers(t *testing.T) {
 	goodCases := []func(b *csrBuilder){
 		func(b *csrBuilder) {