vendor update for CSI 0.3.0

vendor/k8s.io/kubernetes/pkg/serviceaccount/BUILD

@@ -36,7 +36,6 @@ go_test(
         "//pkg/controller/serviceaccount:go_default_library",
         "//vendor/k8s.io/api/core/v1:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/authentication/serviceaccount:go_default_library",
         "//vendor/k8s.io/client-go/kubernetes:go_default_library",
         "//vendor/k8s.io/client-go/kubernetes/fake:go_default_library",
         "//vendor/k8s.io/client-go/util/cert:go_default_library",

vendor/k8s.io/kubernetes/pkg/serviceaccount/OWNERS

@@ -1,6 +1,7 @@
 approvers:
 - liggitt
 - deads2k
+- mikedanese
 reviewers:
 - liggitt
 - deads2k

vendor/k8s.io/kubernetes/pkg/serviceaccount/claims.go

@@ -155,8 +155,8 @@ func (v *validator) Validate(_ string, public *jwt.Claims, privateObj interface{
 			glog.V(4).Infof("Bound secret is deleted and awaiting removal: %s/%s for service account %s/%s", namespace, secref.Name, namespace, saref.Name)
 			return "", "", "", errors.New("Token has been invalidated")
 		}
-		if string(secref.UID) != secref.UID {
-			glog.V(4).Infof("Secret UID no longer matches %s/%s: %q != %q", namespace, secref.Name, string(serviceAccount.UID), secref.UID)
+		if secref.UID != string(secret.UID) {
+			glog.V(4).Infof("Secret UID no longer matches %s/%s: %q != %q", namespace, secref.Name, string(secret.UID), secref.UID)
 			return "", "", "", fmt.Errorf("Secret UID (%s) does not match claim (%s)", secret.UID, secref.UID)
 		}
 	}
@@ -172,8 +172,8 @@ func (v *validator) Validate(_ string, public *jwt.Claims, privateObj interface{
 			glog.V(4).Infof("Bound pod is deleted and awaiting removal: %s/%s for service account %s/%s", namespace, podref.Name, namespace, saref.Name)
 			return "", "", "", errors.New("Token has been invalidated")
 		}
-		if string(podref.UID) != podref.UID {
-			glog.V(4).Infof("Pod UID no longer matches %s/%s: %q != %q", namespace, podref.Name, string(serviceAccount.UID), podref.UID)
+		if podref.UID != string(pod.UID) {
+			glog.V(4).Infof("Pod UID no longer matches %s/%s: %q != %q", namespace, podref.Name, string(pod.UID), podref.UID)
 			return "", "", "", fmt.Errorf("Pod UID (%s) does not match claim (%s)", pod.UID, podref.UID)
 		}
 	}

vendor/k8s.io/kubernetes/pkg/serviceaccount/jwt.go

@@ -22,7 +22,6 @@ import (
 	"crypto/rsa"
 	"encoding/base64"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"strings"
 
@@ -140,8 +139,6 @@ type Validator interface {
 	NewPrivateClaims() interface{}
 }
 
-var errMismatchedSigningMethod = errors.New("invalid signing method")
-
 func (j *jwtTokenAuthenticator) AuthenticateToken(tokenData string) (user.Info, bool, error) {
 	if !j.hasCorrectIssuer(tokenData) {
 		return nil, false, nil

vendor/k8s.io/kubernetes/pkg/serviceaccount/jwt_test.go

@@ -22,7 +22,6 @@ import (
 
 	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	apiserverserviceaccount "k8s.io/apiserver/pkg/authentication/serviceaccount"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/fake"
 	certutil "k8s.io/client-go/util/cert"
@@ -304,22 +303,3 @@ func TestTokenGenerateAndValidate(t *testing.T) {
 		}
 	}
 }
-
-func TestMakeSplitUsername(t *testing.T) {
-	username := apiserverserviceaccount.MakeUsername("ns", "name")
-	ns, name, err := apiserverserviceaccount.SplitUsername(username)
-	if err != nil {
-		t.Errorf("Unexpected error %v", err)
-	}
-	if ns != "ns" || name != "name" {
-		t.Errorf("Expected ns/name, got %s/%s", ns, name)
-	}
-
-	invalid := []string{"test", "system:serviceaccount", "system:serviceaccount:", "system:serviceaccount:ns", "system:serviceaccount:ns:name:extra"}
-	for _, n := range invalid {
-		_, _, err := apiserverserviceaccount.SplitUsername("test")
-		if err == nil {
-			t.Errorf("Expected error for %s", n)
-		}
-	}
-}