rebase: update kubernetes and libraries to v1.22.0 version

Kubernetes v1.22 version has been released and this update
ceph csi dependencies to use the same version.

Signed-off-by: Humble Chirammal <hchiramm@redhat.com>

vendor/k8s.io/apiserver/pkg/util/x509metrics/missing_san.go

@@ -0,0 +1,92 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package x509metrics
+
+import (
+	"crypto/x509"
+	"errors"
+	"net/http"
+	"strings"
+
+	utilnet "k8s.io/apimachinery/pkg/util/net"
+	"k8s.io/component-base/metrics"
+)
+
+var _ utilnet.RoundTripperWrapper = &x509MissingSANErrorMetricsRTWrapper{}
+
+type x509MissingSANErrorMetricsRTWrapper struct {
+	rt http.RoundTripper
+
+	counter *metrics.Counter
+}
+
+// NewMissingSANRoundTripperWrapperConstructor returns a RoundTripper wrapper that's usable
+// within ClientConfig.Wrap that increases the `metricCounter` whenever:
+// 1. we get a x509.HostnameError with string `x509: certificate relies on legacy Common Name field`
+//    which indicates an error caused by the deprecation of Common Name field when veryfing remote
+//    hostname
+// 2. the server certificate in response contains no SAN. This indicates that this binary run
+//    with the GODEBUG=x509ignoreCN=0 in env
+func NewMissingSANRoundTripperWrapperConstructor(metricCounter *metrics.Counter) func(rt http.RoundTripper) http.RoundTripper {
+	return func(rt http.RoundTripper) http.RoundTripper {
+		return &x509MissingSANErrorMetricsRTWrapper{
+			rt:      rt,
+			counter: metricCounter,
+		}
+	}
+}
+
+func (w *x509MissingSANErrorMetricsRTWrapper) RoundTrip(req *http.Request) (*http.Response, error) {
+	resp, err := w.rt.RoundTrip(req)
+	checkForHostnameError(err, w.counter)
+	checkRespForNoSAN(resp, w.counter)
+	return resp, err
+}
+
+func (w *x509MissingSANErrorMetricsRTWrapper) WrappedRoundTripper() http.RoundTripper {
+	return w.rt
+}
+
+// checkForHostnameError increases the metricCounter when we're running w/o GODEBUG=x509ignoreCN=0
+// and the client reports a HostnameError about the legacy CN fields
+func checkForHostnameError(err error, metricCounter *metrics.Counter) {
+	if err != nil && errors.As(err, &x509.HostnameError{}) && strings.Contains(err.Error(), "x509: certificate relies on legacy Common Name field") {
+		// increase the count of registered failures due to Go 1.15 x509 cert Common Name deprecation
+		metricCounter.Inc()
+	}
+}
+
+// checkRespForNoSAN increases the metricCounter when the server response contains
+// a leaf certificate w/o the SAN extension
+func checkRespForNoSAN(resp *http.Response, metricCounter *metrics.Counter) {
+	if resp != nil && resp.TLS != nil && len(resp.TLS.PeerCertificates) > 0 {
+		if serverCert := resp.TLS.PeerCertificates[0]; !hasSAN(serverCert) {
+			metricCounter.Inc()
+		}
+	}
+}
+
+func hasSAN(c *x509.Certificate) bool {
+	sanOID := []int{2, 5, 29, 17}
+
+	for _, e := range c.Extensions {
+		if e.Id.Equal(sanOID) {
+			return true
+		}
+	}
+	return false
+}