mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-17 20:00:23 +00:00
Vednor update for kube v1.13.2
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
parent
cd8381690d
commit
ac4c83c96c
26
vendor/k8s.io/client-go/rest/config.go
generated
vendored
26
vendor/k8s.io/client-go/rest/config.go
generated
vendored
@ -70,6 +70,11 @@ type Config struct {
|
||||
// TODO: demonstrate an OAuth2 compatible client.
|
||||
BearerToken string
|
||||
|
||||
// Path to a file containing a BearerToken.
|
||||
// If set, the contents are periodically read.
|
||||
// The last successfully read value takes precedence over BearerToken.
|
||||
BearerTokenFile string
|
||||
|
||||
// Impersonate is the configuration that RESTClient will use for impersonation.
|
||||
Impersonate ImpersonationConfig
|
||||
|
||||
@ -322,9 +327,8 @@ func InClusterConfig() (*Config, error) {
|
||||
return nil, ErrNotInCluster
|
||||
}
|
||||
|
||||
ts := NewCachedFileTokenSource(tokenFile)
|
||||
|
||||
if _, err := ts.Token(); err != nil {
|
||||
token, err := ioutil.ReadFile(tokenFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@ -340,7 +344,8 @@ func InClusterConfig() (*Config, error) {
|
||||
// TODO: switch to using cluster DNS.
|
||||
Host: "https://" + net.JoinHostPort(host, port),
|
||||
TLSClientConfig: tlsClientConfig,
|
||||
WrapTransport: TokenSourceWrapTransport(ts),
|
||||
BearerToken: string(token),
|
||||
BearerTokenFile: tokenFile,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@ -430,12 +435,13 @@ func AnonymousClientConfig(config *Config) *Config {
|
||||
// CopyConfig returns a copy of the given config
|
||||
func CopyConfig(config *Config) *Config {
|
||||
return &Config{
|
||||
Host: config.Host,
|
||||
APIPath: config.APIPath,
|
||||
ContentConfig: config.ContentConfig,
|
||||
Username: config.Username,
|
||||
Password: config.Password,
|
||||
BearerToken: config.BearerToken,
|
||||
Host: config.Host,
|
||||
APIPath: config.APIPath,
|
||||
ContentConfig: config.ContentConfig,
|
||||
Username: config.Username,
|
||||
Password: config.Password,
|
||||
BearerToken: config.BearerToken,
|
||||
BearerTokenFile: config.BearerTokenFile,
|
||||
Impersonate: ImpersonationConfig{
|
||||
Groups: config.Impersonate.Groups,
|
||||
Extra: config.Impersonate.Extra,
|
||||
|
7
vendor/k8s.io/client-go/tools/clientcmd/client_config.go
generated
vendored
7
vendor/k8s.io/client-go/tools/clientcmd/client_config.go
generated
vendored
@ -229,11 +229,12 @@ func (config *DirectClientConfig) getUserIdentificationPartialConfig(configAuthI
|
||||
if len(configAuthInfo.Token) > 0 {
|
||||
mergedConfig.BearerToken = configAuthInfo.Token
|
||||
} else if len(configAuthInfo.TokenFile) > 0 {
|
||||
ts := restclient.NewCachedFileTokenSource(configAuthInfo.TokenFile)
|
||||
if _, err := ts.Token(); err != nil {
|
||||
tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
mergedConfig.WrapTransport = restclient.TokenSourceWrapTransport(ts)
|
||||
mergedConfig.BearerToken = string(tokenBytes)
|
||||
mergedConfig.BearerTokenFile = configAuthInfo.TokenFile
|
||||
}
|
||||
if len(configAuthInfo.Impersonate) > 0 {
|
||||
mergedConfig.Impersonate = restclient.ImpersonationConfig{
|
||||
|
7
vendor/k8s.io/client-go/transport/config.go
generated
vendored
7
vendor/k8s.io/client-go/transport/config.go
generated
vendored
@ -39,6 +39,11 @@ type Config struct {
|
||||
// Bearer token for authentication
|
||||
BearerToken string
|
||||
|
||||
// Path to a file containing a BearerToken.
|
||||
// If set, the contents are periodically read.
|
||||
// The last successfully read value takes precedence over BearerToken.
|
||||
BearerTokenFile string
|
||||
|
||||
// Impersonate is the config that this Config will impersonate using
|
||||
Impersonate ImpersonationConfig
|
||||
|
||||
@ -80,7 +85,7 @@ func (c *Config) HasBasicAuth() bool {
|
||||
|
||||
// HasTokenAuth returns whether the configuration has token authentication or not.
|
||||
func (c *Config) HasTokenAuth() bool {
|
||||
return len(c.BearerToken) != 0
|
||||
return len(c.BearerToken) != 0 || len(c.BearerTokenFile) != 0
|
||||
}
|
||||
|
||||
// HasCertAuth returns whether the configuration has certificate authentication or not.
|
||||
|
39
vendor/k8s.io/client-go/transport/round_trippers.go
generated
vendored
39
vendor/k8s.io/client-go/transport/round_trippers.go
generated
vendored
@ -22,6 +22,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"golang.org/x/oauth2"
|
||||
"k8s.io/klog"
|
||||
|
||||
utilnet "k8s.io/apimachinery/pkg/util/net"
|
||||
@ -44,7 +45,11 @@ func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTrip
|
||||
case config.HasBasicAuth() && config.HasTokenAuth():
|
||||
return nil, fmt.Errorf("username/password or bearer token may be set, but not both")
|
||||
case config.HasTokenAuth():
|
||||
rt = NewBearerAuthRoundTripper(config.BearerToken, rt)
|
||||
var err error
|
||||
rt, err = NewBearerAuthWithRefreshRoundTripper(config.BearerToken, config.BearerTokenFile, rt)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
case config.HasBasicAuth():
|
||||
rt = NewBasicAuthRoundTripper(config.Username, config.Password, rt)
|
||||
}
|
||||
@ -265,13 +270,35 @@ func (rt *impersonatingRoundTripper) WrappedRoundTripper() http.RoundTripper { r
|
||||
|
||||
type bearerAuthRoundTripper struct {
|
||||
bearer string
|
||||
source oauth2.TokenSource
|
||||
rt http.RoundTripper
|
||||
}
|
||||
|
||||
// NewBearerAuthRoundTripper adds the provided bearer token to a request
|
||||
// unless the authorization header has already been set.
|
||||
func NewBearerAuthRoundTripper(bearer string, rt http.RoundTripper) http.RoundTripper {
|
||||
return &bearerAuthRoundTripper{bearer, rt}
|
||||
return &bearerAuthRoundTripper{bearer, nil, rt}
|
||||
}
|
||||
|
||||
// NewBearerAuthRoundTripper adds the provided bearer token to a request
|
||||
// unless the authorization header has already been set.
|
||||
// If tokenFile is non-empty, it is periodically read,
|
||||
// and the last successfully read content is used as the bearer token.
|
||||
// If tokenFile is non-empty and bearer is empty, the tokenFile is read
|
||||
// immediately to populate the initial bearer token.
|
||||
func NewBearerAuthWithRefreshRoundTripper(bearer string, tokenFile string, rt http.RoundTripper) (http.RoundTripper, error) {
|
||||
if len(tokenFile) == 0 {
|
||||
return &bearerAuthRoundTripper{bearer, nil, rt}, nil
|
||||
}
|
||||
source := NewCachedFileTokenSource(tokenFile)
|
||||
if len(bearer) == 0 {
|
||||
token, err := source.Token()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
bearer = token.AccessToken
|
||||
}
|
||||
return &bearerAuthRoundTripper{bearer, source, rt}, nil
|
||||
}
|
||||
|
||||
func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||
@ -280,7 +307,13 @@ func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response,
|
||||
}
|
||||
|
||||
req = utilnet.CloneRequest(req)
|
||||
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", rt.bearer))
|
||||
token := rt.bearer
|
||||
if rt.source != nil {
|
||||
if refreshedToken, err := rt.source.Token(); err == nil {
|
||||
token = refreshedToken.AccessToken
|
||||
}
|
||||
}
|
||||
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
|
||||
return rt.rt.RoundTrip(req)
|
||||
}
|
||||
|
||||
|
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package rest
|
||||
package transport
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
@ -47,14 +47,14 @@ func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) htt
|
||||
func NewCachedFileTokenSource(path string) oauth2.TokenSource {
|
||||
return &cachingTokenSource{
|
||||
now: time.Now,
|
||||
leeway: 1 * time.Minute,
|
||||
leeway: 10 * time.Second,
|
||||
base: &fileTokenSource{
|
||||
path: path,
|
||||
// This period was picked because it is half of the minimum validity
|
||||
// duration for a token provisioned by they TokenRequest API. This is
|
||||
// unsophisticated and should induce rotation at a frequency that should
|
||||
// work with the token volume source.
|
||||
period: 5 * time.Minute,
|
||||
// This period was picked because it is half of the duration between when the kubelet
|
||||
// refreshes a projected service account token and when the original token expires.
|
||||
// Default token lifetime is 10 minutes, and the kubelet starts refreshing at 80% of lifetime.
|
||||
// This should induce re-reading at a frequency that works with the token volume source.
|
||||
period: time.Minute,
|
||||
},
|
||||
}
|
||||
}
|
59
vendor/k8s.io/kubernetes/third_party/forked/godep/license.go
generated
vendored
59
vendor/k8s.io/kubernetes/third_party/forked/godep/license.go
generated
vendored
@ -1,59 +0,0 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"strings"
|
||||
)
|
||||
|
||||
// LicenseFilePrefix is a list of filename prefixes that indicate it
|
||||
// might contain a software license
|
||||
var LicenseFilePrefix = []string{
|
||||
"licence", // UK spelling
|
||||
"license", // US spelling
|
||||
"copying",
|
||||
"unlicense",
|
||||
"copyright",
|
||||
"copyleft",
|
||||
"authors",
|
||||
"contributors",
|
||||
}
|
||||
|
||||
// LegalFileSubstring are substrings that indicate the file is likely
|
||||
// to contain some type of legal declaration. "legal" is often used
|
||||
// that it might moved to LicenseFilePrefix
|
||||
var LegalFileSubstring = []string{
|
||||
"legal",
|
||||
"notice",
|
||||
"disclaimer",
|
||||
"patent",
|
||||
"third-party",
|
||||
"thirdparty",
|
||||
}
|
||||
|
||||
// IsLicenseFile returns true if the filename might be contain a
|
||||
// software license
|
||||
func IsLicenseFile(filename string) bool {
|
||||
lowerfile := strings.ToLower(filename)
|
||||
for _, prefix := range LicenseFilePrefix {
|
||||
if strings.HasPrefix(lowerfile, prefix) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// IsLegalFile returns true if the file is likely to contain some type
|
||||
// of of legal declaration or licensing information
|
||||
func IsLegalFile(filename string) bool {
|
||||
lowerfile := strings.ToLower(filename)
|
||||
for _, prefix := range LicenseFilePrefix {
|
||||
if strings.HasPrefix(lowerfile, prefix) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
for _, substring := range LegalFileSubstring {
|
||||
if strings.Contains(lowerfile, substring) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
Loading…
Reference in New Issue
Block a user