mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-18 11:00:25 +00:00
Vednor update for kube v1.13.2
Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
This commit is contained in:
parent
cd8381690d
commit
ac4c83c96c
14
vendor/k8s.io/client-go/rest/config.go
generated
vendored
14
vendor/k8s.io/client-go/rest/config.go
generated
vendored
@ -70,6 +70,11 @@ type Config struct {
|
|||||||
// TODO: demonstrate an OAuth2 compatible client.
|
// TODO: demonstrate an OAuth2 compatible client.
|
||||||
BearerToken string
|
BearerToken string
|
||||||
|
|
||||||
|
// Path to a file containing a BearerToken.
|
||||||
|
// If set, the contents are periodically read.
|
||||||
|
// The last successfully read value takes precedence over BearerToken.
|
||||||
|
BearerTokenFile string
|
||||||
|
|
||||||
// Impersonate is the configuration that RESTClient will use for impersonation.
|
// Impersonate is the configuration that RESTClient will use for impersonation.
|
||||||
Impersonate ImpersonationConfig
|
Impersonate ImpersonationConfig
|
||||||
|
|
||||||
@ -322,9 +327,8 @@ func InClusterConfig() (*Config, error) {
|
|||||||
return nil, ErrNotInCluster
|
return nil, ErrNotInCluster
|
||||||
}
|
}
|
||||||
|
|
||||||
ts := NewCachedFileTokenSource(tokenFile)
|
token, err := ioutil.ReadFile(tokenFile)
|
||||||
|
if err != nil {
|
||||||
if _, err := ts.Token(); err != nil {
|
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -340,7 +344,8 @@ func InClusterConfig() (*Config, error) {
|
|||||||
// TODO: switch to using cluster DNS.
|
// TODO: switch to using cluster DNS.
|
||||||
Host: "https://" + net.JoinHostPort(host, port),
|
Host: "https://" + net.JoinHostPort(host, port),
|
||||||
TLSClientConfig: tlsClientConfig,
|
TLSClientConfig: tlsClientConfig,
|
||||||
WrapTransport: TokenSourceWrapTransport(ts),
|
BearerToken: string(token),
|
||||||
|
BearerTokenFile: tokenFile,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -436,6 +441,7 @@ func CopyConfig(config *Config) *Config {
|
|||||||
Username: config.Username,
|
Username: config.Username,
|
||||||
Password: config.Password,
|
Password: config.Password,
|
||||||
BearerToken: config.BearerToken,
|
BearerToken: config.BearerToken,
|
||||||
|
BearerTokenFile: config.BearerTokenFile,
|
||||||
Impersonate: ImpersonationConfig{
|
Impersonate: ImpersonationConfig{
|
||||||
Groups: config.Impersonate.Groups,
|
Groups: config.Impersonate.Groups,
|
||||||
Extra: config.Impersonate.Extra,
|
Extra: config.Impersonate.Extra,
|
||||||
|
7
vendor/k8s.io/client-go/tools/clientcmd/client_config.go
generated
vendored
7
vendor/k8s.io/client-go/tools/clientcmd/client_config.go
generated
vendored
@ -229,11 +229,12 @@ func (config *DirectClientConfig) getUserIdentificationPartialConfig(configAuthI
|
|||||||
if len(configAuthInfo.Token) > 0 {
|
if len(configAuthInfo.Token) > 0 {
|
||||||
mergedConfig.BearerToken = configAuthInfo.Token
|
mergedConfig.BearerToken = configAuthInfo.Token
|
||||||
} else if len(configAuthInfo.TokenFile) > 0 {
|
} else if len(configAuthInfo.TokenFile) > 0 {
|
||||||
ts := restclient.NewCachedFileTokenSource(configAuthInfo.TokenFile)
|
tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile)
|
||||||
if _, err := ts.Token(); err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
mergedConfig.WrapTransport = restclient.TokenSourceWrapTransport(ts)
|
mergedConfig.BearerToken = string(tokenBytes)
|
||||||
|
mergedConfig.BearerTokenFile = configAuthInfo.TokenFile
|
||||||
}
|
}
|
||||||
if len(configAuthInfo.Impersonate) > 0 {
|
if len(configAuthInfo.Impersonate) > 0 {
|
||||||
mergedConfig.Impersonate = restclient.ImpersonationConfig{
|
mergedConfig.Impersonate = restclient.ImpersonationConfig{
|
||||||
|
7
vendor/k8s.io/client-go/transport/config.go
generated
vendored
7
vendor/k8s.io/client-go/transport/config.go
generated
vendored
@ -39,6 +39,11 @@ type Config struct {
|
|||||||
// Bearer token for authentication
|
// Bearer token for authentication
|
||||||
BearerToken string
|
BearerToken string
|
||||||
|
|
||||||
|
// Path to a file containing a BearerToken.
|
||||||
|
// If set, the contents are periodically read.
|
||||||
|
// The last successfully read value takes precedence over BearerToken.
|
||||||
|
BearerTokenFile string
|
||||||
|
|
||||||
// Impersonate is the config that this Config will impersonate using
|
// Impersonate is the config that this Config will impersonate using
|
||||||
Impersonate ImpersonationConfig
|
Impersonate ImpersonationConfig
|
||||||
|
|
||||||
@ -80,7 +85,7 @@ func (c *Config) HasBasicAuth() bool {
|
|||||||
|
|
||||||
// HasTokenAuth returns whether the configuration has token authentication or not.
|
// HasTokenAuth returns whether the configuration has token authentication or not.
|
||||||
func (c *Config) HasTokenAuth() bool {
|
func (c *Config) HasTokenAuth() bool {
|
||||||
return len(c.BearerToken) != 0
|
return len(c.BearerToken) != 0 || len(c.BearerTokenFile) != 0
|
||||||
}
|
}
|
||||||
|
|
||||||
// HasCertAuth returns whether the configuration has certificate authentication or not.
|
// HasCertAuth returns whether the configuration has certificate authentication or not.
|
||||||
|
39
vendor/k8s.io/client-go/transport/round_trippers.go
generated
vendored
39
vendor/k8s.io/client-go/transport/round_trippers.go
generated
vendored
@ -22,6 +22,7 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"golang.org/x/oauth2"
|
||||||
"k8s.io/klog"
|
"k8s.io/klog"
|
||||||
|
|
||||||
utilnet "k8s.io/apimachinery/pkg/util/net"
|
utilnet "k8s.io/apimachinery/pkg/util/net"
|
||||||
@ -44,7 +45,11 @@ func HTTPWrappersForConfig(config *Config, rt http.RoundTripper) (http.RoundTrip
|
|||||||
case config.HasBasicAuth() && config.HasTokenAuth():
|
case config.HasBasicAuth() && config.HasTokenAuth():
|
||||||
return nil, fmt.Errorf("username/password or bearer token may be set, but not both")
|
return nil, fmt.Errorf("username/password or bearer token may be set, but not both")
|
||||||
case config.HasTokenAuth():
|
case config.HasTokenAuth():
|
||||||
rt = NewBearerAuthRoundTripper(config.BearerToken, rt)
|
var err error
|
||||||
|
rt, err = NewBearerAuthWithRefreshRoundTripper(config.BearerToken, config.BearerTokenFile, rt)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
case config.HasBasicAuth():
|
case config.HasBasicAuth():
|
||||||
rt = NewBasicAuthRoundTripper(config.Username, config.Password, rt)
|
rt = NewBasicAuthRoundTripper(config.Username, config.Password, rt)
|
||||||
}
|
}
|
||||||
@ -265,13 +270,35 @@ func (rt *impersonatingRoundTripper) WrappedRoundTripper() http.RoundTripper { r
|
|||||||
|
|
||||||
type bearerAuthRoundTripper struct {
|
type bearerAuthRoundTripper struct {
|
||||||
bearer string
|
bearer string
|
||||||
|
source oauth2.TokenSource
|
||||||
rt http.RoundTripper
|
rt http.RoundTripper
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewBearerAuthRoundTripper adds the provided bearer token to a request
|
// NewBearerAuthRoundTripper adds the provided bearer token to a request
|
||||||
// unless the authorization header has already been set.
|
// unless the authorization header has already been set.
|
||||||
func NewBearerAuthRoundTripper(bearer string, rt http.RoundTripper) http.RoundTripper {
|
func NewBearerAuthRoundTripper(bearer string, rt http.RoundTripper) http.RoundTripper {
|
||||||
return &bearerAuthRoundTripper{bearer, rt}
|
return &bearerAuthRoundTripper{bearer, nil, rt}
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewBearerAuthRoundTripper adds the provided bearer token to a request
|
||||||
|
// unless the authorization header has already been set.
|
||||||
|
// If tokenFile is non-empty, it is periodically read,
|
||||||
|
// and the last successfully read content is used as the bearer token.
|
||||||
|
// If tokenFile is non-empty and bearer is empty, the tokenFile is read
|
||||||
|
// immediately to populate the initial bearer token.
|
||||||
|
func NewBearerAuthWithRefreshRoundTripper(bearer string, tokenFile string, rt http.RoundTripper) (http.RoundTripper, error) {
|
||||||
|
if len(tokenFile) == 0 {
|
||||||
|
return &bearerAuthRoundTripper{bearer, nil, rt}, nil
|
||||||
|
}
|
||||||
|
source := NewCachedFileTokenSource(tokenFile)
|
||||||
|
if len(bearer) == 0 {
|
||||||
|
token, err := source.Token()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
bearer = token.AccessToken
|
||||||
|
}
|
||||||
|
return &bearerAuthRoundTripper{bearer, source, rt}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
|
func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||||
@ -280,7 +307,13 @@ func (rt *bearerAuthRoundTripper) RoundTrip(req *http.Request) (*http.Response,
|
|||||||
}
|
}
|
||||||
|
|
||||||
req = utilnet.CloneRequest(req)
|
req = utilnet.CloneRequest(req)
|
||||||
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", rt.bearer))
|
token := rt.bearer
|
||||||
|
if rt.source != nil {
|
||||||
|
if refreshedToken, err := rt.source.Token(); err == nil {
|
||||||
|
token = refreshedToken.AccessToken
|
||||||
|
}
|
||||||
|
}
|
||||||
|
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
|
||||||
return rt.rt.RoundTrip(req)
|
return rt.rt.RoundTrip(req)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package rest
|
package transport
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
@ -47,14 +47,14 @@ func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) htt
|
|||||||
func NewCachedFileTokenSource(path string) oauth2.TokenSource {
|
func NewCachedFileTokenSource(path string) oauth2.TokenSource {
|
||||||
return &cachingTokenSource{
|
return &cachingTokenSource{
|
||||||
now: time.Now,
|
now: time.Now,
|
||||||
leeway: 1 * time.Minute,
|
leeway: 10 * time.Second,
|
||||||
base: &fileTokenSource{
|
base: &fileTokenSource{
|
||||||
path: path,
|
path: path,
|
||||||
// This period was picked because it is half of the minimum validity
|
// This period was picked because it is half of the duration between when the kubelet
|
||||||
// duration for a token provisioned by they TokenRequest API. This is
|
// refreshes a projected service account token and when the original token expires.
|
||||||
// unsophisticated and should induce rotation at a frequency that should
|
// Default token lifetime is 10 minutes, and the kubelet starts refreshing at 80% of lifetime.
|
||||||
// work with the token volume source.
|
// This should induce re-reading at a frequency that works with the token volume source.
|
||||||
period: 5 * time.Minute,
|
period: time.Minute,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
59
vendor/k8s.io/kubernetes/third_party/forked/godep/license.go
generated
vendored
59
vendor/k8s.io/kubernetes/third_party/forked/godep/license.go
generated
vendored
@ -1,59 +0,0 @@
|
|||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"strings"
|
|
||||||
)
|
|
||||||
|
|
||||||
// LicenseFilePrefix is a list of filename prefixes that indicate it
|
|
||||||
// might contain a software license
|
|
||||||
var LicenseFilePrefix = []string{
|
|
||||||
"licence", // UK spelling
|
|
||||||
"license", // US spelling
|
|
||||||
"copying",
|
|
||||||
"unlicense",
|
|
||||||
"copyright",
|
|
||||||
"copyleft",
|
|
||||||
"authors",
|
|
||||||
"contributors",
|
|
||||||
}
|
|
||||||
|
|
||||||
// LegalFileSubstring are substrings that indicate the file is likely
|
|
||||||
// to contain some type of legal declaration. "legal" is often used
|
|
||||||
// that it might moved to LicenseFilePrefix
|
|
||||||
var LegalFileSubstring = []string{
|
|
||||||
"legal",
|
|
||||||
"notice",
|
|
||||||
"disclaimer",
|
|
||||||
"patent",
|
|
||||||
"third-party",
|
|
||||||
"thirdparty",
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsLicenseFile returns true if the filename might be contain a
|
|
||||||
// software license
|
|
||||||
func IsLicenseFile(filename string) bool {
|
|
||||||
lowerfile := strings.ToLower(filename)
|
|
||||||
for _, prefix := range LicenseFilePrefix {
|
|
||||||
if strings.HasPrefix(lowerfile, prefix) {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsLegalFile returns true if the file is likely to contain some type
|
|
||||||
// of of legal declaration or licensing information
|
|
||||||
func IsLegalFile(filename string) bool {
|
|
||||||
lowerfile := strings.ToLower(filename)
|
|
||||||
for _, prefix := range LicenseFilePrefix {
|
|
||||||
if strings.HasPrefix(lowerfile, prefix) {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
for _, substring := range LegalFileSubstring {
|
|
||||||
if strings.Contains(lowerfile, substring) {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user