vendor update for E2E framework

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>

vendor/k8s.io/apiserver/pkg/authentication/authenticator/audagnostic.go

@@ -0,0 +1,90 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package authenticator
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+func authenticate(ctx context.Context, implicitAuds Audiences, authenticate func() (*Response, bool, error)) (*Response, bool, error) {
+	targetAuds, ok := AudiencesFrom(ctx)
+	// We can remove this once api audiences is never empty. That will probably
+	// be N releases after TokenRequest is GA.
+	if !ok {
+		return authenticate()
+	}
+	auds := implicitAuds.Intersect(targetAuds)
+	if len(auds) == 0 {
+		return nil, false, nil
+	}
+	resp, ok, err := authenticate()
+	if err != nil || !ok {
+		return nil, false, err
+	}
+	if len(resp.Audiences) > 0 {
+		// maybe the authenticator was audience aware after all.
+		return nil, false, fmt.Errorf("audience agnostic authenticator wrapped an authenticator that returned audiences: %q", resp.Audiences)
+	}
+	resp.Audiences = auds
+	return resp, true, nil
+}
+
+type audAgnosticRequestAuthenticator struct {
+	implicit Audiences
+	delegate Request
+}
+
+var _ = Request(&audAgnosticRequestAuthenticator{})
+
+func (a *audAgnosticRequestAuthenticator) AuthenticateRequest(req *http.Request) (*Response, bool, error) {
+	return authenticate(req.Context(), a.implicit, func() (*Response, bool, error) {
+		return a.delegate.AuthenticateRequest(req)
+	})
+}
+
+// WrapAudienceAgnosticRequest wraps an audience agnostic request authenticator
+// to restrict its accepted audiences to a set of implicit audiences.
+func WrapAudienceAgnosticRequest(implicit Audiences, delegate Request) Request {
+	return &audAgnosticRequestAuthenticator{
+		implicit: implicit,
+		delegate: delegate,
+	}
+}
+
+type audAgnosticTokenAuthenticator struct {
+	implicit Audiences
+	delegate Token
+}
+
+var _ = Token(&audAgnosticTokenAuthenticator{})
+
+func (a *audAgnosticTokenAuthenticator) AuthenticateToken(ctx context.Context, tok string) (*Response, bool, error) {
+	return authenticate(ctx, a.implicit, func() (*Response, bool, error) {
+		return a.delegate.AuthenticateToken(ctx, tok)
+	})
+}
+
+// WrapAudienceAgnosticToken wraps an audience agnostic token authenticator to
+// restrict its accepted audiences to a set of implicit audiences.
+func WrapAudienceAgnosticToken(implicit Audiences, delegate Token) Token {
+	return &audAgnosticTokenAuthenticator{
+		implicit: implicit,
+		delegate: delegate,
+	}
+}

vendor/k8s.io/apiserver/pkg/authentication/authenticator/audiences.go

@@ -0,0 +1,63 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package authenticator
+
+import "context"
+
+// Audiences is a container for the Audiences of a token.
+type Audiences []string
+
+// The key type is unexported to prevent collisions
+type key int
+
+const (
+	// audiencesKey is the context key for request audiences.
+	audiencesKey key = iota
+)
+
+// WithAudiences returns a context that stores a request's expected audiences.
+func WithAudiences(ctx context.Context, auds Audiences) context.Context {
+	return context.WithValue(ctx, audiencesKey, auds)
+}
+
+// AudiencesFrom returns a request's expected audiences stored in the request context.
+func AudiencesFrom(ctx context.Context) (Audiences, bool) {
+	auds, ok := ctx.Value(audiencesKey).(Audiences)
+	return auds, ok
+}
+
+// Has checks if Audiences contains a specific audiences.
+func (a Audiences) Has(taud string) bool {
+	for _, aud := range a {
+		if aud == taud {
+			return true
+		}
+	}
+	return false
+}
+
+// Intersect intersects Audiences with a target Audiences and returns all
+// elements in both.
+func (a Audiences) Intersect(tauds Audiences) Audiences {
+	selected := Audiences{}
+	for _, taud := range tauds {
+		if a.Has(taud) {
+			selected = append(selected, taud)
+		}
+	}
+	return selected
+}

vendor/k8s.io/apiserver/pkg/authentication/authenticator/interfaces.go

@@ -0,0 +1,80 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package authenticator
+
+import (
+	"context"
+	"net/http"
+
+	"k8s.io/apiserver/pkg/authentication/user"
+)
+
+// Token checks a string value against a backing authentication store and
+// returns a Response or an error if the token could not be checked.
+type Token interface {
+	AuthenticateToken(ctx context.Context, token string) (*Response, bool, error)
+}
+
+// Request attempts to extract authentication information from a request and
+// returns a Response or an error if the request could not be checked.
+type Request interface {
+	AuthenticateRequest(req *http.Request) (*Response, bool, error)
+}
+
+// Password checks a username and password against a backing authentication
+// store and returns a Response or an error if the password could not be
+// checked.
+type Password interface {
+	AuthenticatePassword(ctx context.Context, user, password string) (*Response, bool, error)
+}
+
+// TokenFunc is a function that implements the Token interface.
+type TokenFunc func(ctx context.Context, token string) (*Response, bool, error)
+
+// AuthenticateToken implements authenticator.Token.
+func (f TokenFunc) AuthenticateToken(ctx context.Context, token string) (*Response, bool, error) {
+	return f(ctx, token)
+}
+
+// RequestFunc is a function that implements the Request interface.
+type RequestFunc func(req *http.Request) (*Response, bool, error)
+
+// AuthenticateRequest implements authenticator.Request.
+func (f RequestFunc) AuthenticateRequest(req *http.Request) (*Response, bool, error) {
+	return f(req)
+}
+
+// PasswordFunc is a function that implements the Password interface.
+type PasswordFunc func(ctx context.Context, user, password string) (*Response, bool, error)
+
+// AuthenticatePassword implements authenticator.Password.
+func (f PasswordFunc) AuthenticatePassword(ctx context.Context, user, password string) (*Response, bool, error) {
+	return f(ctx, user, password)
+}
+
+// Response is the struct returned by authenticator interfaces upon successful
+// authentication. It contains information about whether the authenticator
+// authenticated the request, information about the context of the
+// authentication, and information about the authenticated user.
+type Response struct {
+	// Audiences is the set of audiences the authenticator was able to validate
+	// the token against. If the authenticator is not audience aware, this field
+	// will be empty.
+	Audiences Audiences
+	// User is the UserInfo associated with the authentication context.
+	User user.Info
+}