vendor update for E2E framework

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>

vendor/k8s.io/cluster-bootstrap/token/api/doc.go

@@ -0,0 +1,20 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package api (k8s.io/cluster-bootstrap/token/api) contains constants and types needed for
+// bootstrap tokens as maintained by the BootstrapSigner and TokenCleaner
+// controllers (in k8s.io/kubernetes/pkg/controller/bootstrap)
+package api // import "k8s.io/cluster-bootstrap/token/api"

vendor/k8s.io/cluster-bootstrap/token/api/types.go

@@ -0,0 +1,112 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package api
+
+import (
+	"k8s.io/api/core/v1"
+)
+
+const (
+	// BootstrapTokenSecretPrefix is the prefix for bootstrap token names.
+	// Bootstrap tokens secrets must be named in the form
+	// `bootstrap-token-<token-id>`.  This is the prefix to be used before the
+	// token ID.
+	BootstrapTokenSecretPrefix = "bootstrap-token-"
+
+	// SecretTypeBootstrapToken is used during the automated bootstrap process (first
+	// implemented by kubeadm). It stores tokens that are used to sign well known
+	// ConfigMaps. They may also eventually be used for authentication.
+	SecretTypeBootstrapToken v1.SecretType = "bootstrap.kubernetes.io/token"
+
+	// BootstrapTokenIDKey is the id of this token. This can be transmitted in the
+	// clear and encoded in the name of the secret. It must be a random 6 character
+	// string that matches the regexp `^([a-z0-9]{6})$`. Required.
+	BootstrapTokenIDKey = "token-id"
+
+	// BootstrapTokenSecretKey is the actual secret. It must be a random 16 character
+	// string that matches the regexp `^([a-z0-9]{16})$`. Required.
+	BootstrapTokenSecretKey = "token-secret"
+
+	// BootstrapTokenExpirationKey is when this token should be expired and no
+	// longer used. A controller will delete this resource after this time. This
+	// is an absolute UTC time using RFC3339. If this cannot be parsed, the token
+	// should be considered invalid. Optional.
+	BootstrapTokenExpirationKey = "expiration"
+
+	// BootstrapTokenDescriptionKey is a description in human-readable format that
+	// describes what the bootstrap token is used for. Optional.
+	BootstrapTokenDescriptionKey = "description"
+
+	// BootstrapTokenExtraGroupsKey is a comma-separated list of group names.
+	// The  bootstrap token will authenticate as these groups in addition to the
+	// "system:bootstrappers" group.
+	BootstrapTokenExtraGroupsKey = "auth-extra-groups"
+
+	// BootstrapTokenUsagePrefix is the prefix for the other usage constants that specifies different
+	// functions of a bootstrap token
+	BootstrapTokenUsagePrefix = "usage-bootstrap-"
+
+	// BootstrapTokenUsageSigningKey signals that this token should be used to
+	// sign configs as part of the bootstrap process. Value must be "true". Any
+	// other value is assumed to be false. Optional.
+	BootstrapTokenUsageSigningKey = "usage-bootstrap-signing"
+
+	// BootstrapTokenUsageAuthentication signals that this token should be used
+	// as a bearer token to authenticate against the Kubernetes API. The bearer
+	// token takes the form "<token-id>.<token-secret>" and authenticates as the
+	// user "system:bootstrap:<token-id>" in the "system:bootstrappers" group
+	// as well as any groups specified using BootstrapTokenExtraGroupsKey.
+	// Value must be "true". Any other value is assumed to be false. Optional.
+	BootstrapTokenUsageAuthentication = "usage-bootstrap-authentication"
+
+	// ConfigMapClusterInfo defines the name for the ConfigMap where the information how to connect and trust the cluster exist
+	ConfigMapClusterInfo = "cluster-info"
+
+	// KubeConfigKey defines at which key in the Data object of the ConfigMap the KubeConfig object is stored
+	KubeConfigKey = "kubeconfig"
+
+	// JWSSignatureKeyPrefix defines what key prefix the JWS-signed tokens have
+	JWSSignatureKeyPrefix = "jws-kubeconfig-"
+
+	// BootstrapUserPrefix is the username prefix bootstrapping bearer tokens
+	// authenticate as. The full username given is "system:bootstrap:<token-id>".
+	BootstrapUserPrefix = "system:bootstrap:"
+
+	// BootstrapDefaultGroup is the default group for bootstrapping bearer
+	// tokens (in addition to any groups from BootstrapTokenExtraGroupsKey).
+	BootstrapDefaultGroup = "system:bootstrappers"
+
+	// BootstrapGroupPattern is the valid regex pattern that all groups
+	// assigned to a bootstrap token by BootstrapTokenExtraGroupsKey must match.
+	// See also util.ValidateBootstrapGroupName()
+	BootstrapGroupPattern = `\Asystem:bootstrappers:[a-z0-9:-]{0,255}[a-z0-9]\z`
+
+	// BootstrapTokenPattern defines the {id}.{secret} regular expression pattern
+	BootstrapTokenPattern = `\A([a-z0-9]{6})\.([a-z0-9]{16})\z`
+
+	// BootstrapTokenIDPattern defines token's id regular expression pattern
+	BootstrapTokenIDPattern = `\A([a-z0-9]{6})\z`
+
+	// BootstrapTokenIDBytes defines the number of bytes used for the Bootstrap Token's ID field
+	BootstrapTokenIDBytes = 6
+
+	// BootstrapTokenSecretBytes defines the number of bytes used the Bootstrap Token's Secret field
+	BootstrapTokenSecretBytes = 16
+)
+
+// KnownTokenUsages specifies the known functions a token will get.
+var KnownTokenUsages = []string{"signing", "authentication"}

vendor/k8s.io/cluster-bootstrap/token/util/helpers.go

@@ -0,0 +1,133 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"bufio"
+	"crypto/rand"
+	"fmt"
+	"regexp"
+	"strings"
+
+	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/cluster-bootstrap/token/api"
+)
+
+// validBootstrapTokenChars defines the characters a bootstrap token can consist of
+const validBootstrapTokenChars = "0123456789abcdefghijklmnopqrstuvwxyz"
+
+var (
+	// BootstrapTokenRegexp is a compiled regular expression of TokenRegexpString
+	BootstrapTokenRegexp = regexp.MustCompile(api.BootstrapTokenPattern)
+	// BootstrapTokenIDRegexp is a compiled regular expression of TokenIDRegexpString
+	BootstrapTokenIDRegexp = regexp.MustCompile(api.BootstrapTokenIDPattern)
+	// BootstrapGroupRegexp is a compiled regular expression of BootstrapGroupPattern
+	BootstrapGroupRegexp = regexp.MustCompile(api.BootstrapGroupPattern)
+)
+
+// GenerateBootstrapToken generates a new, random Bootstrap Token.
+func GenerateBootstrapToken() (string, error) {
+	tokenID, err := randBytes(api.BootstrapTokenIDBytes)
+	if err != nil {
+		return "", err
+	}
+
+	tokenSecret, err := randBytes(api.BootstrapTokenSecretBytes)
+	if err != nil {
+		return "", err
+	}
+
+	return TokenFromIDAndSecret(tokenID, tokenSecret), nil
+}
+
+// randBytes returns a random string consisting of the characters in
+// validBootstrapTokenChars, with the length customized by the parameter
+func randBytes(length int) (string, error) {
+	// len("0123456789abcdefghijklmnopqrstuvwxyz") = 36 which doesn't evenly divide
+	// the possible values of a byte: 256 mod 36 = 4. Discard any random bytes we
+	// read that are >= 252 so the bytes we evenly divide the character set.
+	const maxByteValue = 252
+
+	var (
+		b     byte
+		err   error
+		token = make([]byte, length)
+	)
+
+	reader := bufio.NewReaderSize(rand.Reader, length*2)
+	for i := range token {
+		for {
+			if b, err = reader.ReadByte(); err != nil {
+				return "", err
+			}
+			if b < maxByteValue {
+				break
+			}
+		}
+
+		token[i] = validBootstrapTokenChars[int(b)%len(validBootstrapTokenChars)]
+	}
+
+	return string(token), nil
+}
+
+// TokenFromIDAndSecret returns the full token which is of the form "{id}.{secret}"
+func TokenFromIDAndSecret(id, secret string) string {
+	return fmt.Sprintf("%s.%s", id, secret)
+}
+
+// IsValidBootstrapToken returns whether the given string is valid as a Bootstrap Token and
+// in other words satisfies the BootstrapTokenRegexp
+func IsValidBootstrapToken(token string) bool {
+	return BootstrapTokenRegexp.MatchString(token)
+}
+
+// IsValidBootstrapTokenID returns whether the given string is valid as a Bootstrap Token ID and
+// in other words satisfies the BootstrapTokenIDRegexp
+func IsValidBootstrapTokenID(tokenID string) bool {
+	return BootstrapTokenIDRegexp.MatchString(tokenID)
+}
+
+// BootstrapTokenSecretName returns the expected name for the Secret storing the
+// Bootstrap Token in the Kubernetes API.
+func BootstrapTokenSecretName(tokenID string) string {
+	return fmt.Sprintf("%s%s", api.BootstrapTokenSecretPrefix, tokenID)
+}
+
+// ValidateBootstrapGroupName checks if the provided group name is a valid
+// bootstrap group name. Returns nil if valid or a validation error if invalid.
+func ValidateBootstrapGroupName(name string) error {
+	if BootstrapGroupRegexp.Match([]byte(name)) {
+		return nil
+	}
+	return fmt.Errorf("bootstrap group %q is invalid (must match %s)", name, api.BootstrapGroupPattern)
+}
+
+// ValidateUsages validates that the passed in string are valid usage strings for bootstrap tokens.
+func ValidateUsages(usages []string) error {
+	validUsages := sets.NewString(api.KnownTokenUsages...)
+	invalidUsages := sets.NewString()
+	for _, usage := range usages {
+		if !validUsages.Has(usage) {
+			invalidUsages.Insert(usage)
+		}
+	}
+	if len(invalidUsages) > 0 {
+		return fmt.Errorf("invalid bootstrap token usage string: %s, valid usage options: %s", strings.Join(invalidUsages.List(), ","), strings.Join(api.KnownTokenUsages, ","))
+	}
+	return nil
+}