vendor updates

2025-06-13 10:33:35 +00:00 · 2018-03-06 17:33:18 -05:00
parent 4b3ebc171b
commit e9033989a0
5854 changed files with 248382 additions and 119809 deletions
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/BUILD
@ -19,7 +19,6 @@ go_library(
    deps = [
        "//vendor/github.com/docker/docker/api/types:go_default_library",
        "//vendor/github.com/golang/glog:go_default_library",
-        "//vendor/k8s.io/api/core/v1:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
    ],
 )
@ -31,8 +30,7 @@ go_test(
        "keyring_test.go",
        "provider_test.go",
    ],
-    importpath = "k8s.io/kubernetes/pkg/credentialprovider",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
    deps = ["//vendor/github.com/docker/docker/api/types:go_default_library"],
 )

@ -51,6 +49,7 @@ filegroup(
        "//pkg/credentialprovider/azure:all-srcs",
        "//pkg/credentialprovider/gcp:all-srcs",
        "//pkg/credentialprovider/rancher:all-srcs",
+        "//pkg/credentialprovider/secrets:all-srcs",
    ],
    tags = ["automanaged"],
 )
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/aws/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/aws/BUILD
@ -23,8 +23,7 @@ go_library(
 go_test(
    name = "go_default_test",
    srcs = ["aws_credentials_test.go"],
-    importpath = "k8s.io/kubernetes/pkg/credentialprovider/aws",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
    deps = [
        "//pkg/credentialprovider:go_default_library",
        "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library",
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/aws/OWNERS
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/aws/OWNERS
@ -4,3 +4,4 @@ reviewers:
 - therc
 - lixiaobing10051267
 - goltermann
+- chrislovecnm
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/azure/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/azure/BUILD
@ -14,13 +14,14 @@ go_library(
    ],
    importpath = "k8s.io/kubernetes/pkg/credentialprovider/azure",
    deps = [
-        "//pkg/cloudprovider/providers/azure:go_default_library",
+        "//pkg/cloudprovider/providers/azure/auth:go_default_library",
        "//pkg/credentialprovider:go_default_library",
        "//vendor/github.com/Azure/azure-sdk-for-go/arm/containerregistry:go_default_library",
        "//vendor/github.com/Azure/go-autorest/autorest:go_default_library",
        "//vendor/github.com/Azure/go-autorest/autorest/adal:go_default_library",
        "//vendor/github.com/Azure/go-autorest/autorest/azure:go_default_library",
        "//vendor/github.com/dgrijalva/jwt-go:go_default_library",
+        "//vendor/github.com/ghodss/yaml:go_default_library",
        "//vendor/github.com/golang/glog:go_default_library",
        "//vendor/github.com/spf13/pflag:go_default_library",
    ],
@ -29,8 +30,7 @@ go_library(
 go_test(
    name = "go_default_test",
    srcs = ["azure_credentials_test.go"],
-    importpath = "k8s.io/kubernetes/pkg/credentialprovider/azure",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
    deps = [
        "//vendor/github.com/Azure/azure-sdk-for-go/arm/containerregistry:go_default_library",
        "//vendor/github.com/Azure/go-autorest/autorest/to:go_default_library",
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/azure/OWNERS
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/azure/OWNERS
@ -0,0 +1,12 @@
+approvers:
+- andyzhangx
+- brendandburns
+- feiskyer
+- karataliu
+- khenidak
+reviewers:
+- andyzhangx
+- brendandburns
+- feiskyer
+- karataliu
+- khenidak
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/azure/azure_credentials.go
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/azure/azure_credentials.go
@ -18,21 +18,23 @@ package azure

 import (
 	"io"
+	"io/ioutil"
 	"os"
 	"time"

 	"github.com/Azure/azure-sdk-for-go/arm/containerregistry"
 	"github.com/Azure/go-autorest/autorest"
 	"github.com/Azure/go-autorest/autorest/adal"
-	azureapi "github.com/Azure/go-autorest/autorest/azure"
+	"github.com/Azure/go-autorest/autorest/azure"
+	"github.com/ghodss/yaml"
 	"github.com/golang/glog"
 	"github.com/spf13/pflag"
-	"k8s.io/kubernetes/pkg/cloudprovider/providers/azure"
+	"k8s.io/kubernetes/pkg/cloudprovider/providers/azure/auth"
 	"k8s.io/kubernetes/pkg/credentialprovider"
 )

 var flagConfigFile = pflag.String("azure-container-registry-config", "",
-	"Path to the file container Azure container registry configuration information.")
+	"Path to the file containing Azure container registry configuration information.")

 const dummyRegistryEmail = "name@contoso.com"

@ -60,18 +62,44 @@ func NewACRProvider(configFile *string) credentialprovider.DockerConfigProvider

 type acrProvider struct {
 	file                  *string
-	config                *azure.Config
-	environment           *azureapi.Environment
+	config                *auth.AzureAuthConfig
+	environment           *azure.Environment
 	registryClient        RegistriesClient
 	servicePrincipalToken *adal.ServicePrincipalToken
 }

+// ParseConfig returns a parsed configuration for an Azure cloudprovider config file
+func parseConfig(configReader io.Reader) (*auth.AzureAuthConfig, error) {
+	var config auth.AzureAuthConfig
+
+	if configReader == nil {
+		return &config, nil
+	}
+
+	configContents, err := ioutil.ReadAll(configReader)
+	if err != nil {
+		return nil, err
+	}
+	err = yaml.Unmarshal(configContents, &config)
+	if err != nil {
+		return nil, err
+	}
+
+	return &config, nil
+}
+
 func (a *acrProvider) loadConfig(rdr io.Reader) error {
 	var err error
-	a.config, a.environment, err = azure.ParseConfig(rdr)
+	a.config, err = parseConfig(rdr)
 	if err != nil {
 		glog.Errorf("Failed to load azure credential file: %v", err)
 	}
+
+	a.environment, err = auth.ParseAzureEnvironment(a.config.Cloud)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }

@ -94,7 +122,7 @@ func (a *acrProvider) Enabled() bool {
 		return false
 	}

-	a.servicePrincipalToken, err = azure.GetServicePrincipalToken(a.config, a.environment)
+	a.servicePrincipalToken, err = auth.GetServicePrincipalToken(a.config, a.environment)
 	if err != nil {
 		glog.Errorf("Failed to create service principal token: %v", err)
 		return false
@ -145,7 +173,7 @@ func getLoginServer(registry containerregistry.Registry) string {
 }

 func getACRDockerEntryFromARMToken(a *acrProvider, loginServer string) (*credentialprovider.DockerConfigEntry, error) {
-	armAccessToken := a.servicePrincipalToken.AccessToken
+	armAccessToken := a.servicePrincipalToken.OAuthToken()

 	glog.V(4).Infof("discovering auth redirects for: %s", loginServer)
 	directive, err := receiveChallengeFromLoginServer(loginServer)
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/gcp/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/gcp/BUILD
@ -31,8 +31,7 @@ go_test(
        "jwt_test.go",
        "metadata_test.go",
    ],
-    importpath = "k8s.io/kubernetes/pkg/credentialprovider/gcp",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
    deps = [
        "//pkg/credentialprovider:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/util/net:go_default_library",
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/gcp/jwt.go
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/gcp/jwt.go
@ -31,10 +31,11 @@ import (

 const (
 	storageReadOnlyScope = "https://www.googleapis.com/auth/devstorage.read_only"
+	jwtFileFlagName      = "google-json-key"
 )

 var (
-	flagJwtFile = pflag.String("google-json-key", "",
+	flagJwtFile = pflag.String(jwtFileFlagName, "",
 		"The Google Cloud Platform Service Account JSON Key to use for authentication.")
 )

@ -49,6 +50,9 @@ type jwtProvider struct {
 // init registers the various means by which credentials may
 // be resolved on GCP.
 func init() {
+	pflag.CommandLine.MarkDeprecated(jwtFileFlagName, "Will be removed in a future version. "+
+		"To maintain node-level authentication, credentials should instead be included in a docker "+
+		"config.json file, located inside the Kubelet's --root-dir.")
 	credentialprovider.RegisterCredentialProvider("google-jwt-key",
 		&credentialprovider.CachingDockerConfigProvider{
 			Provider: &jwtProvider{
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/gcp/metadata.go
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/gcp/metadata.go
@ -39,7 +39,6 @@ const (
 	metadataEmail            = metadataUrl + "instance/service-accounts/default/email"
 	storageScopePrefix       = "https://www.googleapis.com/auth/devstorage"
 	cloudPlatformScopePrefix = "https://www.googleapis.com/auth/cloud-platform"
-	googleProductName        = "Google"
 	defaultServiceAccount    = "default/"
 )

@ -121,7 +120,8 @@ func onGCEVM() bool {
 		glog.V(2).Infof("Error while reading product_name: %v", err)
 		return false
 	}
-	return strings.Contains(string(data), googleProductName)
+	name := strings.TrimSpace(string(data))
+	return name == "Google" || name == "Google Compute Engine"
 }

 // Enabled implements DockerConfigProvider for all of the Google implementations.
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/keyring.go
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/keyring.go
@ -17,7 +17,6 @@ limitations under the License.
 package credentialprovider

 import (
-	"encoding/json"
 	"net"
 	"net/url"
 	"path/filepath"
@ -27,7 +26,6 @@ import (
 	"github.com/golang/glog"

 	dockertypes "github.com/docker/docker/api/types"
-	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
 )

@ -284,14 +282,12 @@ func (f *FakeKeyring) Lookup(image string) ([]LazyAuthConfiguration, bool) {
 	return f.auth, f.ok
 }

-// unionDockerKeyring delegates to a set of keyrings.
-type unionDockerKeyring struct {
-	keyrings []DockerKeyring
-}
+// UnionDockerKeyring delegates to a set of keyrings.
+type UnionDockerKeyring []DockerKeyring

-func (k *unionDockerKeyring) Lookup(image string) ([]LazyAuthConfiguration, bool) {
+func (k UnionDockerKeyring) Lookup(image string) ([]LazyAuthConfiguration, bool) {
 	authConfigs := []LazyAuthConfiguration{}
-	for _, subKeyring := range k.keyrings {
+	for _, subKeyring := range k {
 		if subKeyring == nil {
 			continue
 		}
@ -302,37 +298,3 @@ func (k *unionDockerKeyring) Lookup(image string) ([]LazyAuthConfiguration, bool

 	return authConfigs, (len(authConfigs) > 0)
 }
-
-// MakeDockerKeyring inspects the passedSecrets to see if they contain any DockerConfig secrets.  If they do,
-// then a DockerKeyring is built based on every hit and unioned with the defaultKeyring.
-// If they do not, then the default keyring is returned
-func MakeDockerKeyring(passedSecrets []v1.Secret, defaultKeyring DockerKeyring) (DockerKeyring, error) {
-	passedCredentials := []DockerConfig{}
-	for _, passedSecret := range passedSecrets {
-		if dockerConfigJsonBytes, dockerConfigJsonExists := passedSecret.Data[v1.DockerConfigJsonKey]; (passedSecret.Type == v1.SecretTypeDockerConfigJson) && dockerConfigJsonExists && (len(dockerConfigJsonBytes) > 0) {
-			dockerConfigJson := DockerConfigJson{}
-			if err := json.Unmarshal(dockerConfigJsonBytes, &dockerConfigJson); err != nil {
-				return nil, err
-			}
-
-			passedCredentials = append(passedCredentials, dockerConfigJson.Auths)
-		} else if dockercfgBytes, dockercfgExists := passedSecret.Data[v1.DockerConfigKey]; (passedSecret.Type == v1.SecretTypeDockercfg) && dockercfgExists && (len(dockercfgBytes) > 0) {
-			dockercfg := DockerConfig{}
-			if err := json.Unmarshal(dockercfgBytes, &dockercfg); err != nil {
-				return nil, err
-			}
-
-			passedCredentials = append(passedCredentials, dockercfg)
-		}
-	}
-
-	if len(passedCredentials) > 0 {
-		basicKeyring := &BasicDockerKeyring{}
-		for _, currCredentials := range passedCredentials {
-			basicKeyring.Add(currCredentials)
-		}
-		return &unionDockerKeyring{[]DockerKeyring{basicKeyring, defaultKeyring}}, nil
-	}
-
-	return defaultKeyring, nil
-}
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/rancher/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/rancher/BUILD
@ -9,8 +9,7 @@ load(
 go_test(
    name = "go_default_test",
    srcs = ["rancher_registry_credentials_test.go"],
-    importpath = "k8s.io/kubernetes/pkg/credentialprovider/rancher",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
    deps = [
        "//pkg/credentialprovider:go_default_library",
        "//vendor/github.com/rancher/go-rancher/client:go_default_library",
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/secrets/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/secrets/BUILD
@ -0,0 +1,26 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["secrets.go"],
+    importpath = "k8s.io/kubernetes/pkg/credentialprovider/secrets",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//pkg/credentialprovider:go_default_library",
+        "//vendor/k8s.io/api/core/v1:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)
--- a/vendor/k8s.io/kubernetes/pkg/credentialprovider/secrets/secrets.go
+++ b/vendor/k8s.io/kubernetes/pkg/credentialprovider/secrets/secrets.go
@ -0,0 +1,58 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package secrets
+
+import (
+	"encoding/json"
+
+	"k8s.io/api/core/v1"
+	"k8s.io/kubernetes/pkg/credentialprovider"
+)
+
+// MakeDockerKeyring inspects the passedSecrets to see if they contain any DockerConfig secrets.  If they do,
+// then a DockerKeyring is built based on every hit and unioned with the defaultKeyring.
+// If they do not, then the default keyring is returned
+func MakeDockerKeyring(passedSecrets []v1.Secret, defaultKeyring credentialprovider.DockerKeyring) (credentialprovider.DockerKeyring, error) {
+	passedCredentials := []credentialprovider.DockerConfig{}
+	for _, passedSecret := range passedSecrets {
+		if dockerConfigJSONBytes, dockerConfigJSONExists := passedSecret.Data[v1.DockerConfigJsonKey]; (passedSecret.Type == v1.SecretTypeDockerConfigJson) && dockerConfigJSONExists && (len(dockerConfigJSONBytes) > 0) {
+			dockerConfigJSON := credentialprovider.DockerConfigJson{}
+			if err := json.Unmarshal(dockerConfigJSONBytes, &dockerConfigJSON); err != nil {
+				return nil, err
+			}
+
+			passedCredentials = append(passedCredentials, dockerConfigJSON.Auths)
+		} else if dockercfgBytes, dockercfgExists := passedSecret.Data[v1.DockerConfigKey]; (passedSecret.Type == v1.SecretTypeDockercfg) && dockercfgExists && (len(dockercfgBytes) > 0) {
+			dockercfg := credentialprovider.DockerConfig{}
+			if err := json.Unmarshal(dockercfgBytes, &dockercfg); err != nil {
+				return nil, err
+			}
+
+			passedCredentials = append(passedCredentials, dockercfg)
+		}
+	}
+
+	if len(passedCredentials) > 0 {
+		basicKeyring := &credentialprovider.BasicDockerKeyring{}
+		for _, currCredentials := range passedCredentials {
+			basicKeyring.Add(currCredentials)
+		}
+		return credentialprovider.UnionDockerKeyring{basicKeyring, defaultKeyring}, nil
+	}
+
+	return defaultKeyring, nil
+}