vendor updates

vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/BUILD

@@ -12,8 +12,7 @@ go_test(
     data = [
         "//pkg/auth/authorizer/abac:example_policy",
     ],
-    importpath = "k8s.io/kubernetes/pkg/kubeapiserver/authorizer",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
     deps = ["//pkg/kubeapiserver/authorizer/modes:go_default_library"],
 )
 
@@ -33,6 +32,7 @@ go_library(
         "//vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/authorization/union:go_default_library",
         "//vendor/k8s.io/apiserver/plugin/pkg/authorizer/webhook:go_default_library",
+        "//vendor/k8s.io/client-go/informers:go_default_library",
     ],
 )
 

vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/config.go

@@ -25,6 +25,7 @@ import (
 	"k8s.io/apiserver/pkg/authorization/authorizerfactory"
 	"k8s.io/apiserver/pkg/authorization/union"
 	"k8s.io/apiserver/plugin/pkg/authorizer/webhook"
+	versionedinformers "k8s.io/client-go/informers"
 	"k8s.io/kubernetes/pkg/auth/authorizer/abac"
 	"k8s.io/kubernetes/pkg/auth/nodeidentifier"
 	informers "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion"
@@ -51,7 +52,8 @@ type AuthorizationConfig struct {
 	// TTL for caching of unauthorized responses from the webhook server.
 	WebhookCacheUnauthorizedTTL time.Duration
 
-	InformerFactory informers.SharedInformerFactory
+	InformerFactory          informers.SharedInformerFactory
+	VersionedInformerFactory versionedinformers.SharedInformerFactory
 }
 
 // New returns the right sort of union of multiple authorizer.Authorizer objects
@@ -71,6 +73,7 @@ func (config AuthorizationConfig) New() (authorizer.Authorizer, authorizer.RuleR
 		if authorizerMap[authorizationMode] {
 			return nil, nil, fmt.Errorf("Authorization mode %s specified more than once", authorizationMode)
 		}
+
 		// Keep cases in sync with constant list above.
 		switch authorizationMode {
 		case modes.ModeNode:
@@ -79,6 +82,7 @@ func (config AuthorizationConfig) New() (authorizer.Authorizer, authorizer.RuleR
 				graph,
 				config.InformerFactory.Core().InternalVersion().Pods(),
 				config.InformerFactory.Core().InternalVersion().PersistentVolumes(),
+				config.VersionedInformerFactory.Storage().V1beta1().VolumeAttachments(),
 			)
 			nodeAuthorizer := node.NewAuthorizer(graph, nodeidentifier.NewDefaultNodeIdentifier(), bootstrappolicy.NodeRules())
 			authorizers = append(authorizers, nodeAuthorizer)

vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/BUILD

@@ -9,14 +9,14 @@ load(
 go_test(
     name = "go_default_test",
     srcs = ["modes_test.go"],
-    importpath = "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes",
-    library = ":go_default_library",
+    embed = [":go_default_library"],
 )
 
 go_library(
     name = "go_default_library",
     srcs = ["modes.go"],
     importpath = "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes",
+    deps = ["//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library"],
 )
 
 filegroup(

vendor/k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes/modes.go

@@ -16,6 +16,8 @@ limitations under the License.
 
 package modes
 
+import "k8s.io/apimachinery/pkg/util/sets"
+
 const (
 	ModeAlwaysAllow string = "AlwaysAllow"
 	ModeAlwaysDeny  string = "AlwaysDeny"
@@ -29,10 +31,5 @@ var AuthorizationModeChoices = []string{ModeAlwaysAllow, ModeAlwaysDeny, ModeABA
 
 // IsValidAuthorizationMode returns true if the given authorization mode is a valid one for the apiserver
 func IsValidAuthorizationMode(authzMode string) bool {
-	for _, validMode := range AuthorizationModeChoices {
-		if authzMode == validMode {
-			return true
-		}
-	}
-	return false
+	return sets.NewString(AuthorizationModeChoices...).Has(authzMode)
 }