Vendor: Update k8s version

Signed-off-by: Michał Żyłowski <michal.zylowski@intel.com>
2017-02-03 14:41:32 +01:00 · 2017-02-03 14:41:32 +01:00 · 52baf68d50
commit 52baf68d50
parent dfa93414c5
3756 changed files with 113013 additions and 92675 deletions
--- a/vendor/k8s.io/kubernetes/pkg/auth/handlers/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/auth/handlers/BUILD
@ -1,46 +0,0 @@
-package(default_visibility = ["//visibility:public"])
-
-licenses(["notice"])
-
-load(
-    "@io_bazel_rules_go//go:def.bzl",
-    "go_library",
-    "go_test",
-)
-
-go_library(
-    name = "go_default_library",
-    srcs = ["handlers.go"],
-    tags = ["automanaged"],
-    deps = [
-        "//vendor:github.com/golang/glog",
-        "//vendor:github.com/prometheus/client_golang/prometheus",
-        "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
-        "//vendor:k8s.io/apiserver/pkg/request",
-    ],
-)
-
-go_test(
-    name = "go_default_test",
-    srcs = ["handlers_test.go"],
-    library = ":go_default_library",
-    tags = ["automanaged"],
-    deps = [
-        "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
-        "//vendor:k8s.io/apiserver/pkg/authentication/user",
-        "//vendor:k8s.io/apiserver/pkg/request",
-    ],
-)
-
-filegroup(
-    name = "package-srcs",
-    srcs = glob(["**"]),
-    tags = ["automanaged"],
-    visibility = ["//visibility:private"],
-)
-
-filegroup(
-    name = "all-srcs",
-    srcs = [":package-srcs"],
-    tags = ["automanaged"],
-)
--- a/vendor/k8s.io/kubernetes/pkg/auth/handlers/handlers.go
+++ b/vendor/k8s.io/kubernetes/pkg/auth/handlers/handlers.go
@ -1,117 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package handlers
-
-import (
-	"net/http"
-	"strings"
-
-	"github.com/golang/glog"
-	"github.com/prometheus/client_golang/prometheus"
-
-	"k8s.io/apiserver/pkg/authentication/authenticator"
-	genericapirequest "k8s.io/apiserver/pkg/request"
-)
-
-var (
-	authenticatedUserCounter = prometheus.NewCounterVec(
-		prometheus.CounterOpts{
-			Name: "authenticated_user_requests",
-			Help: "Counter of authenticated requests broken out by username.",
-		},
-		[]string{"username"},
-	)
-)
-
-func init() {
-	prometheus.MustRegister(authenticatedUserCounter)
-}
-
-// WithAuthentication creates an http handler that tries to authenticate the given request as a user, and then
-// stores any such user found onto the provided context for the request. If authentication fails or returns an error
-// the failed handler is used. On success, "Authorization" header is removed from the request and handler
-// is invoked to serve the request.
-func WithAuthentication(handler http.Handler, mapper genericapirequest.RequestContextMapper, auth authenticator.Request, failed http.Handler) http.Handler {
-	if auth == nil {
-		glog.Warningf("Authentication is disabled")
-		return handler
-	}
-	return genericapirequest.WithRequestContext(
-		http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-			user, ok, err := auth.AuthenticateRequest(req)
-			if err != nil || !ok {
-				if err != nil {
-					glog.Errorf("Unable to authenticate the request due to an error: %v", err)
-				}
-				failed.ServeHTTP(w, req)
-				return
-			}
-
-			// authorization header is not required anymore in case of a successful authentication.
-			req.Header.Del("Authorization")
-
-			if ctx, ok := mapper.Get(req); ok {
-				mapper.Update(req, genericapirequest.WithUser(ctx, user))
-			}
-
-			authenticatedUserCounter.WithLabelValues(compressUsername(user.GetName())).Inc()
-
-			handler.ServeHTTP(w, req)
-		}),
-		mapper,
-	)
-}
-
-func Unauthorized(supportsBasicAuth bool) http.HandlerFunc {
-	if supportsBasicAuth {
-		return unauthorizedBasicAuth
-	}
-	return unauthorized
-}
-
-// unauthorizedBasicAuth serves an unauthorized message to clients.
-func unauthorizedBasicAuth(w http.ResponseWriter, req *http.Request) {
-	w.Header().Set("WWW-Authenticate", `Basic realm="kubernetes-master"`)
-	http.Error(w, "Unauthorized", http.StatusUnauthorized)
-}
-
-// unauthorized serves an unauthorized message to clients.
-func unauthorized(w http.ResponseWriter, req *http.Request) {
-	http.Error(w, "Unauthorized", http.StatusUnauthorized)
-}
-
-// compressUsername maps all possible usernames onto a small set of categories
-// of usernames. This is done both to limit the cardinality of the
-// authorized_user_requests metric, and to avoid pushing actual usernames in the
-// metric.
-func compressUsername(username string) string {
-	switch {
-	// Known internal identities.
-	case username == "admin" ||
-		username == "client" ||
-		username == "kube_proxy" ||
-		username == "kubelet" ||
-		username == "system:serviceaccount:kube-system:default":
-		return username
-	// Probably an email address.
-	case strings.Contains(username, "@"):
-		return "email_id"
-	// Anything else (custom service accounts, custom external identities, etc.)
-	default:
-		return "other"
-	}
-}
--- a/vendor/k8s.io/kubernetes/pkg/auth/handlers/handlers_test.go
+++ b/vendor/k8s.io/kubernetes/pkg/auth/handlers/handlers_test.go
@ -1,126 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package handlers
-
-import (
-	"errors"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-
-	"k8s.io/apiserver/pkg/authentication/authenticator"
-	"k8s.io/apiserver/pkg/authentication/user"
-	genericapirequest "k8s.io/apiserver/pkg/request"
-)
-
-func TestAuthenticateRequest(t *testing.T) {
-	success := make(chan struct{})
-	contextMapper := genericapirequest.NewRequestContextMapper()
-	auth := WithAuthentication(
-		http.HandlerFunc(func(_ http.ResponseWriter, req *http.Request) {
-			ctx, ok := contextMapper.Get(req)
-			if ctx == nil || !ok {
-				t.Errorf("no context stored on contextMapper: %#v", contextMapper)
-			}
-			user, ok := genericapirequest.UserFrom(ctx)
-			if user == nil || !ok {
-				t.Errorf("no user stored in context: %#v", ctx)
-			}
-			if req.Header.Get("Authorization") != "" {
-				t.Errorf("Authorization header should be removed from request on success: %#v", req)
-			}
-			close(success)
-		}),
-		contextMapper,
-		authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
-			if req.Header.Get("Authorization") == "Something" {
-				return &user.DefaultInfo{Name: "user"}, true, nil
-			}
-			return nil, false, errors.New("Authorization header is missing.")
-		}),
-		http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {
-			t.Errorf("unexpected call to failed")
-		}),
-	)
-
-	auth.ServeHTTP(httptest.NewRecorder(), &http.Request{Header: map[string][]string{"Authorization": {"Something"}}})
-
-	<-success
-	empty, err := genericapirequest.IsEmpty(contextMapper)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if !empty {
-		t.Fatalf("contextMapper should have no stored requests: %v", contextMapper)
-	}
-}
-
-func TestAuthenticateRequestFailed(t *testing.T) {
-	failed := make(chan struct{})
-	contextMapper := genericapirequest.NewRequestContextMapper()
-	auth := WithAuthentication(
-		http.HandlerFunc(func(_ http.ResponseWriter, req *http.Request) {
-			t.Errorf("unexpected call to handler")
-		}),
-		contextMapper,
-		authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
-			return nil, false, nil
-		}),
-		http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {
-			close(failed)
-		}),
-	)
-
-	auth.ServeHTTP(httptest.NewRecorder(), &http.Request{})
-
-	<-failed
-	empty, err := genericapirequest.IsEmpty(contextMapper)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if !empty {
-		t.Fatalf("contextMapper should have no stored requests: %v", contextMapper)
-	}
-}
-
-func TestAuthenticateRequestError(t *testing.T) {
-	failed := make(chan struct{})
-	contextMapper := genericapirequest.NewRequestContextMapper()
-	auth := WithAuthentication(
-		http.HandlerFunc(func(_ http.ResponseWriter, req *http.Request) {
-			t.Errorf("unexpected call to handler")
-		}),
-		contextMapper,
-		authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
-			return nil, false, errors.New("failure")
-		}),
-		http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {
-			close(failed)
-		}),
-	)
-
-	auth.ServeHTTP(httptest.NewRecorder(), &http.Request{})
-
-	<-failed
-	empty, err := genericapirequest.IsEmpty(contextMapper)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if !empty {
-		t.Fatalf("contextMapper should have no stored requests: %v", contextMapper)
-	}
-}