Switch to github.com/golang/dep for vendoring

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

vendor/k8s.io/kubernetes/pkg/apis/authorization/validation/BUILD

@@ -0,0 +1,45 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["validation.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/apis/authorization:go_default_library",
+        "//vendor:k8s.io/apimachinery/pkg/util/validation/field",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["validation_test.go"],
+    library = ":go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/apis/authorization:go_default_library",
+        "//vendor:k8s.io/apimachinery/pkg/util/validation/field",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)

vendor/k8s.io/kubernetes/pkg/apis/authorization/validation/validation.go

@@ -0,0 +1,85 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validation
+
+import (
+	"k8s.io/apimachinery/pkg/util/validation/field"
+	"k8s.io/kubernetes/pkg/api"
+	authorizationapi "k8s.io/kubernetes/pkg/apis/authorization"
+)
+
+func ValidateSubjectAccessReviewSpec(spec authorizationapi.SubjectAccessReviewSpec, fldPath *field.Path) field.ErrorList {
+	allErrs := field.ErrorList{}
+	if spec.ResourceAttributes != nil && spec.NonResourceAttributes != nil {
+		allErrs = append(allErrs, field.Invalid(fldPath.Child("nonResourceAttributes"), spec.NonResourceAttributes, `cannot be specified in combination with resourceAttributes`))
+	}
+	if spec.ResourceAttributes == nil && spec.NonResourceAttributes == nil {
+		allErrs = append(allErrs, field.Invalid(fldPath.Child("resourceAttributes"), spec.NonResourceAttributes, `exactly one of nonResourceAttributes or resourceAttributes must be specified`))
+	}
+	if len(spec.User) == 0 && len(spec.Groups) == 0 {
+		allErrs = append(allErrs, field.Invalid(fldPath.Child("user"), spec.User, `at least one of user or group must be specified`))
+	}
+
+	return allErrs
+}
+
+func ValidateSelfSubjectAccessReviewSpec(spec authorizationapi.SelfSubjectAccessReviewSpec, fldPath *field.Path) field.ErrorList {
+	allErrs := field.ErrorList{}
+	if spec.ResourceAttributes != nil && spec.NonResourceAttributes != nil {
+		allErrs = append(allErrs, field.Invalid(fldPath.Child("nonResourceAttributes"), spec.NonResourceAttributes, `cannot be specified in combination with resourceAttributes`))
+	}
+	if spec.ResourceAttributes == nil && spec.NonResourceAttributes == nil {
+		allErrs = append(allErrs, field.Invalid(fldPath.Child("resourceAttributes"), spec.NonResourceAttributes, `exactly one of nonResourceAttributes or resourceAttributes must be specified`))
+	}
+
+	return allErrs
+}
+
+func ValidateSubjectAccessReview(sar *authorizationapi.SubjectAccessReview) field.ErrorList {
+	allErrs := ValidateSubjectAccessReviewSpec(sar.Spec, field.NewPath("spec"))
+	if !api.Semantic.DeepEqual(api.ObjectMeta{}, sar.ObjectMeta) {
+		allErrs = append(allErrs, field.Invalid(field.NewPath("metadata"), sar.ObjectMeta, `must be empty`))
+	}
+	return allErrs
+}
+
+func ValidateSelfSubjectAccessReview(sar *authorizationapi.SelfSubjectAccessReview) field.ErrorList {
+	allErrs := ValidateSelfSubjectAccessReviewSpec(sar.Spec, field.NewPath("spec"))
+	if !api.Semantic.DeepEqual(api.ObjectMeta{}, sar.ObjectMeta) {
+		allErrs = append(allErrs, field.Invalid(field.NewPath("metadata"), sar.ObjectMeta, `must be empty`))
+	}
+	return allErrs
+}
+
+func ValidateLocalSubjectAccessReview(sar *authorizationapi.LocalSubjectAccessReview) field.ErrorList {
+	allErrs := ValidateSubjectAccessReviewSpec(sar.Spec, field.NewPath("spec"))
+
+	objectMetaShallowCopy := sar.ObjectMeta
+	objectMetaShallowCopy.Namespace = ""
+	if !api.Semantic.DeepEqual(api.ObjectMeta{}, objectMetaShallowCopy) {
+		allErrs = append(allErrs, field.Invalid(field.NewPath("metadata"), sar.ObjectMeta, `must be empty except for namespace`))
+	}
+
+	if sar.Spec.ResourceAttributes != nil && sar.Spec.ResourceAttributes.Namespace != sar.Namespace {
+		allErrs = append(allErrs, field.Invalid(field.NewPath("spec.resourceAttributes.namespace"), sar.Spec.ResourceAttributes.Namespace, `must match metadata.namespace`))
+	}
+	if sar.Spec.NonResourceAttributes != nil {
+		allErrs = append(allErrs, field.Invalid(field.NewPath("spec.nonResourceAttributes"), sar.Spec.NonResourceAttributes, `disallowed on this kind of request`))
+	}
+
+	return allErrs
+}

vendor/k8s.io/kubernetes/pkg/apis/authorization/validation/validation_test.go

@@ -0,0 +1,201 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validation
+
+import (
+	"strings"
+	"testing"
+
+	"k8s.io/apimachinery/pkg/util/validation/field"
+	"k8s.io/kubernetes/pkg/api"
+	authorizationapi "k8s.io/kubernetes/pkg/apis/authorization"
+)
+
+func TestValidateSARSpec(t *testing.T) {
+	successCases := []authorizationapi.SubjectAccessReviewSpec{
+		{ResourceAttributes: &authorizationapi.ResourceAttributes{}, User: "me"},
+		{NonResourceAttributes: &authorizationapi.NonResourceAttributes{}, Groups: []string{"my-group"}},
+	}
+	for _, successCase := range successCases {
+		if errs := ValidateSubjectAccessReviewSpec(successCase, field.NewPath("spec")); len(errs) != 0 {
+			t.Errorf("expected success: %v", errs)
+		}
+	}
+
+	errorCases := []struct {
+		name string
+		obj  authorizationapi.SubjectAccessReviewSpec
+		msg  string
+	}{
+		{
+			name: "neither request",
+			obj:  authorizationapi.SubjectAccessReviewSpec{User: "me"},
+			msg:  "exactly one of nonResourceAttributes or resourceAttributes must be specified",
+		},
+		{
+			name: "both requests",
+			obj: authorizationapi.SubjectAccessReviewSpec{
+				ResourceAttributes:    &authorizationapi.ResourceAttributes{},
+				NonResourceAttributes: &authorizationapi.NonResourceAttributes{},
+				User: "me",
+			},
+			msg: "cannot be specified in combination with resourceAttributes",
+		},
+		{
+			name: "no subject",
+			obj: authorizationapi.SubjectAccessReviewSpec{
+				ResourceAttributes: &authorizationapi.ResourceAttributes{},
+			},
+			msg: `spec.user: Invalid value: "": at least one of user or group must be specified`,
+		},
+	}
+
+	for _, c := range errorCases {
+		errs := ValidateSubjectAccessReviewSpec(c.obj, field.NewPath("spec"))
+		if len(errs) == 0 {
+			t.Errorf("%s: expected failure for %q", c.name, c.msg)
+		} else if !strings.Contains(errs[0].Error(), c.msg) {
+			t.Errorf("%s: unexpected error: %q, expected: %q", c.name, errs[0], c.msg)
+		}
+
+		errs = ValidateSubjectAccessReview(&authorizationapi.SubjectAccessReview{Spec: c.obj})
+		if len(errs) == 0 {
+			t.Errorf("%s: expected failure for %q", c.name, c.msg)
+		} else if !strings.Contains(errs[0].Error(), c.msg) {
+			t.Errorf("%s: unexpected error: %q, expected: %q", c.name, errs[0], c.msg)
+		}
+		errs = ValidateLocalSubjectAccessReview(&authorizationapi.LocalSubjectAccessReview{Spec: c.obj})
+		if len(errs) == 0 {
+			t.Errorf("%s: expected failure for %q", c.name, c.msg)
+		} else if !strings.Contains(errs[0].Error(), c.msg) {
+			t.Errorf("%s: unexpected error: %q, expected: %q", c.name, errs[0], c.msg)
+		}
+
+	}
+}
+
+func TestValidateSelfSAR(t *testing.T) {
+	successCases := []authorizationapi.SelfSubjectAccessReviewSpec{
+		{ResourceAttributes: &authorizationapi.ResourceAttributes{}},
+	}
+	for _, successCase := range successCases {
+		if errs := ValidateSelfSubjectAccessReviewSpec(successCase, field.NewPath("spec")); len(errs) != 0 {
+			t.Errorf("expected success: %v", errs)
+		}
+	}
+
+	errorCases := []struct {
+		name string
+		obj  authorizationapi.SelfSubjectAccessReviewSpec
+		msg  string
+	}{
+		{
+			name: "neither request",
+			obj:  authorizationapi.SelfSubjectAccessReviewSpec{},
+			msg:  "exactly one of nonResourceAttributes or resourceAttributes must be specified",
+		},
+		{
+			name: "both requests",
+			obj: authorizationapi.SelfSubjectAccessReviewSpec{
+				ResourceAttributes:    &authorizationapi.ResourceAttributes{},
+				NonResourceAttributes: &authorizationapi.NonResourceAttributes{},
+			},
+			msg: "cannot be specified in combination with resourceAttributes",
+		},
+	}
+
+	for _, c := range errorCases {
+		errs := ValidateSelfSubjectAccessReviewSpec(c.obj, field.NewPath("spec"))
+		if len(errs) == 0 {
+			t.Errorf("%s: expected failure for %q", c.name, c.msg)
+		} else if !strings.Contains(errs[0].Error(), c.msg) {
+			t.Errorf("%s: unexpected error: %q, expected: %q", c.name, errs[0], c.msg)
+		}
+
+		errs = ValidateSelfSubjectAccessReview(&authorizationapi.SelfSubjectAccessReview{Spec: c.obj})
+		if len(errs) == 0 {
+			t.Errorf("%s: expected failure for %q", c.name, c.msg)
+		} else if !strings.Contains(errs[0].Error(), c.msg) {
+			t.Errorf("%s: unexpected error: %q, expected: %q", c.name, errs[0], c.msg)
+		}
+	}
+}
+
+func TestValidateLocalSAR(t *testing.T) {
+	successCases := []authorizationapi.LocalSubjectAccessReview{
+		{
+			Spec: authorizationapi.SubjectAccessReviewSpec{
+				ResourceAttributes: &authorizationapi.ResourceAttributes{},
+				User:               "user",
+			},
+		},
+	}
+	for _, successCase := range successCases {
+		if errs := ValidateLocalSubjectAccessReview(&successCase); len(errs) != 0 {
+			t.Errorf("expected success: %v", errs)
+		}
+	}
+
+	errorCases := []struct {
+		name string
+		obj  *authorizationapi.LocalSubjectAccessReview
+		msg  string
+	}{
+		{
+			name: "name",
+			obj: &authorizationapi.LocalSubjectAccessReview{
+				ObjectMeta: api.ObjectMeta{Name: "a"},
+				Spec: authorizationapi.SubjectAccessReviewSpec{
+					ResourceAttributes: &authorizationapi.ResourceAttributes{},
+					User:               "user",
+				},
+			},
+			msg: "must be empty except for namespace",
+		},
+		{
+			name: "namespace conflict",
+			obj: &authorizationapi.LocalSubjectAccessReview{
+				ObjectMeta: api.ObjectMeta{Namespace: "a"},
+				Spec: authorizationapi.SubjectAccessReviewSpec{
+					ResourceAttributes: &authorizationapi.ResourceAttributes{},
+					User:               "user",
+				},
+			},
+			msg: "must match metadata.namespace",
+		},
+		{
+			name: "nonresource",
+			obj: &authorizationapi.LocalSubjectAccessReview{
+				ObjectMeta: api.ObjectMeta{Namespace: "a"},
+				Spec: authorizationapi.SubjectAccessReviewSpec{
+					NonResourceAttributes: &authorizationapi.NonResourceAttributes{},
+					User: "user",
+				},
+			},
+			msg: "disallowed on this kind of request",
+		},
+	}
+
+	for _, c := range errorCases {
+		errs := ValidateLocalSubjectAccessReview(c.obj)
+		if len(errs) == 0 {
+			t.Errorf("%s: expected failure for %q", c.name, c.msg)
+		} else if !strings.Contains(errs[0].Error(), c.msg) {
+			t.Errorf("%s: unexpected error: %q, expected: %q", c.name, errs[0], c.msg)
+		}
+	}
+}