Switch to github.com/golang/dep for vendoring

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-01-31 16:45:59 -08:00 · 2017-01-31 16:45:59 -08:00 · 8e5b17cf13
commit 8e5b17cf13
parent d6ab91be27
15431 changed files with 3971413 additions and 8881 deletions
--- a/vendor/k8s.io/kubernetes/pkg/auth/handlers/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/auth/handlers/BUILD
@ -0,0 +1,46 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["handlers.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//vendor:github.com/golang/glog",
+        "//vendor:github.com/prometheus/client_golang/prometheus",
+        "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
+        "//vendor:k8s.io/apiserver/pkg/request",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["handlers_test.go"],
+    library = ":go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
+        "//vendor:k8s.io/apiserver/pkg/authentication/user",
+        "//vendor:k8s.io/apiserver/pkg/request",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)
--- a/vendor/k8s.io/kubernetes/pkg/auth/handlers/OWNERS
+++ b/vendor/k8s.io/kubernetes/pkg/auth/handlers/OWNERS
@ -0,0 +1 @@
+reviewers:
--- a/vendor/k8s.io/kubernetes/pkg/auth/handlers/handlers.go
+++ b/vendor/k8s.io/kubernetes/pkg/auth/handlers/handlers.go
@ -0,0 +1,117 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package handlers
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/golang/glog"
+	"github.com/prometheus/client_golang/prometheus"
+
+	"k8s.io/apiserver/pkg/authentication/authenticator"
+	genericapirequest "k8s.io/apiserver/pkg/request"
+)
+
+var (
+	authenticatedUserCounter = prometheus.NewCounterVec(
+		prometheus.CounterOpts{
+			Name: "authenticated_user_requests",
+			Help: "Counter of authenticated requests broken out by username.",
+		},
+		[]string{"username"},
+	)
+)
+
+func init() {
+	prometheus.MustRegister(authenticatedUserCounter)
+}
+
+// WithAuthentication creates an http handler that tries to authenticate the given request as a user, and then
+// stores any such user found onto the provided context for the request. If authentication fails or returns an error
+// the failed handler is used. On success, "Authorization" header is removed from the request and handler
+// is invoked to serve the request.
+func WithAuthentication(handler http.Handler, mapper genericapirequest.RequestContextMapper, auth authenticator.Request, failed http.Handler) http.Handler {
+	if auth == nil {
+		glog.Warningf("Authentication is disabled")
+		return handler
+	}
+	return genericapirequest.WithRequestContext(
+		http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+			user, ok, err := auth.AuthenticateRequest(req)
+			if err != nil || !ok {
+				if err != nil {
+					glog.Errorf("Unable to authenticate the request due to an error: %v", err)
+				}
+				failed.ServeHTTP(w, req)
+				return
+			}
+
+			// authorization header is not required anymore in case of a successful authentication.
+			req.Header.Del("Authorization")
+
+			if ctx, ok := mapper.Get(req); ok {
+				mapper.Update(req, genericapirequest.WithUser(ctx, user))
+			}
+
+			authenticatedUserCounter.WithLabelValues(compressUsername(user.GetName())).Inc()
+
+			handler.ServeHTTP(w, req)
+		}),
+		mapper,
+	)
+}
+
+func Unauthorized(supportsBasicAuth bool) http.HandlerFunc {
+	if supportsBasicAuth {
+		return unauthorizedBasicAuth
+	}
+	return unauthorized
+}
+
+// unauthorizedBasicAuth serves an unauthorized message to clients.
+func unauthorizedBasicAuth(w http.ResponseWriter, req *http.Request) {
+	w.Header().Set("WWW-Authenticate", `Basic realm="kubernetes-master"`)
+	http.Error(w, "Unauthorized", http.StatusUnauthorized)
+}
+
+// unauthorized serves an unauthorized message to clients.
+func unauthorized(w http.ResponseWriter, req *http.Request) {
+	http.Error(w, "Unauthorized", http.StatusUnauthorized)
+}
+
+// compressUsername maps all possible usernames onto a small set of categories
+// of usernames. This is done both to limit the cardinality of the
+// authorized_user_requests metric, and to avoid pushing actual usernames in the
+// metric.
+func compressUsername(username string) string {
+	switch {
+	// Known internal identities.
+	case username == "admin" ||
+		username == "client" ||
+		username == "kube_proxy" ||
+		username == "kubelet" ||
+		username == "system:serviceaccount:kube-system:default":
+		return username
+	// Probably an email address.
+	case strings.Contains(username, "@"):
+		return "email_id"
+	// Anything else (custom service accounts, custom external identities, etc.)
+	default:
+		return "other"
+	}
+}
--- a/vendor/k8s.io/kubernetes/pkg/auth/handlers/handlers_test.go
+++ b/vendor/k8s.io/kubernetes/pkg/auth/handlers/handlers_test.go
@ -0,0 +1,126 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package handlers
+
+import (
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"k8s.io/apiserver/pkg/authentication/authenticator"
+	"k8s.io/apiserver/pkg/authentication/user"
+	genericapirequest "k8s.io/apiserver/pkg/request"
+)
+
+func TestAuthenticateRequest(t *testing.T) {
+	success := make(chan struct{})
+	contextMapper := genericapirequest.NewRequestContextMapper()
+	auth := WithAuthentication(
+		http.HandlerFunc(func(_ http.ResponseWriter, req *http.Request) {
+			ctx, ok := contextMapper.Get(req)
+			if ctx == nil || !ok {
+				t.Errorf("no context stored on contextMapper: %#v", contextMapper)
+			}
+			user, ok := genericapirequest.UserFrom(ctx)
+			if user == nil || !ok {
+				t.Errorf("no user stored in context: %#v", ctx)
+			}
+			if req.Header.Get("Authorization") != "" {
+				t.Errorf("Authorization header should be removed from request on success: %#v", req)
+			}
+			close(success)
+		}),
+		contextMapper,
+		authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
+			if req.Header.Get("Authorization") == "Something" {
+				return &user.DefaultInfo{Name: "user"}, true, nil
+			}
+			return nil, false, errors.New("Authorization header is missing.")
+		}),
+		http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {
+			t.Errorf("unexpected call to failed")
+		}),
+	)
+
+	auth.ServeHTTP(httptest.NewRecorder(), &http.Request{Header: map[string][]string{"Authorization": {"Something"}}})
+
+	<-success
+	empty, err := genericapirequest.IsEmpty(contextMapper)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if !empty {
+		t.Fatalf("contextMapper should have no stored requests: %v", contextMapper)
+	}
+}
+
+func TestAuthenticateRequestFailed(t *testing.T) {
+	failed := make(chan struct{})
+	contextMapper := genericapirequest.NewRequestContextMapper()
+	auth := WithAuthentication(
+		http.HandlerFunc(func(_ http.ResponseWriter, req *http.Request) {
+			t.Errorf("unexpected call to handler")
+		}),
+		contextMapper,
+		authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
+			return nil, false, nil
+		}),
+		http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {
+			close(failed)
+		}),
+	)
+
+	auth.ServeHTTP(httptest.NewRecorder(), &http.Request{})
+
+	<-failed
+	empty, err := genericapirequest.IsEmpty(contextMapper)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if !empty {
+		t.Fatalf("contextMapper should have no stored requests: %v", contextMapper)
+	}
+}
+
+func TestAuthenticateRequestError(t *testing.T) {
+	failed := make(chan struct{})
+	contextMapper := genericapirequest.NewRequestContextMapper()
+	auth := WithAuthentication(
+		http.HandlerFunc(func(_ http.ResponseWriter, req *http.Request) {
+			t.Errorf("unexpected call to handler")
+		}),
+		contextMapper,
+		authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
+			return nil, false, errors.New("failure")
+		}),
+		http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) {
+			close(failed)
+		}),
+	)
+
+	auth.ServeHTTP(httptest.NewRecorder(), &http.Request{})
+
+	<-failed
+	empty, err := genericapirequest.IsEmpty(contextMapper)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if !empty {
+		t.Fatalf("contextMapper should have no stored requests: %v", contextMapper)
+	}
+}