Switch to github.com/golang/dep for vendoring

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

vendor/k8s.io/kubernetes/pkg/genericapiserver/authorizer/BUILD

@@ -0,0 +1,47 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["authz_test.go"],
+    library = ":go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//vendor:k8s.io/apiserver/pkg/authentication/user",
+        "//vendor:k8s.io/apiserver/pkg/authorization/authorizer",
+    ],
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "builtin.go",
+        "delegating.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//plugin/pkg/auth/authorizer/webhook:go_default_library",
+        "//vendor:k8s.io/apiserver/pkg/authorization/authorizer",
+        "//vendor:k8s.io/client-go/kubernetes/typed/authorization/v1beta1",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)

vendor/k8s.io/kubernetes/pkg/genericapiserver/authorizer/OWNERS

@@ -0,0 +1,4 @@
+reviewers:
+- deads2k
+- dims
+- ericchiang

vendor/k8s.io/kubernetes/pkg/genericapiserver/authorizer/authz_test.go

@@ -0,0 +1,56 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package authorizer
+
+import (
+	"testing"
+
+	"k8s.io/apiserver/pkg/authentication/user"
+	"k8s.io/apiserver/pkg/authorization/authorizer"
+)
+
+// NewAlwaysAllowAuthorizer must return a struct which implements authorizer.Authorizer
+// and always return nil.
+func TestNewAlwaysAllowAuthorizer(t *testing.T) {
+	aaa := NewAlwaysAllowAuthorizer()
+	if authorized, _, _ := aaa.Authorize(nil); !authorized {
+		t.Errorf("AlwaysAllowAuthorizer.Authorize did not authorize successfully.")
+	}
+}
+
+// NewAlwaysDenyAuthorizer must return a struct which implements authorizer.Authorizer
+// and always return an error as everything is forbidden.
+func TestNewAlwaysDenyAuthorizer(t *testing.T) {
+	ada := NewAlwaysDenyAuthorizer()
+	if authorized, _, _ := ada.Authorize(nil); authorized {
+		t.Errorf("AlwaysDenyAuthorizer.Authorize returned nil instead of error.")
+	}
+}
+
+func TestPrivilegedGroupAuthorizer(t *testing.T) {
+	auth := NewPrivilegedGroups("allow-01", "allow-01")
+
+	yes := authorizer.AttributesRecord{User: &user.DefaultInfo{Groups: []string{"no", "allow-01"}}}
+	no := authorizer.AttributesRecord{User: &user.DefaultInfo{Groups: []string{"no", "deny-01"}}}
+
+	if authorized, _, _ := auth.Authorize(yes); !authorized {
+		t.Errorf("failed")
+	}
+	if authorized, _, _ := auth.Authorize(no); authorized {
+		t.Errorf("failed")
+	}
+}

vendor/k8s.io/kubernetes/pkg/genericapiserver/authorizer/builtin.go

@@ -0,0 +1,87 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package authorizer
+
+import (
+	"errors"
+
+	"k8s.io/apiserver/pkg/authorization/authorizer"
+)
+
+// alwaysAllowAuthorizer is an implementation of authorizer.Attributes
+// which always says yes to an authorization request.
+// It is useful in tests and when using kubernetes in an open manner.
+type alwaysAllowAuthorizer struct{}
+
+func (alwaysAllowAuthorizer) Authorize(a authorizer.Attributes) (authorized bool, reason string, err error) {
+	return true, "", nil
+}
+
+func NewAlwaysAllowAuthorizer() authorizer.Authorizer {
+	return new(alwaysAllowAuthorizer)
+}
+
+// alwaysDenyAuthorizer is an implementation of authorizer.Attributes
+// which always says no to an authorization request.
+// It is useful in unit tests to force an operation to be forbidden.
+type alwaysDenyAuthorizer struct{}
+
+func (alwaysDenyAuthorizer) Authorize(a authorizer.Attributes) (authorized bool, reason string, err error) {
+	return false, "Everything is forbidden.", nil
+}
+
+func NewAlwaysDenyAuthorizer() authorizer.Authorizer {
+	return new(alwaysDenyAuthorizer)
+}
+
+// alwaysFailAuthorizer is an implementation of authorizer.Attributes
+// which always says no to an authorization request.
+// It is useful in unit tests to force an operation to fail with error.
+type alwaysFailAuthorizer struct{}
+
+func (alwaysFailAuthorizer) Authorize(a authorizer.Attributes) (authorized bool, reason string, err error) {
+	return false, "", errors.New("Authorization failure.")
+}
+
+func NewAlwaysFailAuthorizer() authorizer.Authorizer {
+	return new(alwaysFailAuthorizer)
+}
+
+type privilegedGroupAuthorizer struct {
+	groups []string
+}
+
+func (r *privilegedGroupAuthorizer) Authorize(attr authorizer.Attributes) (bool, string, error) {
+	if attr.GetUser() == nil {
+		return false, "Error", errors.New("no user on request.")
+	}
+	for _, attr_group := range attr.GetUser().GetGroups() {
+		for _, priv_group := range r.groups {
+			if priv_group == attr_group {
+				return true, "", nil
+			}
+		}
+	}
+	return false, "", nil
+}
+
+// NewPrivilegedGroups is for use in loopback scenarios
+func NewPrivilegedGroups(groups ...string) *privilegedGroupAuthorizer {
+	return &privilegedGroupAuthorizer{
+		groups: groups,
+	}
+}

vendor/k8s.io/kubernetes/pkg/genericapiserver/authorizer/delegating.go

@@ -0,0 +1,47 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package authorizer
+
+import (
+	"time"
+
+	"k8s.io/apiserver/pkg/authorization/authorizer"
+	authorizationclient "k8s.io/client-go/kubernetes/typed/authorization/v1beta1"
+
+	webhooksar "k8s.io/kubernetes/plugin/pkg/auth/authorizer/webhook"
+)
+
+// DelegatingAuthorizerConfig is the minimal configuration needed to create an authenticator
+// built to delegate authorization to a kube API server
+type DelegatingAuthorizerConfig struct {
+	SubjectAccessReviewClient authorizationclient.SubjectAccessReviewInterface
+
+	// AllowCacheTTL is the length of time that a successful authorization response will be cached
+	AllowCacheTTL time.Duration
+
+	// DenyCacheTTL is the length of time that an unsuccessful authorization response will be cached.
+	// You generally want more responsive, "deny, try again" flows.
+	DenyCacheTTL time.Duration
+}
+
+func (c DelegatingAuthorizerConfig) New() (authorizer.Authorizer, error) {
+	return webhooksar.NewFromInterface(
+		c.SubjectAccessReviewClient,
+		c.AllowCacheTTL,
+		c.DenyCacheTTL,
+	)
+}