Switch to github.com/golang/dep for vendoring

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-01-31 16:45:59 -08:00 · 2017-01-31 16:45:59 -08:00 · 8e5b17cf13
commit 8e5b17cf13
parent d6ab91be27
15431 changed files with 3971413 additions and 8881 deletions
--- a/vendor/k8s.io/kubernetes/pkg/registry/certificates/OWNERS
+++ b/vendor/k8s.io/kubernetes/pkg/registry/certificates/OWNERS
@ -0,0 +1,10 @@
+reviewers:
+- smarterclayton
+- wojtek-t
+- deads2k
+- mikedanese
+- liggitt
+- timothysc
+- dims
+- hongchaodeng
+- david-mcmahon
--- a/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/BUILD
@ -0,0 +1,65 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "doc.go",
+        "registry.go",
+        "strategy.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/apis/certificates:go_default_library",
+        "//pkg/apis/certificates/validation:go_default_library",
+        "//pkg/fields:go_default_library",
+        "//pkg/genericapiserver/api/rest:go_default_library",
+        "//pkg/registry/generic:go_default_library",
+        "//pkg/storage:go_default_library",
+        "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
+        "//vendor:k8s.io/apimachinery/pkg/labels",
+        "//vendor:k8s.io/apimachinery/pkg/runtime",
+        "//vendor:k8s.io/apimachinery/pkg/util/validation/field",
+        "//vendor:k8s.io/apimachinery/pkg/watch",
+        "//vendor:k8s.io/apiserver/pkg/request",
+        "//vendor:k8s.io/apiserver/pkg/storage/names",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["strategy_test.go"],
+    library = ":go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/apis/certificates:go_default_library",
+        "//vendor:k8s.io/apimachinery/pkg/runtime",
+        "//vendor:k8s.io/apimachinery/pkg/util/diff",
+        "//vendor:k8s.io/apiserver/pkg/authentication/user",
+        "//vendor:k8s.io/apiserver/pkg/request",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [
+        ":package-srcs",
+        "//pkg/registry/certificates/certificates/storage:all-srcs",
+    ],
+    tags = ["automanaged"],
+)
--- a/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/doc.go
+++ b/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/doc.go
@ -0,0 +1,19 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package certificates provides Registry interface and its RESTStorage
+// implementation for storing CertificateSigningRequest objects.
+package certificates // import "k8s.io/kubernetes/pkg/registry/certificates/certificates"
--- a/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/registry.go
+++ b/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/registry.go
@ -0,0 +1,83 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package certificates
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/watch"
+	genericapirequest "k8s.io/apiserver/pkg/request"
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/apis/certificates"
+	"k8s.io/kubernetes/pkg/genericapiserver/api/rest"
+)
+
+// Registry is an interface for things that know how to store CSRs.
+type Registry interface {
+	ListCSRs(ctx genericapirequest.Context, options *api.ListOptions) (*certificates.CertificateSigningRequestList, error)
+	CreateCSR(ctx genericapirequest.Context, csr *certificates.CertificateSigningRequest) error
+	UpdateCSR(ctx genericapirequest.Context, csr *certificates.CertificateSigningRequest) error
+	GetCSR(ctx genericapirequest.Context, csrID string, options *metav1.GetOptions) (*certificates.CertificateSigningRequest, error)
+	DeleteCSR(ctx genericapirequest.Context, csrID string) error
+	WatchCSRs(ctx genericapirequest.Context, options *api.ListOptions) (watch.Interface, error)
+}
+
+// storage puts strong typing around storage calls
+type storage struct {
+	rest.StandardStorage
+}
+
+// NewRegistry returns a new Registry interface for the given Storage. Any mismatched
+// types will panic.
+func NewRegistry(s rest.StandardStorage) Registry {
+	return &storage{s}
+}
+
+func (s *storage) ListCSRs(ctx genericapirequest.Context, options *api.ListOptions) (*certificates.CertificateSigningRequestList, error) {
+	obj, err := s.List(ctx, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return obj.(*certificates.CertificateSigningRequestList), nil
+}
+
+func (s *storage) CreateCSR(ctx genericapirequest.Context, csr *certificates.CertificateSigningRequest) error {
+	_, err := s.Create(ctx, csr)
+	return err
+}
+
+func (s *storage) UpdateCSR(ctx genericapirequest.Context, csr *certificates.CertificateSigningRequest) error {
+	_, _, err := s.Update(ctx, csr.Name, rest.DefaultUpdatedObjectInfo(csr, api.Scheme))
+	return err
+}
+
+func (s *storage) WatchCSRs(ctx genericapirequest.Context, options *api.ListOptions) (watch.Interface, error) {
+	return s.Watch(ctx, options)
+}
+
+func (s *storage) GetCSR(ctx genericapirequest.Context, name string, options *metav1.GetOptions) (*certificates.CertificateSigningRequest, error) {
+	obj, err := s.Get(ctx, name, options)
+	if err != nil {
+		return nil, err
+	}
+	return obj.(*certificates.CertificateSigningRequest), nil
+}
+
+func (s *storage) DeleteCSR(ctx genericapirequest.Context, name string) error {
+	_, err := s.Delete(ctx, name, nil)
+	return err
+}
--- a/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/storage/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/storage/BUILD
@ -0,0 +1,36 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["storage.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/apis/certificates:go_default_library",
+        "//pkg/genericapiserver/api/rest:go_default_library",
+        "//pkg/registry/certificates/certificates:go_default_library",
+        "//pkg/registry/generic:go_default_library",
+        "//pkg/registry/generic/registry:go_default_library",
+        "//vendor:k8s.io/apimachinery/pkg/runtime",
+        "//vendor:k8s.io/apiserver/pkg/request",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)
--- a/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/storage/storage.go
+++ b/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/storage/storage.go
@ -0,0 +1,92 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package storage
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+	genericapirequest "k8s.io/apiserver/pkg/request"
+	"k8s.io/kubernetes/pkg/apis/certificates"
+	"k8s.io/kubernetes/pkg/genericapiserver/api/rest"
+	csrregistry "k8s.io/kubernetes/pkg/registry/certificates/certificates"
+	"k8s.io/kubernetes/pkg/registry/generic"
+	genericregistry "k8s.io/kubernetes/pkg/registry/generic/registry"
+)
+
+// REST implements a RESTStorage for CertificateSigningRequest
+type REST struct {
+	*genericregistry.Store
+}
+
+// NewREST returns a registry which will store CertificateSigningRequest in the given helper
+func NewREST(optsGetter generic.RESTOptionsGetter) (*REST, *StatusREST, *ApprovalREST) {
+	store := &genericregistry.Store{
+		NewFunc:     func() runtime.Object { return &certificates.CertificateSigningRequest{} },
+		NewListFunc: func() runtime.Object { return &certificates.CertificateSigningRequestList{} },
+		ObjectNameFunc: func(obj runtime.Object) (string, error) {
+			return obj.(*certificates.CertificateSigningRequest).Name, nil
+		},
+		PredicateFunc:     csrregistry.Matcher,
+		QualifiedResource: certificates.Resource("certificatesigningrequests"),
+
+		CreateStrategy: csrregistry.Strategy,
+		UpdateStrategy: csrregistry.Strategy,
+		DeleteStrategy: csrregistry.Strategy,
+	}
+	options := &generic.StoreOptions{RESTOptions: optsGetter, AttrFunc: csrregistry.GetAttrs}
+	if err := store.CompleteWithOptions(options); err != nil {
+		panic(err) // TODO: Propagate error up
+	}
+
+	// Subresources use the same store and creation strategy, which only
+	// allows empty subs. Updates to an existing subresource are handled by
+	// dedicated strategies.
+	statusStore := *store
+	statusStore.UpdateStrategy = csrregistry.StatusStrategy
+
+	approvalStore := *store
+	approvalStore.UpdateStrategy = csrregistry.ApprovalStrategy
+
+	return &REST{store}, &StatusREST{store: &statusStore}, &ApprovalREST{store: &approvalStore}
+}
+
+// StatusREST implements the REST endpoint for changing the status of a CSR.
+type StatusREST struct {
+	store *genericregistry.Store
+}
+
+func (r *StatusREST) New() runtime.Object {
+	return &certificates.CertificateSigningRequest{}
+}
+
+// Update alters the status subset of an object.
+func (r *StatusREST) Update(ctx genericapirequest.Context, name string, objInfo rest.UpdatedObjectInfo) (runtime.Object, bool, error) {
+	return r.store.Update(ctx, name, objInfo)
+}
+
+// ApprovalREST implements the REST endpoint for changing the approval state of a CSR.
+type ApprovalREST struct {
+	store *genericregistry.Store
+}
+
+func (r *ApprovalREST) New() runtime.Object {
+	return &certificates.CertificateSigningRequest{}
+}
+
+// Update alters the approval subset of an object.
+func (r *ApprovalREST) Update(ctx genericapirequest.Context, name string, objInfo rest.UpdatedObjectInfo) (runtime.Object, bool, error) {
+	return r.store.Update(ctx, name, objInfo)
+}
--- a/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy.go
+++ b/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy.go
@ -0,0 +1,194 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package certificates
+
+import (
+	"fmt"
+
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+	genericapirequest "k8s.io/apiserver/pkg/request"
+	"k8s.io/apiserver/pkg/storage/names"
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/apis/certificates"
+	"k8s.io/kubernetes/pkg/apis/certificates/validation"
+	"k8s.io/kubernetes/pkg/fields"
+	"k8s.io/kubernetes/pkg/registry/generic"
+	apistorage "k8s.io/kubernetes/pkg/storage"
+)
+
+// csrStrategy implements behavior for CSRs
+type csrStrategy struct {
+	runtime.ObjectTyper
+	names.NameGenerator
+}
+
+// csrStrategy is the default logic that applies when creating and updating
+// CSR objects.
+var Strategy = csrStrategy{api.Scheme, names.SimpleNameGenerator}
+
+// NamespaceScoped is true for CSRs.
+func (csrStrategy) NamespaceScoped() bool {
+	return false
+}
+
+// AllowCreateOnUpdate is false for CSRs.
+func (csrStrategy) AllowCreateOnUpdate() bool {
+	return false
+}
+
+// PrepareForCreate clears fields that are not allowed to be set by end users
+// on creation.
+func (csrStrategy) PrepareForCreate(ctx genericapirequest.Context, obj runtime.Object) {
+	csr := obj.(*certificates.CertificateSigningRequest)
+
+	// Clear any user-specified info
+	csr.Spec.Username = ""
+	csr.Spec.UID = ""
+	csr.Spec.Groups = nil
+	// Inject user.Info from request context
+	if user, ok := genericapirequest.UserFrom(ctx); ok {
+		csr.Spec.Username = user.GetName()
+		csr.Spec.UID = user.GetUID()
+		csr.Spec.Groups = user.GetGroups()
+	}
+
+	// Be explicit that users cannot create pre-approved certificate requests.
+	csr.Status = certificates.CertificateSigningRequestStatus{}
+	csr.Status.Conditions = []certificates.CertificateSigningRequestCondition{}
+}
+
+// PrepareForUpdate clears fields that are not allowed to be set by end users
+// on update. Certificate requests are immutable after creation except via subresources.
+func (csrStrategy) PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime.Object) {
+	newCSR := obj.(*certificates.CertificateSigningRequest)
+	oldCSR := old.(*certificates.CertificateSigningRequest)
+
+	newCSR.Spec = oldCSR.Spec
+	newCSR.Status = oldCSR.Status
+}
+
+// Validate validates a new CSR. Validation must check for a correct signature.
+func (csrStrategy) Validate(ctx genericapirequest.Context, obj runtime.Object) field.ErrorList {
+	csr := obj.(*certificates.CertificateSigningRequest)
+	return validation.ValidateCertificateSigningRequest(csr)
+}
+
+// Canonicalize normalizes the object after validation (which includes a signature check).
+func (csrStrategy) Canonicalize(obj runtime.Object) {}
+
+// ValidateUpdate is the default update validation for an end user.
+func (csrStrategy) ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList {
+	oldCSR := old.(*certificates.CertificateSigningRequest)
+	newCSR := obj.(*certificates.CertificateSigningRequest)
+	return validation.ValidateCertificateSigningRequestUpdate(newCSR, oldCSR)
+}
+
+// If AllowUnconditionalUpdate() is true and the object specified by
+// the user does not have a resource version, then generic Update()
+// populates it with the latest version. Else, it checks that the
+// version specified by the user matches the version of latest etcd
+// object.
+func (csrStrategy) AllowUnconditionalUpdate() bool {
+	return true
+}
+
+func (s csrStrategy) Export(ctx genericapirequest.Context, obj runtime.Object, exact bool) error {
+	csr, ok := obj.(*certificates.CertificateSigningRequest)
+	if !ok {
+		// unexpected programmer error
+		return fmt.Errorf("unexpected object: %v", obj)
+	}
+	s.PrepareForCreate(ctx, obj)
+	if exact {
+		return nil
+	}
+	// CSRs allow direct subresource edits, we clear them without exact so the CSR value can be reused.
+	csr.Status = certificates.CertificateSigningRequestStatus{}
+	return nil
+}
+
+// Storage strategy for the Status subresource
+type csrStatusStrategy struct {
+	csrStrategy
+}
+
+var StatusStrategy = csrStatusStrategy{Strategy}
+
+func (csrStatusStrategy) PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime.Object) {
+	newCSR := obj.(*certificates.CertificateSigningRequest)
+	oldCSR := old.(*certificates.CertificateSigningRequest)
+
+	// Updating the Status should only update the Status and not the spec
+	// or approval conditions. The intent is to separate the concerns of
+	// approval and certificate issuance.
+	newCSR.Spec = oldCSR.Spec
+	newCSR.Status.Conditions = oldCSR.Status.Conditions
+}
+
+func (csrStatusStrategy) ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList {
+	return validation.ValidateCertificateSigningRequestUpdate(obj.(*certificates.CertificateSigningRequest), old.(*certificates.CertificateSigningRequest))
+}
+
+// Canonicalize normalizes the object after validation.
+func (csrStatusStrategy) Canonicalize(obj runtime.Object) {
+}
+
+// Storage strategy for the Approval subresource
+type csrApprovalStrategy struct {
+	csrStrategy
+}
+
+var ApprovalStrategy = csrApprovalStrategy{Strategy}
+
+func (csrApprovalStrategy) PrepareForUpdate(ctx genericapirequest.Context, obj, old runtime.Object) {
+	newCSR := obj.(*certificates.CertificateSigningRequest)
+	oldCSR := old.(*certificates.CertificateSigningRequest)
+
+	// Updating the approval should only update the conditions.
+	newCSR.Spec = oldCSR.Spec
+	oldCSR.Status.Conditions = newCSR.Status.Conditions
+	newCSR.Status = oldCSR.Status
+}
+
+func (csrApprovalStrategy) ValidateUpdate(ctx genericapirequest.Context, obj, old runtime.Object) field.ErrorList {
+	return validation.ValidateCertificateSigningRequestUpdate(obj.(*certificates.CertificateSigningRequest), old.(*certificates.CertificateSigningRequest))
+}
+
+// GetAttrs returns labels and fields of a given object for filtering purposes.
+func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) {
+	sa, ok := obj.(*certificates.CertificateSigningRequest)
+	if !ok {
+		return nil, nil, fmt.Errorf("not a CertificateSigningRequest")
+	}
+	return labels.Set(sa.Labels), SelectableFields(sa), nil
+}
+
+// Matcher returns a generic matcher for a given label and field selector.
+func Matcher(label labels.Selector, field fields.Selector) apistorage.SelectionPredicate {
+	return apistorage.SelectionPredicate{
+		Label:    label,
+		Field:    field,
+		GetAttrs: GetAttrs,
+	}
+}
+
+// SelectableFields returns a field set that can be used for filter selection
+func SelectableFields(obj *certificates.CertificateSigningRequest) fields.Set {
+	return generic.ObjectMetaFieldsSet(&obj.ObjectMeta, false)
+}
--- a/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy_test.go
+++ b/vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy_test.go
@ -0,0 +1,121 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package certificates
+
+import (
+	"reflect"
+	"testing"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/diff"
+	"k8s.io/apiserver/pkg/authentication/user"
+	genericapirequest "k8s.io/apiserver/pkg/request"
+	certapi "k8s.io/kubernetes/pkg/apis/certificates"
+)
+
+func TestStrategyCreate(t *testing.T) {
+	tests := map[string]struct {
+		ctx         genericapirequest.Context
+		obj         runtime.Object
+		expectedObj runtime.Object
+	}{
+		"no user in context, no user in obj": {
+			ctx: genericapirequest.NewContext(),
+			obj: &certapi.CertificateSigningRequest{},
+			expectedObj: &certapi.CertificateSigningRequest{
+				Status: certapi.CertificateSigningRequestStatus{Conditions: []certapi.CertificateSigningRequestCondition{}},
+			},
+		},
+		"user in context, no user in obj": {
+			ctx: genericapirequest.WithUser(
+				genericapirequest.NewContext(),
+				&user.DefaultInfo{
+					Name:   "bob",
+					UID:    "123",
+					Groups: []string{"group1"},
+					Extra:  map[string][]string{"foo": {"bar"}},
+				},
+			),
+			obj: &certapi.CertificateSigningRequest{},
+			expectedObj: &certapi.CertificateSigningRequest{
+				Spec: certapi.CertificateSigningRequestSpec{
+					Username: "bob",
+					UID:      "123",
+					Groups:   []string{"group1"},
+				},
+				Status: certapi.CertificateSigningRequestStatus{Conditions: []certapi.CertificateSigningRequestCondition{}},
+			},
+		},
+		"no user in context, user in obj": {
+			ctx: genericapirequest.NewContext(),
+			obj: &certapi.CertificateSigningRequest{
+				Spec: certapi.CertificateSigningRequestSpec{
+					Username: "bob",
+					UID:      "123",
+					Groups:   []string{"group1"},
+				},
+			},
+			expectedObj: &certapi.CertificateSigningRequest{
+				Status: certapi.CertificateSigningRequestStatus{Conditions: []certapi.CertificateSigningRequestCondition{}},
+			},
+		},
+		"user in context, user in obj": {
+			ctx: genericapirequest.WithUser(
+				genericapirequest.NewContext(),
+				&user.DefaultInfo{
+					Name: "alice",
+					UID:  "234",
+				},
+			),
+			obj: &certapi.CertificateSigningRequest{
+				Spec: certapi.CertificateSigningRequestSpec{
+					Username: "bob",
+					UID:      "123",
+					Groups:   []string{"group1"},
+				},
+			},
+			expectedObj: &certapi.CertificateSigningRequest{
+				Spec: certapi.CertificateSigningRequestSpec{
+					Username: "alice",
+					UID:      "234",
+					Groups:   nil,
+				},
+				Status: certapi.CertificateSigningRequestStatus{Conditions: []certapi.CertificateSigningRequestCondition{}},
+			},
+		},
+		"pre-approved status": {
+			ctx: genericapirequest.NewContext(),
+			obj: &certapi.CertificateSigningRequest{
+				Status: certapi.CertificateSigningRequestStatus{
+					Conditions: []certapi.CertificateSigningRequestCondition{
+						{Type: certapi.CertificateApproved},
+					},
+				},
+			},
+			expectedObj: &certapi.CertificateSigningRequest{
+				Status: certapi.CertificateSigningRequestStatus{Conditions: []certapi.CertificateSigningRequestCondition{}},
+			}},
+	}
+
+	for k, tc := range tests {
+		obj := tc.obj
+		Strategy.PrepareForCreate(tc.ctx, obj)
+		if !reflect.DeepEqual(obj, tc.expectedObj) {
+			t.Errorf("%s: object diff: %s", k, diff.ObjectDiff(obj, tc.expectedObj))
+		}
+	}
+}
--- a/vendor/k8s.io/kubernetes/pkg/registry/certificates/rest/BUILD
+++ b/vendor/k8s.io/kubernetes/pkg/registry/certificates/rest/BUILD
@ -0,0 +1,35 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["storage_certificates.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/apis/certificates:go_default_library",
+        "//pkg/apis/certificates/v1alpha1:go_default_library",
+        "//pkg/genericapiserver:go_default_library",
+        "//pkg/genericapiserver/api/rest:go_default_library",
+        "//pkg/registry/certificates/certificates/storage:go_default_library",
+        "//pkg/registry/generic:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)
--- a/vendor/k8s.io/kubernetes/pkg/registry/certificates/rest/storage_certificates.go
+++ b/vendor/k8s.io/kubernetes/pkg/registry/certificates/rest/storage_certificates.go
@ -0,0 +1,56 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package rest
+
+import (
+	"k8s.io/kubernetes/pkg/apis/certificates"
+	certificatesapiv1alpha1 "k8s.io/kubernetes/pkg/apis/certificates/v1alpha1"
+	"k8s.io/kubernetes/pkg/genericapiserver"
+	"k8s.io/kubernetes/pkg/genericapiserver/api/rest"
+	certificatestore "k8s.io/kubernetes/pkg/registry/certificates/certificates/storage"
+	"k8s.io/kubernetes/pkg/registry/generic"
+)
+
+type RESTStorageProvider struct{}
+
+func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource genericapiserver.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) (genericapiserver.APIGroupInfo, bool) {
+	apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(certificates.GroupName)
+
+	if apiResourceConfigSource.AnyResourcesForVersionEnabled(certificatesapiv1alpha1.SchemeGroupVersion) {
+		apiGroupInfo.VersionedResourcesStorageMap[certificatesapiv1alpha1.SchemeGroupVersion.Version] = p.v1alpha1Storage(apiResourceConfigSource, restOptionsGetter)
+		apiGroupInfo.GroupMeta.GroupVersion = certificatesapiv1alpha1.SchemeGroupVersion
+	}
+
+	return apiGroupInfo, true
+}
+
+func (p RESTStorageProvider) v1alpha1Storage(apiResourceConfigSource genericapiserver.APIResourceConfigSource, restOptionsGetter generic.RESTOptionsGetter) map[string]rest.Storage {
+	version := certificatesapiv1alpha1.SchemeGroupVersion
+
+	storage := map[string]rest.Storage{}
+	if apiResourceConfigSource.ResourceEnabled(version.WithResource("certificatesigningrequests")) {
+		csrStorage, csrStatusStorage, csrApprovalStorage := certificatestore.NewREST(restOptionsGetter)
+		storage["certificatesigningrequests"] = csrStorage
+		storage["certificatesigningrequests/status"] = csrStatusStorage
+		storage["certificatesigningrequests/approval"] = csrApprovalStorage
+	}
+	return storage
+}
+
+func (p RESTStorageProvider) GroupName() string {
+	return certificates.GroupName
+}