Fix Godeps.json to point to kubernetes-1.12.9 tags

Automated cherry pick of #77613 upstream release 1.12

Kubernetes-commit: df1282c3086f7103032f6d6a5eecaf7b2841d071

Godeps/Godeps.json

@@ -272,131 +272,131 @@
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1alpha1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta2",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta2",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v2alpha1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/certificates/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/coordination/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/core/v1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/events/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/extensions/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/imagepolicy/v1alpha1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/networking/v1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/policy/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1alpha1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1alpha1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/settings/v1alpha1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1alpha1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1beta1",
-			"Rev": "266ff08fa05d59ecd33aa08f9e2c1bae4ba7a444"
+			"Rev": "9ad12a4af32677db3ae70bef3371bf9b618eb3a0"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting",

discovery/cached_discovery.go

@@ -162,7 +162,7 @@ func (d *CachedDiscoveryClient) getCachedFile(filename string) ([]byte, error) {
 }
 
 func (d *CachedDiscoveryClient) writeCachedFile(filename string, obj runtime.Object) error {
-	if err := os.MkdirAll(filepath.Dir(filename), 0755); err != nil {
+	if err := os.MkdirAll(filepath.Dir(filename), 0750); err != nil {
 		return err
 	}
 
@@ -181,7 +181,7 @@ func (d *CachedDiscoveryClient) writeCachedFile(filename string, obj runtime.Obj
 		return err
 	}
 
-	err = os.Chmod(f.Name(), 0755)
+	err = os.Chmod(f.Name(), 0660)
 	if err != nil {
 		return err
 	}

discovery/cached_discovery_test.go

@@ -19,6 +19,7 @@ package discovery
 import (
 	"io/ioutil"
 	"os"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -95,6 +96,32 @@ func TestNewCachedDiscoveryClient_TTL(t *testing.T) {
 	assert.Equal(c.groupCalls, 2)
 }
 
+func TestNewCachedDiscoveryClient_PathPerm(t *testing.T) {
+	assert := assert.New(t)
+
+	d, err := ioutil.TempDir("", "")
+	assert.NoError(err)
+	os.RemoveAll(d)
+	defer os.RemoveAll(d)
+
+	c := fakeDiscoveryClient{}
+	cdc := newCachedDiscoveryClient(&c, d, 1*time.Nanosecond)
+	cdc.ServerGroups()
+
+	err = filepath.Walk(d, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			assert.Equal(os.FileMode(0750), info.Mode().Perm())
+		} else {
+			assert.Equal(os.FileMode(0660), info.Mode().Perm())
+		}
+		return nil
+	})
+	assert.NoError(err)
+}
+
 type fakeDiscoveryClient struct {
 	groupCalls    int
 	resourceCalls int

discovery/round_tripper.go

@@ -18,6 +18,7 @@ package discovery
 
 import (
 	"net/http"
+	"os"
 	"path/filepath"
 
 	"github.com/golang/glog"
@@ -35,6 +36,8 @@ type cacheRoundTripper struct {
 // corresponding requests.
 func newCacheRoundTripper(cacheDir string, rt http.RoundTripper) http.RoundTripper {
 	d := diskv.New(diskv.Options{
+		PathPerm: os.FileMode(0750),
+		FilePerm: os.FileMode(0660),
 		BasePath: cacheDir,
 		TempDir:  filepath.Join(cacheDir, ".diskv-temp"),
 	})

discovery/round_tripper_test.go

@@ -22,7 +22,10 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"path/filepath"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 // copied from k8s.io/client-go/transport/round_trippers_test.go
@@ -93,3 +96,52 @@ func TestCacheRoundTripper(t *testing.T) {
 		t.Errorf("Invalid content read from cache %q", string(content))
 	}
 }
+
+func TestCacheRoundTripperPathPerm(t *testing.T) {
+	assert := assert.New(t)
+
+	rt := &testRoundTripper{}
+	cacheDir, err := ioutil.TempDir("", "cache-rt")
+	os.RemoveAll(cacheDir)
+	defer os.RemoveAll(cacheDir)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+	cache := newCacheRoundTripper(cacheDir, rt)
+
+	// First call, caches the response
+	req := &http.Request{
+		Method: http.MethodGet,
+		URL:    &url.URL{Host: "localhost"},
+	}
+	rt.Response = &http.Response{
+		Header:     http.Header{"ETag": []string{`"123456"`}},
+		Body:       ioutil.NopCloser(bytes.NewReader([]byte("Content"))),
+		StatusCode: http.StatusOK,
+	}
+	resp, err := cache.RoundTrip(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	content, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(content) != "Content" {
+		t.Errorf(`Expected Body to be "Content", got %q`, string(content))
+	}
+
+	err = filepath.Walk(cacheDir, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			assert.Equal(os.FileMode(0750), info.Mode().Perm())
+		} else {
+			assert.Equal(os.FileMode(0660), info.Mode().Perm())
+		}
+		return nil
+	})
+	assert.NoError(err)
+}

rest/transport.go

@@ -74,9 +74,10 @@ func (c *Config) TransportConfig() (*transport.Config, error) {
 			KeyFile:    c.KeyFile,
 			KeyData:    c.KeyData,
 		},
-		Username:    c.Username,
-		Password:    c.Password,
-		BearerToken: c.BearerToken,
+		Username:        c.Username,
+		Password:        c.Password,
+		BearerToken:     c.BearerToken,
+		BearerTokenFile: c.BearerTokenFile,
 		Impersonate: transport.ImpersonationConfig{
 			UserName: c.Impersonate.UserName,
 			Groups:   c.Impersonate.Groups,

tools/clientcmd/client_config.go

@@ -228,6 +228,7 @@ func (config *DirectClientConfig) getUserIdentificationPartialConfig(configAuthI
 	// blindly overwrite existing values based on precedence
 	if len(configAuthInfo.Token) > 0 {
 		mergedConfig.BearerToken = configAuthInfo.Token
+		mergedConfig.BearerTokenFile = configAuthInfo.TokenFile
 	} else if len(configAuthInfo.TokenFile) > 0 {
 		tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile)
 		if err != nil {
@@ -499,8 +500,9 @@ func (config *inClusterClientConfig) ClientConfig() (*restclient.Config, error)
 		if server := config.overrides.ClusterInfo.Server; len(server) > 0 {
 			icc.Host = server
 		}
-		if token := config.overrides.AuthInfo.Token; len(token) > 0 {
-			icc.BearerToken = token
+		if len(config.overrides.AuthInfo.Token) > 0 || len(config.overrides.AuthInfo.TokenFile) > 0 {
+			icc.BearerToken = config.overrides.AuthInfo.Token
+			icc.BearerTokenFile = config.overrides.AuthInfo.TokenFile
 		}
 		if certificateAuthorityFile := config.overrides.ClusterInfo.CertificateAuthority; len(certificateAuthorityFile) > 0 {
 			icc.TLSClientConfig.CAFile = certificateAuthorityFile

tools/clientcmd/client_config_test.go

@@ -547,6 +547,30 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 				},
 			},
 		},
+		{
+			overrides: &ConfigOverrides{
+				ClusterInfo: clientcmdapi.Cluster{
+					Server:               "https://host-from-overrides.com",
+					CertificateAuthority: "/path/to/ca-from-overrides.crt",
+				},
+				AuthInfo: clientcmdapi.AuthInfo{
+					Token:     "token-from-override",
+					TokenFile: "tokenfile-from-override",
+				},
+			},
+		},
+		{
+			overrides: &ConfigOverrides{
+				ClusterInfo: clientcmdapi.Cluster{
+					Server:               "https://host-from-overrides.com",
+					CertificateAuthority: "/path/to/ca-from-overrides.crt",
+				},
+				AuthInfo: clientcmdapi.AuthInfo{
+					Token:     "",
+					TokenFile: "tokenfile-from-override",
+				},
+			},
+		},
 		{
 			overrides: &ConfigOverrides{},
 		},
@@ -555,13 +579,15 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 	for _, tc := range tt {
 		expectedServer := "https://host-from-cluster.com"
 		expectedToken := "token-from-cluster"
+		expectedTokenFile := "tokenfile-from-cluster"
 		expectedCAFile := "/path/to/ca-from-cluster.crt"
 
 		icc := &inClusterClientConfig{
 			inClusterConfigProvider: func() (*restclient.Config, error) {
 				return &restclient.Config{
-					Host:        expectedServer,
-					BearerToken: expectedToken,
+					Host:            expectedServer,
+					BearerToken:     expectedToken,
+					BearerTokenFile: expectedTokenFile,
 					TLSClientConfig: restclient.TLSClientConfig{
 						CAFile: expectedCAFile,
 					},
@@ -578,8 +604,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 		if overridenServer := tc.overrides.ClusterInfo.Server; len(overridenServer) > 0 {
 			expectedServer = overridenServer
 		}
-		if overridenToken := tc.overrides.AuthInfo.Token; len(overridenToken) > 0 {
-			expectedToken = overridenToken
+		if len(tc.overrides.AuthInfo.Token) > 0 || len(tc.overrides.AuthInfo.TokenFile) > 0 {
+			expectedToken = tc.overrides.AuthInfo.Token
+			expectedTokenFile = tc.overrides.AuthInfo.TokenFile
 		}
 		if overridenCAFile := tc.overrides.ClusterInfo.CertificateAuthority; len(overridenCAFile) > 0 {
 			expectedCAFile = overridenCAFile
@@ -591,6 +618,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 		if clientConfig.BearerToken != expectedToken {
 			t.Errorf("Expected token %v, got %v", expectedToken, clientConfig.BearerToken)
 		}
+		if clientConfig.BearerTokenFile != expectedTokenFile {
+			t.Errorf("Expected tokenfile %v, got %v", expectedTokenFile, clientConfig.BearerTokenFile)
+		}
 		if clientConfig.TLSClientConfig.CAFile != expectedCAFile {
 			t.Errorf("Expected Certificate Authority %v, got %v", expectedCAFile, clientConfig.TLSClientConfig.CAFile)
 		}