Fix Godeps.json to point to kubernetes-1.14.5-beta.0 tags

Automated cherry pick of #77874: fix CVE-2019-11244: `kubectl --http-cache=<world-accessible

Kubernetes-commit: 4ccdc8b71b2790b2853b3ac43cdda623f8b22b12

Godeps/Godeps.json

@@ -272,355 +272,355 @@
 		},
 		{
 			"ImportPath": "k8s.io/api/admissionregistration/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/apps/v1beta2",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/auditregistration/v1alpha1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/authentication/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/authorization/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/autoscaling/v2beta2",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/batch/v2alpha1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/certificates/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/coordination/v1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/coordination/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/core/v1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/events/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/extensions/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/imagepolicy/v1alpha1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/networking/v1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/networking/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/node/v1alpha1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/node/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/policy/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1alpha1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/rbac/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1alpha1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/scheduling/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/settings/v1alpha1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1alpha1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/api/storage/v1beta1",
-			"Rev": "40a48860b5abbba9aa891b02b32da429b08d96a0"
+			"Rev": "cf9bb7d578e10014235ed91d26db99e63e8cc838"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting/fuzzer",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/apitesting/roundtrip",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/equality",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/errors",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/meta",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/api/resource",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/fuzzer",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/internalversion",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/apis/meta/v1beta1",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/conversion/queryparams",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/fields",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/labels",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/schema",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/json",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/protobuf",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/recognizer",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/streaming",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/runtime/serializer/versioning",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/selection",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/types",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/cache",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/clock",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/diff",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/errors",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/framer",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/httpstream/spdy",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/intstr",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/json",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/mergepatch",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/naming",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/net",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/remotecommand",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/runtime",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/sets",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/strategicpatch",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/validation/field",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/wait",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/util/yaml",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/version",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/pkg/watch",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/json",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/netutil",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/apimachinery/third_party/forked/golang/reflect",
-			"Rev": "d7deff9243b165ee192f5551710ea4285dcfd615"
+			"Rev": "6a84e37a896db9780c75367af8d2ed2bb944022e"
 		},
 		{
 			"ImportPath": "k8s.io/klog",

discovery/cached/disk/cached_discovery.go

@@ -172,7 +172,7 @@ func (d *CachedDiscoveryClient) getCachedFile(filename string) ([]byte, error) {
 }
 
 func (d *CachedDiscoveryClient) writeCachedFile(filename string, obj runtime.Object) error {
-	if err := os.MkdirAll(filepath.Dir(filename), 0755); err != nil {
+	if err := os.MkdirAll(filepath.Dir(filename), 0750); err != nil {
 		return err
 	}
 
@@ -191,7 +191,7 @@ func (d *CachedDiscoveryClient) writeCachedFile(filename string, obj runtime.Obj
 		return err
 	}
 
-	err = os.Chmod(f.Name(), 0755)
+	err = os.Chmod(f.Name(), 0660)
 	if err != nil {
 		return err
 	}

discovery/cached/disk/cached_discovery_test.go

@@ -19,6 +19,7 @@ package disk
 import (
 	"io/ioutil"
 	"os"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -96,6 +97,32 @@ func TestNewCachedDiscoveryClient_TTL(t *testing.T) {
 	assert.Equal(c.groupCalls, 2)
 }
 
+func TestNewCachedDiscoveryClient_PathPerm(t *testing.T) {
+	assert := assert.New(t)
+
+	d, err := ioutil.TempDir("", "")
+	assert.NoError(err)
+	os.RemoveAll(d)
+	defer os.RemoveAll(d)
+
+	c := fakeDiscoveryClient{}
+	cdc := newCachedDiscoveryClient(&c, d, 1*time.Nanosecond)
+	cdc.ServerGroups()
+
+	err = filepath.Walk(d, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			assert.Equal(os.FileMode(0750), info.Mode().Perm())
+		} else {
+			assert.Equal(os.FileMode(0660), info.Mode().Perm())
+		}
+		return nil
+	})
+	assert.NoError(err)
+}
+
 type fakeDiscoveryClient struct {
 	groupCalls    int
 	resourceCalls int

discovery/cached/disk/round_tripper.go

@@ -18,6 +18,7 @@ package disk
 
 import (
 	"net/http"
+	"os"
 	"path/filepath"
 
 	"github.com/gregjones/httpcache"
@@ -35,6 +36,8 @@ type cacheRoundTripper struct {
 // corresponding requests.
 func newCacheRoundTripper(cacheDir string, rt http.RoundTripper) http.RoundTripper {
 	d := diskv.New(diskv.Options{
+		PathPerm: os.FileMode(0750),
+		FilePerm: os.FileMode(0660),
 		BasePath: cacheDir,
 		TempDir:  filepath.Join(cacheDir, ".diskv-temp"),
 	})

discovery/cached/disk/round_tripper_test.go

@@ -22,7 +22,10 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"path/filepath"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 // copied from k8s.io/client-go/transport/round_trippers_test.go
@@ -93,3 +96,52 @@ func TestCacheRoundTripper(t *testing.T) {
 		t.Errorf("Invalid content read from cache %q", string(content))
 	}
 }
+
+func TestCacheRoundTripperPathPerm(t *testing.T) {
+	assert := assert.New(t)
+
+	rt := &testRoundTripper{}
+	cacheDir, err := ioutil.TempDir("", "cache-rt")
+	os.RemoveAll(cacheDir)
+	defer os.RemoveAll(cacheDir)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+	cache := newCacheRoundTripper(cacheDir, rt)
+
+	// First call, caches the response
+	req := &http.Request{
+		Method: http.MethodGet,
+		URL:    &url.URL{Host: "localhost"},
+	}
+	rt.Response = &http.Response{
+		Header:     http.Header{"ETag": []string{`"123456"`}},
+		Body:       ioutil.NopCloser(bytes.NewReader([]byte("Content"))),
+		StatusCode: http.StatusOK,
+	}
+	resp, err := cache.RoundTrip(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+	content, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(content) != "Content" {
+		t.Errorf(`Expected Body to be "Content", got %q`, string(content))
+	}
+
+	err = filepath.Walk(cacheDir, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			assert.Equal(os.FileMode(0750), info.Mode().Perm())
+		} else {
+			assert.Equal(os.FileMode(0660), info.Mode().Perm())
+		}
+		return nil
+	})
+	assert.NoError(err)
+}

dynamic/simple.go

@@ -17,6 +17,7 @@ limitations under the License.
 package dynamic
 
 import (
+	"fmt"
 	"io"
 
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -94,6 +95,9 @@ func (c *dynamicResourceClient) Create(obj *unstructured.Unstructured, opts meta
 			return nil, err
 		}
 		name = accessor.GetName()
+		if len(name) == 0 {
+			return nil, fmt.Errorf("name is required")
+		}
 	}
 
 	result := c.client.client.
@@ -122,6 +126,10 @@ func (c *dynamicResourceClient) Update(obj *unstructured.Unstructured, opts meta
 	if err != nil {
 		return nil, err
 	}
+	name := accessor.GetName()
+	if len(name) == 0 {
+		return nil, fmt.Errorf("name is required")
+	}
 	outBytes, err := runtime.Encode(unstructured.UnstructuredJSONScheme, obj)
 	if err != nil {
 		return nil, err
@@ -129,7 +137,7 @@ func (c *dynamicResourceClient) Update(obj *unstructured.Unstructured, opts meta
 
 	result := c.client.client.
 		Put().
-		AbsPath(append(c.makeURLSegments(accessor.GetName()), subresources...)...).
+		AbsPath(append(c.makeURLSegments(name), subresources...)...).
 		Body(outBytes).
 		SpecificallyVersionedParams(&opts, dynamicParameterCodec, versionV1).
 		Do()
@@ -153,6 +161,10 @@ func (c *dynamicResourceClient) UpdateStatus(obj *unstructured.Unstructured, opt
 	if err != nil {
 		return nil, err
 	}
+	name := accessor.GetName()
+	if len(name) == 0 {
+		return nil, fmt.Errorf("name is required")
+	}
 
 	outBytes, err := runtime.Encode(unstructured.UnstructuredJSONScheme, obj)
 	if err != nil {
@@ -161,7 +173,7 @@ func (c *dynamicResourceClient) UpdateStatus(obj *unstructured.Unstructured, opt
 
 	result := c.client.client.
 		Put().
-		AbsPath(append(c.makeURLSegments(accessor.GetName()), "status")...).
+		AbsPath(append(c.makeURLSegments(name), "status")...).
 		Body(outBytes).
 		SpecificallyVersionedParams(&opts, dynamicParameterCodec, versionV1).
 		Do()
@@ -181,6 +193,9 @@ func (c *dynamicResourceClient) UpdateStatus(obj *unstructured.Unstructured, opt
 }
 
 func (c *dynamicResourceClient) Delete(name string, opts *metav1.DeleteOptions, subresources ...string) error {
+	if len(name) == 0 {
+		return fmt.Errorf("name is required")
+	}
 	if opts == nil {
 		opts = &metav1.DeleteOptions{}
 	}
@@ -216,6 +231,9 @@ func (c *dynamicResourceClient) DeleteCollection(opts *metav1.DeleteOptions, lis
 }
 
 func (c *dynamicResourceClient) Get(name string, opts metav1.GetOptions, subresources ...string) (*unstructured.Unstructured, error) {
+	if len(name) == 0 {
+		return nil, fmt.Errorf("name is required")
+	}
 	result := c.client.client.Get().AbsPath(append(c.makeURLSegments(name), subresources...)...).SpecificallyVersionedParams(&opts, dynamicParameterCodec, versionV1).Do()
 	if err := result.Error(); err != nil {
 		return nil, err
@@ -284,6 +302,9 @@ func (c *dynamicResourceClient) Watch(opts metav1.ListOptions) (watch.Interface,
 }
 
 func (c *dynamicResourceClient) Patch(name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (*unstructured.Unstructured, error) {
+	if len(name) == 0 {
+		return nil, fmt.Errorf("name is required")
+	}
 	result := c.client.client.
 		Patch(pt).
 		AbsPath(append(c.makeURLSegments(name), subresources...)...).

rest/transport.go

@@ -74,9 +74,10 @@ func (c *Config) TransportConfig() (*transport.Config, error) {
 			KeyFile:    c.KeyFile,
 			KeyData:    c.KeyData,
 		},
-		Username:    c.Username,
-		Password:    c.Password,
-		BearerToken: c.BearerToken,
+		Username:        c.Username,
+		Password:        c.Password,
+		BearerToken:     c.BearerToken,
+		BearerTokenFile: c.BearerTokenFile,
 		Impersonate: transport.ImpersonationConfig{
 			UserName: c.Impersonate.UserName,
 			Groups:   c.Impersonate.Groups,

tools/clientcmd/client_config.go

@@ -228,6 +228,7 @@ func (config *DirectClientConfig) getUserIdentificationPartialConfig(configAuthI
 	// blindly overwrite existing values based on precedence
 	if len(configAuthInfo.Token) > 0 {
 		mergedConfig.BearerToken = configAuthInfo.Token
+		mergedConfig.BearerTokenFile = configAuthInfo.TokenFile
 	} else if len(configAuthInfo.TokenFile) > 0 {
 		tokenBytes, err := ioutil.ReadFile(configAuthInfo.TokenFile)
 		if err != nil {
@@ -499,8 +500,9 @@ func (config *inClusterClientConfig) ClientConfig() (*restclient.Config, error)
 		if server := config.overrides.ClusterInfo.Server; len(server) > 0 {
 			icc.Host = server
 		}
-		if token := config.overrides.AuthInfo.Token; len(token) > 0 {
-			icc.BearerToken = token
+		if len(config.overrides.AuthInfo.Token) > 0 || len(config.overrides.AuthInfo.TokenFile) > 0 {
+			icc.BearerToken = config.overrides.AuthInfo.Token
+			icc.BearerTokenFile = config.overrides.AuthInfo.TokenFile
 		}
 		if certificateAuthorityFile := config.overrides.ClusterInfo.CertificateAuthority; len(certificateAuthorityFile) > 0 {
 			icc.TLSClientConfig.CAFile = certificateAuthorityFile

tools/clientcmd/client_config_test.go

@@ -548,6 +548,30 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 				},
 			},
 		},
+		{
+			overrides: &ConfigOverrides{
+				ClusterInfo: clientcmdapi.Cluster{
+					Server:               "https://host-from-overrides.com",
+					CertificateAuthority: "/path/to/ca-from-overrides.crt",
+				},
+				AuthInfo: clientcmdapi.AuthInfo{
+					Token:     "token-from-override",
+					TokenFile: "tokenfile-from-override",
+				},
+			},
+		},
+		{
+			overrides: &ConfigOverrides{
+				ClusterInfo: clientcmdapi.Cluster{
+					Server:               "https://host-from-overrides.com",
+					CertificateAuthority: "/path/to/ca-from-overrides.crt",
+				},
+				AuthInfo: clientcmdapi.AuthInfo{
+					Token:     "",
+					TokenFile: "tokenfile-from-override",
+				},
+			},
+		},
 		{
 			overrides: &ConfigOverrides{},
 		},
@@ -556,13 +580,15 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 	for _, tc := range tt {
 		expectedServer := "https://host-from-cluster.com"
 		expectedToken := "token-from-cluster"
+		expectedTokenFile := "tokenfile-from-cluster"
 		expectedCAFile := "/path/to/ca-from-cluster.crt"
 
 		icc := &inClusterClientConfig{
 			inClusterConfigProvider: func() (*restclient.Config, error) {
 				return &restclient.Config{
-					Host:        expectedServer,
-					BearerToken: expectedToken,
+					Host:            expectedServer,
+					BearerToken:     expectedToken,
+					BearerTokenFile: expectedTokenFile,
 					TLSClientConfig: restclient.TLSClientConfig{
 						CAFile: expectedCAFile,
 					},
@@ -579,8 +605,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 		if overridenServer := tc.overrides.ClusterInfo.Server; len(overridenServer) > 0 {
 			expectedServer = overridenServer
 		}
-		if overridenToken := tc.overrides.AuthInfo.Token; len(overridenToken) > 0 {
-			expectedToken = overridenToken
+		if len(tc.overrides.AuthInfo.Token) > 0 || len(tc.overrides.AuthInfo.TokenFile) > 0 {
+			expectedToken = tc.overrides.AuthInfo.Token
+			expectedTokenFile = tc.overrides.AuthInfo.TokenFile
 		}
 		if overridenCAFile := tc.overrides.ClusterInfo.CertificateAuthority; len(overridenCAFile) > 0 {
 			expectedCAFile = overridenCAFile
@@ -592,6 +619,9 @@ func TestInClusterClientConfigPrecedence(t *testing.T) {
 		if clientConfig.BearerToken != expectedToken {
 			t.Errorf("Expected token %v, got %v", expectedToken, clientConfig.BearerToken)
 		}
+		if clientConfig.BearerTokenFile != expectedTokenFile {
+			t.Errorf("Expected tokenfile %v, got %v", expectedTokenFile, clientConfig.BearerTokenFile)
+		}
 		if clientConfig.TLSClientConfig.CAFile != expectedCAFile {
 			t.Errorf("Expected Certificate Authority %v, got %v", expectedCAFile, clientConfig.TLSClientConfig.CAFile)
 		}