genericapiserver: move authn plugins into k8s.io/apiserver

pkg/genericapiserver/authenticator/delegating.go

@@ -31,10 +31,9 @@ import (
 	unionauth "k8s.io/apiserver/pkg/authentication/request/union"
 	"k8s.io/apiserver/pkg/authentication/request/x509"
 	"k8s.io/apiserver/pkg/authentication/user"
+	webhooktoken "k8s.io/apiserver/plugin/pkg/authenticator/token/webhook"
 	authenticationclient "k8s.io/client-go/kubernetes/typed/authentication/v1beta1"
-
 	"k8s.io/client-go/util/cert"
-	webhooktoken "k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/webhook"
 )
 
 // DelegatingAuthenticatorConfig is the minimal configuration needed to create an authenticator

pkg/kubeapiserver/authenticator/config.go

@@ -30,15 +30,15 @@ import (
 	"k8s.io/apiserver/pkg/authentication/request/x509"
 	"k8s.io/apiserver/pkg/authentication/token/tokenfile"
 	"k8s.io/apiserver/pkg/authentication/user"
+	"k8s.io/apiserver/plugin/pkg/authenticator/password/keystone"
+	"k8s.io/apiserver/plugin/pkg/authenticator/password/passwordfile"
+	"k8s.io/apiserver/plugin/pkg/authenticator/request/basicauth"
+	"k8s.io/apiserver/plugin/pkg/authenticator/token/anytoken"
+	"k8s.io/apiserver/plugin/pkg/authenticator/token/oidc"
+	"k8s.io/apiserver/plugin/pkg/authenticator/token/webhook"
 	certutil "k8s.io/client-go/util/cert"
 	genericauthenticator "k8s.io/kubernetes/pkg/genericapiserver/authenticator"
 	"k8s.io/kubernetes/pkg/serviceaccount"
-	"k8s.io/kubernetes/plugin/pkg/auth/authenticator/password/keystone"
-	"k8s.io/kubernetes/plugin/pkg/auth/authenticator/password/passwordfile"
-	"k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/basicauth"
-	"k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/anytoken"
-	"k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc"
-	"k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/webhook"
 
 	// Initialize all known client auth plugins.
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"

staging/src/k8s.io/apiserver/plugin/pkg/authenticator/doc.go

@@ -15,4 +15,4 @@ limitations under the License.
 */
 
 // Package authenticator contains implementations for pkg/auth/authenticator interfaces
-package authenticator // import "k8s.io/kubernetes/plugin/pkg/auth/authenticator"
+package authenticator // import "k8s.io/apiserver/plugin/pkg/authenticator"

staging/src/k8s.io/apiserver/plugin/pkg/authenticator/password/doc.go

@@ -15,4 +15,4 @@ limitations under the License.
 */
 
 // Package password contains authenticator.Password implementations
-package password // import "k8s.io/kubernetes/plugin/pkg/auth/authenticator/password"
+package password // import "k8s.io/apiserver/plugin/pkg/authenticator/password"

staging/src/k8s.io/apiserver/plugin/pkg/authenticator/password/keystone/doc.go

@@ -17,4 +17,4 @@ limitations under the License.
 // Package keystone provides authentication via keystone.
 // For details about keystone and how to use the plugin, refer to
 // https://github.com/kubernetes/kubernetes.github.io/blob/master/docs/admin/authentication.md
-package keystone // import "k8s.io/kubernetes/plugin/pkg/auth/authenticator/password/keystone"
+package keystone // import "k8s.io/apiserver/plugin/pkg/authenticator/password/keystone"

staging/src/k8s.io/apiserver/plugin/pkg/authenticator/password/keystone/keystone.go

@@ -25,6 +25,7 @@ import (
 	"github.com/golang/glog"
 	"github.com/rackspace/gophercloud"
 	"github.com/rackspace/gophercloud/openstack"
+
 	netutil "k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/apiserver/pkg/authentication/user"
 	certutil "k8s.io/client-go/util/cert"

staging/src/k8s.io/apiserver/plugin/pkg/authenticator/password/passwordfile/passwordfile.go

@@ -24,6 +24,7 @@ import (
 	"strings"
 
 	"github.com/golang/glog"
+
 	"k8s.io/apiserver/pkg/authentication/user"
 )
 

staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc_test.go

@@ -30,7 +30,7 @@ import (
 	"github.com/coreos/go-oidc/oidc"
 
 	"k8s.io/apiserver/pkg/authentication/user"
-	oidctesting "k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc/testing"
+	oidctesting "k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/testing"
 )
 
 func generateToken(t *testing.T, op *oidctesting.OIDCProvider, iss, sub, aud string, usernameClaim, value, groupsClaim string, groups interface{}, iat, exp time.Time, emailVerified bool) string {

staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go

@@ -24,13 +24,11 @@ import (
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/apiserver/pkg/util/cache"
+	"k8s.io/apiserver/pkg/util/webhook"
 	authenticationclient "k8s.io/client-go/kubernetes/typed/authentication/v1beta1"
 	authentication "k8s.io/client-go/pkg/apis/authentication/v1beta1"
 
-	"k8s.io/apiserver/pkg/util/webhook"
-
 	_ "k8s.io/client-go/pkg/apis/authentication/install"
-	_ "k8s.io/kubernetes/pkg/apis/authentication/install"
 )
 
 var (

staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook_test.go

@@ -32,8 +32,8 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apiserver/pkg/authentication/user"
+	"k8s.io/client-go/pkg/apis/authentication/v1beta1"
 	"k8s.io/client-go/tools/clientcmd/api/v1"
-	"k8s.io/kubernetes/pkg/apis/authentication/v1beta1"
 )
 
 // Service mocks a remote authentication service.

test/integration/auth/auth_test.go

@@ -43,6 +43,8 @@ import (
 	"k8s.io/apiserver/pkg/authentication/serviceaccount"
 	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/apiserver/pkg/authorization/authorizer"
+	"k8s.io/apiserver/plugin/pkg/authenticator/token/tokentest"
+	"k8s.io/apiserver/plugin/pkg/authenticator/token/webhook"
 	"k8s.io/client-go/tools/clientcmd/api/v1"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/api/testapi"
@@ -52,8 +54,6 @@ import (
 	"k8s.io/kubernetes/pkg/auth/authorizer/abac"
 	apiserverauthorizer "k8s.io/kubernetes/pkg/genericapiserver/authorizer"
 	"k8s.io/kubernetes/plugin/pkg/admission/admit"
-	"k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/tokentest"
-	"k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/webhook"
 	"k8s.io/kubernetes/test/integration"
 	"k8s.io/kubernetes/test/integration/framework"
 )

test/integration/auth/rbac_test.go

@@ -36,6 +36,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/request/bearertoken"
 	"k8s.io/apiserver/pkg/authorization/authorizer"
+	"k8s.io/apiserver/plugin/pkg/authenticator/token/anytoken"
 	restclient "k8s.io/client-go/rest"
 	"k8s.io/client-go/transport"
 	"k8s.io/kubernetes/pkg/api"
@@ -52,7 +53,6 @@ import (
 	rolestore "k8s.io/kubernetes/pkg/registry/rbac/role/storage"
 	"k8s.io/kubernetes/pkg/registry/rbac/rolebinding"
 	rolebindingstore "k8s.io/kubernetes/pkg/registry/rbac/rolebinding/storage"
-	"k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/anytoken"
 	"k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac"
 	"k8s.io/kubernetes/test/integration/framework"
 )

test/test_owners.csv

@@ -513,6 +513,17 @@ Volumes GlusterFS should be mountable,eparis,1
 Volumes NFS should be mountable,rrati,0
 Volumes PD should be mountable,caesarxuchao,1
 Volumes iSCSI should be mountable,jsafrane,1
+k8s.io/apiserver/plugin/pkg/authenticator/password/allow,liggitt,0
+k8s.io/apiserver/plugin/pkg/authenticator/password/passwordfile,liggitt,0
+k8s.io/apiserver/plugin/pkg/authenticator/request/anonymous,justinsb,1
+k8s.io/apiserver/plugin/pkg/authenticator/request/basicauth,liggitt,0
+k8s.io/apiserver/plugin/pkg/authenticator/request/headerrequest,deads2k,0
+k8s.io/apiserver/plugin/pkg/authenticator/request/union,liggitt,0
+k8s.io/apiserver/plugin/pkg/authenticator/request/x509,liggitt,0
+k8s.io/apiserver/plugin/pkg/authenticator/token/anytoken,krousey,1
+k8s.io/apiserver/plugin/pkg/authenticator/token/oidc,brendandburns,1
+k8s.io/apiserver/plugin/pkg/authenticator/token/tokenfile,liggitt,0
+k8s.io/apiserver/plugin/pkg/authenticator/token/webhook,rrati,0
 k8s.io/kubernetes/cmd/genutils,rmmh,1
 k8s.io/kubernetes/cmd/hyperkube,jbeda,0
 k8s.io/kubernetes/cmd/kube-aggregator/pkg/apiserver,brendandburns,0
@@ -943,17 +954,6 @@ k8s.io/kubernetes/plugin/pkg/admission/security/podsecuritypolicy,maisem,1
 k8s.io/kubernetes/plugin/pkg/admission/securitycontext/scdeny,rrati,0
 k8s.io/kubernetes/plugin/pkg/admission/serviceaccount,liggitt,0
 k8s.io/kubernetes/plugin/pkg/admission/storageclass/default,pmorie,1
-k8s.io/kubernetes/plugin/pkg/auth/authenticator/password/allow,liggitt,0
-k8s.io/kubernetes/plugin/pkg/auth/authenticator/password/passwordfile,liggitt,0
-k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/anonymous,justinsb,1
-k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/basicauth,liggitt,0
-k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/headerrequest,deads2k,0
-k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/union,liggitt,0
-k8s.io/kubernetes/plugin/pkg/auth/authenticator/request/x509,liggitt,0
-k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/anytoken,krousey,1
-k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/oidc,brendandburns,1
-k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/tokenfile,liggitt,0
-k8s.io/kubernetes/plugin/pkg/auth/authenticator/token/webhook,rrati,0
 k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac,rrati,0
 k8s.io/kubernetes/plugin/pkg/auth/authorizer/rbac/bootstrappolicy,mml,1
 k8s.io/kubernetes/plugin/pkg/auth/authorizer/webhook,rrati,0