Merge pull request #79038 from yastij/move-jws

move jws to k8s.io/cluster-bootstrap

cmd/kubeadm/app/discovery/token/BUILD

@@ -16,7 +16,6 @@ go_library(
         "//cmd/kubeadm/app/constants:go_default_library",
         "//cmd/kubeadm/app/util/kubeconfig:go_default_library",
         "//cmd/kubeadm/app/util/pubkeypin:go_default_library",
-        "//pkg/controller/bootstrap:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
@@ -24,6 +23,7 @@ go_library(
         "//staging/src/k8s.io/client-go/tools/clientcmd/api:go_default_library",
         "//staging/src/k8s.io/client-go/util/cert:go_default_library",
         "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library",
+        "//staging/src/k8s.io/cluster-bootstrap/token/jws:go_default_library",
         "//vendor/github.com/pkg/errors:go_default_library",
         "//vendor/k8s.io/klog:go_default_library",
     ],

cmd/kubeadm/app/discovery/token/token.go

@@ -31,13 +31,13 @@ import (
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	certutil "k8s.io/client-go/util/cert"
 	bootstrapapi "k8s.io/cluster-bootstrap/token/api"
+	bootstrap "k8s.io/cluster-bootstrap/token/jws"
 	"k8s.io/klog"
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmapiv1beta2 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2"
 	"k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	kubeconfigutil "k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig"
 	"k8s.io/kubernetes/cmd/kubeadm/app/util/pubkeypin"
-	"k8s.io/kubernetes/pkg/controller/bootstrap"
 )
 
 // BootstrapUser defines bootstrap user name

cmd/kubeadm/app/util/BUILD

@@ -1,10 +1,4 @@
-package(default_visibility = ["//visibility:public"])
-
-load(
-    "@io_bazel_rules_go//go:def.bzl",
-    "go_library",
-    "go_test",
-)
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
     name = "go_default_library",
@@ -21,6 +15,7 @@ go_library(
         "version.go",
     ],
     importpath = "k8s.io/kubernetes/cmd/kubeadm/app/util",
+    visibility = ["//visibility:public"],
     deps = [
         "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
         "//cmd/kubeadm/app/constants:go_default_library",
@@ -93,4 +88,5 @@ filegroup(
         "//cmd/kubeadm/app/util/system:all-srcs",
     ],
     tags = ["automanaged"],
+    visibility = ["//visibility:public"],
 )

pkg/controller/bootstrap/BUILD

@@ -1,9 +1,35 @@
-package(default_visibility = ["//visibility:public"])
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
-load(
-    "@io_bazel_rules_go//go:def.bzl",
-    "go_library",
-    "go_test",
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "bootstrapsigner.go",
+        "doc.go",
+        "tokencleaner.go",
+        "util.go",
+    ],
+    importpath = "k8s.io/kubernetes/pkg/controller/bootstrap",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//pkg/apis/core:go_default_library",
+        "//pkg/controller:go_default_library",
+        "//pkg/util/metrics:go_default_library",
+        "//staging/src/k8s.io/api/core/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
+        "//staging/src/k8s.io/client-go/informers/core/v1:go_default_library",
+        "//staging/src/k8s.io/client-go/kubernetes:go_default_library",
+        "//staging/src/k8s.io/client-go/listers/core/v1:go_default_library",
+        "//staging/src/k8s.io/client-go/tools/cache:go_default_library",
+        "//staging/src/k8s.io/client-go/util/workqueue:go_default_library",
+        "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library",
+        "//staging/src/k8s.io/cluster-bootstrap/token/jws:go_default_library",
+        "//staging/src/k8s.io/cluster-bootstrap/util/secrets:go_default_library",
+        "//vendor/k8s.io/klog:go_default_library",
+    ],
 )
 
 go_test(
@@ -11,7 +37,6 @@ go_test(
     srcs = [
         "bootstrapsigner_test.go",
         "common_test.go",
-        "jws_test.go",
         "tokencleaner_test.go",
         "util_test.go",
     ],
@@ -29,39 +54,6 @@ go_test(
         "//staging/src/k8s.io/client-go/testing:go_default_library",
         "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library",
         "//vendor/github.com/davecgh/go-spew/spew:go_default_library",
-        "//vendor/github.com/stretchr/testify/assert:go_default_library",
-    ],
-)
-
-go_library(
-    name = "go_default_library",
-    srcs = [
-        "bootstrapsigner.go",
-        "doc.go",
-        "jws.go",
-        "tokencleaner.go",
-        "util.go",
-    ],
-    importpath = "k8s.io/kubernetes/pkg/controller/bootstrap",
-    deps = [
-        "//pkg/apis/core:go_default_library",
-        "//pkg/controller:go_default_library",
-        "//pkg/util/metrics:go_default_library",
-        "//staging/src/k8s.io/api/core/v1:go_default_library",
-        "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
-        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
-        "//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library",
-        "//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
-        "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
-        "//staging/src/k8s.io/client-go/informers/core/v1:go_default_library",
-        "//staging/src/k8s.io/client-go/kubernetes:go_default_library",
-        "//staging/src/k8s.io/client-go/listers/core/v1:go_default_library",
-        "//staging/src/k8s.io/client-go/tools/cache:go_default_library",
-        "//staging/src/k8s.io/client-go/util/workqueue:go_default_library",
-        "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library",
-        "//staging/src/k8s.io/cluster-bootstrap/util/secrets:go_default_library",
-        "//vendor/gopkg.in/square/go-jose.v2:go_default_library",
-        "//vendor/k8s.io/klog:go_default_library",
     ],
 )
 
@@ -76,4 +68,5 @@ filegroup(
     name = "all-srcs",
     srcs = [":package-srcs"],
     tags = ["automanaged"],
+    visibility = ["//visibility:public"],
 )

pkg/controller/bootstrap/bootstrapsigner.go

@@ -23,7 +23,8 @@ import (
 	"k8s.io/klog"
 
 	"fmt"
-	"k8s.io/api/core/v1"
+
+	v1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/labels"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -34,6 +35,7 @@ import (
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/util/workqueue"
 	bootstrapapi "k8s.io/cluster-bootstrap/token/api"
+	jws "k8s.io/cluster-bootstrap/token/jws"
 	api "k8s.io/kubernetes/pkg/apis/core"
 	"k8s.io/kubernetes/pkg/controller"
 	"k8s.io/kubernetes/pkg/util/metrics"
@@ -214,7 +216,7 @@ func (e *Signer) signConfigMap() {
 	// Now recompute signatures and store them on the new map
 	tokens := e.getTokens()
 	for tokenID, tokenValue := range tokens {
-		sig, err := computeDetachedSig(content, tokenID, tokenValue)
+		sig, err := jws.ComputeDetachedSignature(content, tokenID, tokenValue)
 		if err != nil {
 			utilruntime.HandleError(err)
 		}

staging/src/k8s.io/cluster-bootstrap/BUILD

@@ -10,6 +10,7 @@ filegroup(
     srcs = [
         ":package-srcs",
         "//staging/src/k8s.io/cluster-bootstrap/token/api:all-srcs",
+        "//staging/src/k8s.io/cluster-bootstrap/token/jws:all-srcs",
         "//staging/src/k8s.io/cluster-bootstrap/token/util:all-srcs",
         "//staging/src/k8s.io/cluster-bootstrap/util/secrets:all-srcs",
         "//staging/src/k8s.io/cluster-bootstrap/util/tokens:all-srcs",

staging/src/k8s.io/cluster-bootstrap/go.mod

@@ -5,12 +5,16 @@ module k8s.io/cluster-bootstrap
 go 1.12
 
 require (
+	github.com/stretchr/testify v1.3.0
+	golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25 // indirect
+	gopkg.in/square/go-jose.v2 v2.2.2
 	k8s.io/api v0.0.0
 	k8s.io/apimachinery v0.0.0
 	k8s.io/klog v0.3.1
 )
 
 replace (
+	golang.org/x/crypto => golang.org/x/crypto v0.0.0-20181025213731-e84da0312774
 	golang.org/x/net => golang.org/x/net v0.0.0-20190206173232-65e2d4e15006
 	golang.org/x/sync => golang.org/x/sync v0.0.0-20181108010431-42b317875d0f
 	golang.org/x/sys => golang.org/x/sys v0.0.0-20190209173611-3b5209105503

staging/src/k8s.io/cluster-bootstrap/go.sum

@@ -34,6 +34,8 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+golang.org/x/crypto v0.0.0-20181025213731-e84da0312774 h1:a4tQYYYuK9QdeO/+kEvNYyuR21S+7ve5EANok6hABhI=
+golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 h1:bfLnR+k0tq5Lqt6dflRLcZiz6UaXCMt3vhYJ1l4FQ80=
 golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -47,6 +49,8 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.0 h1:3zYtXIO92bvsdS3ggAdA8Gb4Azj0YU+TVY1uGYNFA8o=
 gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/square/go-jose.v2 v2.2.2 h1:orlkJ3myw8CN1nVQHBFfloD+L3egixIa4FvUP6RosSA=
+gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

staging/src/k8s.io/cluster-bootstrap/token/jws/BUILD

@@ -0,0 +1,31 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = ["jws.go"],
+    importmap = "k8s.io/kubernetes/vendor/k8s.io/cluster-bootstrap/token/jws",
+    importpath = "k8s.io/cluster-bootstrap/token/jws",
+    visibility = ["//visibility:public"],
+    deps = ["//vendor/gopkg.in/square/go-jose.v2:go_default_library"],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["jws_test.go"],
+    embed = [":go_default_library"],
+    deps = ["//vendor/github.com/stretchr/testify/assert:go_default_library"],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)

staging/src/k8s.io/cluster-bootstrap/token/jws/jws.go

@@ -23,10 +23,10 @@ import (
 	jose "gopkg.in/square/go-jose.v2"
 )
 
-// computeDetachedSig takes content and token details and computes a detached
+// ComputeDetachedSignature takes content and token details and computes a detached
 // JWS signature.  This is described in Appendix F of RFC 7515.  Basically, this
 // is a regular JWS with the content part of the signature elided.
-func computeDetachedSig(content, tokenID, tokenSecret string) (string, error) {
+func ComputeDetachedSignature(content, tokenID, tokenSecret string) (string, error) {
 	jwk := &jose.JSONWebKey{
 		Key:   []byte(tokenSecret),
 		KeyID: tokenID,
@@ -74,7 +74,7 @@ func stripContent(fullSig string) (string, error) {
 
 // DetachedTokenIsValid checks whether a given detached JWS-encoded token matches JWS output of the given content and token
 func DetachedTokenIsValid(detachedToken, content, tokenID, tokenSecret string) bool {
-	newToken, err := computeDetachedSig(content, tokenID, tokenSecret)
+	newToken, err := ComputeDetachedSignature(content, tokenID, tokenSecret)
 	if err != nil {
 		return false
 	}

staging/src/k8s.io/cluster-bootstrap/token/jws/jws_test.go

@@ -28,8 +28,8 @@ const (
 	id      = "joshua"
 )
 
-func TestComputeDetachedSig(t *testing.T) {
-	sig, err := computeDetachedSig(content, id, secret)
+func TestComputeDetachedSignature(t *testing.T) {
+	sig, err := ComputeDetachedSignature(content, id, secret)
 	assert.NoError(t, err, "Error when computing signature: %v", err)
 	assert.Equal(
 		t,
@@ -38,7 +38,7 @@ func TestComputeDetachedSig(t *testing.T) {
 		"Wrong signature. Got: %v", sig)
 
 	// Try with null content
-	sig, err = computeDetachedSig("", id, secret)
+	sig, err = ComputeDetachedSignature("", id, secret)
 	assert.NoError(t, err, "Error when computing signature: %v", err)
 	assert.Equal(
 		t,
@@ -47,7 +47,7 @@ func TestComputeDetachedSig(t *testing.T) {
 		"Wrong signature. Got: %v", sig)
 
 	// Try with no secret
-	sig, err = computeDetachedSig(content, id, "")
+	sig, err = ComputeDetachedSignature(content, id, "")
 	assert.NoError(t, err, "Error when computing signature: %v", err)
 	assert.Equal(
 		t,

vendor/modules.txt

@@ -1543,6 +1543,7 @@ k8s.io/cloud-provider/volume/errors
 k8s.io/cloud-provider/volume/helpers
 # k8s.io/cluster-bootstrap v0.0.0 => ./staging/src/k8s.io/cluster-bootstrap
 k8s.io/cluster-bootstrap/token/api
+k8s.io/cluster-bootstrap/token/jws
 k8s.io/cluster-bootstrap/token/util
 k8s.io/cluster-bootstrap/util/secrets
 k8s.io/cluster-bootstrap/util/tokens