diff --git a/cmd/kubeadm/app/discovery/token/BUILD b/cmd/kubeadm/app/discovery/token/BUILD index 7b75dfb6c0e..b660bbd6555 100644 --- a/cmd/kubeadm/app/discovery/token/BUILD +++ b/cmd/kubeadm/app/discovery/token/BUILD @@ -16,7 +16,6 @@ go_library( "//cmd/kubeadm/app/constants:go_default_library", "//cmd/kubeadm/app/util/kubeconfig:go_default_library", "//cmd/kubeadm/app/util/pubkeypin:go_default_library", - "//pkg/controller/bootstrap:go_default_library", "//staging/src/k8s.io/api/core/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library", @@ -24,6 +23,7 @@ go_library( "//staging/src/k8s.io/client-go/tools/clientcmd/api:go_default_library", "//staging/src/k8s.io/client-go/util/cert:go_default_library", "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library", + "//staging/src/k8s.io/cluster-bootstrap/token/jws:go_default_library", "//vendor/github.com/pkg/errors:go_default_library", "//vendor/k8s.io/klog:go_default_library", ], diff --git a/cmd/kubeadm/app/discovery/token/token.go b/cmd/kubeadm/app/discovery/token/token.go index e2016468d25..67c4179a846 100644 --- a/cmd/kubeadm/app/discovery/token/token.go +++ b/cmd/kubeadm/app/discovery/token/token.go @@ -31,13 +31,13 @@ import ( clientcmdapi "k8s.io/client-go/tools/clientcmd/api" certutil "k8s.io/client-go/util/cert" bootstrapapi "k8s.io/cluster-bootstrap/token/api" + bootstrap "k8s.io/cluster-bootstrap/token/jws" "k8s.io/klog" kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" kubeadmapiv1beta2 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2" "k8s.io/kubernetes/cmd/kubeadm/app/constants" kubeconfigutil "k8s.io/kubernetes/cmd/kubeadm/app/util/kubeconfig" "k8s.io/kubernetes/cmd/kubeadm/app/util/pubkeypin" - "k8s.io/kubernetes/pkg/controller/bootstrap" ) // BootstrapUser defines bootstrap user name diff --git a/cmd/kubeadm/app/util/BUILD b/cmd/kubeadm/app/util/BUILD index 76dd6d9cb10..c4801be081e 100644 --- a/cmd/kubeadm/app/util/BUILD +++ b/cmd/kubeadm/app/util/BUILD @@ -1,10 +1,4 @@ -package(default_visibility = ["//visibility:public"]) - -load( - "@io_bazel_rules_go//go:def.bzl", - "go_library", - "go_test", -) +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") go_library( name = "go_default_library", @@ -21,6 +15,7 @@ go_library( "version.go", ], importpath = "k8s.io/kubernetes/cmd/kubeadm/app/util", + visibility = ["//visibility:public"], deps = [ "//cmd/kubeadm/app/apis/kubeadm:go_default_library", "//cmd/kubeadm/app/constants:go_default_library", @@ -93,4 +88,5 @@ filegroup( "//cmd/kubeadm/app/util/system:all-srcs", ], tags = ["automanaged"], + visibility = ["//visibility:public"], ) diff --git a/pkg/controller/bootstrap/BUILD b/pkg/controller/bootstrap/BUILD index ad839ca2b82..41a461a2afc 100644 --- a/pkg/controller/bootstrap/BUILD +++ b/pkg/controller/bootstrap/BUILD @@ -1,9 +1,35 @@ -package(default_visibility = ["//visibility:public"]) +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") -load( - "@io_bazel_rules_go//go:def.bzl", - "go_library", - "go_test", +go_library( + name = "go_default_library", + srcs = [ + "bootstrapsigner.go", + "doc.go", + "tokencleaner.go", + "util.go", + ], + importpath = "k8s.io/kubernetes/pkg/controller/bootstrap", + visibility = ["//visibility:public"], + deps = [ + "//pkg/apis/core:go_default_library", + "//pkg/controller:go_default_library", + "//pkg/util/metrics:go_default_library", + "//staging/src/k8s.io/api/core/v1:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library", + "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library", + "//staging/src/k8s.io/client-go/informers/core/v1:go_default_library", + "//staging/src/k8s.io/client-go/kubernetes:go_default_library", + "//staging/src/k8s.io/client-go/listers/core/v1:go_default_library", + "//staging/src/k8s.io/client-go/tools/cache:go_default_library", + "//staging/src/k8s.io/client-go/util/workqueue:go_default_library", + "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library", + "//staging/src/k8s.io/cluster-bootstrap/token/jws:go_default_library", + "//staging/src/k8s.io/cluster-bootstrap/util/secrets:go_default_library", + "//vendor/k8s.io/klog:go_default_library", + ], ) go_test( @@ -11,7 +37,6 @@ go_test( srcs = [ "bootstrapsigner_test.go", "common_test.go", - "jws_test.go", "tokencleaner_test.go", "util_test.go", ], @@ -29,39 +54,6 @@ go_test( "//staging/src/k8s.io/client-go/testing:go_default_library", "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library", "//vendor/github.com/davecgh/go-spew/spew:go_default_library", - "//vendor/github.com/stretchr/testify/assert:go_default_library", - ], -) - -go_library( - name = "go_default_library", - srcs = [ - "bootstrapsigner.go", - "doc.go", - "jws.go", - "tokencleaner.go", - "util.go", - ], - importpath = "k8s.io/kubernetes/pkg/controller/bootstrap", - deps = [ - "//pkg/apis/core:go_default_library", - "//pkg/controller:go_default_library", - "//pkg/util/metrics:go_default_library", - "//staging/src/k8s.io/api/core/v1:go_default_library", - "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library", - "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library", - "//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library", - "//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library", - "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library", - "//staging/src/k8s.io/client-go/informers/core/v1:go_default_library", - "//staging/src/k8s.io/client-go/kubernetes:go_default_library", - "//staging/src/k8s.io/client-go/listers/core/v1:go_default_library", - "//staging/src/k8s.io/client-go/tools/cache:go_default_library", - "//staging/src/k8s.io/client-go/util/workqueue:go_default_library", - "//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library", - "//staging/src/k8s.io/cluster-bootstrap/util/secrets:go_default_library", - "//vendor/gopkg.in/square/go-jose.v2:go_default_library", - "//vendor/k8s.io/klog:go_default_library", ], ) @@ -76,4 +68,5 @@ filegroup( name = "all-srcs", srcs = [":package-srcs"], tags = ["automanaged"], + visibility = ["//visibility:public"], ) diff --git a/pkg/controller/bootstrap/bootstrapsigner.go b/pkg/controller/bootstrap/bootstrapsigner.go index 1ae56033c7d..713022bf641 100644 --- a/pkg/controller/bootstrap/bootstrapsigner.go +++ b/pkg/controller/bootstrap/bootstrapsigner.go @@ -23,7 +23,8 @@ import ( "k8s.io/klog" "fmt" - "k8s.io/api/core/v1" + + v1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -34,6 +35,7 @@ import ( "k8s.io/client-go/tools/cache" "k8s.io/client-go/util/workqueue" bootstrapapi "k8s.io/cluster-bootstrap/token/api" + jws "k8s.io/cluster-bootstrap/token/jws" api "k8s.io/kubernetes/pkg/apis/core" "k8s.io/kubernetes/pkg/controller" "k8s.io/kubernetes/pkg/util/metrics" @@ -214,7 +216,7 @@ func (e *Signer) signConfigMap() { // Now recompute signatures and store them on the new map tokens := e.getTokens() for tokenID, tokenValue := range tokens { - sig, err := computeDetachedSig(content, tokenID, tokenValue) + sig, err := jws.ComputeDetachedSignature(content, tokenID, tokenValue) if err != nil { utilruntime.HandleError(err) } diff --git a/staging/src/k8s.io/cluster-bootstrap/BUILD b/staging/src/k8s.io/cluster-bootstrap/BUILD index 7ee736149e5..1e5f8010614 100644 --- a/staging/src/k8s.io/cluster-bootstrap/BUILD +++ b/staging/src/k8s.io/cluster-bootstrap/BUILD @@ -10,6 +10,7 @@ filegroup( srcs = [ ":package-srcs", "//staging/src/k8s.io/cluster-bootstrap/token/api:all-srcs", + "//staging/src/k8s.io/cluster-bootstrap/token/jws:all-srcs", "//staging/src/k8s.io/cluster-bootstrap/token/util:all-srcs", "//staging/src/k8s.io/cluster-bootstrap/util/secrets:all-srcs", "//staging/src/k8s.io/cluster-bootstrap/util/tokens:all-srcs", diff --git a/staging/src/k8s.io/cluster-bootstrap/go.mod b/staging/src/k8s.io/cluster-bootstrap/go.mod index 8d9a6540699..95c3e534079 100644 --- a/staging/src/k8s.io/cluster-bootstrap/go.mod +++ b/staging/src/k8s.io/cluster-bootstrap/go.mod @@ -5,12 +5,16 @@ module k8s.io/cluster-bootstrap go 1.12 require ( + github.com/stretchr/testify v1.3.0 + golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25 // indirect + gopkg.in/square/go-jose.v2 v2.2.2 k8s.io/api v0.0.0 k8s.io/apimachinery v0.0.0 k8s.io/klog v0.3.1 ) replace ( + golang.org/x/crypto => golang.org/x/crypto v0.0.0-20181025213731-e84da0312774 golang.org/x/net => golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 golang.org/x/sync => golang.org/x/sync v0.0.0-20181108010431-42b317875d0f golang.org/x/sys => golang.org/x/sys v0.0.0-20190209173611-3b5209105503 diff --git a/staging/src/k8s.io/cluster-bootstrap/go.sum b/staging/src/k8s.io/cluster-bootstrap/go.sum index d5625801dee..1812c6f332b 100644 --- a/staging/src/k8s.io/cluster-bootstrap/go.sum +++ b/staging/src/k8s.io/cluster-bootstrap/go.sum @@ -34,6 +34,8 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +golang.org/x/crypto v0.0.0-20181025213731-e84da0312774 h1:a4tQYYYuK9QdeO/+kEvNYyuR21S+7ve5EANok6hABhI= +golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 h1:bfLnR+k0tq5Lqt6dflRLcZiz6UaXCMt3vhYJ1l4FQ80= golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -47,6 +49,8 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.0 h1:3zYtXIO92bvsdS3ggAdA8Gb4Azj0YU+TVY1uGYNFA8o= gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/square/go-jose.v2 v2.2.2 h1:orlkJ3myw8CN1nVQHBFfloD+L3egixIa4FvUP6RosSA= +gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/staging/src/k8s.io/cluster-bootstrap/token/jws/BUILD b/staging/src/k8s.io/cluster-bootstrap/token/jws/BUILD new file mode 100644 index 00000000000..ee1a69f9458 --- /dev/null +++ b/staging/src/k8s.io/cluster-bootstrap/token/jws/BUILD @@ -0,0 +1,31 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +go_library( + name = "go_default_library", + srcs = ["jws.go"], + importmap = "k8s.io/kubernetes/vendor/k8s.io/cluster-bootstrap/token/jws", + importpath = "k8s.io/cluster-bootstrap/token/jws", + visibility = ["//visibility:public"], + deps = ["//vendor/gopkg.in/square/go-jose.v2:go_default_library"], +) + +go_test( + name = "go_default_test", + srcs = ["jws_test.go"], + embed = [":go_default_library"], + deps = ["//vendor/github.com/stretchr/testify/assert:go_default_library"], +) + +filegroup( + name = "package-srcs", + srcs = glob(["**"]), + tags = ["automanaged"], + visibility = ["//visibility:private"], +) + +filegroup( + name = "all-srcs", + srcs = [":package-srcs"], + tags = ["automanaged"], + visibility = ["//visibility:public"], +) diff --git a/pkg/controller/bootstrap/jws.go b/staging/src/k8s.io/cluster-bootstrap/token/jws/jws.go similarity index 90% rename from pkg/controller/bootstrap/jws.go rename to staging/src/k8s.io/cluster-bootstrap/token/jws/jws.go index 81f87ce1d5b..908d04ad7f9 100644 --- a/pkg/controller/bootstrap/jws.go +++ b/staging/src/k8s.io/cluster-bootstrap/token/jws/jws.go @@ -23,10 +23,10 @@ import ( jose "gopkg.in/square/go-jose.v2" ) -// computeDetachedSig takes content and token details and computes a detached +// ComputeDetachedSignature takes content and token details and computes a detached // JWS signature. This is described in Appendix F of RFC 7515. Basically, this // is a regular JWS with the content part of the signature elided. -func computeDetachedSig(content, tokenID, tokenSecret string) (string, error) { +func ComputeDetachedSignature(content, tokenID, tokenSecret string) (string, error) { jwk := &jose.JSONWebKey{ Key: []byte(tokenSecret), KeyID: tokenID, @@ -74,7 +74,7 @@ func stripContent(fullSig string) (string, error) { // DetachedTokenIsValid checks whether a given detached JWS-encoded token matches JWS output of the given content and token func DetachedTokenIsValid(detachedToken, content, tokenID, tokenSecret string) bool { - newToken, err := computeDetachedSig(content, tokenID, tokenSecret) + newToken, err := ComputeDetachedSignature(content, tokenID, tokenSecret) if err != nil { return false } diff --git a/pkg/controller/bootstrap/jws_test.go b/staging/src/k8s.io/cluster-bootstrap/token/jws/jws_test.go similarity index 90% rename from pkg/controller/bootstrap/jws_test.go rename to staging/src/k8s.io/cluster-bootstrap/token/jws/jws_test.go index b85d3e54170..1f86e1dce48 100644 --- a/pkg/controller/bootstrap/jws_test.go +++ b/staging/src/k8s.io/cluster-bootstrap/token/jws/jws_test.go @@ -28,8 +28,8 @@ const ( id = "joshua" ) -func TestComputeDetachedSig(t *testing.T) { - sig, err := computeDetachedSig(content, id, secret) +func TestComputeDetachedSignature(t *testing.T) { + sig, err := ComputeDetachedSignature(content, id, secret) assert.NoError(t, err, "Error when computing signature: %v", err) assert.Equal( t, @@ -38,7 +38,7 @@ func TestComputeDetachedSig(t *testing.T) { "Wrong signature. Got: %v", sig) // Try with null content - sig, err = computeDetachedSig("", id, secret) + sig, err = ComputeDetachedSignature("", id, secret) assert.NoError(t, err, "Error when computing signature: %v", err) assert.Equal( t, @@ -47,7 +47,7 @@ func TestComputeDetachedSig(t *testing.T) { "Wrong signature. Got: %v", sig) // Try with no secret - sig, err = computeDetachedSig(content, id, "") + sig, err = ComputeDetachedSignature(content, id, "") assert.NoError(t, err, "Error when computing signature: %v", err) assert.Equal( t, diff --git a/vendor/modules.txt b/vendor/modules.txt index b456628be35..2c6c3ac8e6a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1543,6 +1543,7 @@ k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers # k8s.io/cluster-bootstrap v0.0.0 => ./staging/src/k8s.io/cluster-bootstrap k8s.io/cluster-bootstrap/token/api +k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens