github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-20 09:05:26 +00:00
Code Issues Projects Releases Wiki Activity

use apimachinery packages instead of client-go packages

Browse Source
This commit is contained in:
deads2k 2017-01-12 10:17:12 -05:00
parent 5d4795e14e
commit 633e9d98fc
30 changed files with 1288 additions and 1349 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
federation/pkg/kubefed/BUILD
View File

@ -61,7 +61,7 @@ go_test(
"//pkg/kubectl/cmd/testing:go_default_library", "//pkg/kubectl/cmd/testing:go_default_library",
"//pkg/kubectl/cmd/util:go_default_library", "//pkg/kubectl/cmd/util:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/apis/meta/v1", "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
"//vendor:k8s.io/client-go/pkg/util/diff", "//vendor:k8s.io/apimachinery/pkg/util/diff",
], ],
) )

2
federation/pkg/kubefed/init/BUILD
View File

@ -54,7 +54,7 @@ go_test(
"//pkg/kubectl/cmd/util:go_default_library", "//pkg/kubectl/cmd/util:go_default_library",
"//pkg/util/intstr:go_default_library", "//pkg/util/intstr:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/apis/meta/v1", "//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
"//vendor:k8s.io/client-go/pkg/util/diff", "//vendor:k8s.io/apimachinery/pkg/util/diff",
], ],
) )

2
federation/pkg/kubefed/init/init_test.go
View File

@ -31,7 +31,7 @@ import (
"time" "time"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/pkg/util/diff" "k8s.io/apimachinery/pkg/util/diff"
kubefedtesting "k8s.io/kubernetes/federation/pkg/kubefed/testing" kubefedtesting "k8s.io/kubernetes/federation/pkg/kubefed/testing"
"k8s.io/kubernetes/federation/pkg/kubefed/util" "k8s.io/kubernetes/federation/pkg/kubefed/util"
"k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api"

2
federation/pkg/kubefed/join_test.go
View File

@ -24,7 +24,7 @@ import (
"testing" "testing"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/pkg/util/diff" "k8s.io/apimachinery/pkg/util/diff"
federationapi "k8s.io/kubernetes/federation/apis/federation/v1beta1" federationapi "k8s.io/kubernetes/federation/apis/federation/v1beta1"
kubefedtesting "k8s.io/kubernetes/federation/pkg/kubefed/testing" kubefedtesting "k8s.io/kubernetes/federation/pkg/kubefed/testing"
"k8s.io/kubernetes/federation/pkg/kubefed/util" "k8s.io/kubernetes/federation/pkg/kubefed/util"

2
pkg/registry/core/service/allocator/BUILD
View File

@ -26,7 +26,7 @@ go_test(
], ],
library = ":go_default_library", library = ":go_default_library",
tags = ["automanaged"], tags = ["automanaged"],
deps = ["//vendor:k8s.io/client-go/pkg/util/sets"], deps = ["//vendor:k8s.io/apimachinery/pkg/util/sets"],
) )
filegroup( filegroup(

2
pkg/registry/core/service/allocator/bitmap_test.go
View File

@ -19,7 +19,7 @@ package allocator
import ( import (
"testing" "testing"
"k8s.io/client-go/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
) )
func TestAllocate(t *testing.T) { func TestAllocate(t *testing.T) {

8
pkg/ssh/BUILD
View File

@ -16,7 +16,7 @@ go_test(
deps = [ deps = [
"//vendor:github.com/golang/glog", "//vendor:github.com/golang/glog",
"//vendor:golang.org/x/crypto/ssh", "//vendor:golang.org/x/crypto/ssh",
"//vendor:k8s.io/client-go/pkg/util/wait", "//vendor:k8s.io/apimachinery/pkg/util/wait",
], ],
) )
@ -28,9 +28,9 @@ go_library(
"//vendor:github.com/golang/glog", "//vendor:github.com/golang/glog",
"//vendor:github.com/prometheus/client_golang/prometheus", "//vendor:github.com/prometheus/client_golang/prometheus",
"//vendor:golang.org/x/crypto/ssh", "//vendor:golang.org/x/crypto/ssh",
"//vendor:k8s.io/client-go/pkg/util/net", "//vendor:k8s.io/apimachinery/pkg/util/net",
"//vendor:k8s.io/client-go/pkg/util/runtime", "//vendor:k8s.io/apimachinery/pkg/util/runtime",
"//vendor:k8s.io/client-go/pkg/util/wait", "//vendor:k8s.io/apimachinery/pkg/util/wait",
], ],
) )

6
pkg/ssh/ssh.go
View File

@ -40,9 +40,9 @@ import (
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
"golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh"
utilnet "k8s.io/client-go/pkg/util/net" utilnet "k8s.io/apimachinery/pkg/util/net"
"k8s.io/client-go/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/client-go/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
) )
var ( var (

2
pkg/ssh/ssh_test.go
View File

@ -26,7 +26,7 @@ import (
"testing" "testing"
"time" "time"
"k8s.io/client-go/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
"github.com/golang/glog" "github.com/golang/glog"
"golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh"

1
pkg/util/wsstream/BUILD
View File

@ -20,7 +20,6 @@ go_library(
"//vendor:github.com/golang/glog", "//vendor:github.com/golang/glog",
"//vendor:golang.org/x/net/websocket", "//vendor:golang.org/x/net/websocket",
"//vendor:k8s.io/apimachinery/pkg/util/runtime", "//vendor:k8s.io/apimachinery/pkg/util/runtime",
"//vendor:k8s.io/client-go/pkg/util/runtime",
], ],
) )

2
pkg/util/wsstream/stream.go
View File

@ -25,7 +25,7 @@ import (
"golang.org/x/net/websocket" "golang.org/x/net/websocket"
"k8s.io/client-go/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/runtime"
) )
// The WebSocket subprotocol "binary.k8s.io" will only send messages to the // The WebSocket subprotocol "binary.k8s.io" will only send messages to the

1
plugin/pkg/admission/imagepolicy/BUILD
View File

@ -28,7 +28,6 @@ go_library(
"//vendor:k8s.io/client-go/pkg/api/errors", "//vendor:k8s.io/client-go/pkg/api/errors",
"//vendor:k8s.io/client-go/pkg/apis/imagepolicy/install", "//vendor:k8s.io/client-go/pkg/apis/imagepolicy/install",
"//vendor:k8s.io/client-go/pkg/apis/imagepolicy/v1alpha1", "//vendor:k8s.io/client-go/pkg/apis/imagepolicy/v1alpha1",
"//vendor:k8s.io/client-go/pkg/runtime/schema",
"//vendor:k8s.io/client-go/rest", "//vendor:k8s.io/client-go/rest",
], ],
) )

6
plugin/pkg/admission/imagepolicy/admission.go
View File

@ -28,14 +28,14 @@ import (
"github.com/golang/glog" "github.com/golang/glog"
"k8s.io/apimachinery/pkg/runtime/schema"
kubeschema "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/yaml"
"k8s.io/apiserver/pkg/util/cache" "k8s.io/apiserver/pkg/util/cache"
apierrors "k8s.io/client-go/pkg/api/errors" apierrors "k8s.io/client-go/pkg/api/errors"
"k8s.io/client-go/pkg/apis/imagepolicy/v1alpha1" "k8s.io/client-go/pkg/apis/imagepolicy/v1alpha1"
"k8s.io/client-go/pkg/runtime/schema"
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
kubeschema "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/yaml"
"k8s.io/kubernetes/pkg/admission" "k8s.io/kubernetes/pkg/admission"
"k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/plugin/pkg/webhook" "k8s.io/kubernetes/plugin/pkg/webhook"

2
plugin/pkg/auth/authenticator/request/headerrequest/BUILD
View File

@ -21,11 +21,11 @@ go_library(
srcs = ["requestheader.go"], srcs = ["requestheader.go"],
tags = ["automanaged"], tags = ["automanaged"],
deps = [ deps = [
"//vendor:k8s.io/apimachinery/pkg/util/sets",
"//vendor:k8s.io/apiserver/pkg/authentication/authenticator", "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
"//vendor:k8s.io/apiserver/pkg/authentication/request/x509", "//vendor:k8s.io/apiserver/pkg/authentication/request/x509",
"//vendor:k8s.io/apiserver/pkg/authentication/user", "//vendor:k8s.io/apiserver/pkg/authentication/user",
"//vendor:k8s.io/client-go/pkg/util/cert", "//vendor:k8s.io/client-go/pkg/util/cert",
"//vendor:k8s.io/client-go/pkg/util/sets",
], ],
) )

2
plugin/pkg/auth/authenticator/request/headerrequest/requestheader.go
View File

@ -23,11 +23,11 @@ import (
"net/http" "net/http"
"strings" "strings"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/authenticator"
x509request "k8s.io/apiserver/pkg/authentication/request/x509" x509request "k8s.io/apiserver/pkg/authentication/request/x509"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
utilcert "k8s.io/client-go/pkg/util/cert" utilcert "k8s.io/client-go/pkg/util/cert"
"k8s.io/client-go/pkg/util/sets"
) )
type requestHeaderAuthRequestHandler struct { type requestHeaderAuthRequestHandler struct {

2
plugin/pkg/auth/authenticator/token/webhook/BUILD
View File

@ -15,13 +15,13 @@ go_library(
deps = [ deps = [
"//pkg/apis/authentication/install:go_default_library", "//pkg/apis/authentication/install:go_default_library",
"//plugin/pkg/webhook:go_default_library", "//plugin/pkg/webhook:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/runtime/schema",
"//vendor:k8s.io/apiserver/pkg/authentication/authenticator", "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
"//vendor:k8s.io/apiserver/pkg/authentication/user", "//vendor:k8s.io/apiserver/pkg/authentication/user",
"//vendor:k8s.io/apiserver/pkg/util/cache", "//vendor:k8s.io/apiserver/pkg/util/cache",
"//vendor:k8s.io/client-go/kubernetes/typed/authentication/v1beta1", "//vendor:k8s.io/client-go/kubernetes/typed/authentication/v1beta1",
"//vendor:k8s.io/client-go/pkg/apis/authentication/install", "//vendor:k8s.io/client-go/pkg/apis/authentication/install",
"//vendor:k8s.io/client-go/pkg/apis/authentication/v1beta1", "//vendor:k8s.io/client-go/pkg/apis/authentication/v1beta1",
"//vendor:k8s.io/client-go/pkg/runtime/schema",
], ],
) )

2
plugin/pkg/auth/authenticator/token/webhook/webhook.go
View File

@ -20,12 +20,12 @@ package webhook
import ( import (
"time" "time"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
"k8s.io/apiserver/pkg/util/cache" "k8s.io/apiserver/pkg/util/cache"
authenticationclient "k8s.io/client-go/kubernetes/typed/authentication/v1beta1" authenticationclient "k8s.io/client-go/kubernetes/typed/authentication/v1beta1"
authentication "k8s.io/client-go/pkg/apis/authentication/v1beta1" authentication "k8s.io/client-go/pkg/apis/authentication/v1beta1"
"k8s.io/client-go/pkg/runtime/schema"
"k8s.io/kubernetes/plugin/pkg/webhook" "k8s.io/kubernetes/plugin/pkg/webhook"

2
plugin/pkg/auth/authorizer/webhook/BUILD
View File

@ -16,12 +16,12 @@ go_library(
"//pkg/apis/authorization/install:go_default_library", "//pkg/apis/authorization/install:go_default_library",
"//plugin/pkg/webhook:go_default_library", "//plugin/pkg/webhook:go_default_library",
"//vendor:github.com/golang/glog", "//vendor:github.com/golang/glog",
"//vendor:k8s.io/apimachinery/pkg/runtime/schema",
"//vendor:k8s.io/apiserver/pkg/authorization/authorizer", "//vendor:k8s.io/apiserver/pkg/authorization/authorizer",
"//vendor:k8s.io/apiserver/pkg/util/cache", "//vendor:k8s.io/apiserver/pkg/util/cache",
"//vendor:k8s.io/client-go/kubernetes/typed/authorization/v1beta1", "//vendor:k8s.io/client-go/kubernetes/typed/authorization/v1beta1",
"//vendor:k8s.io/client-go/pkg/apis/authorization/install", "//vendor:k8s.io/client-go/pkg/apis/authorization/install",
"//vendor:k8s.io/client-go/pkg/apis/authorization/v1beta1", "//vendor:k8s.io/client-go/pkg/apis/authorization/v1beta1",
"//vendor:k8s.io/client-go/pkg/runtime/schema",
], ],
) )

2
plugin/pkg/auth/authorizer/webhook/webhook.go
View File

@ -23,11 +23,11 @@ import (
"github.com/golang/glog" "github.com/golang/glog"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/apiserver/pkg/authorization/authorizer"
"k8s.io/apiserver/pkg/util/cache" "k8s.io/apiserver/pkg/util/cache"
authorizationclient "k8s.io/client-go/kubernetes/typed/authorization/v1beta1" authorizationclient "k8s.io/client-go/kubernetes/typed/authorization/v1beta1"
authorization "k8s.io/client-go/pkg/apis/authorization/v1beta1" authorization "k8s.io/client-go/pkg/apis/authorization/v1beta1"
"k8s.io/client-go/pkg/runtime/schema"
"k8s.io/kubernetes/plugin/pkg/webhook" "k8s.io/kubernetes/plugin/pkg/webhook"

8
plugin/pkg/webhook/BUILD
View File

@ -12,15 +12,13 @@ go_library(
srcs = ["webhook.go"], srcs = ["webhook.go"],
tags = ["automanaged"], tags = ["automanaged"],
deps = [ deps = [
"//pkg/api:go_default_library", "//vendor:k8s.io/apimachinery/pkg/runtime",
"//vendor:k8s.io/apimachinery/pkg/runtime/schema", "//vendor:k8s.io/apimachinery/pkg/runtime/schema",
"//vendor:k8s.io/apimachinery/pkg/runtime/serializer",
"//vendor:k8s.io/apimachinery/pkg/util/wait",
"//vendor:k8s.io/client-go/pkg/api", "//vendor:k8s.io/client-go/pkg/api",
"//vendor:k8s.io/client-go/pkg/api/errors", "//vendor:k8s.io/client-go/pkg/api/errors",
"//vendor:k8s.io/client-go/pkg/apis/authorization/install", "//vendor:k8s.io/client-go/pkg/apis/authorization/install",
"//vendor:k8s.io/client-go/pkg/runtime",
"//vendor:k8s.io/client-go/pkg/runtime/schema",
"//vendor:k8s.io/client-go/pkg/runtime/serializer",
"//vendor:k8s.io/client-go/pkg/util/wait",
"//vendor:k8s.io/client-go/rest", "//vendor:k8s.io/client-go/rest",
"//vendor:k8s.io/client-go/tools/clientcmd", "//vendor:k8s.io/client-go/tools/clientcmd",
], ],

13
plugin/pkg/webhook/webhook.go
View File

@ -21,18 +21,15 @@ import (
"fmt" "fmt"
"time" "time"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
"k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/pkg/api" "k8s.io/client-go/pkg/api"
apierrors "k8s.io/client-go/pkg/api/errors" apierrors "k8s.io/client-go/pkg/api/errors"
"k8s.io/client-go/pkg/runtime"
clientschema "k8s.io/client-go/pkg/runtime/schema"
runtimeserializer "k8s.io/client-go/pkg/runtime/serializer"
"k8s.io/client-go/pkg/util/wait"
"k8s.io/client-go/rest" "k8s.io/client-go/rest"
"k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/clientcmd"
kapi "k8s.io/kubernetes/pkg/api"
_ "k8s.io/client-go/pkg/apis/authorization/install" _ "k8s.io/client-go/pkg/apis/authorization/install"
) )
@ -42,9 +39,9 @@ type GenericWebhook struct {
} }
// NewGenericWebhook creates a new GenericWebhook from the provided kubeconfig file. // NewGenericWebhook creates a new GenericWebhook from the provided kubeconfig file.
func NewGenericWebhook(kubeConfigFile string, groupVersions []clientschema.GroupVersion, initialBackoff time.Duration) (*GenericWebhook, error) { func NewGenericWebhook(kubeConfigFile string, groupVersions []schema.GroupVersion, initialBackoff time.Duration) (*GenericWebhook, error) {
for _, groupVersion := range groupVersions { for _, groupVersion := range groupVersions {
if !kapi.Registry.IsEnabledVersion(schema.GroupVersion{Group: groupVersion.Group, Version: groupVersion.Version}) { if !api.Registry.IsEnabledVersion(groupVersion) {
return nil, fmt.Errorf("webhook plugin requires enabling extension resource: %s", groupVersion) return nil, fmt.Errorf("webhook plugin requires enabling extension resource: %s", groupVersion)
} }
} }

2
staging/src/k8s.io/apiserver/pkg/authentication/request/union/union.go
View File

@ -19,9 +19,9 @@ package union
import ( import (
"net/http" "net/http"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
"k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
utilerrors "k8s.io/client-go/pkg/util/errors"
) )
// unionAuthRequestHandler authenticates requests using a chain of authenticator.Requests // unionAuthRequestHandler authenticates requests using a chain of authenticator.Requests

4
staging/src/k8s.io/apiserver/pkg/authentication/request/x509/x509.go
View File

@ -25,10 +25,10 @@ import (
"github.com/golang/glog" "github.com/golang/glog"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/user"
utilerrors "k8s.io/client-go/pkg/util/errors"
"k8s.io/client-go/pkg/util/sets"
) )
// UserConversion defines an interface for extracting user info from a client certificate chain // UserConversion defines an interface for extracting user info from a client certificate chain

732
staging/src/k8s.io/apiserver/pkg/authentication/request/x509/x509_test.go
View File

@ -17,24 +17,24 @@ limitations under the License.
package x509 package x509
import ( import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/pem" "encoding/pem"
"errors" "errors"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"reflect" "reflect"
"sort" "sort"
"testing" "testing"
"time" "time"
"k8s.io/apiserver/pkg/authentication/authenticator" "k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apiserver/pkg/authentication/user" "k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/client-go/pkg/util/sets" "k8s.io/apiserver/pkg/authentication/user"
) )
const ( const (
rootCACert = `-----BEGIN CERTIFICATE----- rootCACert = `-----BEGIN CERTIFICATE-----
MIIDOTCCAqKgAwIBAgIJAOoObf5kuGgZMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNV MIIDOTCCAqKgAwIBAgIJAOoObf5kuGgZMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNV
BAYTAlVTMREwDwYDVQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTEPMA0G BAYTAlVTMREwDwYDVQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTEPMA0G
A1UEChMGTXkgT3JnMRAwDgYDVQQLEwdNeSBVbml0MRAwDgYDVQQDEwdST09UIENB A1UEChMGTXkgT3JnMRAwDgYDVQQLEwdNeSBVbml0MRAwDgYDVQQDEwdST09UIENB
@ -56,7 +56,7 @@ H9oc7u5zhTGXeV8WPg==
-----END CERTIFICATE----- -----END CERTIFICATE-----
` `
selfSignedCert = `-----BEGIN CERTIFICATE----- selfSignedCert = `-----BEGIN CERTIFICATE-----
MIIDEzCCAnygAwIBAgIJAMaPaFbGgJN+MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV MIIDEzCCAnygAwIBAgIJAMaPaFbGgJN+MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV
BAYTAlVTMREwDwYDVQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTEPMA0G BAYTAlVTMREwDwYDVQQIEwhNeSBTdGF0ZTEQMA4GA1UEBxMHTXkgQ2l0eTEPMA0G
A1UEChMGTXkgT3JnMRAwDgYDVQQLEwdNeSBVbml0MQ4wDAYDVQQDEwVzZWxmMTAe A1UEChMGTXkgT3JnMRAwDgYDVQQLEwdNeSBVbml0MQ4wDAYDVQQDEwVzZWxmMTAe
@ -77,7 +77,7 @@ ze3kOoP+iWSmTySHMSKVMppp0Xnls6t38mrsXtPuY8fGD2GS6VllaizMqc3wShNK
-----END CERTIFICATE----- -----END CERTIFICATE-----
` `
clientCNCert = `Certificate: clientCNCert = `Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: 1 (0x1) Serial Number: 1 (0x1)
@ -151,7 +151,7 @@ AjARBglghkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADgYEACLy0gKU7vpp4
i5fmaPPBNzzBFCaQoN3TAjrpwp5Z0kQ= i5fmaPPBNzzBFCaQoN3TAjrpwp5Z0kQ=
-----END CERTIFICATE-----` -----END CERTIFICATE-----`
clientDNSCert = `Certificate: clientDNSCert = `Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: 4 (0x4) Serial Number: 4 (0x4)
@ -224,7 +224,7 @@ gGolrD3igQXkiStVY5otSto7xJdeGulvg7gFSty9q7CgddAetcWN8/aS8VLSgWf8
b3TuSTdzCLz1JoZn9YIE/9tan/lr3y/1dWHypZELBVZb6NE211Z67X3lXyoIh8JI b3TuSTdzCLz1JoZn9YIE/9tan/lr3y/1dWHypZELBVZb6NE211Z67X3lXyoIh8JI
-----END CERTIFICATE-----` -----END CERTIFICATE-----`
clientEmailCert = `Certificate: clientEmailCert = `Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: 2 (0x2) Serial Number: 2 (0x2)
@ -299,7 +299,7 @@ BIaMiQ==
-----END CERTIFICATE----- -----END CERTIFICATE-----
` `
serverCert = `Certificate: serverCert = `Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: 7 (0x7) Serial Number: 7 (0x7)
@ -374,17 +374,17 @@ mFlG6tStAWz3TmydciZNdiEbeqHw5uaIYWj1zC5AdvFXBFue0ojIrJ5JtbTWccH9
-----END CERTIFICATE----- -----END CERTIFICATE-----
` `
/* /*
openssl genrsa -out ca.key 4096 openssl genrsa -out ca.key 4096
openssl req -new -x509 -days 36500 \ openssl req -new -x509 -days 36500 \
-sha256 -key ca.key -extensions v3_ca \ -sha256 -key ca.key -extensions v3_ca \
-out ca.crt \ -out ca.crt \
-subj "/C=US/ST=My State/L=My City/O=My Org/O=My Org 1/O=My Org 2/CN=ROOT CA WITH GROUPS" -subj "/C=US/ST=My State/L=My City/O=My Org/O=My Org 1/O=My Org 2/CN=ROOT CA WITH GROUPS"
openssl x509 -in ca.crt -text openssl x509 -in ca.crt -text
*/ */
// A certificate with multiple organizations. // A certificate with multiple organizations.
caWithGroups = `Certificate: caWithGroups = `Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: Serial Number:
@ -510,424 +510,424 @@ PKJQCs0CM0zkesktuLi/gFpuB0nEwyOgLg==
) )
func TestX509(t *testing.T) { func TestX509(t *testing.T) {
multilevelOpts := DefaultVerifyOptions() multilevelOpts := DefaultVerifyOptions()
multilevelOpts.Roots = x509.NewCertPool() multilevelOpts.Roots = x509.NewCertPool()
multilevelOpts.Roots.AddCert(getCertsFromFile(t, "root")[0]) multilevelOpts.Roots.AddCert(getCertsFromFile(t, "root")[0])
testCases := map[string]struct { testCases := map[string]struct {
Insecure bool Insecure bool
Certs []*x509.Certificate Certs []*x509.Certificate
Opts x509.VerifyOptions Opts x509.VerifyOptions
User UserConversion User UserConversion
ExpectUserName string ExpectUserName string
ExpectGroups []string ExpectGroups []string
ExpectOK bool ExpectOK bool
ExpectErr bool ExpectErr bool
}{ }{
"non-tls": { "non-tls": {
Insecure: true, Insecure: true,
ExpectOK: false, ExpectOK: false,
ExpectErr: false, ExpectErr: false,
}, },
"tls, no certs": { "tls, no certs": {
ExpectOK: false, ExpectOK: false,
ExpectErr: false, ExpectErr: false,
}, },
"self signed": { "self signed": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, selfSignedCert), Certs: getCerts(t, selfSignedCert),
User: CommonNameUserConversion, User: CommonNameUserConversion,
ExpectErr: true, ExpectErr: true,
}, },
"server cert": { "server cert": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, serverCert), Certs: getCerts(t, serverCert),
User: CommonNameUserConversion, User: CommonNameUserConversion,
ExpectErr: true, ExpectErr: true,
}, },
"server cert allowing non-client cert usages": { "server cert allowing non-client cert usages": {
Opts: x509.VerifyOptions{Roots: getRootCertPool(t)}, Opts: x509.VerifyOptions{Roots: getRootCertPool(t)},
Certs: getCerts(t, serverCert), Certs: getCerts(t, serverCert),
User: CommonNameUserConversion, User: CommonNameUserConversion,
ExpectUserName: "127.0.0.1", ExpectUserName: "127.0.0.1",
ExpectGroups: []string{"My Org"}, ExpectGroups: []string{"My Org"},
ExpectOK: true, ExpectOK: true,
ExpectErr: false, ExpectErr: false,
}, },
"common name": { "common name": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
User: CommonNameUserConversion, User: CommonNameUserConversion,
ExpectUserName: "client_cn", ExpectUserName: "client_cn",
ExpectGroups: []string{"My Org"}, ExpectGroups: []string{"My Org"},
ExpectOK: true, ExpectOK: true,
ExpectErr: false, ExpectErr: false,
}, },
"ca with multiple organizations": { "ca with multiple organizations": {
Opts: x509.VerifyOptions{ Opts: x509.VerifyOptions{
Roots: getRootCertPoolFor(t, caWithGroups), Roots: getRootCertPoolFor(t, caWithGroups),
}, },
Certs: getCerts(t, caWithGroups), Certs: getCerts(t, caWithGroups),
User: CommonNameUserConversion, User: CommonNameUserConversion,
ExpectUserName: "ROOT CA WITH GROUPS", ExpectUserName: "ROOT CA WITH GROUPS",
ExpectGroups: []string{"My Org", "My Org 1", "My Org 2"}, ExpectGroups: []string{"My Org", "My Org 1", "My Org 2"},
ExpectOK: true, ExpectOK: true,
ExpectErr: false, ExpectErr: false,
}, },
"empty dns": { "empty dns": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
User: DNSNameUserConversion, User: DNSNameUserConversion,
ExpectOK: false, ExpectOK: false,
ExpectErr: false, ExpectErr: false,
}, },
"dns": { "dns": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientDNSCert), Certs: getCerts(t, clientDNSCert),
User: DNSNameUserConversion, User: DNSNameUserConversion,
ExpectUserName: "client_dns.example.com", ExpectUserName: "client_dns.example.com",
ExpectOK: true, ExpectOK: true,
ExpectErr: false, ExpectErr: false,
}, },
"empty email": { "empty email": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
User: EmailAddressUserConversion, User: EmailAddressUserConversion,
ExpectOK: false, ExpectOK: false,
ExpectErr: false, ExpectErr: false,
}, },
"email": { "email": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientEmailCert), Certs: getCerts(t, clientEmailCert),
User: EmailAddressUserConversion, User: EmailAddressUserConversion,
ExpectUserName: "client_email@example.com", ExpectUserName: "client_email@example.com",
ExpectOK: true, ExpectOK: true,
ExpectErr: false, ExpectErr: false,
}, },
"custom conversion error": { "custom conversion error": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) { User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
return nil, false, errors.New("custom error") return nil, false, errors.New("custom error")
}), }),
ExpectOK: false, ExpectOK: false,
ExpectErr: true, ExpectErr: true,
}, },
"custom conversion success": { "custom conversion success": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) { User: UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
return &user.DefaultInfo{Name: "custom"}, true, nil return &user.DefaultInfo{Name: "custom"}, true, nil
}), }),
ExpectUserName: "custom", ExpectUserName: "custom",
ExpectOK: true, ExpectOK: true,
ExpectErr: false, ExpectErr: false,
}, },
"future cert": { "future cert": {
Opts: x509.VerifyOptions{ Opts: x509.VerifyOptions{
CurrentTime: time.Now().Add(time.Duration(-100 * time.Hour * 24 * 365)), CurrentTime: time.Now().Add(time.Duration(-100 * time.Hour * 24 * 365)),
Roots: getRootCertPool(t), Roots: getRootCertPool(t),
}, },
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
User: CommonNameUserConversion, User: CommonNameUserConversion,
ExpectOK: false, ExpectOK: false,
ExpectErr: true, ExpectErr: true,
}, },
"expired cert": { "expired cert": {
Opts: x509.VerifyOptions{ Opts: x509.VerifyOptions{
CurrentTime: time.Now().Add(time.Duration(100 * time.Hour * 24 * 365)), CurrentTime: time.Now().Add(time.Duration(100 * time.Hour * 24 * 365)),
Roots: getRootCertPool(t), Roots: getRootCertPool(t),
}, },
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
User: CommonNameUserConversion, User: CommonNameUserConversion,
ExpectOK: false, ExpectOK: false,
ExpectErr: true, ExpectErr: true,
}, },
"multi-level, valid": { "multi-level, valid": {
Opts: multilevelOpts, Opts: multilevelOpts,
Certs: getCertsFromFile(t, "client-valid", "intermediate"), Certs: getCertsFromFile(t, "client-valid", "intermediate"),
User: CommonNameUserConversion, User: CommonNameUserConversion,
ExpectUserName: "My Client", ExpectUserName: "My Client",
ExpectOK: true, ExpectOK: true,
ExpectErr: false, ExpectErr: false,
}, },
"multi-level, expired": { "multi-level, expired": {
Opts: multilevelOpts, Opts: multilevelOpts,
Certs: getCertsFromFile(t, "client-expired", "intermediate"), Certs: getCertsFromFile(t, "client-expired", "intermediate"),
User: CommonNameUserConversion, User: CommonNameUserConversion,
ExpectOK: false, ExpectOK: false,
ExpectErr: true, ExpectErr: true,
}, },
} }
for k, testCase := range testCases { for k, testCase := range testCases {
req, _ := http.NewRequest("GET", "/", nil) req, _ := http.NewRequest("GET", "/", nil)
if !testCase.Insecure { if !testCase.Insecure {
req.TLS = &tls.ConnectionState{PeerCertificates: testCase.Certs} req.TLS = &tls.ConnectionState{PeerCertificates: testCase.Certs}
} }
a := New(testCase.Opts, testCase.User) a := New(testCase.Opts, testCase.User)
user, ok, err := a.AuthenticateRequest(req) user, ok, err := a.AuthenticateRequest(req)
if testCase.ExpectErr && err == nil { if testCase.ExpectErr && err == nil {
t.Errorf("%s: Expected error, got none", k) t.Errorf("%s: Expected error, got none", k)
continue continue
} }
if !testCase.ExpectErr && err != nil { if !testCase.ExpectErr && err != nil {
t.Errorf("%s: Got unexpected error: %v", k, err) t.Errorf("%s: Got unexpected error: %v", k, err)
continue continue
} }
if testCase.ExpectOK != ok { if testCase.ExpectOK != ok {
t.Errorf("%s: Expected ok=%v, got %v", k, testCase.ExpectOK, ok) t.Errorf("%s: Expected ok=%v, got %v", k, testCase.ExpectOK, ok)
continue continue
} }
if testCase.ExpectOK { if testCase.ExpectOK {
if testCase.ExpectUserName != user.GetName() { if testCase.ExpectUserName != user.GetName() {
t.Errorf("%s: Expected user.name=%v, got %v", k, testCase.ExpectUserName, user.GetName()) t.Errorf("%s: Expected user.name=%v, got %v", k, testCase.ExpectUserName, user.GetName())
} }
groups := user.GetGroups() groups := user.GetGroups()
sort.Strings(testCase.ExpectGroups) sort.Strings(testCase.ExpectGroups)
sort.Strings(groups) sort.Strings(groups)
if !reflect.DeepEqual(testCase.ExpectGroups, groups) { if !reflect.DeepEqual(testCase.ExpectGroups, groups) {
t.Errorf("%s: Expected user.groups=%v, got %v", k, testCase.ExpectGroups, groups) t.Errorf("%s: Expected user.groups=%v, got %v", k, testCase.ExpectGroups, groups)
} }
} }
} }
} }
func TestX509Verifier(t *testing.T) { func TestX509Verifier(t *testing.T) {
multilevelOpts := DefaultVerifyOptions() multilevelOpts := DefaultVerifyOptions()
multilevelOpts.Roots = x509.NewCertPool() multilevelOpts.Roots = x509.NewCertPool()
multilevelOpts.Roots.AddCert(getCertsFromFile(t, "root")[0]) multilevelOpts.Roots.AddCert(getCertsFromFile(t, "root")[0])
testCases := map[string]struct { testCases := map[string]struct {
Insecure bool Insecure bool
Certs []*x509.Certificate Certs []*x509.Certificate
Opts x509.VerifyOptions Opts x509.VerifyOptions
AllowedCNs sets.String AllowedCNs sets.String
ExpectOK bool ExpectOK bool
ExpectErr bool ExpectErr bool
}{ }{
"non-tls": { "non-tls": {
Insecure: true, Insecure: true,
ExpectOK: false, ExpectOK: false,
ExpectErr: false, ExpectErr: false,
}, },
"tls, no certs": { "tls, no certs": {
ExpectOK: false, ExpectOK: false,
ExpectErr: false, ExpectErr: false,
}, },
"self signed": { "self signed": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, selfSignedCert), Certs: getCerts(t, selfSignedCert),
ExpectErr: true, ExpectErr: true,
}, },
"server cert disallowed": { "server cert disallowed": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, serverCert), Certs: getCerts(t, serverCert),
ExpectErr: true, ExpectErr: true,
}, },
"server cert allowing non-client cert usages": { "server cert allowing non-client cert usages": {
Opts: x509.VerifyOptions{Roots: getRootCertPool(t)}, Opts: x509.VerifyOptions{Roots: getRootCertPool(t)},
Certs: getCerts(t, serverCert), Certs: getCerts(t, serverCert),
ExpectOK: true, ExpectOK: true,
ExpectErr: false, ExpectErr: false,
}, },
"valid client cert": { "valid client cert": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
ExpectOK: true, ExpectOK: true,
ExpectErr: false, ExpectErr: false,
}, },
"valid client cert with wrong CN": { "valid client cert with wrong CN": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
AllowedCNs: sets.NewString("foo", "bar"), AllowedCNs: sets.NewString("foo", "bar"),
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
ExpectOK: false, ExpectOK: false,
ExpectErr: true, ExpectErr: true,
}, },
"valid client cert with right CN": { "valid client cert with right CN": {
Opts: getDefaultVerifyOptions(t), Opts: getDefaultVerifyOptions(t),
AllowedCNs: sets.NewString("client_cn"), AllowedCNs: sets.NewString("client_cn"),
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
ExpectOK: true, ExpectOK: true,
ExpectErr: false, ExpectErr: false,
}, },
"future cert": { "future cert": {
Opts: x509.VerifyOptions{ Opts: x509.VerifyOptions{
CurrentTime: time.Now().Add(-100 * time.Hour * 24 * 365), CurrentTime: time.Now().Add(-100 * time.Hour * 24 * 365),
Roots: getRootCertPool(t), Roots: getRootCertPool(t),
}, },
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
ExpectOK: false, ExpectOK: false,
ExpectErr: true, ExpectErr: true,
}, },
"expired cert": { "expired cert": {
Opts: x509.VerifyOptions{ Opts: x509.VerifyOptions{
CurrentTime: time.Now().Add(100 * time.Hour * 24 * 365), CurrentTime: time.Now().Add(100 * time.Hour * 24 * 365),
Roots: getRootCertPool(t), Roots: getRootCertPool(t),
}, },
Certs: getCerts(t, clientCNCert), Certs: getCerts(t, clientCNCert),
ExpectOK: false, ExpectOK: false,
ExpectErr: true, ExpectErr: true,
}, },
"multi-level, valid": { "multi-level, valid": {
Opts: multilevelOpts, Opts: multilevelOpts,
Certs: getCertsFromFile(t, "client-valid", "intermediate"), Certs: getCertsFromFile(t, "client-valid", "intermediate"),
ExpectOK: true, ExpectOK: true,
ExpectErr: false, ExpectErr: false,
}, },
"multi-level, expired": { "multi-level, expired": {
Opts: multilevelOpts, Opts: multilevelOpts,
Certs: getCertsFromFile(t, "client-expired", "intermediate"), Certs: getCertsFromFile(t, "client-expired", "intermediate"),
ExpectOK: false, ExpectOK: false,
ExpectErr: true, ExpectErr: true,
}, },
} }
for k, testCase := range testCases { for k, testCase := range testCases {
req, _ := http.NewRequest("GET", "/", nil) req, _ := http.NewRequest("GET", "/", nil)
if !testCase.Insecure { if !testCase.Insecure {
req.TLS = &tls.ConnectionState{PeerCertificates: testCase.Certs} req.TLS = &tls.ConnectionState{PeerCertificates: testCase.Certs}
} }
authCall := false authCall := false
auth := authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) { auth := authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
authCall = true authCall = true
return &user.DefaultInfo{Name: "innerauth"}, true, nil return &user.DefaultInfo{Name: "innerauth"}, true, nil
}) })
a := NewVerifier(testCase.Opts, auth, testCase.AllowedCNs) a := NewVerifier(testCase.Opts, auth, testCase.AllowedCNs)
user, ok, err := a.AuthenticateRequest(req) user, ok, err := a.AuthenticateRequest(req)
if testCase.ExpectErr && err == nil { if testCase.ExpectErr && err == nil {
t.Errorf("%s: Expected error, got none", k) t.Errorf("%s: Expected error, got none", k)
continue continue
} }
if !testCase.ExpectErr && err != nil { if !testCase.ExpectErr && err != nil {
t.Errorf("%s: Got unexpected error: %v", k, err) t.Errorf("%s: Got unexpected error: %v", k, err)
continue continue
} }
if testCase.ExpectOK != ok { if testCase.ExpectOK != ok {
t.Errorf("%s: Expected ok=%v, got %v", k, testCase.ExpectOK, ok) t.Errorf("%s: Expected ok=%v, got %v", k, testCase.ExpectOK, ok)
continue continue
} }
if testCase.ExpectOK { if testCase.ExpectOK {
if !authCall { if !authCall {
t.Errorf("%s: Expected inner auth called, wasn't", k) t.Errorf("%s: Expected inner auth called, wasn't", k)
continue continue
} }
if "innerauth" != user.GetName() { if "innerauth" != user.GetName() {
t.Errorf("%s: Expected user.name=%v, got %v", k, "innerauth", user.GetName()) t.Errorf("%s: Expected user.name=%v, got %v", k, "innerauth", user.GetName())
continue continue
} }
} else { } else {
if authCall { if authCall {
t.Errorf("%s: Expected inner auth not to be called, was", k) t.Errorf("%s: Expected inner auth not to be called, was", k)
continue continue
} }
} }
} }
} }
func getDefaultVerifyOptions(t *testing.T) x509.VerifyOptions { func getDefaultVerifyOptions(t *testing.T) x509.VerifyOptions {
options := DefaultVerifyOptions() options := DefaultVerifyOptions()
options.Roots = getRootCertPool(t) options.Roots = getRootCertPool(t)
return options return options
} }
func getRootCertPool(t *testing.T) *x509.CertPool { func getRootCertPool(t *testing.T) *x509.CertPool {
return getRootCertPoolFor(t, rootCACert) return getRootCertPoolFor(t, rootCACert)
} }
func getRootCertPoolFor(t *testing.T, certs ...string) *x509.CertPool { func getRootCertPoolFor(t *testing.T, certs ...string) *x509.CertPool {
pool := x509.NewCertPool() pool := x509.NewCertPool()
for _, cert := range certs { for _, cert := range certs {
pool.AddCert(getCert(t, cert)) pool.AddCert(getCert(t, cert))
} }
return pool return pool
} }
func getCertsFromFile(t *testing.T, names ...string) []*x509.Certificate { func getCertsFromFile(t *testing.T, names ...string) []*x509.Certificate {
certs := []*x509.Certificate{} certs := []*x509.Certificate{}
for _, name := range names { for _, name := range names {
filename := "testdata/" + name + ".pem" filename := "testdata/" + name + ".pem"
data, err := ioutil.ReadFile(filename) data, err := ioutil.ReadFile(filename)
if err != nil { if err != nil {
t.Fatalf("error reading %s: %v", filename, err) t.Fatalf("error reading %s: %v", filename, err)
} }
certs = append(certs, getCert(t, string(data))) certs = append(certs, getCert(t, string(data)))
} }
return certs return certs
} }
func getCert(t *testing.T, pemData string) *x509.Certificate { func getCert(t *testing.T, pemData string) *x509.Certificate {
pemBlock, _ := pem.Decode([]byte(pemData)) pemBlock, _ := pem.Decode([]byte(pemData))
cert, err := x509.ParseCertificate(pemBlock.Bytes) cert, err := x509.ParseCertificate(pemBlock.Bytes)
if err != nil { if err != nil {
t.Fatalf("Error parsing cert: %v", err) t.Fatalf("Error parsing cert: %v", err)
return nil return nil
} }
return cert return cert
} }
func getCerts(t *testing.T, pemData ...string) []*x509.Certificate { func getCerts(t *testing.T, pemData ...string) []*x509.Certificate {
certs := []*x509.Certificate{} certs := []*x509.Certificate{}
for _, pemData := range pemData { for _, pemData := range pemData {
certs = append(certs, getCert(t, pemData)) certs = append(certs, getCert(t, pemData))
} }
return certs return certs
} }

2
staging/src/k8s.io/apiserver/pkg/authorization/union/union.go
View File

@ -19,8 +19,8 @@ package union
import ( import (
"strings" "strings"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
"k8s.io/apiserver/pkg/authorization/authorizer" "k8s.io/apiserver/pkg/authorization/authorizer"
utilerrors "k8s.io/client-go/pkg/util/errors"
) )
// unionAuthzHandler authorizer against a chain of authorizer.Authorizer // unionAuthzHandler authorizer against a chain of authorizer.Authorizer

1
test/e2e/BUILD
View File

@ -211,7 +211,6 @@ go_library(
"//vendor:k8s.io/client-go/kubernetes", "//vendor:k8s.io/client-go/kubernetes",
"//vendor:k8s.io/client-go/pkg/api/v1", "//vendor:k8s.io/client-go/pkg/api/v1",
"//vendor:k8s.io/client-go/pkg/apis/extensions/v1beta1", "//vendor:k8s.io/client-go/pkg/apis/extensions/v1beta1",
"//vendor:k8s.io/client-go/pkg/apis/meta/v1",
"//vendor:k8s.io/client-go/pkg/apis/policy/v1beta1", "//vendor:k8s.io/client-go/pkg/apis/policy/v1beta1",
"//vendor:k8s.io/client-go/pkg/util/intstr", "//vendor:k8s.io/client-go/pkg/util/intstr",
], ],

2
test/e2e/disruption.go
View File

@ -22,11 +22,11 @@ import (
. "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
"k8s.io/client-go/pkg/api/v1" "k8s.io/client-go/pkg/api/v1"
extensions "k8s.io/client-go/pkg/apis/extensions/v1beta1" extensions "k8s.io/client-go/pkg/apis/extensions/v1beta1"
metav1 "k8s.io/client-go/pkg/apis/meta/v1"
policy "k8s.io/client-go/pkg/apis/policy/v1beta1" policy "k8s.io/client-go/pkg/apis/policy/v1beta1"
"k8s.io/client-go/pkg/util/intstr" "k8s.io/client-go/pkg/util/intstr"
"k8s.io/kubernetes/test/e2e/framework" "k8s.io/kubernetes/test/e2e/framework"

1
test/e2e/framework/BUILD
View File

@ -112,7 +112,6 @@ go_library(
"//vendor:k8s.io/apimachinery/pkg/util/wait", "//vendor:k8s.io/apimachinery/pkg/util/wait",
"//vendor:k8s.io/apimachinery/pkg/watch", "//vendor:k8s.io/apimachinery/pkg/watch",
"//vendor:k8s.io/client-go/kubernetes", "//vendor:k8s.io/client-go/kubernetes",
"//vendor:k8s.io/client-go/pkg/util/sets",
"//vendor:k8s.io/client-go/rest", "//vendor:k8s.io/client-go/rest",
], ],
) )

2
test/e2e/framework/framework.go
View File

@ -29,9 +29,9 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
staging "k8s.io/client-go/kubernetes" staging "k8s.io/client-go/kubernetes"
"k8s.io/client-go/pkg/util/sets"
clientreporestclient "k8s.io/client-go/rest" clientreporestclient "k8s.io/client-go/rest"
"k8s.io/kubernetes/federation/client/clientset_generated/federation_clientset" "k8s.io/kubernetes/federation/client/clientset_generated/federation_clientset"
"k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api"

1820
vendor/BUILD vendored
View File

File diff suppressed because it is too large Load Diff