From 6c6dbec1e2364b994bdae42828e094b9b540f9b3 Mon Sep 17 00:00:00 2001
From: Mike Danese <mikedanese@google.com>
Date: Wed, 26 Apr 2017 10:45:58 -0700
Subject: [PATCH] replace CloneTLSConfig() with (*tls.Config).Clone()

---
 .../k8s.io/apimachinery/pkg/util/net/BUILD    |  5 +-
 .../k8s.io/apimachinery/pkg/util/net/http.go  | 28 ---------
 .../apimachinery/pkg/util/net/http_test.go    | 63 -------------------
 .../k8s.io/apiserver/pkg/util/proxy/dial.go   |  2 +-
 4 files changed, 2 insertions(+), 96 deletions(-)

diff --git a/staging/src/k8s.io/apimachinery/pkg/util/net/BUILD b/staging/src/k8s.io/apimachinery/pkg/util/net/BUILD
index 1c527eb2cde..09a89c11797 100644
--- a/staging/src/k8s.io/apimachinery/pkg/util/net/BUILD
+++ b/staging/src/k8s.io/apimachinery/pkg/util/net/BUILD
@@ -19,10 +19,7 @@ go_test(
     ],
     library = ":go_default_library",
     tags = ["automanaged"],
-    deps = [
-        "//vendor/github.com/spf13/pflag:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
-    ],
+    deps = ["//vendor/github.com/spf13/pflag:go_default_library"],
 )
 
 go_library(
diff --git a/staging/src/k8s.io/apimachinery/pkg/util/net/http.go b/staging/src/k8s.io/apimachinery/pkg/util/net/http.go
index 52e22ca721b..b3b2c988329 100644
--- a/staging/src/k8s.io/apimachinery/pkg/util/net/http.go
+++ b/staging/src/k8s.io/apimachinery/pkg/util/net/http.go
@@ -112,34 +112,6 @@ func DialerFor(transport http.RoundTripper) (DialFunc, error) {
 	}
 }
 
-// CloneTLSConfig returns a tls.Config with all exported fields except SessionTicketsDisabled and SessionTicketKey copied.
-// This makes it safe to call CloneTLSConfig on a config in active use by a server.
-// TODO: replace with tls.Config#Clone when we move to go1.8
-func CloneTLSConfig(cfg *tls.Config) *tls.Config {
-	if cfg == nil {
-		return &tls.Config{}
-	}
-	return &tls.Config{
-		Rand:                     cfg.Rand,
-		Time:                     cfg.Time,
-		Certificates:             cfg.Certificates,
-		NameToCertificate:        cfg.NameToCertificate,
-		GetCertificate:           cfg.GetCertificate,
-		RootCAs:                  cfg.RootCAs,
-		NextProtos:               cfg.NextProtos,
-		ServerName:               cfg.ServerName,
-		ClientAuth:               cfg.ClientAuth,
-		ClientCAs:                cfg.ClientCAs,
-		InsecureSkipVerify:       cfg.InsecureSkipVerify,
-		CipherSuites:             cfg.CipherSuites,
-		PreferServerCipherSuites: cfg.PreferServerCipherSuites,
-		ClientSessionCache:       cfg.ClientSessionCache,
-		MinVersion:               cfg.MinVersion,
-		MaxVersion:               cfg.MaxVersion,
-		CurvePreferences:         cfg.CurvePreferences,
-	}
-}
-
 type TLSClientConfigHolder interface {
 	TLSClientConfig() *tls.Config
 }
diff --git a/staging/src/k8s.io/apimachinery/pkg/util/net/http_test.go b/staging/src/k8s.io/apimachinery/pkg/util/net/http_test.go
index 30cbb6edc46..54906c2ab2e 100644
--- a/staging/src/k8s.io/apimachinery/pkg/util/net/http_test.go
+++ b/staging/src/k8s.io/apimachinery/pkg/util/net/http_test.go
@@ -25,72 +25,9 @@ import (
 	"net/url"
 	"os"
 	"reflect"
-	"runtime"
-	"strings"
 	"testing"
-
-	"k8s.io/apimachinery/pkg/util/sets"
 )
 
-func TestCloneTLSConfig(t *testing.T) {
-	expected := sets.NewString(
-		// These fields are copied in CloneTLSConfig
-		"Rand",
-		"Time",
-		"Certificates",
-		"RootCAs",
-		"NextProtos",
-		"ServerName",
-		"InsecureSkipVerify",
-		"CipherSuites",
-		"PreferServerCipherSuites",
-		"MinVersion",
-		"MaxVersion",
-		"CurvePreferences",
-		"NameToCertificate",
-		"GetCertificate",
-		"ClientAuth",
-		"ClientCAs",
-		"ClientSessionCache",
-
-		// These fields are not copied
-		"SessionTicketsDisabled",
-		"SessionTicketKey",
-
-		// These fields are unexported
-		"serverInitOnce",
-		"mutex",
-		"sessionTicketKeys",
-
-		// go1.8
-		"DynamicRecordSizingDisabled",
-		"GetClientCertificate",
-		"GetConfigForClient",
-		"KeyLogWriter",
-		"Renegotiation",
-		"VerifyPeerCertificate",
-		"originalConfig",
-	)
-
-	// See #33936.
-	if strings.HasPrefix(runtime.Version(), "go1.7") {
-		expected.Insert("DynamicRecordSizingDisabled", "Renegotiation")
-	}
-
-	fields := sets.NewString()
-	structType := reflect.TypeOf(tls.Config{})
-	for i := 0; i < structType.NumField(); i++ {
-		fields.Insert(structType.Field(i).Name)
-	}
-
-	if missing := expected.Difference(fields); len(missing) > 0 {
-		t.Errorf("Expected fields that were not seen in http.Transport: %v", missing.List())
-	}
-	if extra := fields.Difference(expected); len(extra) > 0 {
-		t.Errorf("New fields seen in http.Transport: %v\nAdd to CopyClientTLSConfig if client-relevant, then add to expected list in TestCopyClientTLSConfig", extra.List())
-	}
-}
-
 func TestGetClientIP(t *testing.T) {
 	ipString := "10.0.0.1"
 	ip := net.ParseIP(ipString)
diff --git a/staging/src/k8s.io/apiserver/pkg/util/proxy/dial.go b/staging/src/k8s.io/apiserver/pkg/util/proxy/dial.go
index 3cb890dd03a..d9fbb85b7b5 100644
--- a/staging/src/k8s.io/apiserver/pkg/util/proxy/dial.go
+++ b/staging/src/k8s.io/apiserver/pkg/util/proxy/dial.go
@@ -69,7 +69,7 @@ func DialURL(url *url.URL, transport http.RoundTripper) (net.Conn, error) {
 					inferredHost = host
 				}
 				// Make a copy to avoid polluting the provided config
-				tlsConfigCopy := utilnet.CloneTLSConfig(tlsConfig)
+				tlsConfigCopy := tlsConfig.Clone()
 				tlsConfigCopy.ServerName = inferredHost
 				tlsConfig = tlsConfigCopy
 			}