mirror of
https://github.com/rancher/rke.git
synced 2025-09-17 23:49:06 +00:00
Switch to go modules
This commit is contained in:
Darren Shepherd
133
vendor/k8s.io/client-go/rest/config.go
generated
vendored
133
vendor/k8s.io/client-go/rest/config.go
generated
vendored
@@ -17,6 +17,8 @@ limitations under the License.
|
||||
package rest
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
@@ -27,16 +29,15 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/golang/glog"
|
||||
|
||||
"k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
"k8s.io/client-go/pkg/version"
|
||||
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
|
||||
"k8s.io/client-go/transport"
|
||||
certutil "k8s.io/client-go/util/cert"
|
||||
"k8s.io/client-go/util/flowcontrol"
|
||||
"k8s.io/klog"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -44,6 +45,8 @@ const (
|
||||
DefaultBurst int = 10
|
||||
)
|
||||
|
||||
var ErrNotInCluster = errors.New("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
|
||||
|
||||
// Config holds the common attributes that can be passed to a Kubernetes client on
|
||||
// initialization.
|
||||
type Config struct {
|
||||
@@ -68,6 +71,11 @@ type Config struct {
|
||||
// TODO: demonstrate an OAuth2 compatible client.
|
||||
BearerToken string
|
||||
|
||||
// Path to a file containing a BearerToken.
|
||||
// If set, the contents are periodically read.
|
||||
// The last successfully read value takes precedence over BearerToken.
|
||||
BearerTokenFile string
|
||||
|
||||
// Impersonate is the configuration that RESTClient will use for impersonation.
|
||||
Impersonate ImpersonationConfig
|
||||
|
||||
@@ -88,13 +96,16 @@ type Config struct {
|
||||
|
||||
// Transport may be used for custom HTTP behavior. This attribute may not
|
||||
// be specified with the TLS client certificate options. Use WrapTransport
|
||||
// for most client level operations.
|
||||
// to provide additional per-server middleware behavior.
|
||||
Transport http.RoundTripper
|
||||
// WrapTransport will be invoked for custom HTTP behavior after the underlying
|
||||
// transport is initialized (either the transport created from TLSClientConfig,
|
||||
// Transport, or http.DefaultTransport). The config may layer other RoundTrippers
|
||||
// on top of the returned RoundTripper.
|
||||
WrapTransport func(rt http.RoundTripper) http.RoundTripper
|
||||
//
|
||||
// A future release will change this field to an array. Use config.Wrap()
|
||||
// instead of setting this value directly.
|
||||
WrapTransport transport.WrapperFunc
|
||||
|
||||
// QPS indicates the maximum QPS to the master from this client.
|
||||
// If it's zero, the created RESTClient will use DefaultQPS: 5
|
||||
@@ -111,13 +122,54 @@ type Config struct {
|
||||
Timeout time.Duration
|
||||
|
||||
// Dial specifies the dial function for creating unencrypted TCP connections.
|
||||
Dial func(network, addr string) (net.Conn, error)
|
||||
Dial func(ctx context.Context, network, address string) (net.Conn, error)
|
||||
|
||||
// Version forces a specific version to be used (if registered)
|
||||
// Do we need this?
|
||||
// Version string
|
||||
}
|
||||
|
||||
var _ fmt.Stringer = new(Config)
|
||||
var _ fmt.GoStringer = new(Config)
|
||||
|
||||
type sanitizedConfig *Config
|
||||
|
||||
type sanitizedAuthConfigPersister struct{ AuthProviderConfigPersister }
|
||||
|
||||
func (sanitizedAuthConfigPersister) GoString() string {
|
||||
return "rest.AuthProviderConfigPersister(--- REDACTED ---)"
|
||||
}
|
||||
func (sanitizedAuthConfigPersister) String() string {
|
||||
return "rest.AuthProviderConfigPersister(--- REDACTED ---)"
|
||||
}
|
||||
|
||||
// GoString implements fmt.GoStringer and sanitizes sensitive fields of Config
|
||||
// to prevent accidental leaking via logs.
|
||||
func (c *Config) GoString() string {
|
||||
return c.String()
|
||||
}
|
||||
|
||||
// String implements fmt.Stringer and sanitizes sensitive fields of Config to
|
||||
// prevent accidental leaking via logs.
|
||||
func (c *Config) String() string {
|
||||
if c == nil {
|
||||
return "<nil>"
|
||||
}
|
||||
cc := sanitizedConfig(CopyConfig(c))
|
||||
// Explicitly mark non-empty credential fields as redacted.
|
||||
if cc.Password != "" {
|
||||
cc.Password = "--- REDACTED ---"
|
||||
}
|
||||
if cc.BearerToken != "" {
|
||||
cc.BearerToken = "--- REDACTED ---"
|
||||
}
|
||||
if cc.AuthConfigPersister != nil {
|
||||
cc.AuthConfigPersister = sanitizedAuthConfigPersister{cc.AuthConfigPersister}
|
||||
}
|
||||
|
||||
return fmt.Sprintf("%#v", cc)
|
||||
}
|
||||
|
||||
// ImpersonationConfig has all the available impersonation options
|
||||
type ImpersonationConfig struct {
|
||||
// UserName is the username to impersonate on each request.
|
||||
@@ -157,6 +209,40 @@ type TLSClientConfig struct {
|
||||
CAData []byte
|
||||
}
|
||||
|
||||
var _ fmt.Stringer = TLSClientConfig{}
|
||||
var _ fmt.GoStringer = TLSClientConfig{}
|
||||
|
||||
type sanitizedTLSClientConfig TLSClientConfig
|
||||
|
||||
// GoString implements fmt.GoStringer and sanitizes sensitive fields of
|
||||
// TLSClientConfig to prevent accidental leaking via logs.
|
||||
func (c TLSClientConfig) GoString() string {
|
||||
return c.String()
|
||||
}
|
||||
|
||||
// String implements fmt.Stringer and sanitizes sensitive fields of
|
||||
// TLSClientConfig to prevent accidental leaking via logs.
|
||||
func (c TLSClientConfig) String() string {
|
||||
cc := sanitizedTLSClientConfig{
|
||||
Insecure: c.Insecure,
|
||||
ServerName: c.ServerName,
|
||||
CertFile: c.CertFile,
|
||||
KeyFile: c.KeyFile,
|
||||
CAFile: c.CAFile,
|
||||
CertData: c.CertData,
|
||||
KeyData: c.KeyData,
|
||||
CAData: c.CAData,
|
||||
}
|
||||
// Explicitly mark non-empty credential fields as redacted.
|
||||
if len(cc.CertData) != 0 {
|
||||
cc.CertData = []byte("--- TRUNCATED ---")
|
||||
}
|
||||
if len(cc.KeyData) != 0 {
|
||||
cc.KeyData = []byte("--- REDACTED ---")
|
||||
}
|
||||
return fmt.Sprintf("%#v", cc)
|
||||
}
|
||||
|
||||
type ContentConfig struct {
|
||||
// AcceptContentTypes specifies the types the client will accept and is optional.
|
||||
// If not set, ContentType will be used to define the Accept header
|
||||
@@ -220,7 +306,7 @@ func RESTClientFor(config *Config) (*RESTClient, error) {
|
||||
// the config.Version to be empty.
|
||||
func UnversionedRESTClientFor(config *Config) (*RESTClient, error) {
|
||||
if config.NegotiatedSerializer == nil {
|
||||
return nil, fmt.Errorf("NeogitatedSerializer is required when initializing a RESTClient")
|
||||
return nil, fmt.Errorf("NegotiatedSerializer is required when initializing a RESTClient")
|
||||
}
|
||||
|
||||
baseURL, versionedAPIPath, err := defaultServerUrlFor(config)
|
||||
@@ -308,22 +394,27 @@ func DefaultKubernetesUserAgent() string {
|
||||
|
||||
// InClusterConfig returns a config object which uses the service account
|
||||
// kubernetes gives to pods. It's intended for clients that expect to be
|
||||
// running inside a pod running on kubernetes. It will return an error if
|
||||
// called from a process not running in a kubernetes environment.
|
||||
// running inside a pod running on kubernetes. It will return ErrNotInCluster
|
||||
// if called from a process not running in a kubernetes environment.
|
||||
func InClusterConfig() (*Config, error) {
|
||||
const (
|
||||
tokenFile = "/var/run/secrets/kubernetes.io/serviceaccount/token"
|
||||
rootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
|
||||
)
|
||||
host, port := os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT")
|
||||
if len(host) == 0 || len(port) == 0 {
|
||||
return nil, fmt.Errorf("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
|
||||
return nil, ErrNotInCluster
|
||||
}
|
||||
|
||||
token, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/" + v1.ServiceAccountTokenKey)
|
||||
token, err := ioutil.ReadFile(tokenFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
tlsClientConfig := TLSClientConfig{}
|
||||
rootCAFile := "/var/run/secrets/kubernetes.io/serviceaccount/" + v1.ServiceAccountRootCAKey
|
||||
|
||||
if _, err := certutil.NewPool(rootCAFile); err != nil {
|
||||
glog.Errorf("Expected to load root CA config from %s, but got err: %v", rootCAFile, err)
|
||||
klog.Errorf("Expected to load root CA config from %s, but got err: %v", rootCAFile, err)
|
||||
} else {
|
||||
tlsClientConfig.CAFile = rootCAFile
|
||||
}
|
||||
@@ -331,8 +422,9 @@ func InClusterConfig() (*Config, error) {
|
||||
return &Config{
|
||||
// TODO: switch to using cluster DNS.
|
||||
Host: "https://" + net.JoinHostPort(host, port),
|
||||
BearerToken: string(token),
|
||||
TLSClientConfig: tlsClientConfig,
|
||||
BearerToken: string(token),
|
||||
BearerTokenFile: tokenFile,
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -422,12 +514,13 @@ func AnonymousClientConfig(config *Config) *Config {
|
||||
// CopyConfig returns a copy of the given config
|
||||
func CopyConfig(config *Config) *Config {
|
||||
return &Config{
|
||||
Host: config.Host,
|
||||
APIPath: config.APIPath,
|
||||
ContentConfig: config.ContentConfig,
|
||||
Username: config.Username,
|
||||
Password: config.Password,
|
||||
BearerToken: config.BearerToken,
|
||||
Host: config.Host,
|
||||
APIPath: config.APIPath,
|
||||
ContentConfig: config.ContentConfig,
|
||||
Username: config.Username,
|
||||
Password: config.Password,
|
||||
BearerToken: config.BearerToken,
|
||||
BearerTokenFile: config.BearerTokenFile,
|
||||
Impersonate: ImpersonationConfig{
|
||||
Groups: config.Impersonate.Groups,
|
||||
Extra: config.Impersonate.Extra,
|
||||
|
||||
Reference in New Issue
Block a user