Update vendor files to point to kubernetes-1.12.0-beta.1

This commit is contained in:
Xing Yang
2018-09-17 18:36:04 -07:00
parent 0021c22eec
commit dc2a6df45a
764 changed files with 73120 additions and 13753 deletions

View File

@@ -18,6 +18,7 @@ package rest
import (
"context"
"errors"
"fmt"
"io/ioutil"
"net"
@@ -29,7 +30,6 @@ import (
"time"
"github.com/golang/glog"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
@@ -44,6 +44,8 @@ const (
DefaultBurst int = 10
)
var ErrNotInCluster = errors.New("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
// Config holds the common attributes that can be passed to a Kubernetes client on
// initialization.
type Config struct {
@@ -220,7 +222,7 @@ func RESTClientFor(config *Config) (*RESTClient, error) {
// the config.Version to be empty.
func UnversionedRESTClientFor(config *Config) (*RESTClient, error) {
if config.NegotiatedSerializer == nil {
return nil, fmt.Errorf("NeogitatedSerializer is required when initializing a RESTClient")
return nil, fmt.Errorf("NegotiatedSerializer is required when initializing a RESTClient")
}
baseURL, versionedAPIPath, err := defaultServerUrlFor(config)
@@ -308,20 +310,26 @@ func DefaultKubernetesUserAgent() string {
// InClusterConfig returns a config object which uses the service account
// kubernetes gives to pods. It's intended for clients that expect to be
// running inside a pod running on kubernetes. It will return an error if
// called from a process not running in a kubernetes environment.
// running inside a pod running on kubernetes. It will return ErrNotInCluster
// if called from a process not running in a kubernetes environment.
func InClusterConfig() (*Config, error) {
const (
tokenFile = "/var/run/secrets/kubernetes.io/serviceaccount/token"
rootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
)
host, port := os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT")
if len(host) == 0 || len(port) == 0 {
return nil, fmt.Errorf("unable to load in-cluster configuration, KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT must be defined")
return nil, ErrNotInCluster
}
token, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token")
if err != nil {
ts := newCachedPathTokenSource(tokenFile)
if _, err := ts.Token(); err != nil {
return nil, err
}
tlsClientConfig := TLSClientConfig{}
rootCAFile := "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
if _, err := certutil.NewPool(rootCAFile); err != nil {
glog.Errorf("Expected to load root CA config from %s, but got err: %v", rootCAFile, err)
} else {
@@ -331,8 +339,8 @@ func InClusterConfig() (*Config, error) {
return &Config{
// TODO: switch to using cluster DNS.
Host: "https://" + net.JoinHostPort(host, port),
BearerToken: string(token),
TLSClientConfig: tlsClientConfig,
WrapTransport: TokenSourceWrapTransport(ts),
}, nil
}

View File

@@ -94,14 +94,10 @@ func (c *RESTClient) request(verb string) *restclient.Request {
ns := c.NegotiatedSerializer
info, _ := runtime.SerializerInfoForMediaType(ns.SupportedMediaTypes(), runtime.ContentTypeJSON)
internalVersion := schema.GroupVersion{
Group: c.GroupVersion.Group,
Version: runtime.APIVersionInternal,
}
serializers := restclient.Serializers{
// TODO this was hardcoded before, but it doesn't look right
Encoder: ns.EncoderForVersion(info.Serializer, c.GroupVersion),
Decoder: ns.DecoderToVersion(info.Serializer, internalVersion),
Decoder: ns.DecoderToVersion(info.Serializer, c.GroupVersion),
}
if info.StreamSerializer != nil {
serializers.StreamingSerializer = info.StreamSerializer.Serializer

View File

@@ -198,7 +198,7 @@ func (r *Request) Throttle(limiter flowcontrol.RateLimiter) *Request {
return r
}
// SubResource sets a sub-resource path which can be multiple segments segment after the resource
// SubResource sets a sub-resource path which can be multiple segments after the resource
// name but before the suffix.
func (r *Request) SubResource(subresources ...string) *Request {
if r.err != nil {
@@ -731,7 +731,7 @@ func (r *Request) request(fn func(*http.Request, *http.Response)) error {
}
}
glog.V(4).Infof("Got a Retry-After %s response for attempt %d to %v", seconds, retries, url)
glog.V(4).Infof("Got a Retry-After %ds response for attempt %d to %v", seconds, retries, url)
r.backoffMgr.Sleep(time.Duration(seconds) * time.Second)
return false
}

138
vendor/k8s.io/client-go/rest/token_source.go generated vendored Normal file
View File

@@ -0,0 +1,138 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package rest
import (
"fmt"
"io/ioutil"
"net/http"
"strings"
"sync"
"time"
"github.com/golang/glog"
"golang.org/x/oauth2"
)
// TokenSourceWrapTransport returns a WrapTransport that injects bearer tokens
// authentication from an oauth2.TokenSource.
func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) http.RoundTripper {
return func(rt http.RoundTripper) http.RoundTripper {
return &tokenSourceTransport{
base: rt,
ort: &oauth2.Transport{
Source: ts,
Base: rt,
},
}
}
}
func newCachedPathTokenSource(path string) oauth2.TokenSource {
return &cachingTokenSource{
now: time.Now,
leeway: 1 * time.Minute,
base: &fileTokenSource{
path: path,
// This period was picked because it is half of the minimum validity
// duration for a token provisioned by they TokenRequest API. This is
// unsophisticated and should induce rotation at a frequency that should
// work with the token volume source.
period: 5 * time.Minute,
},
}
}
type tokenSourceTransport struct {
base http.RoundTripper
ort http.RoundTripper
}
func (tst *tokenSourceTransport) RoundTrip(req *http.Request) (*http.Response, error) {
// This is to allow --token to override other bearer token providers.
if req.Header.Get("Authorization") != "" {
return tst.base.RoundTrip(req)
}
return tst.ort.RoundTrip(req)
}
type fileTokenSource struct {
path string
period time.Duration
}
var _ = oauth2.TokenSource(&fileTokenSource{})
func (ts *fileTokenSource) Token() (*oauth2.Token, error) {
tokb, err := ioutil.ReadFile(ts.path)
if err != nil {
return nil, fmt.Errorf("failed to read token file %q: %v", ts.path, err)
}
tok := strings.TrimSpace(string(tokb))
if len(tok) == 0 {
return nil, fmt.Errorf("read empty token from file %q", ts.path)
}
return &oauth2.Token{
AccessToken: tok,
Expiry: time.Now().Add(ts.period),
}, nil
}
type cachingTokenSource struct {
base oauth2.TokenSource
leeway time.Duration
sync.RWMutex
tok *oauth2.Token
// for testing
now func() time.Time
}
var _ = oauth2.TokenSource(&cachingTokenSource{})
func (ts *cachingTokenSource) Token() (*oauth2.Token, error) {
now := ts.now()
// fast path
ts.RLock()
tok := ts.tok
ts.RUnlock()
if tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) {
return tok, nil
}
// slow path
ts.Lock()
defer ts.Unlock()
if tok := ts.tok; tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) {
return tok, nil
}
tok, err := ts.base.Token()
if err != nil {
if ts.tok == nil {
return nil, err
}
glog.Errorf("Unable to rotate token: %v", err)
return ts.tok, nil
}
ts.tok = tok
return tok, nil
}

156
vendor/k8s.io/client-go/rest/token_source_test.go generated vendored Normal file
View File

@@ -0,0 +1,156 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package rest
import (
"fmt"
"reflect"
"sync"
"testing"
"time"
"golang.org/x/oauth2"
)
type testTokenSource struct {
calls int
tok *oauth2.Token
err error
}
func (ts *testTokenSource) Token() (*oauth2.Token, error) {
ts.calls++
return ts.tok, ts.err
}
func TestCachingTokenSource(t *testing.T) {
start := time.Now()
tokA := &oauth2.Token{
AccessToken: "a",
Expiry: start.Add(10 * time.Minute),
}
tokB := &oauth2.Token{
AccessToken: "b",
Expiry: start.Add(20 * time.Minute),
}
tests := []struct {
name string
tok *oauth2.Token
tsTok *oauth2.Token
tsErr error
wait time.Duration
wantTok *oauth2.Token
wantErr bool
wantTSCalls int
}{
{
name: "valid token returned from cache",
tok: tokA,
wantTok: tokA,
},
{
name: "valid token returned from cache 1 minute before scheduled refresh",
tok: tokA,
wait: 8 * time.Minute,
wantTok: tokA,
},
{
name: "new token created when cache is empty",
tsTok: tokA,
wantTok: tokA,
wantTSCalls: 1,
},
{
name: "new token created 1 minute after scheduled refresh",
tok: tokA,
tsTok: tokB,
wait: 10 * time.Minute,
wantTok: tokB,
wantTSCalls: 1,
},
{
name: "error on create token returns error",
tsErr: fmt.Errorf("error"),
wantErr: true,
wantTSCalls: 1,
},
}
for _, c := range tests {
t.Run(c.name, func(t *testing.T) {
tts := &testTokenSource{
tok: c.tsTok,
err: c.tsErr,
}
ts := &cachingTokenSource{
base: tts,
tok: c.tok,
leeway: 1 * time.Minute,
now: func() time.Time { return start.Add(c.wait) },
}
gotTok, gotErr := ts.Token()
if got, want := gotTok, c.wantTok; !reflect.DeepEqual(got, want) {
t.Errorf("unexpected token:\n\tgot:\t%#v\n\twant:\t%#v", got, want)
}
if got, want := tts.calls, c.wantTSCalls; got != want {
t.Errorf("unexpected number of Token() calls: got %d, want %d", got, want)
}
if gotErr == nil && c.wantErr {
t.Errorf("wanted error but got none")
}
if gotErr != nil && !c.wantErr {
t.Errorf("unexpected error: %v", gotErr)
}
})
}
}
func TestCachingTokenSourceRace(t *testing.T) {
for i := 0; i < 100; i++ {
tts := &testTokenSource{
tok: &oauth2.Token{
AccessToken: "a",
Expiry: time.Now().Add(1000 * time.Hour),
},
}
ts := &cachingTokenSource{
now: time.Now,
base: tts,
leeway: 1 * time.Minute,
}
var wg sync.WaitGroup
wg.Add(100)
for i := 0; i < 100; i++ {
go func() {
defer wg.Done()
if _, err := ts.Token(); err != nil {
t.Fatalf("err: %v", err)
}
}()
}
wg.Wait()
if tts.calls != 1 {
t.Errorf("expected one call to Token() but saw: %d", tts.calls)
}
}
}