[VOL-1866] Changed module dependency to v12.0.0 of k8s client-go and v1.15.4 of k8s api/apimachinery in sync with other voltha components
Had to use pseudo-version corresponding to v12.0.0 of k8s client-go
because golang proxy is no longer serving the modules not complying
to Semantic Import Versioning rules including client-go v12.0.0.
Refer to https://github.com/kubernetes/client-go/issues/631 and
https://github.com/golang/go/issues/33558
Change-Id: I2e558bab7f0702f230761319eb5392a7d0532ea3
diff --git a/vendor/k8s.io/client-go/rest/OWNERS b/vendor/k8s.io/client-go/rest/OWNERS
index 8d97da0..49dabc6 100644
--- a/vendor/k8s.io/client-go/rest/OWNERS
+++ b/vendor/k8s.io/client-go/rest/OWNERS
@@ -1,3 +1,5 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
reviewers:
- thockin
- smarterclayton
diff --git a/vendor/k8s.io/client-go/rest/config.go b/vendor/k8s.io/client-go/rest/config.go
index 438eb3b..c75825e 100644
--- a/vendor/k8s.io/client-go/rest/config.go
+++ b/vendor/k8s.io/client-go/rest/config.go
@@ -34,6 +34,7 @@
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/client-go/pkg/version"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+ "k8s.io/client-go/transport"
certutil "k8s.io/client-go/util/cert"
"k8s.io/client-go/util/flowcontrol"
"k8s.io/klog"
@@ -70,6 +71,11 @@
// TODO: demonstrate an OAuth2 compatible client.
BearerToken string
+ // Path to a file containing a BearerToken.
+ // If set, the contents are periodically read.
+ // The last successfully read value takes precedence over BearerToken.
+ BearerTokenFile string
+
// Impersonate is the configuration that RESTClient will use for impersonation.
Impersonate ImpersonationConfig
@@ -90,13 +96,16 @@
// Transport may be used for custom HTTP behavior. This attribute may not
// be specified with the TLS client certificate options. Use WrapTransport
- // for most client level operations.
+ // to provide additional per-server middleware behavior.
Transport http.RoundTripper
// WrapTransport will be invoked for custom HTTP behavior after the underlying
// transport is initialized (either the transport created from TLSClientConfig,
// Transport, or http.DefaultTransport). The config may layer other RoundTrippers
// on top of the returned RoundTripper.
- WrapTransport func(rt http.RoundTripper) http.RoundTripper
+ //
+ // A future release will change this field to an array. Use config.Wrap()
+ // instead of setting this value directly.
+ WrapTransport transport.WrapperFunc
// QPS indicates the maximum QPS to the master from this client.
// If it's zero, the created RESTClient will use DefaultQPS: 5
@@ -120,6 +129,47 @@
// Version string
}
+var _ fmt.Stringer = new(Config)
+var _ fmt.GoStringer = new(Config)
+
+type sanitizedConfig *Config
+
+type sanitizedAuthConfigPersister struct{ AuthProviderConfigPersister }
+
+func (sanitizedAuthConfigPersister) GoString() string {
+ return "rest.AuthProviderConfigPersister(--- REDACTED ---)"
+}
+func (sanitizedAuthConfigPersister) String() string {
+ return "rest.AuthProviderConfigPersister(--- REDACTED ---)"
+}
+
+// GoString implements fmt.GoStringer and sanitizes sensitive fields of Config
+// to prevent accidental leaking via logs.
+func (c *Config) GoString() string {
+ return c.String()
+}
+
+// String implements fmt.Stringer and sanitizes sensitive fields of Config to
+// prevent accidental leaking via logs.
+func (c *Config) String() string {
+ if c == nil {
+ return "<nil>"
+ }
+ cc := sanitizedConfig(CopyConfig(c))
+ // Explicitly mark non-empty credential fields as redacted.
+ if cc.Password != "" {
+ cc.Password = "--- REDACTED ---"
+ }
+ if cc.BearerToken != "" {
+ cc.BearerToken = "--- REDACTED ---"
+ }
+ if cc.AuthConfigPersister != nil {
+ cc.AuthConfigPersister = sanitizedAuthConfigPersister{cc.AuthConfigPersister}
+ }
+
+ return fmt.Sprintf("%#v", cc)
+}
+
// ImpersonationConfig has all the available impersonation options
type ImpersonationConfig struct {
// UserName is the username to impersonate on each request.
@@ -159,6 +209,40 @@
CAData []byte
}
+var _ fmt.Stringer = TLSClientConfig{}
+var _ fmt.GoStringer = TLSClientConfig{}
+
+type sanitizedTLSClientConfig TLSClientConfig
+
+// GoString implements fmt.GoStringer and sanitizes sensitive fields of
+// TLSClientConfig to prevent accidental leaking via logs.
+func (c TLSClientConfig) GoString() string {
+ return c.String()
+}
+
+// String implements fmt.Stringer and sanitizes sensitive fields of
+// TLSClientConfig to prevent accidental leaking via logs.
+func (c TLSClientConfig) String() string {
+ cc := sanitizedTLSClientConfig{
+ Insecure: c.Insecure,
+ ServerName: c.ServerName,
+ CertFile: c.CertFile,
+ KeyFile: c.KeyFile,
+ CAFile: c.CAFile,
+ CertData: c.CertData,
+ KeyData: c.KeyData,
+ CAData: c.CAData,
+ }
+ // Explicitly mark non-empty credential fields as redacted.
+ if len(cc.CertData) != 0 {
+ cc.CertData = []byte("--- TRUNCATED ---")
+ }
+ if len(cc.KeyData) != 0 {
+ cc.KeyData = []byte("--- REDACTED ---")
+ }
+ return fmt.Sprintf("%#v", cc)
+}
+
type ContentConfig struct {
// AcceptContentTypes specifies the types the client will accept and is optional.
// If not set, ContentType will be used to define the Accept header
@@ -322,9 +406,8 @@
return nil, ErrNotInCluster
}
- ts := NewCachedFileTokenSource(tokenFile)
-
- if _, err := ts.Token(); err != nil {
+ token, err := ioutil.ReadFile(tokenFile)
+ if err != nil {
return nil, err
}
@@ -340,7 +423,8 @@
// TODO: switch to using cluster DNS.
Host: "https://" + net.JoinHostPort(host, port),
TLSClientConfig: tlsClientConfig,
- WrapTransport: TokenSourceWrapTransport(ts),
+ BearerToken: string(token),
+ BearerTokenFile: tokenFile,
}, nil
}
@@ -403,7 +487,7 @@
return config
}
-// AnonymousClientConfig returns a copy of the given config with all user credentials (cert/key, bearer token, and username/password) removed
+// AnonymousClientConfig returns a copy of the given config with all user credentials (cert/key, bearer token, and username/password) and custom transports (WrapTransport, Transport) removed
func AnonymousClientConfig(config *Config) *Config {
// copy only known safe fields
return &Config{
@@ -416,26 +500,25 @@
CAFile: config.TLSClientConfig.CAFile,
CAData: config.TLSClientConfig.CAData,
},
- RateLimiter: config.RateLimiter,
- UserAgent: config.UserAgent,
- Transport: config.Transport,
- WrapTransport: config.WrapTransport,
- QPS: config.QPS,
- Burst: config.Burst,
- Timeout: config.Timeout,
- Dial: config.Dial,
+ RateLimiter: config.RateLimiter,
+ UserAgent: config.UserAgent,
+ QPS: config.QPS,
+ Burst: config.Burst,
+ Timeout: config.Timeout,
+ Dial: config.Dial,
}
}
// CopyConfig returns a copy of the given config
func CopyConfig(config *Config) *Config {
return &Config{
- Host: config.Host,
- APIPath: config.APIPath,
- ContentConfig: config.ContentConfig,
- Username: config.Username,
- Password: config.Password,
- BearerToken: config.BearerToken,
+ Host: config.Host,
+ APIPath: config.APIPath,
+ ContentConfig: config.ContentConfig,
+ Username: config.Username,
+ Password: config.Password,
+ BearerToken: config.BearerToken,
+ BearerTokenFile: config.BearerTokenFile,
Impersonate: ImpersonationConfig{
Groups: config.Impersonate.Groups,
Extra: config.Impersonate.Extra,
diff --git a/vendor/k8s.io/client-go/rest/request.go b/vendor/k8s.io/client-go/rest/request.go
index 64901fb..0570615 100644
--- a/vendor/k8s.io/client-go/rest/request.go
+++ b/vendor/k8s.io/client-go/rest/request.go
@@ -592,10 +592,15 @@
if result := r.transformResponse(resp, req); result.err != nil {
return nil, result.err
}
- return nil, fmt.Errorf("for request '%+v', got status: %v", url, resp.StatusCode)
+ return nil, fmt.Errorf("for request %s, got status: %v", url, resp.StatusCode)
}
wrapperDecoder := wrapperDecoderFn(resp.Body)
- return watch.NewStreamWatcher(restclientwatch.NewDecoder(wrapperDecoder, embeddedDecoder)), nil
+ return watch.NewStreamWatcher(
+ restclientwatch.NewDecoder(wrapperDecoder, embeddedDecoder),
+ // use 500 to indicate that the cause of the error is unknown - other error codes
+ // are more specific to HTTP interactions, and set a reason
+ errors.NewClientErrorReporter(http.StatusInternalServerError, r.verb, "ClientWatchDecoding"),
+ ), nil
}
// updateURLMetrics is a convenience function for pushing metrics.
@@ -845,13 +850,13 @@
// 3. Apiserver closes connection.
// 4. client-go should catch this and return an error.
klog.V(2).Infof("Stream error %#v when reading response body, may be caused by closed connection.", err)
- streamErr := fmt.Errorf("Stream error %#v when reading response body, may be caused by closed connection. Please retry.", err)
+ streamErr := fmt.Errorf("Stream error when reading response body, may be caused by closed connection. Please retry. Original error: %v", err)
return Result{
err: streamErr,
}
default:
- klog.Errorf("Unexpected error when reading response body: %#v", err)
- unexpectedErr := fmt.Errorf("Unexpected error %#v when reading response body. Please retry.", err)
+ klog.Errorf("Unexpected error when reading response body: %v", err)
+ unexpectedErr := fmt.Errorf("Unexpected error when reading response body. Please retry. Original error: %v", err)
return Result{
err: unexpectedErr,
}
@@ -1100,7 +1105,8 @@
return fmt.Errorf("serializer for %s doesn't exist", r.contentType)
}
if len(r.body) == 0 {
- return fmt.Errorf("0-length response")
+ return fmt.Errorf("0-length response with status code: %d and content type: %s",
+ r.statusCode, r.contentType)
}
out, _, err := r.decoder.Decode(r.body, nil, obj)
@@ -1195,7 +1201,6 @@
func ValidatePathSegmentName(name string, prefix bool) []string {
if prefix {
return IsValidPathSegmentPrefix(name)
- } else {
- return IsValidPathSegmentName(name)
}
+ return IsValidPathSegmentName(name)
}
diff --git a/vendor/k8s.io/client-go/rest/token_source.go b/vendor/k8s.io/client-go/rest/token_source.go
deleted file mode 100644
index c251b5e..0000000
--- a/vendor/k8s.io/client-go/rest/token_source.go
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
-Copyright 2018 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package rest
-
-import (
- "fmt"
- "io/ioutil"
- "net/http"
- "strings"
- "sync"
- "time"
-
- "golang.org/x/oauth2"
- "k8s.io/klog"
-)
-
-// TokenSourceWrapTransport returns a WrapTransport that injects bearer tokens
-// authentication from an oauth2.TokenSource.
-func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) http.RoundTripper {
- return func(rt http.RoundTripper) http.RoundTripper {
- return &tokenSourceTransport{
- base: rt,
- ort: &oauth2.Transport{
- Source: ts,
- Base: rt,
- },
- }
- }
-}
-
-// NewCachedFileTokenSource returns a oauth2.TokenSource reads a token from a
-// file at a specified path and periodically reloads it.
-func NewCachedFileTokenSource(path string) oauth2.TokenSource {
- return &cachingTokenSource{
- now: time.Now,
- leeway: 1 * time.Minute,
- base: &fileTokenSource{
- path: path,
- // This period was picked because it is half of the minimum validity
- // duration for a token provisioned by they TokenRequest API. This is
- // unsophisticated and should induce rotation at a frequency that should
- // work with the token volume source.
- period: 5 * time.Minute,
- },
- }
-}
-
-type tokenSourceTransport struct {
- base http.RoundTripper
- ort http.RoundTripper
-}
-
-func (tst *tokenSourceTransport) RoundTrip(req *http.Request) (*http.Response, error) {
- // This is to allow --token to override other bearer token providers.
- if req.Header.Get("Authorization") != "" {
- return tst.base.RoundTrip(req)
- }
- return tst.ort.RoundTrip(req)
-}
-
-type fileTokenSource struct {
- path string
- period time.Duration
-}
-
-var _ = oauth2.TokenSource(&fileTokenSource{})
-
-func (ts *fileTokenSource) Token() (*oauth2.Token, error) {
- tokb, err := ioutil.ReadFile(ts.path)
- if err != nil {
- return nil, fmt.Errorf("failed to read token file %q: %v", ts.path, err)
- }
- tok := strings.TrimSpace(string(tokb))
- if len(tok) == 0 {
- return nil, fmt.Errorf("read empty token from file %q", ts.path)
- }
-
- return &oauth2.Token{
- AccessToken: tok,
- Expiry: time.Now().Add(ts.period),
- }, nil
-}
-
-type cachingTokenSource struct {
- base oauth2.TokenSource
- leeway time.Duration
-
- sync.RWMutex
- tok *oauth2.Token
-
- // for testing
- now func() time.Time
-}
-
-var _ = oauth2.TokenSource(&cachingTokenSource{})
-
-func (ts *cachingTokenSource) Token() (*oauth2.Token, error) {
- now := ts.now()
- // fast path
- ts.RLock()
- tok := ts.tok
- ts.RUnlock()
-
- if tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) {
- return tok, nil
- }
-
- // slow path
- ts.Lock()
- defer ts.Unlock()
- if tok := ts.tok; tok != nil && tok.Expiry.Add(-1*ts.leeway).After(now) {
- return tok, nil
- }
-
- tok, err := ts.base.Token()
- if err != nil {
- if ts.tok == nil {
- return nil, err
- }
- klog.Errorf("Unable to rotate token: %v", err)
- return ts.tok, nil
- }
-
- ts.tok = tok
- return tok, nil
-}
diff --git a/vendor/k8s.io/client-go/rest/transport.go b/vendor/k8s.io/client-go/rest/transport.go
index 25c1801..de33ecb 100644
--- a/vendor/k8s.io/client-go/rest/transport.go
+++ b/vendor/k8s.io/client-go/rest/transport.go
@@ -74,9 +74,10 @@
KeyFile: c.KeyFile,
KeyData: c.KeyData,
},
- Username: c.Username,
- Password: c.Password,
- BearerToken: c.BearerToken,
+ Username: c.Username,
+ Password: c.Password,
+ BearerToken: c.BearerToken,
+ BearerTokenFile: c.BearerTokenFile,
Impersonate: transport.ImpersonationConfig{
UserName: c.Impersonate.UserName,
Groups: c.Impersonate.Groups,
@@ -103,14 +104,15 @@
if err != nil {
return nil, err
}
- wt := conf.WrapTransport
- if wt != nil {
- conf.WrapTransport = func(rt http.RoundTripper) http.RoundTripper {
- return provider.WrapTransport(wt(rt))
- }
- } else {
- conf.WrapTransport = provider.WrapTransport
- }
+ conf.Wrap(provider.WrapTransport)
}
return conf, nil
}
+
+// Wrap adds a transport middleware function that will give the caller
+// an opportunity to wrap the underlying http.RoundTripper prior to the
+// first API call being made. The provided function is invoked after any
+// existing transport wrappers are invoked.
+func (c *Config) Wrap(fn transport.WrapperFunc) {
+ c.WrapTransport = transport.Wrappers(c.WrapTransport, fn)
+}
diff --git a/vendor/k8s.io/client-go/rest/watch/decoder.go b/vendor/k8s.io/client-go/rest/watch/decoder.go
index 73bb63a..e95c020 100644
--- a/vendor/k8s.io/client-go/rest/watch/decoder.go
+++ b/vendor/k8s.io/client-go/rest/watch/decoder.go
@@ -54,7 +54,7 @@
return "", nil, fmt.Errorf("unable to decode to metav1.Event")
}
switch got.Type {
- case string(watch.Added), string(watch.Modified), string(watch.Deleted), string(watch.Error):
+ case string(watch.Added), string(watch.Modified), string(watch.Deleted), string(watch.Error), string(watch.Bookmark):
default:
return "", nil, fmt.Errorf("got invalid watch event type: %v", got.Type)
}