[VOL-1866] Changed module dependency to v12.0.0 of k8s client-go and v1.15.4 of k8s api/apimachinery in sync with other voltha components
Had to use pseudo-version corresponding to v12.0.0 of k8s client-go
because golang proxy is no longer serving the modules not complying
to Semantic Import Versioning rules including client-go v12.0.0.
Refer to https://github.com/kubernetes/client-go/issues/631 and
https://github.com/golang/go/issues/33558
Change-Id: I2e558bab7f0702f230761319eb5392a7d0532ea3
diff --git a/vendor/k8s.io/client-go/util/cert/OWNERS b/vendor/k8s.io/client-go/util/cert/OWNERS
index 470b7a1..3cf0364 100644
--- a/vendor/k8s.io/client-go/util/cert/OWNERS
+++ b/vendor/k8s.io/client-go/util/cert/OWNERS
@@ -1,3 +1,5 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
approvers:
- sig-auth-certificates-approvers
reviewers:
diff --git a/vendor/k8s.io/client-go/util/cert/cert.go b/vendor/k8s.io/client-go/util/cert/cert.go
index 3429c82..9fd097a 100644
--- a/vendor/k8s.io/client-go/util/cert/cert.go
+++ b/vendor/k8s.io/client-go/util/cert/cert.go
@@ -19,29 +19,23 @@
import (
"bytes"
"crypto"
- "crypto/ecdsa"
- "crypto/elliptic"
- "crypto/rand"
cryptorand "crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
- "errors"
"fmt"
"io/ioutil"
- "math"
"math/big"
"net"
"path"
"strings"
"time"
+
+ "k8s.io/client-go/util/keyutil"
)
-const (
- rsaKeySize = 2048
- duration365d = time.Hour * 24 * 365
-)
+const duration365d = time.Hour * 24 * 365
// Config contains the basic fields required for creating a certificate
type Config struct {
@@ -59,11 +53,6 @@
IPs []net.IP
}
-// NewPrivateKey creates an RSA private key
-func NewPrivateKey() (*rsa.PrivateKey, error) {
- return rsa.GenerateKey(cryptorand.Reader, rsaKeySize)
-}
-
// NewSelfSignedCACert creates a CA certificate
func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) {
now := time.Now()
@@ -87,58 +76,6 @@
return x509.ParseCertificate(certDERBytes)
}
-// NewSignedCert creates a signed certificate using the given CA certificate and key
-func NewSignedCert(cfg Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error) {
- serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
- if err != nil {
- return nil, err
- }
- if len(cfg.CommonName) == 0 {
- return nil, errors.New("must specify a CommonName")
- }
- if len(cfg.Usages) == 0 {
- return nil, errors.New("must specify at least one ExtKeyUsage")
- }
-
- certTmpl := x509.Certificate{
- Subject: pkix.Name{
- CommonName: cfg.CommonName,
- Organization: cfg.Organization,
- },
- DNSNames: cfg.AltNames.DNSNames,
- IPAddresses: cfg.AltNames.IPs,
- SerialNumber: serial,
- NotBefore: caCert.NotBefore,
- NotAfter: time.Now().Add(duration365d).UTC(),
- KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
- ExtKeyUsage: cfg.Usages,
- }
- certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &certTmpl, caCert, key.Public(), caKey)
- if err != nil {
- return nil, err
- }
- return x509.ParseCertificate(certDERBytes)
-}
-
-// MakeEllipticPrivateKeyPEM creates an ECDSA private key
-func MakeEllipticPrivateKeyPEM() ([]byte, error) {
- privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader)
- if err != nil {
- return nil, err
- }
-
- derBytes, err := x509.MarshalECPrivateKey(privateKey)
- if err != nil {
- return nil, err
- }
-
- privateKeyPemBlock := &pem.Block{
- Type: ECPrivateKeyBlockType,
- Bytes: derBytes,
- }
- return pem.EncodeToMemory(privateKeyPemBlock), nil
-}
-
// GenerateSelfSignedCertKey creates a self-signed certificate and key for the given host.
// Host may be an IP or a DNS name
// You may also specify additional subject alt names (either ip or dns names) for the certificate.
@@ -244,7 +181,7 @@
// Generate key
keyBuffer := bytes.Buffer{}
- if err := pem.Encode(&keyBuffer, &pem.Block{Type: RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(priv)}); err != nil {
+ if err := pem.Encode(&keyBuffer, &pem.Block{Type: keyutil.RSAPrivateKeyBlockType, Bytes: x509.MarshalPKCS1PrivateKey(priv)}); err != nil {
return nil, nil, err
}
diff --git a/vendor/k8s.io/client-go/util/cert/io.go b/vendor/k8s.io/client-go/util/cert/io.go
index a57bf09..5efb248 100644
--- a/vendor/k8s.io/client-go/util/cert/io.go
+++ b/vendor/k8s.io/client-go/util/cert/io.go
@@ -17,11 +17,7 @@
package cert
import (
- "crypto"
- "crypto/ecdsa"
- "crypto/rsa"
"crypto/x509"
- "encoding/pem"
"fmt"
"io/ioutil"
"os"
@@ -73,60 +69,6 @@
return ioutil.WriteFile(certPath, data, os.FileMode(0644))
}
-// WriteKey writes the pem-encoded key data to keyPath.
-// The key file will be created with file mode 0600.
-// If the key file already exists, it will be overwritten.
-// The parent directory of the keyPath will be created as needed with file mode 0755.
-func WriteKey(keyPath string, data []byte) error {
- if err := os.MkdirAll(filepath.Dir(keyPath), os.FileMode(0755)); err != nil {
- return err
- }
- return ioutil.WriteFile(keyPath, data, os.FileMode(0600))
-}
-
-// LoadOrGenerateKeyFile looks for a key in the file at the given path. If it
-// can't find one, it will generate a new key and store it there.
-func LoadOrGenerateKeyFile(keyPath string) (data []byte, wasGenerated bool, err error) {
- loadedData, err := ioutil.ReadFile(keyPath)
- // Call verifyKeyData to ensure the file wasn't empty/corrupt.
- if err == nil && verifyKeyData(loadedData) {
- return loadedData, false, err
- }
- if !os.IsNotExist(err) {
- return nil, false, fmt.Errorf("error loading key from %s: %v", keyPath, err)
- }
-
- generatedData, err := MakeEllipticPrivateKeyPEM()
- if err != nil {
- return nil, false, fmt.Errorf("error generating key: %v", err)
- }
- if err := WriteKey(keyPath, generatedData); err != nil {
- return nil, false, fmt.Errorf("error writing key to %s: %v", keyPath, err)
- }
- return generatedData, true, nil
-}
-
-// MarshalPrivateKeyToPEM converts a known private key type of RSA or ECDSA to
-// a PEM encoded block or returns an error.
-func MarshalPrivateKeyToPEM(privateKey crypto.PrivateKey) ([]byte, error) {
- switch t := privateKey.(type) {
- case *ecdsa.PrivateKey:
- derBytes, err := x509.MarshalECPrivateKey(t)
- if err != nil {
- return nil, err
- }
- privateKeyPemBlock := &pem.Block{
- Type: ECPrivateKeyBlockType,
- Bytes: derBytes,
- }
- return pem.EncodeToMemory(privateKeyPemBlock), nil
- case *rsa.PrivateKey:
- return EncodePrivateKeyPEM(t), nil
- default:
- return nil, fmt.Errorf("private key is not a recognized type: %T", privateKey)
- }
-}
-
// NewPool returns an x509.CertPool containing the certificates in the given PEM-encoded file.
// Returns an error if the file could not be read, a certificate could not be parsed, or if the file does not contain any certificates
func NewPool(filename string) (*x509.CertPool, error) {
@@ -154,40 +96,3 @@
}
return certs, nil
}
-
-// PrivateKeyFromFile returns the private key in rsa.PrivateKey or ecdsa.PrivateKey format from a given PEM-encoded file.
-// Returns an error if the file could not be read or if the private key could not be parsed.
-func PrivateKeyFromFile(file string) (interface{}, error) {
- data, err := ioutil.ReadFile(file)
- if err != nil {
- return nil, err
- }
- key, err := ParsePrivateKeyPEM(data)
- if err != nil {
- return nil, fmt.Errorf("error reading private key file %s: %v", file, err)
- }
- return key, nil
-}
-
-// PublicKeysFromFile returns the public keys in rsa.PublicKey or ecdsa.PublicKey format from a given PEM-encoded file.
-// Reads public keys from both public and private key files.
-func PublicKeysFromFile(file string) ([]interface{}, error) {
- data, err := ioutil.ReadFile(file)
- if err != nil {
- return nil, err
- }
- keys, err := ParsePublicKeysPEM(data)
- if err != nil {
- return nil, fmt.Errorf("error reading public key file %s: %v", file, err)
- }
- return keys, nil
-}
-
-// verifyKeyData returns true if the provided data appears to be a valid private key.
-func verifyKeyData(data []byte) bool {
- if len(data) == 0 {
- return false
- }
- _, err := ParsePrivateKeyPEM(data)
- return err == nil
-}
diff --git a/vendor/k8s.io/client-go/util/cert/pem.go b/vendor/k8s.io/client-go/util/cert/pem.go
index b99e366..9185e2e 100644
--- a/vendor/k8s.io/client-go/util/cert/pem.go
+++ b/vendor/k8s.io/client-go/util/cert/pem.go
@@ -17,136 +17,18 @@
package cert
import (
- "crypto/ecdsa"
- "crypto/rsa"
"crypto/x509"
"encoding/pem"
"errors"
- "fmt"
)
const (
- // ECPrivateKeyBlockType is a possible value for pem.Block.Type.
- ECPrivateKeyBlockType = "EC PRIVATE KEY"
- // RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
- RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
- // PrivateKeyBlockType is a possible value for pem.Block.Type.
- PrivateKeyBlockType = "PRIVATE KEY"
- // PublicKeyBlockType is a possible value for pem.Block.Type.
- PublicKeyBlockType = "PUBLIC KEY"
// CertificateBlockType is a possible value for pem.Block.Type.
CertificateBlockType = "CERTIFICATE"
// CertificateRequestBlockType is a possible value for pem.Block.Type.
CertificateRequestBlockType = "CERTIFICATE REQUEST"
)
-// EncodePublicKeyPEM returns PEM-encoded public data
-func EncodePublicKeyPEM(key *rsa.PublicKey) ([]byte, error) {
- der, err := x509.MarshalPKIXPublicKey(key)
- if err != nil {
- return []byte{}, err
- }
- block := pem.Block{
- Type: PublicKeyBlockType,
- Bytes: der,
- }
- return pem.EncodeToMemory(&block), nil
-}
-
-// EncodePrivateKeyPEM returns PEM-encoded private key data
-func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte {
- block := pem.Block{
- Type: RSAPrivateKeyBlockType,
- Bytes: x509.MarshalPKCS1PrivateKey(key),
- }
- return pem.EncodeToMemory(&block)
-}
-
-// EncodeCertPEM returns PEM-endcoded certificate data
-func EncodeCertPEM(cert *x509.Certificate) []byte {
- block := pem.Block{
- Type: CertificateBlockType,
- Bytes: cert.Raw,
- }
- return pem.EncodeToMemory(&block)
-}
-
-// ParsePrivateKeyPEM returns a private key parsed from a PEM block in the supplied data.
-// Recognizes PEM blocks for "EC PRIVATE KEY", "RSA PRIVATE KEY", or "PRIVATE KEY"
-func ParsePrivateKeyPEM(keyData []byte) (interface{}, error) {
- var privateKeyPemBlock *pem.Block
- for {
- privateKeyPemBlock, keyData = pem.Decode(keyData)
- if privateKeyPemBlock == nil {
- break
- }
-
- switch privateKeyPemBlock.Type {
- case ECPrivateKeyBlockType:
- // ECDSA Private Key in ASN.1 format
- if key, err := x509.ParseECPrivateKey(privateKeyPemBlock.Bytes); err == nil {
- return key, nil
- }
- case RSAPrivateKeyBlockType:
- // RSA Private Key in PKCS#1 format
- if key, err := x509.ParsePKCS1PrivateKey(privateKeyPemBlock.Bytes); err == nil {
- return key, nil
- }
- case PrivateKeyBlockType:
- // RSA or ECDSA Private Key in unencrypted PKCS#8 format
- if key, err := x509.ParsePKCS8PrivateKey(privateKeyPemBlock.Bytes); err == nil {
- return key, nil
- }
- }
-
- // tolerate non-key PEM blocks for compatibility with things like "EC PARAMETERS" blocks
- // originally, only the first PEM block was parsed and expected to be a key block
- }
-
- // we read all the PEM blocks and didn't recognize one
- return nil, fmt.Errorf("data does not contain a valid RSA or ECDSA private key")
-}
-
-// ParsePublicKeysPEM is a helper function for reading an array of rsa.PublicKey or ecdsa.PublicKey from a PEM-encoded byte array.
-// Reads public keys from both public and private key files.
-func ParsePublicKeysPEM(keyData []byte) ([]interface{}, error) {
- var block *pem.Block
- keys := []interface{}{}
- for {
- // read the next block
- block, keyData = pem.Decode(keyData)
- if block == nil {
- break
- }
-
- // test block against parsing functions
- if privateKey, err := parseRSAPrivateKey(block.Bytes); err == nil {
- keys = append(keys, &privateKey.PublicKey)
- continue
- }
- if publicKey, err := parseRSAPublicKey(block.Bytes); err == nil {
- keys = append(keys, publicKey)
- continue
- }
- if privateKey, err := parseECPrivateKey(block.Bytes); err == nil {
- keys = append(keys, &privateKey.PublicKey)
- continue
- }
- if publicKey, err := parseECPublicKey(block.Bytes); err == nil {
- keys = append(keys, publicKey)
- continue
- }
-
- // tolerate non-key PEM blocks for backwards compatibility
- // originally, only the first PEM block was parsed and expected to be a key block
- }
-
- if len(keys) == 0 {
- return nil, fmt.Errorf("data does not contain any valid RSA or ECDSA public keys")
- }
- return keys, nil
-}
-
// ParseCertsPEM returns the x509.Certificates contained in the given PEM-encoded byte array
// Returns an error if a certificate could not be parsed, or if the data does not contain any certificates
func ParseCertsPEM(pemCerts []byte) ([]*x509.Certificate, error) {
@@ -177,93 +59,3 @@
}
return certs, nil
}
-
-// parseRSAPublicKey parses a single RSA public key from the provided data
-func parseRSAPublicKey(data []byte) (*rsa.PublicKey, error) {
- var err error
-
- // Parse the key
- var parsedKey interface{}
- if parsedKey, err = x509.ParsePKIXPublicKey(data); err != nil {
- if cert, err := x509.ParseCertificate(data); err == nil {
- parsedKey = cert.PublicKey
- } else {
- return nil, err
- }
- }
-
- // Test if parsed key is an RSA Public Key
- var pubKey *rsa.PublicKey
- var ok bool
- if pubKey, ok = parsedKey.(*rsa.PublicKey); !ok {
- return nil, fmt.Errorf("data doesn't contain valid RSA Public Key")
- }
-
- return pubKey, nil
-}
-
-// parseRSAPrivateKey parses a single RSA private key from the provided data
-func parseRSAPrivateKey(data []byte) (*rsa.PrivateKey, error) {
- var err error
-
- // Parse the key
- var parsedKey interface{}
- if parsedKey, err = x509.ParsePKCS1PrivateKey(data); err != nil {
- if parsedKey, err = x509.ParsePKCS8PrivateKey(data); err != nil {
- return nil, err
- }
- }
-
- // Test if parsed key is an RSA Private Key
- var privKey *rsa.PrivateKey
- var ok bool
- if privKey, ok = parsedKey.(*rsa.PrivateKey); !ok {
- return nil, fmt.Errorf("data doesn't contain valid RSA Private Key")
- }
-
- return privKey, nil
-}
-
-// parseECPublicKey parses a single ECDSA public key from the provided data
-func parseECPublicKey(data []byte) (*ecdsa.PublicKey, error) {
- var err error
-
- // Parse the key
- var parsedKey interface{}
- if parsedKey, err = x509.ParsePKIXPublicKey(data); err != nil {
- if cert, err := x509.ParseCertificate(data); err == nil {
- parsedKey = cert.PublicKey
- } else {
- return nil, err
- }
- }
-
- // Test if parsed key is an ECDSA Public Key
- var pubKey *ecdsa.PublicKey
- var ok bool
- if pubKey, ok = parsedKey.(*ecdsa.PublicKey); !ok {
- return nil, fmt.Errorf("data doesn't contain valid ECDSA Public Key")
- }
-
- return pubKey, nil
-}
-
-// parseECPrivateKey parses a single ECDSA private key from the provided data
-func parseECPrivateKey(data []byte) (*ecdsa.PrivateKey, error) {
- var err error
-
- // Parse the key
- var parsedKey interface{}
- if parsedKey, err = x509.ParseECPrivateKey(data); err != nil {
- return nil, err
- }
-
- // Test if parsed key is an ECDSA Private Key
- var privKey *ecdsa.PrivateKey
- var ok bool
- if privKey, ok = parsedKey.(*ecdsa.PrivateKey); !ok {
- return nil, fmt.Errorf("data doesn't contain valid ECDSA Private Key")
- }
-
- return privKey, nil
-}